def testDupeBan(self): bit9_binary = test_utils.CreateBit9Binary() file_catalog = bit9_test_utils.CreateFileCatalog( id=bit9_binary.file_catalog_id, sha256=bit9_binary.key.id(), certificate_state=bit9_constants.APPROVAL_STATE.BANNED, file_state=bit9_constants.APPROVAL_STATE.APPROVED, publisher_state=bit9_constants.APPROVAL_STATE.APPROVED) self.assertEntityCount(base_db.Note, 0) sync._PersistBanNote(file_catalog).wait() self.assertEntityCount(base_db.Note, 1) sync._PersistBanNote(file_catalog).wait() self.assertEntityCount(base_db.Note, 1)
def testNoFileInstances(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Simulate getting no fileInstances from Bit9. self.PatchApiRequests([]) change_set.ChangeLocalState( binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) self.assertFalse(local_rule.key.get().is_fulfilled) self.assertNoBigQueryInsertions()
def testNoChanges(self): bit9_binary = test_utils.CreateBit9Binary(detected_installer=False) event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id=bit9_binary.file_catalog_id, sha256=bit9_binary.key.id(), file_flags=0x0)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertFalse(changed) # Empty because Binary is not new and State is not BANNED. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testNoChanges(self): bit9_binary = test_utils.CreateBit9Binary(detected_installer=False) file_catalog_kwargs = { 'id': bit9_binary.file_catalog_id, 'sha256': bit9_binary.key.id(), 'file_flags': 0x0} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertFalse(changed) # Empty because Binary is not new and State is not BANNED. self.assertNoBigQueryInsertions()
def testFileCatalogIdInitiallyMissing(self): bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None) sha256 = bit9_binary.key.id() file_catalog_kwargs = {'id': '12345', 'sha256': sha256} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256) self.assertEqual('12345', bit9_binary.file_catalog_id) # Should be Empty: No new Binary or BANNED State. self.assertNoBigQueryInsertions()
def testPost_Admin_Reset_CaseInsensitiveID(self, mock_reset): sha256 = test_utils.RandomSHA256() test_utils.CreateBit9Binary(id=sha256, id_type=constants.ID_TYPE.SHA256, file_name='some_binary') params = {'reset': 'reset'} with self.LoggedInUser(admin=True): self.testapp.post(self.ROUTE % sha256.lower(), params, status=httplib.OK) self.testapp.post(self.ROUTE % sha256.upper(), params, status=httplib.OK) self.assertEqual(2, mock_reset.call_count)
def testWhitelist_HasEvent(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Create a Bit9Event corresponding to the Bit9Rule. pairs = [ ('User', user.email), ('Host', '2222'), ('Blockable', binary.key.id()), ('Event', '1')] event_key = ndb.Key(pairs=pairs) first_blocked_dt = datetime.datetime.utcnow() - datetime.timedelta(hours=3) test_utils.CreateBit9Event( binary, key=event_key, first_blocked_dt=first_blocked_dt) # Mock out the Bit9 API interactions. file_instance = api.FileInstance( id=3333, file_catalog_id=1111, computer_id=2222, local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests([file_instance], file_instance) change_set.ChangeLocalState( binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) # Verify the Bit9 API interactions. self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']), mock.call( 'POST', api_route='fileInstance', data={'id': 3333, 'localState': 2, 'fileCatalogId': 1111, 'computerId': 2222}, query_args=None)]) self.assertTrue(local_rule.key.get().is_fulfilled) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def setUp(self): super(Bit9EventTest, self).setUp() self.user = test_utils.CreateUser() self.bit9_host = test_utils.CreateBit9Host() self.bit9_binary = test_utils.CreateBit9Binary() now = test_utils.Now() self.bit9_event = test_utils.CreateBit9Event( self.bit9_binary, host_id=self.bit9_host.key.id(), executing_user=self.user.nickname, first_blocked_dt=now, last_blocked_dt=now, id='1', parent=utils.ConcatenateKeys(self.user.key, self.bit9_host.key, self.bit9_binary.key))
def testFileCatalogIdInitiallyMissing(self): bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None) sha256 = bit9_binary.key.id() event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id='12345', sha256=sha256)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256) self.assertEqual('12345', bit9_binary.file_catalog_id) # Should be Empty: No new Binary or BANNED State. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testAll(self, mock_metric): other_binary = test_utils.CreateBit9Binary() # Create two changeset so we're sure we're doing only 1 task per blockable. real_change = test_utils.CreateRuleChangeSet(other_binary.key) unused_change = test_utils.CreateRuleChangeSet(other_binary.key) self.assertTrue(real_change.recorded_dt < unused_change.recorded_dt) self.testapp.get('/') self.assertEqual(2, mock_metric.Set.call_args_list[0][0][0]) self.assertTaskCount(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE, 2) with mock.patch.object(change_set, 'CommitChangeSet') as mock_commit: self.RunDeferredTasks(constants.TASK_QUEUE.BIT9_COMMIT_CHANGE) expected_calls = [ mock.call(self.change.key), mock.call(real_change.key) ] self.assertSameElements(expected_calls, mock_commit.mock_calls)
def testStateChangedToBanned(self): bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED) sha256 = bit9_binary.key.id() event_kwargs = {'subtype': bit9_constants.SUBTYPE.BANNED} file_catalog_kwargs = {'id': '12345', 'sha256': sha256} event, cert = _CreateEventAndCert( event_kwargs=event_kwargs, file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256) self.assertEqual(constants.STATE.BANNED, bit9_binary.state) # Should be 1 for the BANNED State. self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY])
def testGetEventKeysToInsert_Superuser(self): bit9_host = test_utils.CreateBit9Host() bit9_binary = test_utils.CreateBit9Binary() now = test_utils.Now() bit9_event = test_utils.CreateBit9Event( bit9_binary, host_id=bit9_host.key.id(), executing_user=constants.LOCAL_ADMIN.WINDOWS, first_blocked_dt=now, last_blocked_dt=now, id='1', parent=datastore_utils.ConcatenateKeys( self.user.key, bit9_host.key, bit9_binary.key)) users = [self.user.nickname] self.assertEquals( [bit9_event.key], model_utils.GetEventKeysToInsert(bit9_event, users, users))
def testWhitelist_NoEvent(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Mock out the Bit9 API interactions. file_instance = api.FileInstance( id=3333, file_catalog_id=1111, computer_id=2222, local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests([file_instance], file_instance) change_set.ChangeLocalState(binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) # Verify the Bit9 API interactions. self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']), mock.call('POST', api_route='fileInstance', data={ 'id': 3333, 'localState': 2, 'fileCatalogId': 1111, 'computerId': 2222 }, query_args=None) ]) self.assertTrue(local_rule.key.get().is_fulfilled) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testStateChangedToBanned(self): bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED) sha256 = bit9_binary.key.id() event, signing_chain = _CreateEventTuple( subtype=bit9_constants.SUBTYPE.BANNED, file_catalog=bit9_test_utils.CreateFileCatalog( id='12345', sha256=sha256)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256) self.assertEqual(constants.STATE.BANNED, bit9_binary.state) # Should be 1 for the BANNED State. self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE) self.assertEntityCount(bigquery_db.BinaryRow, 1)
def testChangeState(self): # Verify the Bit9Binary is in the default state of UNTRUSTED. binary = test_utils.CreateBit9Binary() blockable_hash = binary.blockable_hash binary = binary_models.Bit9Binary.get_by_id(blockable_hash) self.assertIsNotNone(binary) self.assertEqual(constants.STATE.UNTRUSTED, binary.state) # Note the state change timestamp. old_state_change_dt = binary.state_change_dt # Change the state. binary.ChangeState(constants.STATE.BANNED) # Reload, and verify the state change. binary = binary_models.Bit9Binary.get_by_id(blockable_hash) self.assertIsNotNone(binary) self.assertEqual(constants.STATE.BANNED, binary.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.BINARY) # And the state change timestamp should be increased. self.assertGreater(binary.state_change_dt, old_state_change_dt)
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self): bit9_binary = test_utils.CreateBit9Binary( detected_installer=False, is_installer=False) test_utils.CreateBit9Rule( bit9_binary.key, is_committed=True, policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER) event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id=bit9_binary.file_catalog_id, sha256=bit9_binary.key.id(), file_flags=bit9_constants.FileFlags.MARKED_INSTALLER)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) self.assertTrue(bit9_binary.key.get().is_installer) # Empty because Binary is not new and State is not BANNED. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self): bit9_binary = test_utils.CreateBit9Binary( detected_installer=False, is_installer=False) test_utils.CreateBit9Rule( bit9_binary.key, is_committed=True, policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER) file_catalog_kwargs = { 'id': bit9_binary.file_catalog_id, 'sha256': bit9_binary.key.id(), 'file_flags': bit9_constants.FileFlags.MARKED_INSTALLER} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) self.assertTrue(bit9_binary.key.get().is_installer) # Empty because Binary is not new and State is not BANNED. self.assertNoBigQueryInsertions()
def setUp(self): super(CommitBlockableChangeSetTest, self).setUp() # Set up a fake Bit9ApiAuth entity in Datastore. os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = os.path.join( absltest.get_default_test_srcdir(), 'upvote/gae/modules/bit9_api', 'fake_credentials.json') self.Patch(change_set.bit9_utils.bit9.kms_ndb.EncryptedBlobProperty, '_Encrypt', return_value='blah') self.Patch(change_set.bit9_utils.bit9.kms_ndb.EncryptedBlobProperty, '_Decrypt', return_value='blah') bit9.Bit9ApiAuth.SetInstance(api_key='blah') self.mock_ctx = mock.Mock(spec=change_set.bit9_utils.api.Context) self.Patch(change_set.bit9_utils.api, 'Context', return_value=self.mock_ctx) self.binary = test_utils.CreateBit9Binary(file_catalog_id='1234') self.local_rule = test_utils.CreateBit9Rule(self.binary.key, host_id='5678') self.global_rule = test_utils.CreateBit9Rule(self.binary.key)
def setUp(self): super(RuleChangeSetTest, self).setUp() self.bit9_binary = test_utils.CreateBit9Binary()
def setUp(self): super(CommitBlockableChangeSetTest, self).setUp() self.binary = test_utils.CreateBit9Binary(file_catalog_id='1234') self.local_rule = test_utils.CreateBit9Rule(self.binary.key, host_id='5678') self.global_rule = test_utils.CreateBit9Rule(self.binary.key)
def setUp(self): super(Bit9BinaryTest, self).setUp() self.bit9_binary = test_utils.CreateBit9Binary() self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
def testIsInstance(self): binary = test_utils.CreateBit9Binary() self.assertTrue(binary.IsInstance('Blockable')) self.assertTrue(binary.IsInstance('Binary')) self.assertTrue(binary.IsInstance('Bit9Binary')) self.assertFalse(binary.IsInstance('SomethingElse'))
def setUp(self): app = webapp2.WSGIApplication(routes=[events.ROUTES]) super(EventsTest, self).setUp(wsgi_app=app) self.santa_cert = test_utils.CreateSantaCertificate() self.santa_blockable1 = test_utils.CreateSantaBlockable( id='aaaabbbbccccddddeeeeffffgggg', file_name='Product.app', cert_key=self.santa_cert.key, cert_sha256=self.santa_cert.key.id()) self.santa_blockable2 = test_utils.CreateSantaBlockable( id='hhhhiiiijjjjkkkkllllmmmmnnnn', file_name='Another Product.app') self.bit9_blockable1 = test_utils.CreateBit9Binary( id='zzzzaaaayyyybbbbxxxxccccwwww', file_name='notepad++.exe') self.user_1 = test_utils.CreateUser() self.user_2 = test_utils.CreateUser() self.santa_host1 = test_utils.CreateSantaHost( id='AAAAAAAA-1111-BBBB-2222-CCCCCCCCCCCC', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_host2 = test_utils.CreateSantaHost( id='DDDDDDDD-3333-EEEE-33333-FFFFFFFFFFFF', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host1 = test_utils.CreateSantaHost( id='CHANGE-ME', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host2 = test_utils.CreateSantaHost( id='CHANGE-ME2', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_event1_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable1.key)) self.santa_event2_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host2.key, self.santa_blockable1.key)) self.santa_event3_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable2, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_1.nickname, file_name=self.santa_blockable2.file_name, file_path='/Applications/Another Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable2.key)) self.santa_event1_from_user2 = test_utils.CreateSantaEvent( self.santa_blockable1, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_2.nickname, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.santa_host2.key, self.santa_blockable1.key)) self.bit9_event1_from_user1 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_1.nickname, file_name=self.bit9_blockable1.file_name, file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.bit9_host1.key, self.bit9_blockable1.key)) self.bit9_event1_from_user2 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_2.nickname, file_name='notepad++.exe', file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.bit9_host2.key, self.bit9_blockable1.key)) self.PatchValidateXSRFToken()