def test_phishing_report_not_trusted(self, mock_rq):
"""
Sample7 is a phishing report
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq.return_value = None
sample = self._samples['sample7']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertEqual('Phishing', report.category.name)
self.assertFalse(report.ticket)
self.assertEqual('PhishToCheck', report.status)
# test timeout
from worker.report import archive_if_timeout
report.status = 'New'
report.save()
archive_if_timeout(report_id=report.id)
report = Report.objects.get(id=report.id)
self.assertEqual('Archived', report.status)
def test_ticket_and_ack(self, mock_rq):
"""
Sample3 is trusted
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample3']
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertEqual('*****@*****.**', report.provider.email)
self.assertEqual('Copyright', report.category.name)
self.assertEqual(1, report.ticket.id)
self.assertEqual('Attached', report.status)
with ImplementationFactory.instance.get_instance_of('StorageServiceBase', settings.GENERAL_CONFIG['email_storage_dir']) as cnx:
file_content = cnx.read(report.filename)
self.assertIn('*****@*****.**', file_content)
emails = ImplementationFactory.instance.get_singleton_of('MailerServiceBase').get_emails(report.ticket)
self.assertEqual(1, len(emails))
self.assertEqual(1, ContactedProvider.objects.count())
self.assertIn(report.ticket.publicId, emails[0].subject)
# Test stats
from worker import stats
stats.update_defendants_history()
stat = Stat.objects.get(defendant=report.defendant, category='Copyright')
self.assertEqual(1, stat.reports)
self.assertEqual(1, stat.tickets)
def test_clearly_identified_phishing(self, mock_rq_enqueue_in, mock_ping, mock_rq_schedule, mock_rq_enqueue):
"""
Test when phishing is clearly identified (PingResponse last parameter is True)
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq_enqueue_in.return_value = None
mock_ping.return_value = PingResponse(0, '200', 'OK', 'OK', True)
mock_rq_schedule.return_value = FakeJob()
mock_rq_enqueue.return_value = FakeJob()
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
cerberus_report = Report.objects.last()
self.assertEqual('Phishing', cerberus_report.category.name)
self.assertTrue(cerberus_report.ticket)
self.assertEqual('WaitingAnswer', cerberus_report.ticket.status)
self.assertEqual('Attached', cerberus_report.status)
emails = ImplementationFactory.instance.get_singleton_of('MailerServiceBase').get_emails(cerberus_report.ticket)
self.assertEqual(2, len(emails))
email = emails[0]
self.assertIn('http://www.example.com/phishing.html', email.body)
def test_phishing_timeout(self, mock_rq_enqueue_in, mock_ping, mock_rq_schedule, mock_rq_enqueue):
"""
Test phishing workflow
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq_enqueue_in.return_value = None
mock_ping.return_value = PingResponse(100, '404', 'Not Found', 'Not Found for test_phishing_timeout', False)
mock_rq_schedule.return_value = FakeJob()
mock_rq_enqueue.return_value = FakeJob()
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
# Reopening ticket
cerberus_report = Report.objects.last()
cerberus_report.status = 'Attached'
cerberus_report.ticket.status = 'WaitingAnswer'
cerberus_report.ticket.snoozeDuration = 1
cerberus_report.ticket.snoozeStart = datetime.now() - timedelta(days=1)
cerberus_report.ticket.save()
cerberus_report.save()
from worker import ticket as ticket_func
ticket_func.update_waiting()
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Alarm', ticket.status)
ticket_func.timeout(ticket.id)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Closed', ticket.status)
self.assertEqual(settings.CODENAMES['fixed_customer'], ticket.resolution.codename)
# Reopening ticket
UrlStatus.objects.all().delete()
mock_ping.return_value = PingResponse(0, '200', 'UP', 'UP for test_phishing_timeout', False)
cerberus_report = Report.objects.last()
cerberus_report.status = 'Attached'
cerberus_report.ticket.status = 'WaitingAnswer'
cerberus_report.ticket.snoozeDuration = 1
cerberus_report.ticket.snoozeStart = datetime.now() - timedelta(days=1)
cerberus_report.ticket.save()
cerberus_report.save()
ticket_func.update_waiting()
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Alarm', ticket.status)
ticket_func.timeout(ticket.id)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Closed', ticket.status)
self.assertEqual(settings.CODENAMES['fixed'], ticket.resolution.codename)
def test_blacklisted_provider(self, mock_rq):
"""
Test if ticket is actually changing priority
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample14'] # Blacklisted
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
self.assertEqual(0, Report.objects.count())
def test_report_with_attachments(self, mock_rq):
"""
Sample4 contains attachments
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample4']
content = sample.read()
report.create_from_email(email_content=content)
self.assertEqual(1, Report.objects.count())
cerberus_report = Report.objects.last()
self.assertEqual(2, cerberus_report.attachments.count())
def test_report_tovalidate(self, mock_rq):
"""
Check that report's status is 'ToValidate' when trusted but no services identified
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample21'] # Low
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
cerberus_report = Report.objects.last()
self.assertEqual('ToValidate', cerberus_report.status)
def test_globals(self, mock_rq):
mock_rq.return_value = None
from worker import report
with open('tests/samples/sample3', 'r') as file_d:
content = file_d.read()
report.create_from_email(email_content=content, send_ack=False)
response = self.tester.post(
'/api/auth',
data=json.dumps({'name': settings.GENERAL_CONFIG['bot_user'], 'password': '******'}),
headers={'content-type': 'application/json'},
)
token = json.loads(response.get_data())['token']
response = self.tester.get(
'/api/dashboard',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(1, response['reportsByCategory']['Copyright'])
self.assertEqual(1, response['reportsByStatus']['Attached'])
self.assertEqual(1, response['ticketsByStatus']['Open'])
response = self.tester.get(
'/api/toolbar',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
for k, v in response.iteritems():
if not k == 'todoCount':
self.assertEqual(0, v)
else:
self.assertEqual(1, v)
response = self.tester.get(
'/api/defendants/top20',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(1, response['report'][0]['count'])
self.assertEqual('*****@*****.**', response['report'][0]['email'])
def test_acns_specific_no_workflow_2(self, mock_rq):
"""
Test copyright/acns specific workflow
"""
ReportWorkflowFactory.instance.registered_instances = []
from worker import report
Provider.objects.create(email='*****@*****.**', trusted=False)
mock_rq.return_value = None
sample = self._samples['acns']
content = sample.read()
report.create_from_email(email_content=content)
cerberus_report = Report.objects.last()
self.assertEqual('New', cerberus_report.status)
self.assertFalse(cerberus_report.ticket)
def test_report_threshold(self, mock_rq):
"""
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample2']
content = sample.read()
report.create_from_email(email_content=content)
report.create_ticket_with_threshold()
cerberus_report = Report.objects.last()
self.assertEqual('New', cerberus_report.status)
ReportThreshold.objects.all().update(threshold=1)
report.create_ticket_with_threshold()
cerberus_report = Report.objects.last()
self.assertEqual('Attached', cerberus_report.status)
def test_report_without_defendant(self, mock_rq):
"""
Sample1 does not contains any offending items, so just one report and no defendant/service
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample1']
content = sample.read()
report.create_from_email(email_content=content)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertFalse(report.defendant)
self.assertFalse(report.service)
self.assertFalse(report.attachments.count())
self.assertFalse(report.reportItemRelatedReport.count())
self.assertEqual('*****@*****.**', report.provider.email)
def test_phishing_report_trusted(self, mock_rq):
"""
Sample6 is a phishing report
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq.return_value = None
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertEqual('Phishing', report.category.name)
self.assertFalse(report.ticket)
self.assertEqual('PhishToCheck', report.status)
def test_phishing_report_not_trusted_no_workflow(self, mock_rq):
"""
Sample7 is not a trusted phishing report
"""
ReportWorkflowFactory.instance.registered_instances = []
from worker import report
mock_rq.return_value = None
sample = self._samples['sample7']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertEqual('Phishing', report.category.name)
self.assertFalse(report.ticket)
self.assertEqual('New', report.status)
def test_copyright_specific_workflow(self, mock_rq_enqueue_in, mock_rq_schedule, mock_rq_enqueue):
"""
Test copyright timeout
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq_enqueue_in.return_value = None
mock_rq_schedule.return_value = FakeJob()
mock_rq_enqueue.return_value = FakeJob()
sample = self._samples['sample18']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
cerberus_report = Report.objects.last()
cerberus_report.reportItemRelatedReport.all().update(fqdnResolved='1.2.3.4')
self.assertEqual('Attached', cerberus_report.status)
self.assertTrue(cerberus_report.ticket)
self.assertIn('report:copyright_report_workflow', cerberus_report.tags.all().values_list('name', flat=True))
cerberus_report.status = 'Attached'
cerberus_report.ticket.status = 'WaitingAnswer'
cerberus_report.ticket.snoozeDuration = 1
cerberus_report.ticket.snoozeStart = datetime.now() - timedelta(days=1)
cerberus_report.ticket.save()
cerberus_report.save()
from worker import ticket as ticket_func
ticket_func.update_waiting()
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Alarm', ticket.status)
ticket_func.timeout(ticket.id)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Closed', ticket.status)
self.assertEqual(settings.CODENAMES['fixed'], ticket.resolution.codename)
# Check if not trusted
Report.objects.all().delete()
Ticket.objects.all().delete()
content = content.replace("Test-Magic-Smtp-Header: it's here", "")
report.create_from_email(email_content=content, send_ack=False)
cerberus_report = Report.objects.last()
self.assertEqual('New', cerberus_report.status)
def test_acns_specific_workflow(self, mock_rq):
"""
Test copyright/acns specific workflow
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
Provider.objects.create(email='*****@*****.**', trusted=True)
mock_rq.return_value = None
sample = self._samples['acns']
content = sample.read()
report.create_from_email(email_content=content)
cerberus_report = Report.objects.last()
emails = ImplementationFactory.instance.get_singleton_of('MailerServiceBase').get_emails(cerberus_report.ticket)
self.assertEqual(2, len(emails))
self.assertEqual('Archived', cerberus_report.status)
self.assertEqual('Closed', cerberus_report.ticket.status)
def test_ticket_from_phishtocheck(self, mock_rq, mock_rq_enqueue):
from worker import report, ticket
mock_rq.return_value = None
mock_rq_enqueue.return_value = FakeJob()
sample = self._samples['sample7']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
cerberus_report = Report.objects.last()
user = User.objects.get(username=settings.GENERAL_CONFIG['bot_user'])
ticket.create_ticket_from_phishtocheck(report=cerberus_report.id, user=user.id)
cerberus_report = Report.objects.last()
self.assertEqual('Attached', cerberus_report.status)
self.assertEqual(1, cerberus_report.ticket.id)
emails = ImplementationFactory.instance.get_singleton_of('MailerServiceBase').get_emails(cerberus_report.ticket)
self.assertEqual(1, len(emails))
def test_phishing_report_down(self, mock_rq, mock_ping):
"""
Sample6 is a phishing report, now down items
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq.return_value = None
mock_ping.return_value = PingResponse(100, '404', 'Not Found', 'Not Found', False)
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertEqual('Phishing', report.category.name)
self.assertTrue(report.ticket)
self.assertEqual('Archived', report.status)
self.assertEqual('Closed', report.ticket.status)
self.assertEqual(1, ContactedProvider.objects.count()) # Because an email is sent
def test_report_with_defendant(self, mock_rq):
"""
Sample2 contains offending items
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample2']
content = sample.read()
report.create_from_email(email_content=content)
self.assertTrue(Defendant.objects.count())
self.assertEqual(1, Report.objects.count())
report = Report.objects.last()
self.assertTrue(report.defendant)
self.assertEqual('Doe', report.defendant.details.name)
self.assertTrue(report.service)
self.assertFalse(report.ticket)
self.assertFalse(report.attachments.count())
self.assertTrue(report.reportItemRelatedReport.count())
self.assertIn('213.251.151.160', report.reportItemRelatedReport.all().values_list('rawItem', flat=True))
def test_defendant_details_change(self, mock_rq):
"""
Test defendant revision/history modification
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample2']
content = sample.read()
report.create_from_email(email_content=content)
defendant = Report.objects.last().defendant
self.assertEqual(1, DefendantHistory.objects.filter(defendant=defendant).count())
self.assertEqual(1, defendant.details.id)
defendant.details.name = 'Test'
defendant.details.save()
defendant.save()
report.create_from_email(email_content=content)
defendant = Report.objects.last().defendant
self.assertEqual(2, DefendantHistory.objects.filter(defendant=defendant).count())
self.assertEqual(2, defendant.details.id)
self.assertEqual('Doe', defendant.details.name)
def test_phishing_trusted_provider(self, mock_rq):
"""
Sample20 came from a trusted phishing provider
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq.return_value = None
sample = self._samples['sample20']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
self.assertEqual(1, Report.objects.count())
cerberus_report = Report.objects.last()
self.assertEqual('Phishing', cerberus_report.category.name)
self.assertTrue(cerberus_report.ticket)
self.assertEqual('Attached', cerberus_report.status)
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
cerberus_report = Report.objects.last()
self.assertEqual('Phishing', cerberus_report.category.name)
self.assertFalse(cerberus_report.ticket)
self.assertEqual('PhishToCheck', cerberus_report.status)
sample = self._samples['sample7']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
cerberus_report = Report.objects.last()
self.assertEqual('Phishing', cerberus_report.category.name)
self.assertFalse(cerberus_report.ticket)
self.assertEqual('PhishToCheck', cerberus_report.status)
def test_ticket_change_priority(self, mock_rq):
"""
Test if ticket is actually changing priority
"""
from worker import report
mock_rq.return_value = None
sample = self._samples['sample11'] # Low
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
cerberus_report = Report.objects.last()
self.assertEqual('Low', cerberus_report.ticket.priority)
sample = self._samples['sample13'] # Critical
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
cerberus_report = Report.objects.last()
self.assertEqual('Critical', cerberus_report.ticket.priority)
sample = self._samples['sample12'] # Normal
content = sample.read()
report.create_from_email(email_content=content, send_ack=True)
cerberus_report = Report.objects.last()
self.assertEqual('Critical', cerberus_report.ticket.priority)
def test_admin(self, mock_rq):
mock_rq.return_value = None
from worker import report
with open('tests/samples/sample3', 'r') as file_d:
content = file_d.read()
report.create_from_email(email_content=content, send_ack=False)
response = self.tester.post(
'/api/auth',
data=json.dumps({'name': settings.GENERAL_CONFIG['bot_user'], 'password': '******'}),
headers={'content-type': 'application/json'},
)
token = json.loads(response.get_data())['token']
response = self.tester.get(
'/api/users',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(settings.GENERAL_CONFIG['bot_user'], response[0]['username'])
for profile in response[0]['profiles']:
self.assertEqual('Expert', profile['profile'])
response = self.tester.get(
'/api/categories',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
for category in response:
self.assertTrue(Category.objects.filter(**category).exists())
def test_ticket(self, mock_rq, mock_rq_enqueue):
mock_rq.return_value = None
mock_rq_enqueue.return_value = FakeJob()
from worker import report
with open('tests/samples/sample3', 'r') as file_d:
content = file_d.read()
report.create_from_email(email_content=content, send_ack=False)
response = self.tester.post(
'/api/auth',
data=json.dumps({'name': settings.GENERAL_CONFIG['bot_user'], 'password': '******'}),
headers={'content-type': 'application/json'},
)
token = json.loads(response.get_data())['token']
response = self.tester.get(
'/api/tickets/1',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = self.tester.get(
'api/tickets/1/actions/list',
headers={'X-API-TOKEN': token},
)
response = json.loads(response.get_data())
self.assertEqual(1, len(response))
self.assertEqual('default_action', response[0]['name'])
response = self.tester.get(
'api/tickets/1/items',
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
def test_action(self, mock_rq, mock_ping, mock_current_job):
"""
Test action functions
"""
ReportWorkflowFactory.instance.read_worflows_available()
from worker import report
mock_rq.return_value = None
mock_ping.return_value = PingResponse(100, '404', 'Not Found', 'Not Found', False)
mock_current_job.return_value = FakeJob()
sample = self._samples['sample6']
content = sample.read()
report.create_from_email(email_content=content, send_ack=False)
cerberus_report = Report.objects.last()
cerberus_report.status = 'Attached'
cerberus_report.ticket.status = 'WaitingAnswer'
cerberus_report.ticket.save()
cerberus_report.save()
ip_addr = '8.8.8.8'
resolution = Resolution.objects.get(codename='fixed')
user = User.objects.get(username=settings.GENERAL_CONFIG['bot_user'])
service_action = ServiceAction.objects.all()[0]
from worker import action
# Success
action.apply_if_no_reply(
ticket_id=cerberus_report.ticket.id,
action_id=service_action.id,
ip_addr=ip_addr,
resolution_id=resolution.id,
user_id=user.id
)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Alarm', ticket.status)
# Fail
action.apply_if_no_reply(
ticket_id=cerberus_report.ticket.id,
action_id=999999,
ip_addr=ip_addr,
resolution_id=resolution.id,
user_id=user.id
)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('ActionError', ticket.status)
ticket.status = 'WaitingAnswer'
ticket.save()
action.apply_then_close(
ticket_id=cerberus_report.ticket.id,
action_id=service_action.id,
ip_addr=ip_addr,
resolution_id=resolution.id,
user_id=user.id
)
ticket = Ticket.objects.get(id=cerberus_report.ticket.id)
self.assertEqual('Closed', ticket.status)
def test_search(self, mock_rq):
mock_rq.return_value = None
from worker import report
with open('tests/samples/sample3', 'r') as file_d:
content = file_d.read()
report.create_from_email(email_content=content, send_ack=False)
response = self.tester.post(
'/api/auth',
data=json.dumps({'name': settings.GENERAL_CONFIG['bot_user'], 'password': '******'}),
headers={'content-type': 'application/json'},
)
token = json.loads(response.get_data())['token']
params = {
'paginate': {
'currentPage': 1,
'resultsPerPage': 10
},
'queryFields': [
'id',
'publicId',
'category',
],
'sortBy': {
'creationDate': 1
},
'where': {
'in': [{
'status': [
'Open',
'Paused',
'Answered',
'Alarm',
'WaitingAnswer',
'Reopened'
]
}]
}
}
response = self.tester.get(
'/api/search',
query_string={'filters': json.dumps(params)},
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(1, response['ticketsCount'])
self.assertEqual('Copyright', response['tickets'][0]['category'])
self.assertNotIn('commentsCount', response['tickets'][0]['category'])
publicId = response['tickets'][0]['publicId']
# Filter with publicId
params['where']['like'] = [{'publicId': [publicId]}]
response = self.tester.get(
'/api/search',
query_string={'filters': json.dumps(params)},
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(1, response['ticketsCount'])
# Invalid publicId
params['where']['like'] = [{'publicId': 'AAAAAAAAAA'}]
response = self.tester.get(
'/api/search',
query_string={'filters': json.dumps(params)},
headers={'X-API-TOKEN': token},
)
self.assertEqual(response.status_code, 200)
response = json.loads(response.get_data())
self.assertEqual(0, response['ticketsCount'])