def testUserGetOwnBlockables(self):
user_1 = test_utils.CreateUser()
user_2 = test_utils.CreateUser()
# Create two events for this user.
test_utils.CreateBit9Event(self.bit9_blockable,
executing_user=user_2.nickname,
host_id='a_host_id',
parent=datastore_utils.ConcatenateKeys(
user_2.key,
ndb.Key('Host', 'a_host_id'),
self.santa_blockable.key))
host_id = 'AAAAAAAA-1111-BBBB-2222-CCCCCCCCCCCC'
test_utils.CreateSantaEvent(
self.santa_blockable,
executing_user=user_2.nickname,
event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN,
file_name='Product.app',
file_path='/Applications/Product.app/Contents/MacOs',
host_id=host_id,
last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
parent=datastore_utils.ConcatenateKeys(user_2.key,
ndb.Key('Host', host_id),
self.santa_blockable.key))
# Create one event for another user. This should not be included in
# the results when fetching blockables for user_2.
test_utils.CreateBit9Event(
self.bit9_blockable2,
executing_user=user_1.nickname,
file_name='notepad++.exe',
file_path=r'c:\program files (x86)\notepad++',
host_id='a_host_id',
last_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0),
parent=datastore_utils.ConcatenateKeys(
user_1.key, ndb.Key('Host', 'a_host_id'),
self.santa_blockable.key))
params = {'filter': 'own'}
with self.LoggedInUser(user=user_2):
response = self.testapp.get('/blockables/all/all', params)
output = response.json
# Verify that only two blockables (from the two events) are returned to
# this user.
self.assertIn('application/json', response.headers['Content-type'])
self.assertIsInstance(output['content'], list)
self.assertLen(output['content'], 2)
def CreateTestEntities(email_addr):
"""Create some test Datastore data if specified, but only if running locally.
Note that this code doesn't (and shouldn't) delete any existing entities.
The risk of such code being accidentally triggered in prod is too great, so
if local entities need to be deleted, use the local Datastore viewer (e.g.
http://127.0.0.1:8000/datastore).
Args:
email_addr: Email address of the local users for whom test data should
be created.
Raises:
NotRunningLocally: if called anywhere other than a local deployment.
"""
if not utils.RunningLocally():
raise NotRunningLocally
# Create a user entity with all available roles.
user = base.User.GetOrInsert(email_addr=email_addr)
base.User.SetRoles(email_addr, constants.USER_ROLE.SET_ALL)
username = user_map.EmailToUsername(email_addr)
# Create associated SantaHosts for the user.
santa_hosts = test_utils.CreateSantaHosts(2, primary_user=username)
# For each SantaHost, create some SantaEvents.
for santa_host in santa_hosts:
for santa_blockable in test_utils.CreateSantaBlockables(5):
parent_key = model_utils.ConcatenateKeys(user.key, santa_host.key,
santa_blockable.key)
test_utils.CreateSantaEvent(
santa_blockable,
executing_user=username,
event_type=constants.EVENT_TYPE.BLOCK_BINARY,
host_id=santa_host.key.id(),
parent=parent_key)
# Create associated Bit9Hosts for the user.
bit9_hosts = test_utils.CreateBit9Hosts(2, users=[username])
# For each Bit9Host, create some Bit9Events.
for bit9_host in bit9_hosts:
for bit9_binary in test_utils.CreateBit9Binaries(5):
parent_key = model_utils.ConcatenateKeys(user.key, bit9_host.key,
bit9_binary.key)
test_utils.CreateBit9Event(
bit9_binary,
executing_user=username,
event_type=constants.EVENT_TYPE.BLOCK_BINARY,
host_id=bit9_host.key.id(),
parent=parent_key)
def testWhitelist_HasEvent(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key,
host_id='2222',
user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST,
is_fulfilled=False)
# Create a Bit9Event corresponding to the Bit9Rule.
pairs = [('User', user.email), ('Host', '2222'),
('Blockable', binary.key.id()), ('Event', '1')]
event_key = ndb.Key(pairs=pairs)
first_blocked_dt = datetime.datetime.utcnow() - datetime.timedelta(
hours=3)
test_utils.CreateBit9Event(binary,
key=event_key,
first_blocked_dt=first_blocked_dt)
# Mock out the Bit9 API interactions.
file_instance = api.FileInstance(
id=3333,
file_catalog_id=1111,
computer_id=2222,
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([file_instance], file_instance)
change_set.ChangeLocalState(binary, local_rule,
bit9_constants.APPROVAL_STATE.APPROVED)
# Verify the Bit9 API interactions.
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 3333,
'localState': 2,
'fileCatalogId': 1111,
'computerId': 2222
},
query_args=None)
])
self.assertTrue(local_rule.key.get().is_fulfilled)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def setUp(self):
super(Bit9EventTest, self).setUp()
self.user = test_utils.CreateUser()
self.bit9_host = test_utils.CreateBit9Host()
self.bit9_binary = test_utils.CreateBit9Binary()
now = test_utils.Now()
self.bit9_event = test_utils.CreateBit9Event(
self.bit9_binary,
host_id=self.bit9_host.key.id(),
executing_user=self.user.nickname,
first_blocked_dt=now,
last_blocked_dt=now,
id='1',
parent=utils.ConcatenateKeys(self.user.key, self.bit9_host.key,
self.bit9_binary.key))
def testGetEventKeysToInsert_Superuser(self):
bit9_host = test_utils.CreateBit9Host()
bit9_binary = test_utils.CreateBit9Binary()
now = test_utils.Now()
bit9_event = test_utils.CreateBit9Event(
bit9_binary,
host_id=bit9_host.key.id(),
executing_user=constants.LOCAL_ADMIN.WINDOWS,
first_blocked_dt=now,
last_blocked_dt=now,
id='1',
parent=datastore_utils.ConcatenateKeys(
self.user.key, bit9_host.key, bit9_binary.key))
users = [self.user.nickname]
self.assertEquals(
[bit9_event.key],
model_utils.GetEventKeysToInsert(bit9_event, users, users))
def setUp(self):
app = webapp2.WSGIApplication(routes=[events.ROUTES])
super(EventsTest, self).setUp(wsgi_app=app)
self.santa_cert = test_utils.CreateSantaCertificate()
self.santa_blockable1 = test_utils.CreateSantaBlockable(
id='aaaabbbbccccddddeeeeffffgggg',
file_name='Product.app',
cert_key=self.santa_cert.key,
cert_sha256=self.santa_cert.key.id())
self.santa_blockable2 = test_utils.CreateSantaBlockable(
id='hhhhiiiijjjjkkkkllllmmmmnnnn', file_name='Another Product.app')
self.bit9_blockable1 = test_utils.CreateBit9Binary(
id='zzzzaaaayyyybbbbxxxxccccwwww', file_name='notepad++.exe')
self.user_1 = test_utils.CreateUser()
self.user_2 = test_utils.CreateUser()
self.santa_host1 = test_utils.CreateSantaHost(
id='AAAAAAAA-1111-BBBB-2222-CCCCCCCCCCCC',
recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0))
self.santa_host2 = test_utils.CreateSantaHost(
id='DDDDDDDD-3333-EEEE-33333-FFFFFFFFFFFF',
recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0))
self.bit9_host1 = test_utils.CreateSantaHost(
id='CHANGE-ME', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0))
self.bit9_host2 = test_utils.CreateSantaHost(
id='CHANGE-ME2',
recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0))
self.santa_event1_from_user1 = test_utils.CreateSantaEvent(
self.santa_blockable1,
cert_key=self.santa_cert.key,
cert_sha256=self.santa_blockable1.cert_sha256,
executing_user=self.user_1.nickname,
event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN,
file_name=self.santa_blockable1.file_name,
file_path='/Applications/Product.app/Contents/MacOs',
host_id=self.santa_host1.key.id(),
last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key,
self.santa_blockable1.key))
self.santa_event2_from_user1 = test_utils.CreateSantaEvent(
self.santa_blockable1,
cert_key=self.santa_cert.key,
cert_sha256=self.santa_blockable1.cert_sha256,
executing_user=self.user_1.nickname,
event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN,
file_name=self.santa_blockable1.file_name,
file_path='/Applications/Product.app/Contents/MacOs',
host_id=self.santa_host2.key.id(),
last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host2.key,
self.santa_blockable1.key))
self.santa_event3_from_user1 = test_utils.CreateSantaEvent(
self.santa_blockable2,
event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN,
executing_user=self.user_1.nickname,
file_name=self.santa_blockable2.file_name,
file_path='/Applications/Another Product.app/Contents/MacOs',
host_id=self.santa_host1.key.id(),
last_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key,
self.santa_blockable2.key))
self.santa_event1_from_user2 = test_utils.CreateSantaEvent(
self.santa_blockable1,
event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN,
executing_user=self.user_2.nickname,
file_name=self.santa_blockable1.file_name,
file_path='/Applications/Product.app/Contents/MacOs',
host_id=self.santa_host2.key.id(),
last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_2.key, self.santa_host2.key,
self.santa_blockable1.key))
self.bit9_event1_from_user1 = test_utils.CreateBit9Event(
self.bit9_blockable1,
executing_user=self.user_1.nickname,
file_name=self.bit9_blockable1.file_name,
file_path=r'c:\program files (x86)\notepad++',
host_id=self.bit9_host1.key.id(),
last_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_1.key, self.bit9_host1.key,
self.bit9_blockable1.key))
self.bit9_event1_from_user2 = test_utils.CreateBit9Event(
self.bit9_blockable1,
executing_user=self.user_2.nickname,
file_name='notepad++.exe',
file_path=r'c:\program files (x86)\notepad++',
host_id=self.bit9_host2.key.id(),
last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0),
parent=utils.ConcatenateKeys(self.user_2.key, self.bit9_host2.key,
self.bit9_blockable1.key))
self.PatchValidateXSRFToken()