def test_import_bundle(datastore, login_session, filestore):
_, session, host = login_session
ds = datastore
# Create a temporary bundle
submission = random.choice(
ds.submission.search('id:*', rows=100, as_obj=False)['items'])
bundle_file = create_bundle(submission['sid'], working_dir='/tmp/bundle')
# Delete associated submission
ds.delete_submission_tree(submission['sid'], transport=filestore)
ds.error.commit()
ds.file.commit()
ds.result.commit()
ds.submission.commit()
with open(bundle_file, 'rb') as bfh:
resp = get_api_data(session,
f"{host}/api/v4/bundle/",
method="POST",
data=bfh.read())
assert resp['success']
ds.submission.commit()
assert submission == random.choice(
ds.submission.search('id:*', rows=100, as_obj=False)['items'])
def test_alert_bundle(datastore_connection, filestore, config):
# Cleanup previous runs
datastore_connection.alert.delete(ALERT_ID)
# Create a temporary submission
submission = create_submission(datastore_connection, filestore)
sid = submission['sid']
# Create a random alert
alert = random_model_obj(Alert)
alert.alert_id = ALERT_ID
alert.sid = sid
datastore_connection.alert.save(ALERT_ID, alert)
# Create the submission's bundle
path = create_bundle(ALERT_ID, use_alert=True)
# Test if the bundle
assert os.path.exists(path)
with open(path, 'rb') as fh:
assert is_cart(fh.read(256))
# Remove alert and submission from DB
datastore_connection.alert.delete(alert.alert_id)
datastore_connection.delete_submission_tree(sid, transport=filestore)
assert datastore_connection.alert.get_if_exists(alert.alert_id) is None
assert datastore_connection.submission.get_if_exists(sid) is None
# Restore bundle
new_submission = import_bundle(path)
# Validate restored submission
assert new_submission['sid'] == sid
assert new_submission['metadata']['bundle.source'] == config.ui.fqdn
# Validate restored alert
new_alert = datastore_connection.alert.get_if_exists(alert.alert_id, as_obj=False)
assert new_alert['alert_id'] == ALERT_ID
assert new_alert['sid'] == sid
assert new_alert['metadata']['bundle.source'] == config.ui.fqdn
# Cleanup
assert not os.path.exists(path)
datastore_connection.alert.delete(alert.alert_id)
datastore_connection.delete_submission_tree(sid, transport=filestore)
assert datastore_connection.alert.get_if_exists(alert.alert_id) is None
assert datastore_connection.submission.get_if_exists(sid) is None
def test_alert_no_submission_bundle(datastore_connection, config):
# Cleanup previous runs
datastore_connection.alert.delete(ALERT_ID)
datastore_connection.submission.delete(SUBMISSION_ID)
# Create a random alert
alert = random_model_obj(Alert)
alert.alert_id = ALERT_ID
alert.sid = SUBMISSION_ID
datastore_connection.alert.save(ALERT_ID, alert)
# Create the submission's bundle
path = create_bundle(ALERT_ID, use_alert=True)
# Test if the bundle
assert os.path.exists(path)
with open(path, 'rb') as fh:
assert is_cart(fh.read(256))
# Remove alert from Datastore
datastore_connection.alert.delete(alert.alert_id)
assert datastore_connection.alert.get_if_exists(alert.alert_id) is None
assert datastore_connection.submission.get_if_exists(alert.sid) is None
# Restore bundle
new_submission = import_bundle(path)
# Validate restored submission
assert new_submission is None
# Validate restored alert
new_alert = datastore_connection.alert.get_if_exists(alert.alert_id)
assert new_alert['alert_id'] == ALERT_ID
assert new_alert['sid'] == SUBMISSION_ID
assert new_alert['metadata']['bundle.source'] == config.ui.fqdn
# Cleanup
datastore_connection.alert.delete(ALERT_ID)
datastore_connection.submission.delete(SUBMISSION_ID)
def test_submission_bundle(datastore_connection, filestore, config):
# Create a temporary submission
submission = create_submission(datastore_connection, filestore)
sid = submission['sid']
# Create the submission's bundle
path = create_bundle(sid)
# Test if the bundle
assert os.path.exists(path)
with open(path, 'rb') as fh:
assert is_cart(fh.read(256))
# Remove submission from DB
datastore_connection.delete_submission_tree(sid, transport=filestore)
assert datastore_connection.submission.get_if_exists(sid) is None
# Restore bundle
new_submission = import_bundle(path, cleanup=False)
# Validate restored submission
assert new_submission['sid'] == sid
assert new_submission['metadata']['bundle.source'] == config.ui.fqdn
# Test inserting failure
with pytest.raises(SubmissionAlreadyExist):
import_bundle(path, cleanup=False)
# Test skip failure on exist
new_submission = import_bundle(path, exist_ok=True)
# Validate restored submission
assert new_submission['sid'] == sid
assert new_submission['metadata']['bundle.source'] == config.ui.fqdn
# Cleanup
assert not os.path.exists(path)
datastore_connection.delete_submission_tree(sid, transport=filestore)
assert datastore_connection.submission.get_if_exists(sid) is None
def test_alert_import_bundle(datastore, login_session, filestore):
_, session, host = login_session
ds = datastore
# Create a temporary bundle
alert = ds.alert.get_if_exists(ALERT_ID, as_obj=False)
submission = ds.submission.get_if_exists(alert['sid'], as_obj=False)
bundle_file = create_bundle(ALERT_ID,
working_dir='/tmp/bundle',
use_alert=True)
# Delete associated alert and submission
ds.alert.delete(ALERT_ID)
ds.delete_submission_tree(alert['sid'], transport=filestore)
ds.alert.commit()
ds.error.commit()
ds.file.commit()
ds.result.commit()
ds.submission.commit()
with open(bundle_file, 'rb') as bfh:
resp = get_api_data(session,
f"{host}/api/v4/bundle/",
method="POST",
data=bfh.read())
assert resp['success']
ds.submission.commit()
new_submission = ds.submission.get_if_exists(alert['sid'],
as_obj=False)
assert new_submission['sid'] == alert['sid']
assert 'bundle.source' in new_submission['metadata']
new_alert = ds.alert.get_if_exists(ALERT_ID, as_obj=False)
assert new_alert['alert_id'] == ALERT_ID
assert new_alert['sid'] == submission['sid']
def create_submission_bundle(self, sid, bundle_path):
temp_bundle_file = create_bundle(sid, working_dir=os.path.dirname(bundle_path))
os.rename(temp_bundle_file, bundle_path)
def create_alert_bundle(self, alert_id, bundle_path):
temp_bundle_file = create_bundle(alert_id, working_dir=os.path.dirname(bundle_path), use_alert=True)
os.rename(temp_bundle_file, bundle_path)
def test_failed_alert_bundle():
# Test creation failure
with pytest.raises(AlertNotFound):
create_bundle("ThisAlertIDDoesNotExists", use_alert=True)
def test_failed_submission_bundle():
# Test creation failure
with pytest.raises(SubmissionNotFound):
create_bundle("ThisSIDDoesNotExists")
