def test_search_when_bad_request_raised_and_token_not_in_query_raises_bad_request(
self, mock_invalid_page_token_connection):
query = _create_test_query()
query.page_token = None
service = FileEventService(mock_invalid_page_token_connection)
with pytest.raises(Py42BadRequestError):
service.search(query)
def test_unicode_query_search_calls_post_with_query(
self, connection, successful_response):
service = FileEventService(connection)
connection.post.return_value = successful_response
service.search(RAW_UNICODE_QUERY)
connection.post.assert_called_once_with(FILE_EVENT_URI,
data=RAW_UNICODE_QUERY)
def test_unicode_query_search_calls_post_with_query(
self, connection, successful_response):
service = FileEventService(connection)
connection.post.return_value = successful_response
query = _create_test_query(u"我能吞")
expected = str(query)
service.search(query)
connection.post.assert_called_once_with(FILE_EVENT_URI, data=expected)
def test_search_calls_post_with_uri_and_query(
self, connection, successful_response
):
service = FileEventService(connection)
connection.post.return_value = successful_response
query = _create_test_query()
service.search(query)
connection.post.assert_called_once_with(FILE_EVENT_URI, json=dict(query))
def test_search_when_bad_request_raised_with_token_but_has_not_invalid_token_text_raises_bad_request(
self, mocker, connection):
connection.post.side_effect = create_mock_error(
Py42BadRequestError, mocker, "DIFFERENT_ERROR")
query = _create_test_query()
query.page_token = "test_page_token"
service = FileEventService(connection)
with pytest.raises(Py42BadRequestError):
service.search(query)
def test_get_file_location_detail_by_sha256_calls_get_with_hash(
self, connection, successful_response):
service = FileEventService(connection)
connection.get.return_value = successful_response
service.get_file_location_detail_by_sha256("abc")
connection.get.assert_called_once_with(
u"/forensic-search/queryservice/api/v1/filelocations",
params={"sha256": "abc"},
)
def test_search_when_given_str_type_query_calls_post_with_uri_and_query(
self, connection, successful_response
):
service = FileEventService(connection)
connection.post.return_value = successful_response
query = str(_create_test_query())
service.search(query)
expected = json.loads(query)
connection.post.assert_called_once_with(FILE_EVENT_URI, json=expected)
def test_search_when_given_page_token_and_bad_request_with_invalid_page_token_occurs_raises_invalid_page_token_error(
self, mock_invalid_page_token_connection):
query = _create_test_query()
query.page_token = "test_page_token"
service = FileEventService(mock_invalid_page_token_connection)
with pytest.raises(Py42InvalidPageTokenError) as err:
service.search(query)
assert str(err.value) == "Invalid page token: {}".format(
query.page_token)
def test_search_when_bad_request_raised_with_token_but_has_not_invalid_token_text_raises_bad_request(
self, mocker, connection):
def side_effect(*args, **kwargs):
http_error = mocker.MagicMock(spec=HTTPError)
response = mocker.MagicMock(spec=Response)
response.text = "DIFFERENT_ERROR"
http_error.response = response
raise Py42BadRequestError(http_error)
connection.post.side_effect = side_effect
query = _create_test_query()
query.page_token = "test_page_token"
service = FileEventService(connection)
with pytest.raises(Py42BadRequestError):
service.search(query)
def test_search_all_file_events_handles_escaped_quote_chars_in_token(
self,
connection,
preservation_data_service,
saved_search_service,
storage_service_factory,
):
file_event_service = FileEventService(connection)
security_client = SecurityDataClient(
file_event_service,
preservation_data_service,
saved_search_service,
storage_service_factory,
)
escaped_token = r"1234_\"abcde\""
security_client.search_all_file_events(FileEventQuery.all(),
escaped_token)
expected = {
"groupClause": "AND",
"groups": [],
"srtDir": "asc",
"srtKey": "eventId",
"pgToken": escaped_token,
"pgSize": 10000,
}
connection.post.assert_called_once_with(FILE_EVENT_URI, json=expected)
def test_search_all_file_events_calls_search_with_expected_params_when_pg_token_is_passed(
self,
connection,
preservation_data_service,
saved_search_service,
storage_service_factory,
):
file_event_service = FileEventService(connection)
successful_response = {
"totalCount": None,
"fileEvents": None,
"nextPgToken": "pqr",
"problems": None,
}
connection.post.return_value = successful_response
security_client = SecurityDataClient(
file_event_service,
preservation_data_service,
saved_search_service,
storage_service_factory,
)
query = FileEventQuery.all()
response = security_client.search_all_file_events(query, "abc")
expected = {
"groupClause": "AND",
"groups": [],
"srtDir": "asc",
"srtKey": "eventId",
"pgToken": "abc",
"pgSize": 10000,
}
connection.post.assert_called_once_with(FILE_EVENT_URI, json=expected)
assert response is successful_response
def _init_services(main_connection, main_auth):
alert_rules_key = u"FedObserver-API_URL"
alerts_key = u"AlertService-API_URL"
file_events_key = u"FORENSIC_SEARCH-API_URL"
preservation_data_key = u"PRESERVATION-DATA-SERVICE_API-URL"
employee_case_mgmt_key = u"employeecasemanagement-API_URL"
kv_prefix = u"simple-key-value-store"
audit_logs_key = u"AUDIT-LOG_API-URL"
kv_connection = Connection.from_microservice_prefix(
main_connection, kv_prefix)
kv_service = KeyValueStoreService(kv_connection)
alert_rules_conn = Connection.from_microservice_key(kv_service,
alert_rules_key,
auth=main_auth)
alerts_conn = Connection.from_microservice_key(kv_service,
alerts_key,
auth=main_auth)
file_events_conn = Connection.from_microservice_key(kv_service,
file_events_key,
auth=main_auth)
pds_conn = Connection.from_microservice_key(kv_service,
preservation_data_key,
auth=main_auth)
ecm_conn = Connection.from_microservice_key(kv_service,
employee_case_mgmt_key,
auth=main_auth)
audit_logs_conn = Connection.from_microservice_key(kv_service,
audit_logs_key,
auth=main_auth)
user_svc = UserService(main_connection)
administration_svc = AdministrationService(main_connection)
file_event_svc = FileEventService(file_events_conn)
user_ctx = UserContext(administration_svc)
user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc)
services = Services(
administration=administration_svc,
archive=ArchiveService(main_connection),
devices=DeviceService(main_connection),
legalhold=LegalHoldService(main_connection),
orgs=OrgService(main_connection),
securitydata=SecurityDataService(main_connection),
users=UserService(main_connection),
alertrules=AlertRulesService(alert_rules_conn, user_ctx,
user_profile_svc),
alerts=AlertService(alerts_conn, user_ctx),
fileevents=file_event_svc,
savedsearch=SavedSearchService(file_events_conn, file_event_svc),
preservationdata=PreservationDataService(pds_conn),
departingemployee=DepartingEmployeeService(ecm_conn, user_ctx,
user_profile_svc),
highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx,
user_profile_svc),
userprofile=user_profile_svc,
auditlogs=AuditLogsService(audit_logs_conn),
)
return services, user_ctx
def test_get_by_id_calls_get_with_expected_uri(self, mock_connection,
py42_response):
mock_connection.get.return_value = py42_response
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.get_by_id(u"TEst-id")
assert (mock_connection.get.call_args[0][0] ==
"/forensic-search/queryservice/api/v1/saved/TEst-id")
def test_get_calls_get_with_expected_uri(self, mock_connection, mocker):
mock_connection.get.return_value = create_mock_response(mocker, "{}")
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.get()
assert mock_connection.get.call_count == 1
assert (mock_connection.get.call_args[0][0] ==
"/forensic-search/queryservice/api/v1/saved")
def test_get_query_calls_get_with_expected_uri(self, mock_connection,
py42_response):
py42_response.text = '{u"searches": [{u"groups": []}]}'
mock_connection.post.return_value = py42_response
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.get_query(u"test-id")
assert (mock_connection.get.call_args[0][0] ==
"/forensic-search/queryservice/api/v1/saved/test-id")
def test_get_query_calls_get_with_expected_uri(self, mock_connection,
mocker):
response = create_mock_response(mocker, SAVED_SEARCH_GET_RESPONSE)
mock_connection.post.return_value = response
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.get_query("test-id")
assert (mock_connection.get.call_args[0][0] ==
"/forensic-search/queryservice/api/v1/saved/test-id")
def test_execute_calls_post_with_expected_query(self, mock_connection,
mocker):
response = create_mock_response(mocker, SAVED_SEARCH_GET_RESPONSE)
mock_connection.get.return_value = response
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.execute("test-id")
assert mock_connection.post.call_count == 1
posted_data = mock_connection.post.call_args[1]["json"]
assert (posted_data["pgSize"] == 10000 and posted_data["pgNum"] == 1
and posted_data["groups"] == [])
def test_execute_calls_post_with_expected_query(self, mock_connection,
py42_response):
py42_response.text = SAVED_SEARCH_GET_RESPONSE
mock_connection.get.return_value = py42_response
file_event_service = FileEventService(mock_connection)
saved_search_service = SavedSearchService(mock_connection,
file_event_service)
saved_search_service.execute(u"test-id")
assert mock_connection.post.call_count == 1
posted_data = json.loads(mock_connection.post.call_args[1]["data"])
assert (posted_data["pgSize"] == 10000 and posted_data[u"pgNum"] == 1
and posted_data[u"groups"] == [])
def test_search_all_file_events_when_token_is_none_succeeds(
self,
connection,
preservation_data_service,
saved_search_service,
storage_service_factory,
):
file_event_service = FileEventService(connection)
security_client = SecurityDataClient(
file_event_service,
preservation_data_service,
saved_search_service,
storage_service_factory,
)
security_client.search_all_file_events(FileEventQuery.all(),
page_token=None)
def test_execute_calls_post_with_expected_setting_page_param(
self, mock_connection, mocker):
test_custom_page_num = 2
settings.security_events_per_page = 5000
response = create_mock_response(mocker, SAVED_SEARCH_GET_RESPONSE)
mock_connection.get.return_value = response
file_event_service = FileEventService(mock_connection)
saved_search_client = SavedSearchService(mock_connection,
file_event_service)
saved_search_client.execute(
"test-id",
page_number=test_custom_page_num,
)
assert mock_connection.post.call_count == 1
posted_data = mock_connection.post.call_args[1]["json"]
settings.security_events_per_page = 10000
assert (posted_data["pgSize"] == 5000 and posted_data["pgNum"] == 2
and posted_data["groups"] == [])
def test_execute_calls_post_with_expected_setting_page_param(
self, mock_connection, py42_response):
test_custom_page_num = 2
settings.security_events_per_page = 5000
py42_response.text = SAVED_SEARCH_GET_RESPONSE
mock_connection.get.return_value = py42_response
file_event_client = FileEventService(mock_connection)
saved_search_client = SavedSearchService(mock_connection,
file_event_client)
saved_search_client.execute(
u"test-id",
page_number=test_custom_page_num,
)
assert mock_connection.post.call_count == 1
posted_data = json.loads(mock_connection.post.call_args[1]["data"])
settings.security_events_per_page = 10000
assert (posted_data[u"pgSize"] == 5000 and posted_data[u"pgNum"] == 2
and posted_data[u"groups"] == [])
def _init_services(main_connection, main_auth):
# services are imported within function to prevent circular imports when a service
# imports anything from py42.sdk.queries
from py42.services import Services
from py42.services._keyvaluestore import KeyValueStoreService
from py42.services.administration import AdministrationService
from py42.services.alertrules import AlertRulesService
from py42.services.alerts import AlertService
from py42.services.archive import ArchiveService
from py42.services.auditlogs import AuditLogsService
from py42.services.cases import CasesService
from py42.services.casesfileevents import CasesFileEventsService
from py42.services.detectionlists.departing_employee import DepartingEmployeeService
from py42.services.detectionlists.high_risk_employee import HighRiskEmployeeService
from py42.services.detectionlists.user_profile import DetectionListUserService
from py42.services.devices import DeviceService
from py42.services.fileevent import FileEventService
from py42.services.legalhold import LegalHoldService
from py42.services.orgs import OrgService
from py42.services.preservationdata import PreservationDataService
from py42.services.savedsearch import SavedSearchService
from py42.services.trustedactivities import TrustedActivitiesService
from py42.services.users import UserService
alert_rules_key = "FedObserver-API_URL"
alerts_key = "AlertService-API_URL"
file_events_key = "FORENSIC_SEARCH-API_URL"
preservation_data_key = "PRESERVATION-DATA-SERVICE_API-URL"
employee_case_mgmt_key = "employeecasemanagementV2-API_URL"
kv_prefix = "simple-key-value-store"
audit_logs_key = "AUDIT-LOG_API-URL"
cases_key = "CASES_API-URL"
trusted_activities_key = "TRUSTED-DOMAINS_API-URL"
kv_connection = Connection.from_microservice_prefix(
main_connection, kv_prefix)
kv_service = KeyValueStoreService(kv_connection)
alert_rules_conn = Connection.from_microservice_key(kv_service,
alert_rules_key,
auth=main_auth)
alerts_conn = Connection.from_microservice_key(kv_service,
alerts_key,
auth=main_auth)
file_events_conn = Connection.from_microservice_key(kv_service,
file_events_key,
auth=main_auth)
pds_conn = Connection.from_microservice_key(kv_service,
preservation_data_key,
auth=main_auth)
ecm_conn = Connection.from_microservice_key(kv_service,
employee_case_mgmt_key,
auth=main_auth)
audit_logs_conn = Connection.from_microservice_key(kv_service,
audit_logs_key,
auth=main_auth)
user_svc = UserService(main_connection)
administration_svc = AdministrationService(main_connection)
file_event_svc = FileEventService(file_events_conn)
user_ctx = UserContext(administration_svc)
user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc)
cases_conn = Connection.from_microservice_key(kv_service,
cases_key,
auth=main_auth)
trusted_activities_conn = Connection.from_microservice_key(
kv_service, trusted_activities_key, auth=main_auth)
services = Services(
administration=administration_svc,
archive=ArchiveService(main_connection),
devices=DeviceService(main_connection),
legalhold=LegalHoldService(main_connection),
orgs=OrgService(main_connection),
users=UserService(main_connection),
alertrules=AlertRulesService(alert_rules_conn, user_ctx,
user_profile_svc),
alerts=AlertService(alerts_conn, user_ctx),
fileevents=file_event_svc,
savedsearch=SavedSearchService(file_events_conn, file_event_svc),
preservationdata=PreservationDataService(pds_conn),
departingemployee=DepartingEmployeeService(ecm_conn, user_ctx,
user_profile_svc),
highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx,
user_profile_svc),
userprofile=user_profile_svc,
auditlogs=AuditLogsService(audit_logs_conn),
cases=CasesService(cases_conn),
casesfileevents=CasesFileEventsService(cases_conn),
trustedactivities=TrustedActivitiesService(trusted_activities_conn),
)
return services, user_ctx
