def _ChangeInstallerState(blockable, rules): """Issue the request to Bit9 to change the blockable's installer state.""" global_rule = _GetGlobalRule(rules) assert global_rule is not None logging.debug( 'Changing Installer state of %s to %s', blockable.key.id(), global_rule.policy) # The Bit9 API forbids creating a FileRule without a 'fileState' column. To # avoid overwriting an existing FileRule's state, we need to use that if one # exists. file_catalog_id = int(blockable.file_catalog_id) rules = ( api.FileRule.query() .filter(api.FileRule.file_catalog_id == file_catalog_id).execute( bit9_utils.CONTEXT)) existing_state = ( rules[0].file_state if rules else bit9_constants.APPROVAL_STATE.UNAPPROVED) rule = api.FileRule( file_catalog_id=file_catalog_id, file_state=existing_state, force_installer=( global_rule.policy == constants.RULE_POLICY.FORCE_INSTALLER), force_not_installer=( global_rule.policy == constants.RULE_POLICY.FORCE_NOT_INSTALLER)) rule.put(bit9_utils.CONTEXT)
def testRemove_MixedRules(self): other_local_rule = test_utils.CreateBit9Rule( self.binary.key, host_id='9012') change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[ self.local_rule.key, other_local_rule.key, self.global_rule.key], change_type=constants.RULE_POLICY.REMOVE) fi1 = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(self.local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.APPROVED) fi2 = api.FileInstance( id=9012, file_catalog_id=int(self.binary.file_catalog_id), computer_id=int(other_local_rule.host_id), local_state=bit9_constants.APPROVAL_STATE.APPROVED) rule = api.FileRule( file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.APPROVED) self.PatchApiRequests([fi1], fi1, [fi2], fi2, rule) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:5678', 'q=fileCatalogId:1234']), mock.call( 'POST', api_route='fileInstance', data={'id': 9012, 'localState': 1, 'fileCatalogId': 1234, 'computerId': 5678}, query_args=None), mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:9012', 'q=fileCatalogId:1234']), mock.call( 'POST', api_route='fileInstance', data={'id': 9012, 'localState': 1, 'fileCatalogId': 1234, 'computerId': 9012}, query_args=None), mock.call( 'POST', api_route='fileRule', data={'fileCatalogId': 1234, 'fileState': 1}, query_args=None), ]) self.assertTrue(self.local_rule.key.get().is_fulfilled) self.assertTrue(self.local_rule.key.get().is_committed) self.assertTrue(other_local_rule.key.get().is_fulfilled) self.assertTrue(other_local_rule.key.get().is_committed) self.assertTrue(self.global_rule.key.get().is_committed) self.assertIsNone(change.key.get()) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.RULE] * 2)
def _ChangeGlobalState(blockable, new_state): logging.info('Globally marking %s as %s', blockable.key.id(), bit9_constants.APPROVAL_STATE.MAP_TO_STR[new_state]) if isinstance(blockable, cert_models.Bit9Certificate): certs = (api.Certificate.query().filter( api.Certificate.thumbprint == blockable.key.id()).execute( bit9_utils.CONTEXT)) assert certs, 'No matching certificates found' assert len(certs) == 1, 'Multiple matching certificates found' cert = certs[0] cert.certificate_state = new_state cert.put(bit9_utils.CONTEXT) else: rule = api.FileRule(file_catalog_id=int(blockable.file_catalog_id), file_state=new_state) rule.put(bit9_utils.CONTEXT)
def testBlacklist_GlobalRule(self): change = test_utils.CreateRuleChangeSet( self.binary.key, rule_keys=[self.global_rule.key], change_type=constants.RULE_POLICY.BLACKLIST) rule = api.FileRule( file_catalog_id=1234, file_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests(rule) change_set._CommitBlockableChangeSet(self.binary.key) self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'POST', api_route='fileRule', data={'fileCatalogId': 1234, 'fileState': 3}, query_args=None)]) self.assertTrue(self.global_rule.key.get().is_committed) self.assertIsNone(change.key.get())