def test_delete_command_basic(core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_delete_command_basic")
commandName, commandID = setup_generic_pe_command_with_no_rules
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, ident=commandID)
assert isSuccess, f"Deleting command failed: {result}"
# Creating command with same name should now succeed
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux")
assert isSuccess, f"Creating command with same name after deleting it, failed"
def test_privilege_elevation_add_command_Duplicate(core_session):
"""
Test case: Test for when duplicate command is added
"""
session = core_session
cmdName = "cmd" + Util.random_string()
result, success = PrivilegeElevation.add_pe_command(
session, cmdName, "systemctl restart network", "Linux")
assert success is True, f'PrivilegeElevation add command has failed {result}'
result, success = PrivilegeElevation.add_pe_command(
session, cmdName, "systemctl restart network", "Linux")
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert f"Privilege elevation command '{cmdName}' already exists" in result[
'Message'], f'PrivilegeElevation add command should fail with errorPrivilege elevation command '{cmdName}' already exists {result}'
#Add more tests for v2
def test_pe_del_command_with_no_pe_permission(users_and_roles, core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_pe_command_non_admin_user_with_no_pe_permission")
requester_session = users_and_roles.get_session_for_user()
commandName, commandID = setup_generic_pe_command_with_no_rules
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command as a user with no permissions should fail
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, ident=commandID)
assert not isSuccess, f"Deleting command as a user with no permissions passed: {result}"
# Creating command with same name should still fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux")
assert not isSuccess, f"Creating command with same name passed"
# Deleting it for cleanup
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, name=commandName)
assert isSuccess, f"Deleting command for cleanup failed: {result}"
def test_privilege_elevation_add_command_EmptyApplyTo(core_session):
"""
Test case: Test for all valid params except empty ApplyTo
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "12#$##", "&uy545^&", "")
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert "PrivilegeElevationPlatformNotSupportedException" in result[
'Message'], f'PrivilegeElevation add command should fail with error PrivilegeElevationPlatformNotSupportedException {result}'
def test_privilege_elevation_add_command_EmptyCommandPattern(core_session):
"""
Test case: Test for all valid params except empty commandPattern
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "12#$##", "", "Linux")
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert "Invalid arguments passed to the server." == result[
'Message'], f'PrivilegeElevation add command should fail with error Invalid arguments passed to the server {result}'
def test_privilege_elevation_add_command_InvalidCommandPattern(core_session):
"""
Test case: Test for all valid params except commandPattern
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "123*876", False, "Linux")
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert "Invalid data type for parameter: CommandPattern." in result[
'Exception'], f'PrivilegeElevation add command should fail with error Invalid data type {result}'
def test_privilege_elevation_add_command_InvalidPlatform(core_session):
"""
Test case: Test for all valid params except platform
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "All commands", "*", "Mac")
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert "PrivilegeElevationPlatformNotSupportedException" in result[
'Message'], f'PrivilegeElevation add command should fail with error PlatformNotSupportedException {result}'
def test_pe_del_command_nonadmin_with_pe_permission(users_and_roles, core_session,
setup_generic_pe_command_with_no_rules):
logger.info("test_pe_command_non_admin_user_with_no_pe_permission")
commandName, commandID = setup_generic_pe_command_with_no_rules
requester_session = users_and_roles.get_session_for_user('Privilege Elevation Management')
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command as a non-admin user with pe permission should succeed
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, name=commandName)
assert isSuccess, f"Deleting command as a non-admin user with pe permission failed: {result}"
def test_privilege_elevation_add_command_InvalidApplyTo(core_session):
"""
Test case: Test for all valid params except ApplyTo
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(session,
"All commands",
"*",
applyTo=345)
assert success is False, f'PrivilegeElevation add command has failed {result}'
assert "Parameter 'ApplyTo' must be specified." == result[
'Message'], f'PrivilegeElevation add command should fail with error Parameter ApplyTo must be specified. {result}'
def test_privilege_elevation_add_command_all_required_params(core_session):
"""
Test case: Test for all required params
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "All commands" + Util.random_string(), "*", "Linux,Windows")
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_winlinux(core_session):
"""
Test case: Test for all valid params for ApplyTo as Windows,Linux
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "All commands" + Util.random_string(), "*", "Linux,Windows",
"Run all commands", 0, "*", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_win(core_session):
"""
Test case: Test for all valid params for ApplyTo as Windows
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "Restart any windows service" + Util.random_string(), "netsh",
"Windows", "Restart any windows service", 3, "netsh", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_linux(core_session):
"""
Test case: Test for all valid params for ApplyTo as Linux
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "Restart any linux service" + Util.random_string(),
"systemctl restart", "Linux", "Restart any linux service", 6,
"usr/sbin/systemctl", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
