def testNewBit9Binary_ForcedInstaller(self): self.PatchSetting('ENABLE_BINARY_ANALYSIS_PRECACHING', True) file_catalog_kwargs = { 'file_flags': bit9_constants.FileFlags.MARKED_INSTALLER} event, cert = _CreateEventAndCert( file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) self.assertEntityCount(bit9_models.Bit9Binary, 0) self.assertEntityCount(bit9_models.Bit9Rule, 0) changed = sync._PersistBit9Binary(event, file_catalog, [cert]).get_result() self.assertTrue(changed) self.assertEntityCount(bit9_models.Bit9Binary, 1) self.assertEntityCount(bit9_models.Bit9Rule, 1) binary = bit9_models.Bit9Binary.query().get() self.assertTrue(binary.is_installer) self.assertFalse(binary.detected_installer) rule = bit9_models.Bit9Rule.query().get() self.assertTrue(constants.RULE_POLICY.FORCE_INSTALLER, rule.policy) self.assertTaskCount(constants.TASK_QUEUE.METRICS, 1) # Should be 1 for the new Binary self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY])
def testNewBit9Binary_ForcedInstaller(self): self.PatchSetting('ENABLE_BINARY_ANALYSIS_PRECACHING', True) event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( file_flags=bit9_constants.FileFlags.MARKED_INSTALLER)) file_catalog = event.get_expand(api.Event.file_catalog_id) self.assertEntityCount(bit9_db.Bit9Binary, 0) self.assertEntityCount(bit9_db.Bit9Rule, 0) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) self.assertEntityCount(bit9_db.Bit9Binary, 1) self.assertEntityCount(bit9_db.Bit9Rule, 1) binary = bit9_db.Bit9Binary.query().get() self.assertTrue(binary.is_installer) self.assertFalse(binary.detected_installer) rule = bit9_db.Bit9Rule.query().get() self.assertTrue(constants.RULE_POLICY.FORCE_INSTALLER, rule.policy) self.assertTaskCount(constants.TASK_QUEUE.METRICS, 1) # Should be 1 for the new Binary self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE) self.assertEntityCount(bigquery_db.BinaryRow, 1)
def testNewBit9Binary(self): event, cert = _CreateEventAndCert( event_kwargs={'subtype': bit9_constants.SUBTYPE.BANNED}) file_catalog = event.get_expand(api.Event.file_catalog_id) self.assertEntityCount(bit9_models.Bit9Binary, 0) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) self.assertEntityCount(bit9_models.Bit9Binary, 1) # Should be 2: 1 for new Binary, 1 For the BANNED State. self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY] * 2)
def testNoChanges(self): bit9_binary = test_utils.CreateBit9Binary(detected_installer=False) file_catalog_kwargs = { 'id': bit9_binary.file_catalog_id, 'sha256': bit9_binary.key.id(), 'file_flags': 0x0} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertFalse(changed) # Empty because Binary is not new and State is not BANNED. self.assertNoBigQueryInsertions()
def testNoChanges(self): bit9_binary = test_utils.CreateBit9Binary(detected_installer=False) event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id=bit9_binary.file_catalog_id, sha256=bit9_binary.key.id(), file_flags=0x0)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertFalse(changed) # Empty because Binary is not new and State is not BANNED. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testNewBit9Binary(self): event, signing_chain = _CreateEventTuple( subtype=bit9_constants.SUBTYPE.BANNED) file_catalog = event.get_expand(api.Event.file_catalog_id) self.assertEntityCount(bit9_db.Bit9Binary, 0) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) self.assertEntityCount(bit9_db.Bit9Binary, 1) # Should be 2: 1 for new Binary, 1 For the BANNED State. self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE) self.assertEntityCount(bigquery_db.BinaryRow, 2)
def testFileCatalogIdInitiallyMissing(self): bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None) sha256 = bit9_binary.key.id() file_catalog_kwargs = {'id': '12345', 'sha256': sha256} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256) self.assertEqual('12345', bit9_binary.file_catalog_id) # Should be Empty: No new Binary or BANNED State. self.assertNoBigQueryInsertions()
def testStateChangedToBanned(self): bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED) sha256 = bit9_binary.key.id() event_kwargs = {'subtype': bit9_constants.SUBTYPE.BANNED} file_catalog_kwargs = {'id': '12345', 'sha256': sha256} event, cert = _CreateEventAndCert( event_kwargs=event_kwargs, file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256) self.assertEqual(constants.STATE.BANNED, bit9_binary.state) # Should be 1 for the BANNED State. self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY])
def testFileCatalogIdInitiallyMissing(self): bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None) sha256 = bit9_binary.key.id() event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id='12345', sha256=sha256)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256) self.assertEqual('12345', bit9_binary.file_catalog_id) # Should be Empty: No new Binary or BANNED State. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testStateChangedToBanned(self): bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED) sha256 = bit9_binary.key.id() event, signing_chain = _CreateEventTuple( subtype=bit9_constants.SUBTYPE.BANNED, file_catalog=bit9_test_utils.CreateFileCatalog( id='12345', sha256=sha256)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256) self.assertEqual(constants.STATE.BANNED, bit9_binary.state) # Should be 1 for the BANNED State. self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE) self.assertEntityCount(bigquery_db.BinaryRow, 1)
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self): bit9_binary = test_utils.CreateBit9Binary( detected_installer=False, is_installer=False) test_utils.CreateBit9Rule( bit9_binary.key, is_committed=True, policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER) file_catalog_kwargs = { 'id': bit9_binary.file_catalog_id, 'sha256': bit9_binary.key.id(), 'file_flags': bit9_constants.FileFlags.MARKED_INSTALLER} event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, [cert]).get_result() self.assertTrue(changed) self.assertTrue(bit9_binary.key.get().is_installer) # Empty because Binary is not new and State is not BANNED. self.assertNoBigQueryInsertions()
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self): bit9_binary = test_utils.CreateBit9Binary( detected_installer=False, is_installer=False) test_utils.CreateBit9Rule( bit9_binary.key, is_committed=True, policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER) event, signing_chain = _CreateEventTuple( file_catalog=bit9_test_utils.CreateFileCatalog( id=bit9_binary.file_catalog_id, sha256=bit9_binary.key.id(), file_flags=bit9_constants.FileFlags.MARKED_INSTALLER)) file_catalog = event.get_expand(api.Event.file_catalog_id) changed = sync._PersistBit9Binary( event, file_catalog, signing_chain).get_result() self.assertTrue(changed) self.assertTrue(bit9_binary.key.get().is_installer) # Empty because Binary is not new and State is not BANNED. self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)