def test_endpoint_scan_command(requests_mock):
"""
Given:
- endpoint_id_list, dist_name, gte_first_seen, gte_last_seen, lte_first_seen, lte_last_seen, ip_list,
group_name, platform, alias, isolate, hostname
When
- A user desires to scan endpoint.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import endpoint_scan_command, Client
test_data = load_test_data('test_data/scan_endpoints.json')
scan_expected_tesult = {
'PaloAltoNetworksXDR.endpointScan.actionId(val.actionId == obj.actionId)':
123
}
requests_mock.post(f'{XDR_URL}/public_api/v1/endpoints/scan/',
json={"reply": {
"action_id": 123
}})
client = Client(base_url=f'{XDR_URL}/public_api/v1', headers={})
client._headers = {}
markdown, context, raw = endpoint_scan_command(client,
test_data['command_args'])
assert scan_expected_tesult == context
def test_restore_file_command(requests_mock):
"""
Given:
- file_hash
When
- A user desires to restore a file.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import restore_file_command, Client
restore_expected_tesult = {
'PaloAltoNetworksXDR.restoredFiles.actionId(val.actionId == obj.actionId)':
123
}
requests_mock.post(f'{XDR_URL}/public_api/v1/endpoints/restore/',
json={"reply": {
"action_id": 123
}})
client = Client(base_url=f'{XDR_URL}/public_api/v1', headers={})
client._headers = {}
markdown, context, raw = restore_file_command(client, {"file_hash": "123"})
assert restore_expected_tesult == context
def test_get_quarantine_status_command(requests_mock):
"""
Given:
- Endpoint_id, file_path, file_hash
When
- A user desires to check a file's quarantine status.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import get_quarantine_status_command, Client
test_data = load_test_data('test_data/get_quarantine_status.json')
quarantine_files_expected_tesult = {
'PaloAltoNetworksXDR.quarantineFiles.status(val.fileHash === obj.fileHash &&val.endpointId'
' === obj.endpointId && val.filePath === obj.filePath)':
test_data['context_data']
}
requests_mock.post(f'{XDR_URL}/public_api/v1/quarantine/status/',
json=test_data['api_response'])
client = Client(base_url=f'{XDR_URL}/public_api/v1', headers={})
client._headers = {}
markdown, context, raw = get_quarantine_status_command(
client, test_data['command_args'])
assert quarantine_files_expected_tesult == context
def test_whitelist_files_command_with_no_comment_file(requests_mock):
"""
Given:
- List of files' hashes to put in whitelist without passing the comment argument.
When
- A user desires to whitelist files without adding a comment.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import whitelist_files_command, Client
test_data = load_test_data(
'test_data/blacklist_whitelist_files_success.json')
expected_command_result = {
'PaloAltoNetworksXDR.whiteList.fileHash(val.fileHash == obj.fileHash)':
test_data['no_comment_command_args']['hash_list']
}
requests_mock.post(f'{XDR_URL}/public_api/v1/hash_exceptions/whitelist/',
json=test_data['api_response'])
client = Client(base_url=f'{XDR_URL}/public_api/v1', headers={})
client._headers = {}
markdown, context, raw = whitelist_files_command(
client, test_data['no_comment_command_args'])
assert expected_command_result == context
def test_blacklist_files_command_with_more_than_one_file(requests_mock):
"""
Given:
- List of files' hashes to put in blacklist
When
- A user desires to mark more than one file
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import blacklist_files_command, Client
test_data = load_test_data(
'test_data/blacklist_whitelist_files_success.json')
expected_command_result = {
'PaloAltoNetworksXDR.blackList.fileHash(val.fileHash == obj.fileHash)':
test_data['multi_command_args']['hash_list']
}
requests_mock.post(f'{XDR_URL}/public_api/v1/hash_exceptions/blacklist/',
json=test_data['api_response'])
client = Client(base_url=f'{XDR_URL}/public_api/v1', headers={})
client._headers = {}
markdown, context, raw = blacklist_files_command(
client, test_data['multi_command_args'])
assert expected_command_result == context
def test_endpoint_scan_command_scan_all_endpoints(requests_mock):
"""
Given:
- no filters.
When
- A user desires to scan all endpoints.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import endpoint_scan_command, Client
scan_expected_tesult = {'PaloAltoNetworksXDR.endpointScan.actionId(val.actionId == obj.actionId)': 123}
requests_mock.post(f'{XDR_URL}/public_api/v1/endpoints/scan/', json={"reply": {"action_id": 123}})
client = Client(
base_url=f'{XDR_URL}/public_api/v1', headers={}
)
client._headers = {}
markdown, context, raw = endpoint_scan_command(client, {})
assert scan_expected_tesult == context
def test_quarantine_files_command(requests_mock):
"""
Given:
- List of files' hashes to put in quarantine
When
- A user desires to quarantine files.
Then
- returns markdown, context data and raw response.
"""
from PaloAltoNetworks_XDR import quarantine_files_command, Client
test_data = load_test_data('test_data/quarantine_files.json')
quarantine_files_expected_tesult = {
'PaloAltoNetworksXDR.quarantineFiles.actionIds(val.actionId === obj.actionId)': test_data['context_data']}
requests_mock.post(f'{XDR_URL}/public_api/v1/endpoints/quarantine/', json=test_data['api_response'])
client = Client(
base_url=f'{XDR_URL}/public_api/v1', headers={}
)
client._headers = {}
markdown, context, raw = quarantine_files_command(client, test_data['command_args'])
assert quarantine_files_expected_tesult == context