def test_get_access_token(self, mocked_requests_post):
content = {"access_token": "fake_access_token"}
mocked_requests_post.return_value = generate_response(content, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
token = ms_helper.get_access_token()
assert token == "fake_access_token"
def test_check_stats_code_good(self, mocked_requests_post):
content = {"access_token": "fake_access_token"}
mocked_requests_post.return_value = generate_response(content, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
r = requests_mock.response
r.status_code = 200
assert ms_helper.check_status_code(r)
def test_search_alert(self, mocked_requests_post, mocked_requests_get):
content = {"access_token": "fake_access_token"}
content2 = {"alerts": [{"alert1": 1}, {"alert2": 2}]}
mocked_requests_post.return_value = generate_response(content, 200)
mocked_requests_get.return_value = generate_response(content2, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
ms_helper.clear_cache()
r = alert_search("ms_graph_url", ms_helper, "filter")
assert r.json() == content2
def test_update_alert(self, mocked_requests_post, mocked_requests_patch):
content = {"access_token": "fake_access_token"}
content2 = {"alert_details": {"details": "updated"}}
mocked_requests_post.return_value = generate_response(content, 200)
mocked_requests_patch.return_value = generate_response(content2, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
ms_helper.clear_cache()
r = update_alert("ms_graph_url", ms_helper, "21354657678",
'{"update_data": "data"}')
assert r.json() == content2
def test_get_alert_details(self, mocked_requests_post,
mocked_requests_get):
content = {"access_token": "fake_access_token"}
content2 = {"alert_details": {"details": 1234}}
mocked_requests_post.return_value = generate_response(content, 200)
mocked_requests_get.return_value = generate_response(content2, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
ms_helper.clear_cache()
r = get_alert_details("ms_graph_url", ms_helper, "1223456788")
assert r.json() == content2
def test_check_stats_code_bad(self, mocked_requests_post):
content = {"access_token": "fake_access_token"}
mocked_requests_post.return_value = generate_response(content, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
r = requests_mock.response
r.status_code = 500
try:
ms_helper.check_status_code(r)
except ValueError as e:
assert e.args[
0] == "Invalid response from Microsoft Security Graph"
def test_get_access_token_refresh(self, mocked_requests_post):
content1 = {"access_token": ""}
content2 = {"access_token": "fake_refreshed_access_token"}
mocked_requests_post.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200)
]
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
ms_helper.clear_cache()
token = ms_helper.get_access_token()
assert token == "fake_refreshed_access_token"
def _reload(self, event, opts):
"""Configuration options have changed, save new values"""
self.options = opts.get("fn_microsoft_security_graph", {})
self.Microsoft_security_graph_helper = MicrosoftGraphHelper(
self.options.get("tenant_id"), self.options.get("client_id"),
self.options.get("client_secret"))
def test_check_stats_code_invalid(self, mocked_requests_post):
content1 = {"access_token": "fake_access_token"}
content2 = {"access_token": "new_fake_access_token"}
mocked_requests_post.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200)
]
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
r = requests_mock.response
r.status_code = 401
r.content = "Fake content"
assert not ms_helper.check_status_code(r)
token = ms_helper.get_access_token()
assert token == "new_fake_access_token"
def __init__(self, opts):
"""constructor provides access to the configuration options"""
super(IntegrationComponent, self).__init__(opts)
self.options = opts.get("fn_microsoft_security_graph", {})
# Validate required fields in app.config are set
required_fields = ["microsoft_graph_url", "tenant_id", "client_id", "client_secret"]
validate_fields(required_fields, self.options)
self.Microsoft_security_graph_helper = MicrosoftGraphHelper(self.options.get("tenant_id"),
self.options.get("client_id"),
self.options.get("client_secret"))
self.polling_main()
def test_get_alerts(self, mocked_requests_post, mocked_requests_get):
opts = {
"alert_time_range_sec": "100",
"microsoft_graph_url": "fake_url",
"alert_filter": "severity%20eq%20'high'"
}
content = {"access_token": "fake_access_token"}
content2 = {"value": {"alert_details": {"details": 1234}}}
mocked_requests_post.return_value = generate_response(content, 200)
mocked_requests_get.return_value = generate_response(content2, 200)
ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
"client_secret1234")
alerts = get_alerts(opts, ms_helper)
assert alerts == {"alert_details": {"details": 1234}}
