def test_file_command(requests_mock, mocker, file: str, mocked_address: str, mocked_response: dict):
"""
Given
files to check
When
Calling the !file command
Then
Make sure the api calls are made correctly.
Parsing is not tested as it's equivalent in other commands.
"""
mocker.patch.object(Client, '_generate_token', return_value='token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
file_ids = mocked_response['resources']
from CrowdStrikeFalconX import file_command
args = {'file': file}
id_query_mock = requests_mock.get(mocked_address, json=mocked_response)
search_query_mocks = [requests_mock.get(f'https://api.crowdstrike.com/falconx/entities/reports/v1?ids={file_id}',
json={}) for file_id in file_ids]
command_results = file_command(client, **args)
assert id_query_mock.call_count == 1
assert all(mocked_search.call_count == 1 for mocked_search in search_query_mocks)
assert isinstance(command_results, list) and len(command_results) == len(file_ids)
def test_running_polling_command_new_search_for_file(mocker):
"""
Given:
An upload request of a file using the polling flow, that was already initiated priorly and is not
completed yet.
When:
When, while in the polling flow, we are checking the status of on an upload that was initiated earlier and is
not complete yet.
Then:
Return a command results object, with scheduling a new command.
"""
args = SEND_UPLOADED_FILE_TO_SENDBOX_ANALYSIS_ARGS_POLLING
mocker.patch('CommonServerPython.ScheduledCommand.raise_error_if_not_supported')
mocker.patch.object(Client, '_generate_token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
mocker.patch.object(Client, 'send_uploaded_file_to_sandbox_analysis',
return_value=SEND_UPLOADED_FILE_TO_SANDBOX_ANALYSIS_HTTP_RESPONSE)
mocker.patch.object(Client, 'get_full_report', return_value=GET_FULL_REPORT_HTTP_RESPONSE)
expected_outputs = SEND_UPLOADED_FILE_TO_SENDBOX_ANALYSIS_CONTEXT
command_results = run_polling_command(client, args, 'cs-fx-submit-uploaded-file',
send_uploaded_file_to_sandbox_analysis_command,
get_full_report_command, 'FILE')
assert command_results.outputs == expected_outputs
assert command_results.scheduled_command is not None
def test_running_polling_command_success_for_file(mocker):
"""
Given:
An upload request of a url or a file using the polling flow, that was already initiated priorly and is now
complete.
When:
When, while in the polling flow, we are checking the status of on an upload that was initiated earlier and is
already complete.
Then:
Return a command results object, without scheduling a new command.
"""
args = {'ids': "1234", "extended_data": "true"}
mocker.patch('CommonServerPython.ScheduledCommand.raise_error_if_not_supported')
mocker.patch.object(Client, '_generate_token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
mocker.patch.object(Client, 'send_url_to_sandbox_analysis', return_value=SEND_URL_TO_SANDBOX_ANALYSIS_HTTP_RESPONSE)
mocker.patch.object(Client, 'get_full_report', return_value=GET_FULL_REPORT_HTTP_RESPONSE)
expected_outputs = GET_FULL_REPORT_CONTEXT_EXTENDED
command_results = run_polling_command(client, args, 'cs-fx-submit-uploaded-file',
send_uploaded_file_to_sandbox_analysis_command,
get_full_report_command, 'FILE')
assert isinstance(command_results, list) and len(command_results) == 1
assert command_results[0].outputs == expected_outputs
assert command_results[0].scheduled_command is None
def test_cs_falcon_x_polling_related_commands(command, args, http_response, context, mocker):
"""Unit test
Given
- demisto args
- raw response of the http request
When
- mock the http request result
Then
- convert the result to human readable table
- create the context
- validate the expected_result and the created context
"""
mocker.patch.object(Client, '_generate_token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
mocker.patch.object(Client, '_http_request', return_value=http_response)
if command == get_full_report_command:
command_res, status = command(client, **args)
else:
command_res = command(client, **args)
if isinstance(command_res, list):
assert len(command_res) == 1
else:
command_res = [command_res]
assert command_res[0].outputs == context
def test_cs_falconx_commands(command, args, http_response, context, mocker):
"""Unit test
Given
- demisto args
- raw response of the http request
When
- mock the http request result
Then
- convert the result to human readable table
- create the context
- validate the expected_result and the created context
"""
mocker.patch.object(Client, '_generate_token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
mocker.patch.object(Client, '_http_request', return_value=http_response)
command_results = command(client, **args)
if not isinstance(command_results, list): # some command only return a single CommandResults objects
command_results = [command_results]
outputs = [cr.to_context()['EntryContext'] for cr in command_results]
if isinstance(context, dict) and len(outputs) == 1:
outputs = outputs[0]
assert outputs == context
def test_handle_errors(http_response, output, mocker):
"""Unit test
Given
- raw response of the http request
When
- there are or there are no errors
Then
- show the exception content
"""
mocker.patch.object(Client, '_generate_token')
client = Client(server_url="https://api.crowdstrike.com/", username="******", password="******", use_ssl=False,
proxy=False, reliability=DBotScoreReliability.B)
try:
mocker.patch.object(client._session, 'request', return_value=ResMocker(http_response))
_, output, _ = check_quota_status_command(client)
except Exception as e:
assert (str(e) == str(output))