def testRemove_MixedRules(self):
other_local_rule = test_utils.CreateBit9Rule(
self.binary.key, host_id='9012')
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[
self.local_rule.key, other_local_rule.key, self.global_rule.key],
change_type=constants.RULE_POLICY.REMOVE)
fi1 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
fi2 = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(other_local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.APPROVED)
rule = api.FileRule(
file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.APPROVED)
self.PatchApiRequests([fi1], fi1, [fi2], fi2, rule)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 5678},
query_args=None),
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 1,
'fileCatalogId': 1234,
'computerId': 9012},
query_args=None),
mock.call(
'POST', api_route='fileRule',
data={'fileCatalogId': 1234, 'fileState': 1}, query_args=None),
])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertTrue(other_local_rule.key.get().is_fulfilled)
self.assertTrue(other_local_rule.key.get().is_committed)
self.assertTrue(self.global_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE] * 2)
def testWhitelist_NoEvent(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key, host_id='2222', user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False)
# Mock out the Bit9 API interactions.
file_instance = api.FileInstance(
id=3333,
file_catalog_id=1111,
computer_id=2222,
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([file_instance], file_instance)
change_set.ChangeLocalState(
binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED)
# Verify the Bit9 API interactions.
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 3333,
'localState': 2,
'fileCatalogId': 1111,
'computerId': 2222},
query_args=None)])
self.assertTrue(local_rule.key.get().is_fulfilled)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testWhitelist_LocalRule_Fulfilled(self):
change = test_utils.CreateRuleChangeSet(
self.binary.key,
rule_keys=[self.local_rule.key],
change_type=constants.RULE_POLICY.WHITELIST)
fi = api.FileInstance(
id=9012,
file_catalog_id=int(self.binary.file_catalog_id),
computer_id=int(self.local_rule.host_id),
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([fi], fi)
change_set._CommitBlockableChangeSet(self.binary.key)
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 9012,
'localState': 2,
'fileCatalogId': 1234,
'computerId': 5678},
query_args=None)])
self.assertTrue(self.local_rule.key.get().is_fulfilled)
self.assertTrue(self.local_rule.key.get().is_committed)
self.assertIsNone(change.key.get())
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testWhitelist_HasEvent(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key,
host_id='2222',
user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST,
is_fulfilled=False)
# Create a Bit9Event corresponding to the Bit9Rule.
pairs = [('User', user.email), ('Host', '2222'),
('Blockable', binary.key.id()), ('Event', '1')]
event_key = ndb.Key(pairs=pairs)
first_blocked_dt = datetime.datetime.utcnow() - datetime.timedelta(
hours=3)
test_utils.CreateBit9Event(binary,
key=event_key,
first_blocked_dt=first_blocked_dt)
# Mock out the Bit9 API interactions.
file_instance = api.FileInstance(
id=3333,
file_catalog_id=1111,
computer_id=2222,
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([file_instance], file_instance)
change_set.ChangeLocalState(binary, local_rule,
bit9_constants.APPROVAL_STATE.APPROVED)
# Verify the Bit9 API interactions.
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 3333,
'localState': 2,
'fileCatalogId': 1111,
'computerId': 2222
},
query_args=None)
])
self.assertTrue(local_rule.key.get().is_fulfilled)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)