def test_delete_command_basic(core_session, setup_generic_pe_command_with_no_rules): logger.info("test_delete_command_basic") commandName, commandID = setup_generic_pe_command_with_no_rules # Trying to add a new Command with same name should fail _, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows") assert not isSuccess, "Creating duplicate privilege command succeeded" # Delete the command result, isSuccess = PrivilegeElevation.del_pe_command(core_session, ident=commandID) assert isSuccess, f"Deleting command failed: {result}" # Creating command with same name should now succeed _, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux") assert isSuccess, f"Creating command with same name after deleting it, failed"
def test_privilege_elevation_add_command_Duplicate(core_session): """ Test case: Test for when duplicate command is added """ session = core_session cmdName = "cmd" + Util.random_string() result, success = PrivilegeElevation.add_pe_command( session, cmdName, "systemctl restart network", "Linux") assert success is True, f'PrivilegeElevation add command has failed {result}' result, success = PrivilegeElevation.add_pe_command( session, cmdName, "systemctl restart network", "Linux") assert success is False, f'PrivilegeElevation add command has failed {result}' assert f"Privilege elevation command '{cmdName}' already exists" in result[ 'Message'], f'PrivilegeElevation add command should fail with errorPrivilege elevation command '{cmdName}' already exists {result}' #Add more tests for v2
def test_pe_del_command_with_no_pe_permission(users_and_roles, core_session, setup_generic_pe_command_with_no_rules): logger.info("test_pe_command_non_admin_user_with_no_pe_permission") requester_session = users_and_roles.get_session_for_user() commandName, commandID = setup_generic_pe_command_with_no_rules # Trying to add a new Command with same name should fail _, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows") assert not isSuccess, "Creating duplicate privilege command succeeded" # Delete the command as a user with no permissions should fail result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, ident=commandID) assert not isSuccess, f"Deleting command as a user with no permissions passed: {result}" # Creating command with same name should still fail _, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux") assert not isSuccess, f"Creating command with same name passed" # Deleting it for cleanup result, isSuccess = PrivilegeElevation.del_pe_command(core_session, name=commandName) assert isSuccess, f"Deleting command for cleanup failed: {result}"
def test_privilege_elevation_add_command_EmptyApplyTo(core_session): """ Test case: Test for all valid params except empty ApplyTo """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "12#$##", "&uy545^&", "") assert success is False, f'PrivilegeElevation add command has failed {result}' assert "PrivilegeElevationPlatformNotSupportedException" in result[ 'Message'], f'PrivilegeElevation add command should fail with error PrivilegeElevationPlatformNotSupportedException {result}'
def test_privilege_elevation_add_command_EmptyCommandPattern(core_session): """ Test case: Test for all valid params except empty commandPattern """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "12#$##", "", "Linux") assert success is False, f'PrivilegeElevation add command has failed {result}' assert "Invalid arguments passed to the server." == result[ 'Message'], f'PrivilegeElevation add command should fail with error Invalid arguments passed to the server {result}'
def test_privilege_elevation_add_command_InvalidCommandPattern(core_session): """ Test case: Test for all valid params except commandPattern """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "123*876", False, "Linux") assert success is False, f'PrivilegeElevation add command has failed {result}' assert "Invalid data type for parameter: CommandPattern." in result[ 'Exception'], f'PrivilegeElevation add command should fail with error Invalid data type {result}'
def test_privilege_elevation_add_command_InvalidPlatform(core_session): """ Test case: Test for all valid params except platform """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "All commands", "*", "Mac") assert success is False, f'PrivilegeElevation add command has failed {result}' assert "PrivilegeElevationPlatformNotSupportedException" in result[ 'Message'], f'PrivilegeElevation add command should fail with error PlatformNotSupportedException {result}'
def test_pe_del_command_nonadmin_with_pe_permission(users_and_roles, core_session, setup_generic_pe_command_with_no_rules): logger.info("test_pe_command_non_admin_user_with_no_pe_permission") commandName, commandID = setup_generic_pe_command_with_no_rules requester_session = users_and_roles.get_session_for_user('Privilege Elevation Management') # Trying to add a new Command with same name should fail _, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows") assert not isSuccess, "Creating duplicate privilege command succeeded" # Delete the command as a non-admin user with pe permission should succeed result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, name=commandName) assert isSuccess, f"Deleting command as a non-admin user with pe permission failed: {result}"
def test_privilege_elevation_add_command_InvalidApplyTo(core_session): """ Test case: Test for all valid params except ApplyTo """ session = core_session result, success = PrivilegeElevation.add_pe_command(session, "All commands", "*", applyTo=345) assert success is False, f'PrivilegeElevation add command has failed {result}' assert "Parameter 'ApplyTo' must be specified." == result[ 'Message'], f'PrivilegeElevation add command should fail with error Parameter ApplyTo must be specified. {result}'
def test_privilege_elevation_add_command_all_required_params(core_session): """ Test case: Test for all required params """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "All commands" + Util.random_string(), "*", "Linux,Windows") assert success is True, f'PrivilegeElevation add command has failed {result}' #Clean up resp, success = PrivilegeElevation.del_pe_command( session, ident=result['Result']['ID']) assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_winlinux(core_session): """ Test case: Test for all valid params for ApplyTo as Windows,Linux """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "All commands" + Util.random_string(), "*", "Linux,Windows", "Run all commands", 0, "*", {}, {}) assert success is True, f'PrivilegeElevation add command has failed {result}' #Clean up resp, success = PrivilegeElevation.del_pe_command( session, ident=result['Result']['ID']) assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_win(core_session): """ Test case: Test for all valid params for ApplyTo as Windows """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "Restart any windows service" + Util.random_string(), "netsh", "Windows", "Restart any windows service", 3, "netsh", {}, {}) assert success is True, f'PrivilegeElevation add command has failed {result}' #Clean up resp, success = PrivilegeElevation.del_pe_command( session, ident=result['Result']['ID']) assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_linux(core_session): """ Test case: Test for all valid params for ApplyTo as Linux """ session = core_session result, success = PrivilegeElevation.add_pe_command( session, "Restart any linux service" + Util.random_string(), "systemctl restart", "Linux", "Restart any linux service", 6, "usr/sbin/systemctl", {}, {}) assert success is True, f'PrivilegeElevation add command has failed {result}' #Clean up resp, success = PrivilegeElevation.del_pe_command( session, ident=result['Result']['ID']) assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'