def test_process_scc_query_two_steps_no_final_result_2():
    # given
    uuid = '74b8f5a8982948fb9acc6377ecf5149a'
    step1 = Step(
        uuid=uuid,
        order=1,
        kind='ASSET',
        filter_=
        'securityCenterProperties.resourceType = "google.cloud.resourcemanager.Project" AND '
        'securityCenterProperties.resourceOwners : "blabla"',
        out_join='securityCenterProperties.resourceName',
        threshold=Threshold(operator="ge", value="0"))
    step2 = Step(uuid=uuid,
                 order=2,
                 kind='FINDING',
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='query_test',
                  description='testing',
                  steps=[step2, step1])

    # when
    result, _, _, _ = process_scc_query(
        query, {'sccquery{}'.format(uuid): 'working{}'.format(uuid)})

    # then
    assert result == 0, 'Should has empty return.'
def test_process_scc_query_two_steps_no_final_result():
    # given
    uuid = '386fa8353a0c4840a727fb13e013601a'
    read_time = ReadTime("FROM_NOW", "1h", "são paulo")
    step1 = Step(
        uuid=uuid,
        order=1,
        kind='ASSET',
        compare_duration='40w',
        filter_='securityCenterProperties.resourceType = "INSTANCE" AND '
        'securityCenterProperties.resourceName = "marine-physics-196005/instance/6515504379959957375"',
        read_time=read_time,
        out_join='securityCenterProperties.resourceName',
        threshold=Threshold(operator="ge", value="0"))
    step2 = Step(uuid=uuid,
                 order=2,
                 kind='FINDING',
                 filter_='category = "FOO"',
                 read_time=read_time,
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step2, step1])

    # when
    result, _, _, _ = process_scc_query(
        query, {'sccquery{}'.format(uuid): 'working{}'.format(uuid)})

    # then
    assert result == 0, 'Should has empty return.'
def test_process_scc_query_three_steps():
    # given
    uuid = '74b8f5a8123450fb9acc6377ecf5159b'
    step1 = Step(uuid=uuid,
                 order=1,
                 kind='FINDING',
                 filter_='category : "PROJECT_ACCESS"',
                 out_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    step2 = Step(uuid=uuid,
                 order=2,
                 kind='ASSET',
                 in_join='name',
                 out_join='name',
                 threshold=Threshold(operator="ge", value="0"))
    step3 = Step(uuid=uuid,
                 order=3,
                 kind='FINDING',
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step3, step2, step1])

    # when
    result, result_kind, step_result, _ = process_scc_query(
        query, {'sccquerytest{}'.format(uuid): 'workingtest{}'.format(uuid)})

    # then
    assert result > 0, 'Should return at least one item.'
    assert 'FINDING' == result_kind
    assert 3 == len(step_result)
    assert 'SUCCESS' == step_result[1]['status']
    assert 'SUCCESS' == step_result[2]['status']
    assert 'SUCCESS' == step_result[3]['status']
def test_process_scc_query_two_steps():
    # given
    uuid = '293f42e2089c4f4491db881e961ca0ca'
    read_time = ReadTime("FROM_NOW", "1h", "são paulo")
    step1 = Step(uuid=uuid,
                 order=1,
                 kind='ASSET',
                 compare_duration='40w',
                 filter_='resourceProperties.name : "notifier"',
                 read_time=read_time,
                 out_join='securityCenterProperties.resourceParent',
                 threshold=Threshold(operator="ge", value="0"))
    step2 = Step(uuid=uuid,
                 order=2,
                 kind='FINDING',
                 read_time=read_time,
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step2, step1])

    # when
    result, result_kind, step_result, _ = process_scc_query(
        query, {'sccquery2step{}'.format(uuid): 'working2step{}'.format(uuid)})

    # then
    assert 2 == len(step_result)
    assert 'FINDING' == result_kind
    assert 'SUCCESS' == step_result[1]['status']
    assert 'SUCCESS' == step_result[2]['status']
def test_process_scc_query_single_step():
    # given
    uuid = '6f04f63232764ff3b32a92f794fb0f2f'
    read_time = ReadTime("TIMESTAMP", "2018-11-01T01:00:00-0200", "são paulo")
    step = Step(
        uuid=uuid,
        order=1,
        kind='ASSET',
        compare_duration='2w',
        filter_=
        'securityCenterProperties.resourceType = "google.cloud.resourcemanager.Project" AND '
        'securityCenterProperties.resourceOwners : "ciandt" AND '
        'resourceProperties.name : "tools"',
        read_time=read_time,
        threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step])

    # when
    result, result_kind, step_result, _ = process_scc_query(
        query, {'sccquerycit{}'.format(uuid): 'workingcit{}'.format(uuid)})

    # then
    assert 1 == len(step_result)
    assert result == step_result[1]['responseSize']
    assert 'ASSET' == result_kind
    assert 'SUCCESS' == step_result[1]['status']
def test_validate_runnable_query_with_threshold_operator(threshold_operator):
    # given
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                threshold=Threshold(operator=threshold_operator, value="10"))
    query = Query(uuid='uuid', steps=[step])
    # when / then
    validate_runnable_query(query)
def test_process_scc_query_three_steps_with_all_ports_allowed_firewall_rule_fail_threshold(
):
    # given
    uuid = '74b8f5a8982948fb9acc63775485149f'
    step1 = Step(
        uuid=uuid,
        order=1,
        kind='ASSET',
        filter_=
        'securityCenterProperties.resourceType = "google.compute.Firewall" AND '
        'resourceProperties.allowed : "0-65535" AND '
        'securityCenterProperties.resourceOwners : "an"',
        out_join='securityCenterProperties.resourceParent',
        threshold=Threshold(operator="ge", value="0"))
    step2 = Step(
        uuid=uuid,
        order=2,
        kind='ASSET',
        filter_=
        'securityCenterProperties.resourceType = "google.compute.Instance" AND '
        'resourceProperties.zone : "central"',
        in_join='securityCenterProperties.resourceParent',
        out_join='name',
        threshold=Threshold(operator="ge", value="0"))
    step3 = Step(uuid=uuid,
                 order=3,
                 kind='FINDING',
                 filter_='category : "audit_log"',
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="100"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step3, step2, step1])

    # when
    result, _, step_results, _ = process_scc_query(
        query, {'sccquery{}'.format(uuid): 'working{}'.format(uuid)})

    # then
    assert result == 0, 'Should return no items.'
    assert len(step_results) == 3, 'Should have executed all steps.'
    assert int(
        step_results[2]['responseSize']) > 0, 'Last step must not be empty.'
def test_validate_runnable_query_duration_valid(duration):
    # given
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                compare_duration=duration,
                threshold=Threshold(operator="le", value="10"))
    query = Query(uuid='uuid', steps=[step])
    # when / then
    validate_runnable_query(query)
def test_validate_runnable_query_ref_time_timestamp_valid(timestamp):
    # given
    ref_time = ReadTime(_type='TIMESTAMP', value=timestamp, zone=None)
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                read_time=ref_time,
                threshold=Threshold(operator="ge", value="10"))
    query = Query(uuid='uuid', steps=[step])
    # when / then
    validate_runnable_query(query)
def test_validate_runnable_query_ref_time_from_now_valid(duration):
    # given
    ref_time = ReadTime(_type='FROM_NOW', value=duration, zone=None)
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                read_time=ref_time,
                threshold=Threshold(operator="le", value="10"))
    query = Query(uuid='uuid', steps=[step])
    # when / then
    validate_runnable_query(query)
def test_process_scc_query_with_invalid_marks():
    # given
    uuid = '6f04f632-3276-4ff3-b32a-92f794fb0f2f'
    step = Step(uuid=uuid,
                order=1,
                kind='FINDING',
                threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid, name='All findings', steps=[step])

    # when
    result, result_kind, step_result, _ = process_scc_query(
        query, {'sccquerycit{}'.format(uuid): 'workingcit{}'.format(uuid)})
def test_validate_save_query_ok():
    # given
    uuid = '57e43773-7890-4530-a667-443089a90adc'
    step = Step(uuid=uuid,
                order=1,
                kind='ASSET',
                threshold=Threshold(operator='gt', value='0'))
    query = Query(uuid=uuid,
                  steps=[step],
                  name='Name',
                  description='Description')
    # when / then
    validate_save_query(query)
def test_validate_runnable_query_no_threshold():
    # given
    uuid = '57e43773-7890-4530-a667-443089a90adc'
    step = Step(uuid=uuid, order=1, kind='ASSET')
    query = Query(uuid=uuid, steps=[step])
    expected_error_key = 'threshold1'
    expected_error_value = {'message': 'Threshold is empty on step #1'}
    with pytest.raises(QBValidationError) as ex:
        # when
        validate_runnable_query(query)
    # then
    assert len(ex.value.errors) == 1, 'Should return exactly 1 error'
    assert ex.value.errors[expected_error_key] == expected_error_value
def test_process_scc_query_three_steps_with_all_ports_allowed_firewall_rule():
    # given
    uuid = '74b8f5a8982948fb9acc63775485149f'
    step1 = Step(
        uuid=uuid,
        order=1,
        kind='ASSET',
        filter_=
        'securityCenterProperties.resourceType = "google.compute.Firewall" AND '
        'resourceProperties.allowed : "0-65535" AND '
        'securityCenterProperties.resourceOwners : "an"',
        out_join='securityCenterProperties.resourceParent',
        threshold=Threshold(operator="ge", value="0"))
    step2 = Step(
        uuid=uuid,
        order=2,
        kind='ASSET',
        filter_=
        'securityCenterProperties.resourceType = "google.compute.Instance"',
        in_join='securityCenterProperties.resourceParent',
        out_join='name',
        threshold=Threshold(operator="ge", value="0"))
    step3 = Step(uuid=uuid,
                 order=3,
                 kind='FINDING',
                 filter_='category : "audit_log"',
                 in_join='resourceName',
                 threshold=Threshold(operator="ge", value="0"))
    query = Query(uuid=uuid,
                  name='Find projects on organization',
                  steps=[step3, step2, step1])

    # when
    result, result_kind, step_result, _ = process_scc_query(
        query, {'sccquery{}'.format(uuid): 'working{}'.format(uuid)})

    # then
    assert result > 0, 'Should return at least one item.'
def test_validate_save_query_empty_description():
    # given
    uuid = '57e43773-7890-4530-a667-443089a90adc'
    step = Step(uuid=uuid,
                order=1,
                kind='ASSET',
                threshold=Threshold(operator='gt', value='0'))
    query = Query(uuid=uuid, steps=[step], name='Name')
    expected_error_key = 'description'
    expected_error_value = {'message': 'Field description required'}
    with pytest.raises(QBValidationError) as ex:
        # when
        validate_save_query(query)
    # then
    assert len(ex.value.errors) == 1, 'Should return exactly 1 error'
    assert ex.value.errors[expected_error_key] == expected_error_value
def test_validate_runnable_query_ref_time_from_now_invalid(duration):
    # given
    ref_time = ReadTime(_type='FROM_NOW', value=duration, zone=None)
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                read_time=ref_time,
                threshold=Threshold(operator="le", value="10"))
    query = Query(uuid='uuid', steps=[step])
    expected_error_key = 'readTimeValue1'
    expected_error_value = {'message': 'Read time field invalid on step #1'}
    with pytest.raises(QBValidationError) as ex:
        # when
        validate_runnable_query(query)
    # then
    assert len(ex.value.errors) == 1, 'Should return exactly 1 error'
    assert ex.value.errors[expected_error_key] == expected_error_value
def test_validate_runnable_query_duration_invalid(duration):
    # given
    step = Step(uuid='uuid',
                order=1,
                kind='ASSET',
                compare_duration=duration,
                threshold=Threshold(operator="le", value="5"))
    query = Query(uuid='uuid', steps=[step])
    expected_error_key = 'compareDuration1'
    expected_error_value = {
        'message': 'Compare duration field invalid on step #1'
    }
    with pytest.raises(QBValidationError) as ex:
        # when
        validate_runnable_query(query)
    # then
    assert len(ex.value.errors) == 1, 'Should return exactly 1 error'
    assert ex.value.errors[expected_error_key] == expected_error_value
def test_validate_runnable_query_invalid_threshold_operator(operator):
    # given
    uuid = '57e43773-7890-4530-a667-443089a90adc'
    step = Step(uuid=uuid,
                order=1,
                kind='ASSET',
                threshold=Threshold(operator=operator, value='1'))
    query = Query(uuid=uuid, steps=[step])
    expected_error_key = 'thresholdOperator1'
    expected_error_value = {
        'message':
        "Threshold operator field invalid on step #1. Valid ['lt', 'le', 'eq', 'ne', 'ge', 'gt']"
    }
    with pytest.raises(QBValidationError) as ex:
        # when
        validate_runnable_query(query)
    # then
    assert len(ex.value.errors) == 1, 'Should return exactly 1 error'
    assert ex.value.errors[expected_error_key] == expected_error_value
예제 #19
0
def build_step(operator, value):
    threshold = Threshold(operator, value)
    return Step('FAKE-UUID-001', 1, "ASSET", threshold=threshold)