def setUp(self): app = webapp2.WSGIApplication( [webapp2.Route(r'/<host_id>', handler=hosts.HostEventRateHandler)]) super(HostEventRateHandlerTest, self).setUp(app) self.user = test_utils.CreateUser() self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_1.key.id(), last_blocked_dt=datetime.datetime.utcnow(), parent=utils.ConcatenateKeys(self.user.key, self.santa_host_1.key, self.santa_blockable.key))
def testAssociated_HasEvent(self): user = test_utils.CreateUser() other_user = test_utils.CreateUser() # Create a host not owned by `user`. host = test_utils.CreateSantaHost(primary_user=other_user.nickname) # Create an Event which was generated by `user`. blockable = test_utils.CreateSantaBlockable() parent_key = datastore_utils.ConcatenateKeys(user.key, host.key, blockable.key) test_utils.CreateSantaEvent(blockable, host_id=host.key.id(), parent=parent_key) self.assertTrue(model_utils.IsSantaHostAssociatedWithUser(host, user))
def setUp(self): app = webapp2.WSGIApplication(routes=[votes.ROUTES]) super(VotesTest, self).setUp(wsgi_app=app) self.santa_blockable = test_utils.CreateSantaBlockable() self.other_blockable = test_utils.CreateSantaBlockable() self.santa_certificate = test_utils.CreateSantaCertificate() self.user_1 = test_utils.CreateUser() self.user_2 = test_utils.CreateUser() self.vote_1 = test_utils.CreateVote(self.santa_blockable, user_email=self.user_1.email, weight=2) self.vote_2 = test_utils.CreateVote(self.other_blockable, user_email=self.user_1.email, weight=10) self.vote_3 = test_utils.CreateVote(self.santa_certificate, user_email=self.user_1.email, weight=0, candidate_type='CERTIFICATE') self.PatchValidateXSRFToken()
def testCollectLookup(self, mock_vt_lookup, mock_metric): expected_state = vt_constants.ANALYSIS_STATE.MAP_FROM_RESPONSE_CODE[0] test_utils.CreateSantaBlockable(id='foo') metrics.CollectLookup('foo', constants.ANALYSIS_REASON.NEW_BLOCKABLE) metric = metrics_db.VirusTotalAnalysisMetric.query().get() self.assertEqual('foo', metric.blockable_id) self.assertEqual(constants.PLATFORM.MACOS, metric.platform) self.assertEqual(expected_state, metric.analysis_state) self.assertEqual(constants.ANALYSIS_REASON.NEW_BLOCKABLE, metric.analysis_reason) self.assertEqual(-1, metric.positives) mock_metric.Increment.assert_called_once_with(expected_state)
def testIsVotingAllowed_HasFlaggedCert(self): blockable = test_utils.CreateSantaBlockable( cert_key=self.santa_certificate.key) bundle = test_utils.CreateSantaBundle(bundle_binaries=[blockable]) with self.LoggedInUser(): allowed, reason = bundle.IsVotingAllowed() self.assertTrue(allowed) self.santa_certificate.flagged = True self.santa_certificate.put() allowed, reason = bundle.IsVotingAllowed() self.assertFalse(allowed) self.assertEqual(constants.VOTING_PROHIBITED_REASONS.FLAGGED_CERT, reason)
def testPost_Admin_InsertExistingBlockable(self): """Admin tries to inject an existing blockable.""" santa_blockable = test_utils.CreateSantaBlockable() sha256 = santa_blockable.key.id() params = { 'type': constants.BLOCKABLE_TYPE.SANTA_BINARY, 'hash': sha256 } with self.LoggedInUser(admin=True): self.testapp.post(self.ROUTE % sha256, params, status=httplib.CONFLICT) self.assertNoBigQueryInsertions()
def testPost_CaseMismatch(self): blockable = test_utils.CreateSantaBlockable() sha256 = blockable.key.id() with self.LoggedInUser(): response = self.testapp.post( self.ROUTE % sha256.upper(), params={'wasYesVote': 'true'}) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertEqual(sha256, output['blockable']['id']) self.assertEqual(True, output['vote']['wasYesVote'])
def setUp(self): super(AssociatedHostHandlerTest, self).setUp() self.user = test_utils.CreateUser() self.admin = test_utils.CreateUser(admin=True) self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_1.key.id(), executing_user=self.user.nickname, parent=utils.ConcatenateKeys(self.user.key, self.santa_host_1.key, self.santa_blockable.key)) self.bit9_host_1.users = [self.user.nickname] self.bit9_host_1.put()
def setUp(self): super(LockdownHandlerTest, self).setUp() self.user = test_utils.CreateUser() self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_3.key.id(), parent=utils.ConcatenateKeys(self.user.key, self.santa_host_3.key, self.santa_blockable.key)) self.santa_blockable.put() self.santa_event.put() self.santa_host_3.client_mode = constants.SANTA_CLIENT_MODE.MONITOR self.santa_host_3.put()
def setUp(self): super(HostExceptionHandlerTest, self).setUp() self.user = test_utils.CreateUser(admin=True) self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_3.key.id(), executing_user=self.user.nickname, parent=utils.ConcatenateKeys(self.user.key, self.santa_host_3.key, self.santa_blockable.key)) self.santa_blockable.put() self.santa_event.put() self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
def testInsertBigQueryRow_LocalRule_UserKeyMissing(self): """Verifies that a LOCAL row is inserted, even if user_key is missing. The host_id and user_key columns have to be NULLABLE in order to support GLOBAL rows (which will lack values for both of these columns). If user_key is mistakenly omitted, we should still insert a LOCAL row with the values we have. """ blockable_key = test_utils.CreateSantaBlockable().key local_rule = test_utils.CreateSantaRule(blockable_key, host_id='12345') local_rule.InsertBigQueryRow() self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE], reset_mock=False) calls = self.GetBigQueryCalls() self.assertLen(calls, 1) self.assertEqual(constants.RULE_SCOPE.LOCAL, calls[0][1].get('scope'))
def setUp(self): app = webapp2.WSGIApplication( [webapp2.Route(r'/<host_id>', handler=hosts.LockdownHandler)]) super(LockdownHandlerTest, self).setUp(app) self.user = test_utils.CreateUser() self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_3.key.id(), parent=utils.ConcatenateKeys(self.user.key, self.santa_host_3.key, self.santa_blockable.key)) self.santa_blockable.put() self.santa_event.put() self.santa_host_3.client_mode = constants.SANTA_CLIENT_MODE.MONITOR self.santa_host_3.put()
def testGet_Success_SantaBinaryOrder(self): bundle = test_utils.CreateSantaBundle(binary_count=4) path_pairs = [('a', 'z'), ('a', 'y'), ('a/b/c', 'x'), ('a/b', 'z')] expected_path_order = ['a/y', 'a/z', 'a/b/z', 'a/b/c/x'] for rel_path, file_name in path_pairs: binary = test_utils.CreateSantaBlockable() santa.SantaBundleBinary.Generate(bundle.key, binary.key, cert_key=binary.cert_key, rel_path=rel_path, file_name=file_name).put() with self.LoggedInUser(): response = self.testapp.get(self.ROUTE % bundle.key.id()) output = response.json self.assertListEqual( expected_path_order, [blockable_dict['fullPath'] for blockable_dict in output])
def setUp(self): app = webapp2.WSGIApplication( [webapp2.Route(r'/<host_id>', handler=hosts.HostExceptionHandler)]) super(HostExceptionHandlerTest, self).setUp(app) self.user = test_utils.CreateUser(admin=True) self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_3.key.id(), executing_user=self.user.nickname, parent=utils.ConcatenateKeys(self.user.key, self.santa_host_3.key, self.santa_blockable.key)) self.santa_blockable.put() self.santa_event.put() self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
def testSuccess(self): user = test_utils.CreateUser() other_user = test_utils.CreateUser() santa_host_key_1 = test_utils.CreateSantaHost( primary_user=user.nickname).key santa_host_key_2 = test_utils.CreateSantaHost( primary_user=other_user.nickname).key test_utils.CreateSantaHost(primary_user=other_user.nickname) blockable = test_utils.CreateSantaBlockable() parent_key = datastore_utils.ConcatenateKeys( user.key, santa_host_key_2, blockable.key) test_utils.CreateSantaEvent( blockable, host_id=santa_host_key_2.id(), parent=parent_key) expected_host_ids = sorted([santa_host_key_1.id(), santa_host_key_2.id()]) actual_host_ids = sorted(model_utils.GetSantaHostIdsForUser(user)) self.assertListEqual(expected_host_ids, actual_host_ids)
def testGetByUserId_IsAdmin(self): user = test_utils.CreateUser() bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id() santa_host_key = test_utils.CreateSantaHost( primary_user=user.nickname).key santa_host_id = santa_host_key.id() blockable = test_utils.CreateSantaBlockable() event_parent_key = datastore_utils.ConcatenateKeys( user.key, santa_host_key, blockable.key) test_utils.CreateSantaEvent( blockable, host_id=santa_host_id, parent=event_parent_key) with self.LoggedInUser(admin=True): response = self.testapp.get(self.USER_ID_ROUTE % user.key.id()) output = response.json self.assertLen(output, 2) actual_ids = set(host['id'] for host in output) self.assertSetEqual(set([santa_host_id, bit9_host_id]), actual_ids)
def testGetAssociatedHostIds(self): """User is primary_user of a Host and has an Event on that Host.""" user = test_utils.CreateUser() other_user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) host_not_primary1 = (test_utils.CreateSantaHost( primary_user=other_user.nickname)) host_not_primary2 = (test_utils.CreateSantaHost( primary_user=other_user.nickname)) blockable = test_utils.CreateSantaBlockable() parent_key = utils.ConcatenateKeys(user.key, host_not_primary1.key, blockable.key) test_utils.CreateSantaEvent(blockable, host_id=host_not_primary1.key.id(), parent=parent_key) associated_ids = santa.SantaHost.GetAssociatedHostIds(user) self.assertIn(host.key.id(), associated_ids) self.assertIn(host_not_primary1.key.id(), associated_ids) self.assertNotIn(host_not_primary2.key.id(), associated_ids)
def testUser_GetOwnEvent_CaseMismatch(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost() blockable = test_utils.CreateSantaBlockable() event_parent_key = datastore_utils.ConcatenateKeys( user.key, host.key, blockable.key) event = test_utils.CreateSantaEvent(blockable, executing_user=user.nickname, parent=event_parent_key) with self.LoggedInUser(user=user): response = self.testapp.get(self.ROUTE % blockable.key.id().upper()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertEqual(output['id'], event.key.id()) self.assertEqual(output['hostId'], event.host_id) self.assertIn('Event', output['class_'])
def testDedupe_AddNewerQuarantineData(self): blockable = test_utils.CreateSantaBlockable() quarantine = event_models.QuarantineMetadata( data_url='http://notbad.com', referer_url='http://sourceforge.com', downloaded_dt=datetime.datetime.utcnow(), agent_bundle_id='123456') now = datetime.datetime.utcnow() event = test_utils.CreateSantaEvent(blockable, quarantine=quarantine, last_blocked_dt=now) new_quarantine = datastore_utils.CopyEntity(event.quarantine, data_url='http://3vil.com') later_dt = event.last_blocked_dt + datetime.timedelta(seconds=1) later_event = datastore_utils.CopyEntity(event, quarantine=new_quarantine, last_blocked_dt=later_dt) event.Dedupe(later_event) self.assertEqual('http://3vil.com', event.quarantine.data_url)
def setUp(self, app): super(BlockablesTest, self).setUp(wsgi_app=app) self.bit9_blockable = test_utils.CreateBit9Binary( id='zzzzzzzzzaaa', id_type=constants.ID_TYPE.SHA256, file_name='Mac.app.exe') self.bit9_blockable2 = test_utils.CreateBit9Binary( id='zzzzzzzzzbbb', id_type=constants.ID_TYPE.SHA256, file_name='app.exe') self.generic_blockable = test_utils.CreateBlockable( file_name='Not4Mac.exe', state=constants.STATE.SUSPECT) self.santa_blockable = test_utils.CreateSantaBlockable( publisher='Arple', product_name='New Shiny', flagged=True) self.santa_certificate = test_utils.CreateSantaCertificate( id_type=constants.ID_TYPE.SHA256, common_name='Best Cert Ever', organization='Totally Legit CA') self.PatchValidateXSRFToken()
def testChangeState_Success(self): # Verify the SantaBlockable is in the default state of UNTRUSTED. blockable = test_utils.CreateSantaBlockable() blockable_hash = blockable.blockable_hash blockable = binary_models.SantaBlockable.get_by_id(blockable_hash) self.assertIsNotNone(blockable) self.assertEqual(constants.STATE.UNTRUSTED, blockable.state) # Note the state change timestamp. old_state_change_dt = blockable.state_change_dt # Change the state. blockable.ChangeState(constants.STATE.BANNED) # Reload, and verify the state change. blockable = binary_models.SantaBlockable.get_by_id(blockable_hash) self.assertIsNotNone(blockable) self.assertEqual(constants.STATE.BANNED, blockable.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.BINARY) # And the state change timestamp should be increased. self.assertGreater(blockable.state_change_dt, old_state_change_dt)
def testDedupe_AddOldQuarantineData(self): blockable = test_utils.CreateSantaBlockable() now = datetime.datetime.utcnow() event = test_utils.CreateSantaEvent(blockable, quarantine=None, first_blocked_dt=now) quarantine = event_models.QuarantineMetadata( data_url='http://notbad.com', referer_url='http://sourceforge.com', downloaded_dt=datetime.datetime.utcnow(), agent_bundle_id='123456') earlier_dt = event.first_blocked_dt - datetime.timedelta(seconds=1) earlier_event = datastore_utils.CopyEntity( event, quarantine=quarantine, event_type=constants.EVENT_TYPE.BLOCK_CERTIFICATE, first_blocked_dt=earlier_dt) event.Dedupe(earlier_event) self.assertNotEqual(constants.EVENT_TYPE.BLOCK_CERTIFICATE, event.event_type) self.assertIsNotNone(event.quarantine)
def setUp(self): app = webapp2.WSGIApplication([ webapp2.Route(r'/', handler=hosts.AssociatedHostHandler, handler_method='GetSelf'), webapp2.Route(r'/<user_id:.*>', handler=hosts.AssociatedHostHandler, handler_method='GetByUserId') ]) super(AssociatedHostHandlerTest, self).setUp(app) self.user = test_utils.CreateUser() self.admin = test_utils.CreateUser(admin=True) self.santa_blockable = test_utils.CreateSantaBlockable() self.santa_event = test_utils.CreateSantaEvent( self.santa_blockable, host_id=self.santa_host_1.key.id(), executing_user=self.user.nickname, parent=utils.ConcatenateKeys(self.user.key, self.santa_host_1.key, self.santa_blockable.key)) self.bit9_host_1.users = [self.user.nickname] self.bit9_host_1.put()
def testRunByLocalAdmin_True(self): blockable = test_utils.CreateSantaBlockable() event = test_utils.CreateSantaEvent( blockable, executing_user=constants.LOCAL_ADMIN.MACOS) self.assertTrue(event.run_by_local_admin)
def testGet_NotAPackage(self): blockable = test_utils.CreateSantaBlockable() with self.LoggedInUser(): self.testapp.get(self.ROUTE % blockable.key.id(), status=httplib.BAD_REQUEST)
def testToDict_NotPackage(self): blockable = test_utils.CreateSantaBlockable() rule = test_utils.CreateSantaRule(blockable.key, rule_type=constants.RULE_TYPE.BINARY) self.assertNotIn('binary_ids', rule.to_dict())
def setUp(self): app = webapp2.WSGIApplication(routes=[events.ROUTES]) super(EventsTest, self).setUp(wsgi_app=app) self.santa_cert = test_utils.CreateSantaCertificate() self.santa_blockable1 = test_utils.CreateSantaBlockable( id='aaaabbbbccccddddeeeeffffgggg', file_name='Product.app', cert_key=self.santa_cert.key, cert_sha256=self.santa_cert.key.id()) self.santa_blockable2 = test_utils.CreateSantaBlockable( id='hhhhiiiijjjjkkkkllllmmmmnnnn', file_name='Another Product.app') self.bit9_blockable1 = test_utils.CreateBit9Binary( id='zzzzaaaayyyybbbbxxxxccccwwww', file_name='notepad++.exe') self.user_1 = test_utils.CreateUser() self.user_2 = test_utils.CreateUser() self.santa_host1 = test_utils.CreateSantaHost( id='AAAAAAAA-1111-BBBB-2222-CCCCCCCCCCCC', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_host2 = test_utils.CreateSantaHost( id='DDDDDDDD-3333-EEEE-33333-FFFFFFFFFFFF', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host1 = test_utils.CreateSantaHost( id='CHANGE-ME', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host2 = test_utils.CreateSantaHost( id='CHANGE-ME2', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_event1_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable1.key)) self.santa_event2_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host2.key, self.santa_blockable1.key)) self.santa_event3_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable2, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_1.nickname, file_name=self.santa_blockable2.file_name, file_path='/Applications/Another Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable2.key)) self.santa_event1_from_user2 = test_utils.CreateSantaEvent( self.santa_blockable1, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_2.nickname, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.santa_host2.key, self.santa_blockable1.key)) self.bit9_event1_from_user1 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_1.nickname, file_name=self.bit9_blockable1.file_name, file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.bit9_host1.key, self.bit9_blockable1.key)) self.bit9_event1_from_user2 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_2.nickname, file_name='notepad++.exe', file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.bit9_host2.key, self.bit9_blockable1.key)) self.PatchValidateXSRFToken()
def testNotPackage(self): blockable = test_utils.CreateSantaBlockable() rule = test_utils.CreateSantaRule(blockable.key, rule_type=constants.RULE_TYPE.BINARY) self.assertListEqual([], model_utils.GetBundleBinaryIdsForRule(rule))
def AddBlockableToDatastore(self, *args): test_utils.CreateSantaBlockable(id='NotYetSynced') return mock.Mock(status_code=httplib.OK)
def testIsInstance(self): blockable = test_utils.CreateSantaBlockable() self.assertTrue(blockable.IsInstance('Blockable')) self.assertTrue(blockable.IsInstance('Binary')) self.assertTrue(blockable.IsInstance('SantaBlockable')) self.assertFalse(blockable.IsInstance('SomethingElse'))