async def test_no_duplicate_rules(self, knowledge_svc): await knowledge_svc.add_rule( Rule(action='BLOCK', trait='a.c', match='.*')) await knowledge_svc.add_rule( Rule(action='BLOCK', trait='a.c', match='.*')) rules = await knowledge_svc.get_rules(dict(trait='a.c')) assert len(rules) == 1
def test_no_duplicate_rules(self, loop, knowledge_svc): loop.run_until_complete( knowledge_svc.add_rule( Rule(action='BLOCK', trait='a.c', match='.*'))) loop.run_until_complete( knowledge_svc.add_rule( Rule(action='BLOCK', trait='a.c', match='.*'))) rules = loop.run_until_complete( knowledge_svc.get_rules(dict(trait='a.c'))) assert len(rules) == 1
def test_retrieve_rule(self, loop, knowledge_svc): loop.run_until_complete(knowledge_svc.add_rule(Rule(action='tBLOCK', trait='ta.d', match='4.5.*'))) loop.run_until_complete(knowledge_svc.add_rule(Rule(action='tALLOW', trait='ta.d', match='*.5.*'))) rules = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d'))) assert len(rules) == 2 fuzzy1 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='4.5.6'))) assert len(fuzzy1) == 2 fuzzy2 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='6.5.4'))) assert len(fuzzy2) == 1 assert fuzzy2[0].action == 'tALLOW' fuzzy3 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='5.*'))) assert len(fuzzy3) == 2
def test_remove_rules(self, loop, knowledge_svc): loop.run_until_complete(knowledge_svc.add_rule(Rule(action='rBLOCK', trait='ra.c', match='.*'), constraints=dict(test_field='test_value'))) loop.run_until_complete(knowledge_svc.delete_rule(dict(trait='ra.c'))) rules = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ra.c'))) assert len(rules) == 0 assert len(knowledge_svc._KnowledgeService__loaded_knowledge_module.fact_ram['constraints']) == 0
async def test_retrieve_rule(self, knowledge_svc): await knowledge_svc.add_rule( Rule(action='tBLOCK', trait='ta.d', match='4.5.*')) await knowledge_svc.add_rule( Rule(action='tALLOW', trait='ta.d', match='*.5.*')) rules = await knowledge_svc.get_rules(dict(trait='ta.d')) assert len(rules) == 2 fuzzy1 = await knowledge_svc.get_rules( dict(trait='ta.d', match='4.5.6')) assert len(fuzzy1) == 2 fuzzy2 = await knowledge_svc.get_rules( dict(trait='ta.d', match='6.5.4')) assert len(fuzzy2) == 1 assert fuzzy2[0].action == 'tALLOW' fuzzy3 = await knowledge_svc.get_rules(dict(trait='ta.d', match='5.*')) assert len(fuzzy3) == 2
class TestIPRule: host1 = '127.0.0.1' host2 = '127.0.1.0' host3 = '128.0.0.1' host4 = '127.0.0.0/23' host5 = '127.0.0.0/25' subnet1 = '127.0.0.0/24' fact1 = Fact(trait='host.ip.address', value=host1) fact2 = Fact(trait='host.ip.address', value=host2) fact3 = Fact(trait='host.ip.address', value=host3) fact4 = Fact(trait='host.ip.address', value=host4) fact5 = Fact(trait='host.ip.address', value=host5) fact6 = Fact(trait='host.ip.address', value=subnet1) rule = Rule(trait='host.ip.address', action=RuleAction.DENY, match=subnet1) rs = RuleSet(rules=[rule]) def test_rule_serialize(self): rule_display = self.rule.display assert rule_display['trait'] == 'host.ip.address' assert rule_display['action'] == 'DENY' assert rule_display['match'] == self.subnet1 def test_rule_deserialize(self): rule_serialized = { "trait": "host.ip.address", "action": "DENY", "match": self.subnet1, } test_rule = Rule.load(rule_serialized) assert test_rule.trait == 'host.ip.address' assert test_rule.action == RuleAction.DENY assert test_rule.match == self.subnet1 async def test_is_ip_rule_match(self): assert await self.rs._is_ip_rule_match(self.rule, self.fact1) assert (not await self.rs._is_ip_rule_match(self.rule, self.fact2)) assert (not await self.rs._is_ip_rule_match(self.rule, self.fact3)) async def test_is_fact_allowed(self): assert (not await self.rs.is_fact_allowed(self.fact1)) assert await self.rs.is_fact_allowed(self.fact2) assert await self.rs.is_fact_allowed(self.fact3) async def test_smaller_subnet(self): assert (not await self.rs._is_ip_rule_match(self.rule, self.fact4)) assert await self.rs.is_fact_allowed(self.fact4) async def test_larger_subnet(self): assert (not await self.rs._is_ip_rule_match(self.rule, self.fact5)) assert await self.rs.is_fact_allowed(self.fact5) async def test_same_subnet(self): assert await self.rs._is_ip_rule_match(self.rule, self.fact6) assert (not await self.rs.is_fact_allowed(self.fact6))
async def _load_sources(self, plugin): for filename in glob.iglob('%s/sources/*.yml' % plugin.data_dir, recursive=False): for src in self.strip_yml(filename): source = Source( identifier=src['id'], name=src['name'], facts=[Fact(trait=f['trait'], value=str(f['value'])) for f in src.get('facts')], adjustments=await self._create_adjustments(src.get('adjustments')), rules=[Rule(**r) for r in src.get('rules', [])] ) source.access = plugin.access await self.store(source)
def replaced_source_payload(test_source): source_data = test_source.schema.dump(test_source) fact = {'trait': 'replaced_test_fact', 'value': 3} rule = Rule(action=RuleAction.DENY, trait='replaced_test_rule') relationship = { 'source': fact, 'edge': 'delta', 'origin': "replaced_test_operation" } source_data.update( dict(name='a replaced test source', facts=[fact], rules=[rule.schema.dump(rule)], relationships=[relationship])) return source_data
def updated_source_payload(): fact = {'trait': 'updated_test_fact', 'value': 2} rule = Rule(action=RuleAction.DENY, trait='updated_test_rule') relationship = { 'source': fact, 'edge': 'beta', 'origin': "updated_test_operation" } source = { 'id': '123', 'name': 'updated test source', 'facts': [fact], 'rules': [rule.schema.dump(rule)], 'relationships': [relationship] } return source
def new_source_payload(): fact = {'trait': 'test_fact', 'value': 1} rule = Rule(action=RuleAction.ALLOW, trait="test_rule") relationship = { 'source': fact, 'edge': 'alpha', 'origin': "new_test_operation" } source = { 'id': '456', 'name': 'new test source', 'facts': [fact], 'rules': [rule.schema.dump(rule)], 'relationships': [relationship], 'plugin': '' } return source
def test_source(loop, mocker, mock_time): with mocker.patch( 'app.objects.secondclass.c_fact.datetime') as mock_datetime: mock_datetime.return_value = mock_datetime mock_datetime.now.return_value = mock_time fact = Fact(trait='test_fact', value=1) rule = Rule(RuleAction.ALLOW, trait='test_rule') relationship = Relationship(source=fact, edge="alpha", origin="test_operation") source = Source(id='123', name='Test Source', facts=[fact], rules=[rule], adjustments=[], relationships=[relationship]) loop.run_until_complete( BaseService.get_service('data_svc').store(source)) return source
class TestIPRule: host1 = '127.0.0.1' host2 = '127.0.1.0' host3 = '128.0.0.1' host4 = '127.0.0.0/23' host5 = '127.0.0.0/25' subnet1 = '127.0.0.0/24' fact1 = Fact(trait='host.ip.address', value=host1) fact2 = Fact(trait='host.ip.address', value=host2) fact3 = Fact(trait='host.ip.address', value=host3) fact4 = Fact(trait='host.ip.address', value=host4) fact5 = Fact(trait='host.ip.address', value=host5) fact6 = Fact(trait='host.ip.address', value=subnet1) rule = Rule(trait='host.ip.address', action=RuleAction.DENY, match=subnet1) rs = RuleSet(rules=[rule]) async def test_is_ip_rule_match(self): assert await self.rs._is_ip_rule_match(self.rule, self.fact1) assert (not await self.rs._is_ip_rule_match(self.rule, self.fact2)) assert (not await self.rs._is_ip_rule_match(self.rule, self.fact3)) async def test_is_fact_allowed(self): assert (not await self.rs.is_fact_allowed(self.fact1)) assert await self.rs.is_fact_allowed(self.fact2) assert await self.rs.is_fact_allowed(self.fact3) async def test_smaller_subnet(self): assert (not await self.rs._is_ip_rule_match(self.rule, self.fact4)) assert await self.rs.is_fact_allowed(self.fact4) async def test_larger_subnet(self): assert (not await self.rs._is_ip_rule_match(self.rule, self.fact5)) assert await self.rs.is_fact_allowed(self.fact5) async def test_same_subnet(self): assert await self.rs._is_ip_rule_match(self.rule, self.fact6) assert (not await self.rs.is_fact_allowed(self.fact6))
def _generate_rule(action, trait, *args, **kwargs): return Rule(action=action, trait=trait, *args, **kwargs)