def test_remove_unnecessary_keys_from_playbook(source_path):
"""
Given:
- Playbook file to format, with excessive keys in it
When:
- Running the remove_unnecessary_keys function
Then:
- Validate that the excessive keys were removed successfully
"""
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas",
'{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(source_path, path=schema_path, verbose=True)
# Assert the unnecessary keys are indeed in the playbook file
assert 'excessiveKey' in base_yml.data.keys()
assert 'itemVersion' in base_yml.data.get(
'contentitemexportablefields').get('contentitemfields').keys()
base_yml.remove_unnecessary_keys()
# Assert the unnecessary keys were successfully removed
assert 'excessiveKey' not in base_yml.data.keys()
assert 'itemVersion' not in base_yml.data.get(
'contentitemexportablefields').get('contentitemfields').keys()
# One of the inputs has unsupported key 'some_key_to_remove', the inputs schema is a sub-schema and this
# assertion validates sub-schemas are enforced in format command too.
for input_ in base_yml.data.get('inputs'):
assert 'some_key_to_remove' not in input_
def test_playbook_sourceplaybookid(source_path):
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas", '{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(source_path, path=schema_path)
base_yml.delete_sourceplaybookid()
assert 'sourceplaybookid' not in base_yml.data
def test_add_tasks_description_and_empty_playbook_description(self):
"""
Given:
- A playbook file with missing playbook description and missing tasks descriptions.
When:
- Running the add_description function of update_playbook.py.
- User's choice not to update the description of the playbook.
Then:
- Validate that an empty description was added to the file.
- Validate that empty descriptions were added only to the desired tasks.
"""
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas", '{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(SOURCE_FORMAT_PLAYBOOK_COPY, path=schema_path, verbose=True)
base_yml.data = {
"tasks": {
"1": {
"type": "playbook",
"task": {
}
},
"2": {
"type": "something",
"task": {
"description": "else"
}
},
"3": {
"type": "something",
"task": {
}
},
"4": {
"type": "playbook",
"task": {
}
},
"5": {
"type": "start",
"task": {
}
},
"6": {
"type": "title",
"task": {
}
},
}
}
base_yml.add_description()
assert base_yml.data.get('description') == ''
assert base_yml.data['tasks']['1']['task']['description'] == ''
assert base_yml.data['tasks']['2']['task']['description'] == 'else'
assert 'description' not in base_yml.data['tasks']['3']['task']
assert base_yml.data['tasks']['4']['task']['description'] == ''
assert base_yml.data['tasks']['5']['task']['description'] == ''
assert base_yml.data['tasks']['6']['task']['description'] == ''
def test_playbook_task_name(source_path):
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas", '{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(source_path, path=schema_path)
assert base_yml.data['tasks']['29']['task']['playbookName'] == 'File Enrichment - Virus Total Private API_dev_copy'
base_yml.remove_copy_and_dev_suffixes_from_subplaybook()
assert base_yml.data['tasks']['29']['task']['name'] == 'Fake name'
assert base_yml.data['tasks']['29']['task']['playbookName'] == 'File Enrichment - Virus Total Private API'
def test_check_for_subplaybook_usages(self, repo):
"""
Given
- A test playbook file
When
- Run check_for_subplaybook_usages command
Then
- Ensure that the subplaybook id is replaced from the uuid to the playbook name.
"""
pack = repo.create_pack('pack')
playbook = pack.create_playbook('LargePlaybook')
test_task = {
"id": "1",
"ignoreworker": False,
"isautoswitchedtoquietmode": False,
"isoversize": False,
"nexttasks": {
'#none#': ["3"]
},
"note": False,
"quietmode": 0,
"separatecontext": True,
"skipunavailable": False,
"task": {
"brand": "",
"id": "dcf48154-7e80-42b3-8464-7156e1cd3d10",
"iscommand": False,
"name": "my-sub-playbook",
"playbookId": "03d4f06c-ad13-47dd-8955-c8f7ccd5cba1",
"type": "playbook",
"version": -1
},
"taskid": "dcf48154-7e80-42b3-8464-7156e1cd3d10",
"timertriggers": [],
"type": "playbook"
}
playbook.create_default_playbook()
playbook_data = playbook.yml.read_dict()
playbook_data['tasks']['1'] = test_task
playbook.yml.write_dict(playbook_data)
playbook_yml = PlaybookYMLFormat(SOURCE_FORMAT_PLAYBOOK_COPY,
path='',
verbose=True)
with ChangeCWD(repo.path):
playbook_yml.check_for_subplaybook_usages(
file_path=playbook.yml.rel_path,
current_playbook_id="03d4f06c-ad13-47dd-8955-c8f7ccd5cba1",
new_playbook_id="my-sub-playbook")
playbook_data = playbook.yml.read_dict()
assert playbook_data['tasks']['1']['task'][
'playbookId'] == "my-sub-playbook"
def test_remove_empty_scripts_keys_from_playbook(self, source_path):
"""
Given:
- Playbook file to format, with empty keys in tasks that uses the
[setIncident, SetIndicator, CreateNewIncident, CreateNewIndicator] script
When:
- Running the remove_empty_fields_from_scripts function
Then:
- Validate that the empty keys were removed successfully
"""
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas",
"{}.yml".format("playbook")))
base_yml = PlaybookYMLFormat(source_path,
path=schema_path,
verbose=True)
create_new_incident_script_task_args = base_yml.data.get(
'tasks', {}).get('0').get('scriptarguments')
different_script_task_args = base_yml.data.get(
'tasks', {}).get('1').get('scriptarguments')
create_new_indicator_script_task_args = base_yml.data.get(
'tasks', {}).get('2').get('scriptarguments')
set_incident_script_task_args = base_yml.data.get(
'tasks', {}).get('3').get('scriptarguments')
set_indicator_script_task_args = base_yml.data.get(
'tasks', {}).get('4').get('scriptarguments')
# Assert that empty keys exists in the scripts arguments
assert 'commandline' in create_new_incident_script_task_args
assert not create_new_incident_script_task_args['commandline']
assert 'malicious_description' in different_script_task_args
assert not different_script_task_args['malicious_description']
assert 'assigneduser' in create_new_indicator_script_task_args
assert not create_new_indicator_script_task_args['assigneduser']
assert 'occurred' in set_incident_script_task_args
assert not set_incident_script_task_args['occurred']
assert 'sla' in set_indicator_script_task_args
assert not set_indicator_script_task_args['sla']
base_yml.remove_empty_fields_from_scripts()
# Assert the empty keys were removed from SetIncident, SetIndicator, CreateNewIncident, CreateNewIndicator
# scripts
assert 'commandline' not in create_new_incident_script_task_args
assert 'assigneduser' not in create_new_indicator_script_task_args
assert 'occurred' not in set_incident_script_task_args
assert 'sla' not in set_indicator_script_task_args
# Assert the empty keys are still in the other script arguments
assert 'malicious_description' in different_script_task_args
assert not different_script_task_args['malicious_description']
def test_add_playbook_description(user_input):
"""
Given:
- A playbook file with missing playbook description and missing tasks descriptions.
When:
- Running the add_description function of update_playbook.py.
- User's choice to update the description of the playbook with the description: 'User-entered description'.
Then:
- Validate that a description field with the given description message was added to the file.
- Validate that empty descriptions were added only to the desired tasks.
"""
user_responses = [Mock(), Mock(), Mock()]
user_responses[0] = 'err' # test invalid input by user
user_responses[1] = 'y'
user_responses[2] = 'User-entered description'
user_input.side_effect = user_responses
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas",
'{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(SOURCE_FORMAT_PLAYBOOK_COPY,
path=schema_path,
verbose=True)
base_yml.data = {
"tasks": {
"1": {
"type": "playbook",
"task": {}
},
"2": {
"type": "something",
"task": {
"description": "else"
}
},
"3": {
"type": "something",
"task": {}
},
}
}
base_yml.add_description()
assert base_yml.data.get('description') == 'User-entered description'
assert base_yml.data['tasks']['1']['task']['description'] == ''
assert base_yml.data['tasks']['2']['task']['description'] == 'else'
assert 'description' not in base_yml.data['tasks']['3']['task']
def test_add_playbooks_description():
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas", '{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(SOURCE_FORMAT_PLAYBOOK_COPY, path=schema_path)
base_yml.data = {
"tasks": {
"1": {
"type": "playbook",
"task": {
}
},
"2": {
"type": "something",
"task": {
"description": "else"
}
},
"3": {
"type": "something",
"task": {
}
},
"4": {
"type": "playbook",
"task": {
}
},
"5": {
"type": "start",
"task": {
}
},
"6": {
"type": "title",
"task": {
}
},
}
}
base_yml.add_description()
assert 'description' not in base_yml.data
assert base_yml.data['tasks']['1']['task']['description'] == ''
assert base_yml.data['tasks']['2']['task']['description'] == 'else'
assert 'description' not in base_yml.data['tasks']['3']['task']
assert base_yml.data['tasks']['4']['task']['description'] == ''
assert base_yml.data['tasks']['5']['task']['description'] == ''
assert base_yml.data['tasks']['6']['task']['description'] == ''
def test_playbook_task_description_name(source_path):
schema_path = os.path.normpath(
os.path.join(__file__, "..", "..", "..", "common", "schemas", '{}.yml'.format('playbook')))
base_yml = PlaybookYMLFormat(source_path, path=schema_path)
base_yml.add_description()
base_yml.update_playbook_task_name()
base_yml.remove_copy_and_dev_suffixes_from_subplaybook()
assert 'description' in base_yml.data['tasks']['7']['task']
assert base_yml.data['tasks']['29']['task']['name'] == 'File Enrichment - Virus Total Private API'
assert base_yml.data['tasks']['25']['task']['description'] == 'Check if there is a SHA256 hash in context.'
def test_playbook_task_description_name(source_path):
base_yml = PlaybookYMLFormat(source_path)
base_yml.add_description()
base_yml.update_playbook_task_name()
assert 'description' in base_yml.yml_data['tasks']['7']['task']
assert base_yml.yml_data['tasks']['29']['task']['name'] == 'File Enrichment - Virus Total Private API'
assert base_yml.yml_data['tasks']['25']['task']['description'] == 'Check if there is a SHA256 hash in context.'
def test_playbook_sourceplaybookid(source_path):
base_yml = PlaybookYMLFormat(source_path)
base_yml.delete_sourceplaybookid()
assert 'sourceplaybookid' not in base_yml.yml_data
