def setUp(self): super(SantaModelTest, self).setUp() self.santa_blockable = santa.SantaBlockable( id='aaaabbbbccccdddd', id_type=constants.ID_TYPE.SHA256, blockable_hash='aaaabbbbccccdddd', file_name='Mac.app', publisher='Arple', product_name='New Shiny', version='2.0') self.santa_certificate = santa.SantaCertificate( id='mmmmnnnnoooopppp', id_type=constants.ID_TYPE.SHA256, blockable_hash='mmmmnnnnoooopppp', file_name='MagicCert', publisher='Total Legit CA', version='7.0', common_name='Trustee', organization='Big Lucky', organizational_unit='The Unit') quarantine = santa.QuarantineMetadata( data_url='http://notbad.com', referer_url='http://sourceforge.com', downloaded_dt=datetime.datetime.utcnow(), agent_bundle_id='123456') now = datetime.datetime.utcnow() self.santa_event = santa.SantaEvent( blockable_key=self.santa_blockable.key, event_type=constants.EVENT_TYPE.ALLOW_BINARY, file_name='Mac.app', file_path='/', executing_user='******', first_blocked_dt=now, last_blocked_dt=now, quarantine=quarantine) self.santa_blockable.put() self.santa_certificate.put() self.santa_event.put() self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
def EnsureCritialRules(): """Pre-populates Datastore with any critical Rule entities.""" for critical_hash in settings.CRITICAL_MAC_OS_CERT_HASHES: cert = santa.SantaCertificate.get_by_id(critical_hash) if not cert: cert = santa.SantaCertificate(id=critical_hash, id_type=constants.ID_TYPE.SHA256) cert.put() # Check for at least one matching SantaRule. rule_missing = santa.SantaRule.query(ancestor=cert.key).get( keys_only=True) is None # Doesn't exist? Add it! if rule_missing: santa.SantaRule(parent=cert.key, rule_type=constants.RULE_TYPE.CERTIFICATE, policy=constants.RULE_POLICY.WHITELIST).put()
def _GenerateCertificatesFromJsonEvent(cls, event): """Generates the list of Certificate entities associated with the event. Args: event: A single JSON event uploaded by the client. Returns: A list of the created-but-not-persisted SantaCertificate entities. """ signing_chain = event.get(santa_const.EVENT_UPLOAD.SIGNING_CHAIN, []) certs = [] for cert in signing_chain: cert_entity = santa_db.SantaCertificate( id=cert.get(santa_const.EVENT_UPLOAD.SHA256), id_type=common_const.ID_TYPE.SHA256, common_name=cert.get(santa_const.EVENT_UPLOAD.CN), organization=cert.get(santa_const.EVENT_UPLOAD.ORG), organizational_unit=cert.get(santa_const.EVENT_UPLOAD.OU), valid_from_dt=datetime.datetime.utcfromtimestamp( cert.get(santa_const.EVENT_UPLOAD.VALID_FROM)), valid_until_dt=datetime.datetime.utcfromtimestamp( cert.get(santa_const.EVENT_UPLOAD.VALID_UNTIL))) certs.append(cert_entity) return certs