def test_search_complex_args(self, mock_client):
args = [
relationship('investigation.created_at',
gt(datetime.datetime(2020, 1, 1))),
relationship('investigation.created_at',
lt(datetime.datetime(2020, 5, 1))),
relationship('investigation.organization.id', ORGANIZATION_ID)
]
kwargs = {
'action_types': 'MANUAL',
}
mock_client.investigative_actions.search(*args, **kwargs)
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigative_actions?filter[investigation][created_at]=>2020-01-01T00:00:00&filter[investigation][created_at]=<2020-05-01T00:00:00&filter[investigation][organization][id]=11111111-1111-1111-1111-111111111111&filter[action_types]=MANUAL&sort=+created_at&sort=+id'
def test_except(self, mock_client):
with pytest.raises(ValueError):
mock_client.investigations.search(close_comment=isnull(21123))
with pytest.raises(ValueError):
mock_client.investigations.search(
relationship('comments.comment', isnull(21123)))
def test_relationship_does_not_exist(self, mock_client):
rel = relationship('something.not_existing', '')
rel.rels = ['one', 'two']
with pytest.raises(ValueError) as e:
rel.create_query_filters()
assert 'not a defined relationship' in str(e.value)
def test_create_operator(self, mock_client):
rel = relationship('comments.comment', window(123, 456))
rel.rels = ['comments']
result = rel.create_query_filters()
assert result == [('filter[comments][comment]', '>123'),
('filter[comments][comment]', '<456')]
def test_no_rels(self, mock_client):
rel = relationship('comment.comment', '')
with pytest.raises(ValueError) as e:
rel.create_query_filters()
assert str(
e.value
) == 'Relationship operator has no class relationships defined'
def test_true(self, mock_client):
mock_client.investigations.search(close_comment=isnull(True))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[close_comment]=\u2400true&sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', isnull(True)))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[comments][comment]=\u2400true&sort=+created_at&sort=+id'
def test_other(self, mock_client):
mock_client.investigations.search(close_comment=window(100, 500))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[close_comment]=>100&filter[close_comment]=<500&sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', window(100, 500)))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[comments][comment]=>100&filter[comments][comment]=<500&sort=+created_at&sort=+id'
def test_values(self, mock_client):
mock_client.investigations.search(close_comment=neq('one', 'two'))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[close_comment]=!one&filter[close_comment]=!two&sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', neq('one', 'two')))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[comments][comment]=!one&filter[comments][comment]=!two&sort=+created_at&sort=+id'
def test_none(self, mock_client):
mock_client.investigations.search(close_comment=neq())
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', neq()))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?sort=+created_at&sort=+id'
def test_datetime(self, mock_client):
dt = datetime.datetime(2020, 1, 1)
mock_client.investigations.search(close_comment=lt(dt))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[close_comment]=<2020-01-01T00:00:00&sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', lt(dt)))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[comments][comment]=<2020-01-01T00:00:00&sort=+created_at&sort=+id'
def get_inv_changes(xc, since):
'''
Method polls a few different endpoints for updates to their histories which indicate updates/changes in Workbench.
'''
for change in xc.investigative_action_histories.search(
relationship('investigation.id', notnull()),
created_at=gt(since.isoformat())):
if change.investigation is None:
print("Skipping ... due to expel alert")
continue
entry = {
'action': change.action,
'value': change.value,
'investigation_id': change.investigation.id
}
if change.action == 'ASSIGNED':
entry['assigned_to_actor'] = change.assigned_to_actor.display_name
yield entry
for change in xc.investigation_finding_histories.search(
created_at=gt(since.isoformat())):
entry = {
'action': change.action,
'created_at': change.created_at,
'updated_at': change.updated_at,
'updated_by': change.updated_by.display_name,
'value': change.value,
'investigation_id': change.investigation.id
}
yield entry
for change in xc.investigation_histories.search(
created_at=gt(since.isoformat())):
entry = {
'action': change.action,
'created_at': change.created_at,
'created_by': change.created_by.display_name,
'assigned_to_actor': change.assigned_to_actor.display_name,
'value': change.value,
'investigation_id': change.investigation.id
}
yield entry
def test_create_value(self, mock_client):
rel = relationship('comments.comment', 'some value')
rel.rels = ['comments']
result = rel.create_query_filters()
assert result == [('filter[comments][comment]', 'some value')]
def test_init_except(self, mock_client):
too_long = 'comment.comment.comment'
with pytest.raises(ValueError):
relationship(too_long, '')
