def testGet_Admin(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) test_utils.CreateExemption(host.key.id()) with self.LoggedInUser(admin=True): response = self.testapp.get(self.ROUTE % host.key.id()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertIn('exemption', output)
def testGet_PrimaryUser_NoPriorExemption(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) self.assertTrue(model_utils.IsHostAssociatedWithUser(host, user)) with self.LoggedInUser(user=user): response = self.testapp.get(self.ROUTE % host.key.id()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertNotIn('exemption', output)
def testException_PolicyCheckException(self, mock_metric): host_key = test_utils.CreateSantaHost().key exm_key = test_utils.CreateExemption(host_key.id()) self._PatchPolicyChecks(_ApprovingPolicyCheck, _ApprovingPolicyCheck, _ExceptionPolicyCheck) api.Process(exm_key) exm = exm_key.get() self.assertEqual(_STATE.REQUESTED, exm.state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2) mock_metric.Increment.assert_called_once()
def testDefers(self): mock_send = self.Patch(notify.mail_utils, 'Send') host_id = test_utils.CreateSantaHost(primary_user='******').key.id() exm_key = test_utils.CreateExemption(host_id) notify.DeferUpdateEmail(exm_key, _STATE.APPROVED, transactional=False) self.assertTaskCount(constants.TASK_QUEUE.EXEMPTIONS, 1) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) mock_send.assert_called_once_with(mock.ANY, mock.ANY, to=['aaaa'], html=True)
def testAssociated_HasEvent(self): user = test_utils.CreateUser() other_user = test_utils.CreateUser() # Create a host not owned by `user`. host = test_utils.CreateSantaHost(primary_user=other_user.nickname) # Create an Event which was generated by `user`. blockable = test_utils.CreateSantaBlockable() parent_key = datastore_utils.ConcatenateKeys(user.key, host.key, blockable.key) test_utils.CreateSantaEvent(blockable, host_id=host.key.id(), parent=parent_key) self.assertTrue(model_utils.IsSantaHostAssociatedWithUser(host, user))
def testChangeClientMode(self): host_key = test_utils.CreateSantaHost( client_mode=constants.CLIENT_MODE.MONITOR, client_mode_lock=False).key self.assertEqual( constants.CLIENT_MODE.MONITOR, host_key.get().client_mode) self.assertFalse(host_key.get().client_mode_lock) host_models.SantaHost.ChangeClientMode( host_key.id(), constants.CLIENT_MODE.LOCKDOWN) self.assertEqual( constants.CLIENT_MODE.LOCKDOWN, host_key.get().client_mode) self.assertTrue(host_key.get().client_mode_lock)
def testGetSelf_Sorted(self): """Hosts are sorted by their rule_sync_dts.""" early, middle, recent, recenter = common_test_utils.GetSequentialTimes( 4) user = test_utils.CreateUser() santa_host_1 = test_utils.CreateSantaHost(primary_user=user.nickname, rule_sync_dt=early) santa_host_2 = test_utils.CreateSantaHost(primary_user=user.nickname, rule_sync_dt=middle) test_utils.CreateSantaHost(rule_sync_dt=recent) bit9_host_1 = test_utils.CreateBit9Host(users=[user.nickname], last_event_dt=recenter) self.assertTrue( model_utils.IsHostAssociatedWithUser(santa_host_1, user)) self.assertTrue( model_utils.IsHostAssociatedWithUser(santa_host_2, user)) self.assertTrue(model_utils.IsHostAssociatedWithUser( bit9_host_1, user)) with self.LoggedInUser(user=user): response = self.testapp.get(self.SELF_ROUTE) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertLen(output, 3) expected_host_ids = [ bit9_host_1.key.id(), santa_host_2.key.id(), santa_host_1.key.id() ] actual_host_ids = [entry['id'] for entry in output] self.assertListEqual(sorted(expected_host_ids), sorted(actual_host_ids))
def testSuccess_Santa(self): host_key = test_utils.CreateSantaHost(primary_user='******').key exm_key = test_utils.CreateExemption(host_key.id(), initial_state=_STATE.APPROVED) api.Cancel(exm_key) exm = exm_key.get() self.assertEqual(_STATE.CANCELLED, exm.state) self.assertBigQueryInsertions([ constants.BIGQUERY_TABLE.HOST, constants.BIGQUERY_TABLE.EXEMPTION ]) self.DrainTaskQueue(constants.TASK_QUEUE.EXEMPTIONS) self.mock_send.assert_called_once()
def testSuccess(self): user = test_utils.CreateUser() other_user = test_utils.CreateUser() santa_host_key_1 = test_utils.CreateSantaHost( primary_user=user.nickname).key santa_host_key_2 = test_utils.CreateSantaHost( primary_user=other_user.nickname).key test_utils.CreateSantaHost(primary_user=other_user.nickname) blockable = test_utils.CreateSantaBlockable() parent_key = datastore_utils.ConcatenateKeys(user.key, santa_host_key_2, blockable.key) test_utils.CreateSantaEvent(blockable, host_id=santa_host_key_2.id(), parent=parent_key) expected_host_ids = sorted( [santa_host_key_1.id(), santa_host_key_2.id()]) actual_host_ids = sorted(model_utils.GetSantaHostIdsForUser(user)) self.assertListEqual(expected_host_ids, actual_host_ids)
def testApproved(self, mock_disable): host_key = test_utils.CreateSantaHost().key exm_key = test_utils.CreateExemption(host_key.id()) self._PatchPolicyChecks( _ApprovingPolicyCheck, _ApprovingPolicyCheck) api.Process(exm_key) exm = exm_key.get() mock_disable.assert_called() self.assertEqual(_STATE.APPROVED, exm.state) self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.EXEMPTION] * 2)
def testPost_BadRequest_InvalidDurationErrorProvided(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) params = { 'duration': 'some_invalid_duration', 'reason': constants.EXEMPTION_REASON.DEVELOPER_MACOS } with self.LoggedInUser(user=user): self.testapp.post(self.ROUTE % host.key.id(), params=params, status=httplib.BAD_REQUEST) self.mock_process.assert_not_called()
def testAssociations(self): bit9_user = test_utils.CreateUser() bit9_host = test_utils.CreateBit9Host(users=[bit9_user.nickname]) santa_user = test_utils.CreateUser() santa_host = test_utils.CreateSantaHost(primary_user=santa_user.nickname) self.assertTrue( model_utils.IsHostAssociatedWithUser(bit9_host, bit9_user)) self.assertTrue( model_utils.IsHostAssociatedWithUser(santa_host, santa_user)) self.assertFalse( model_utils.IsHostAssociatedWithUser(bit9_host, santa_user)) self.assertFalse( model_utils.IsHostAssociatedWithUser(santa_host, bit9_user))
def testPut_WithoutExemption(self, mock_change): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) with self.LoggedInUser(user=user): url = self.ROUTE % (host.key.id(), 'false') response = self.testapp.put(url, status=httplib.OK) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertIn('transitiveWhitelistingEnabled', output) self.assertNotIn('exemption', output) mock_change.assert_called_once()
def testSuccess(self, mock_send): # Create a number of APPROVED Exemptions that expire at different times. deactivation_dts = [ datetime.datetime(2018, 12, 19, h) for h in xrange(10) ] for deactivation_dt in deactivation_dts: host = test_utils.CreateSantaHost() test_utils.CreateExemption( host.key.id(), initial_state=constants.EXEMPTION_STATE.APPROVED, deactivation_dt=deactivation_dt) start_dt = datetime.datetime(2018, 12, 19, 3) end_dt = datetime.datetime(2018, 12, 19, 7) exemption_upkeep._NotifyExpirationsInRange(start_dt, end_dt) self.assertEqual(4, mock_send.call_count)
def testPost_AsAdmin_Success(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) params = { 'duration': 'DAY', 'reason': constants.EXEMPTION_REASON.DEVELOPER_MACOS } with self.LoggedInUser(admin=True): self.testapp.post(self.ROUTE % host.key.id(), params=params, status=httplib.OK) exm = exemption_models.Exemption.Get(host.key.id()) self.assertEqual(constants.EXEMPTION_STATE.REQUESTED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.mock_process.assert_called_once()
def testGet_AssociatedUser(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) test_utils.CreateExemption(host.key.id()) blockable = test_utils.CreateBlockable() test_utils.CreateSantaEvent( blockable, host_id=host.key.id(), executing_user=user.nickname, parent=datastore_utils.ConcatenateKeys( user.key, host.key, blockable.key)) self.assertTrue(model_utils.IsHostAssociatedWithUser(host, user)) with self.LoggedInUser(user=user): response = self.testapp.get(self.ROUTE % host.key.id()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertIn('exemption', output)
def testGetByUserId_IsAdmin(self): user = test_utils.CreateUser() bit9_host_id = test_utils.CreateBit9Host(users=[user.nickname]).key.id() santa_host_key = test_utils.CreateSantaHost( primary_user=user.nickname).key santa_host_id = santa_host_key.id() blockable = test_utils.CreateSantaBlockable() event_parent_key = datastore_utils.ConcatenateKeys( user.key, santa_host_key, blockable.key) test_utils.CreateSantaEvent( blockable, host_id=santa_host_id, parent=event_parent_key) with self.LoggedInUser(admin=True): response = self.testapp.get(self.USER_ID_ROUTE % user.key.id()) output = response.json self.assertLen(output, 2) actual_ids = set(host['id'] for host in output) self.assertSetEqual(set([santa_host_id, bit9_host_id]), actual_ids)
def testChangeModeForGroup_MultiBatch(self, mock_ctor): users = [ test_utils.CreateUser() for _ in xrange(roles.BATCH_SIZE + 1)] hosts = [ test_utils.CreateSantaHost( primary_user=user_map.EmailToUsername(user.key.id()), client_mode=MONITOR) for user in users] mock_ctor.return_value.AllMembers.return_value = [ user.key.id() for user in users] response = self.testapp.get('') self.assertEqual(httplib.OK, response.status_int) self.assertTaskCount(constants.TASK_QUEUE.DEFAULT, 2) self.DrainTaskQueue(constants.TASK_QUEUE.DEFAULT) new_hosts = ndb.get_multi(host.key for host in hosts) self.assertTrue(all(host.client_mode == LOCKDOWN for host in new_hosts))
def testPost_Admin_Update(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost( primary_user=user.nickname, client_mode_lock=True, client_mode=constants.CLIENT_MODE.MONITOR) params = { 'clientModeLock': 'false', 'clientMode': constants.CLIENT_MODE.LOCKDOWN} with self.LoggedInUser(admin=True): response = self.testapp.post(self.ROUTE % host.key.id(), params) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertEqual(host.client_mode, constants.CLIENT_MODE.LOCKDOWN) self.assertFalse(host.client_mode_lock)
def testUser_GetOwnEvent_CaseMismatch(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost() blockable = test_utils.CreateSantaBlockable() event_parent_key = datastore_utils.ConcatenateKeys( user.key, host.key, blockable.key) event = test_utils.CreateSantaEvent(blockable, executing_user=user.nickname, parent=event_parent_key) with self.LoggedInUser(user=user): response = self.testapp.get(self.ROUTE % blockable.key.id().upper()) output = response.json self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertEqual(output['id'], event.key.id()) self.assertEqual(output['hostId'], event.host_id) self.assertIn('Event', output['class_'])
def testPost_AsAdmin_Success(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) params = { 'duration': 'DAY', 'reason': constants.EXEMPTION_REASON.DEVELOPER_MACOS} with self.LoggedInUser(admin=True): response = self.testapp.post( self.ROUTE % host.key.id(), params=params, status=httplib.OK) output = response.json exm = exemption_models.Exemption.Get(host.key.id()) self.assertIn('application/json', response.headers['Content-type']) self.assertIsInstance(output, dict) self.assertEqual( constants.EXEMPTION_STATE.REQUESTED, output['exemption']['state']) self.assertIn('transitiveWhitelistingEnabled', output) self.assertEqual(constants.EXEMPTION_STATE.REQUESTED, exm.state) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.EXEMPTION) self.mock_process.assert_called_once()
def testGetHostId(self): expected_host_id = test_utils.CreateSantaHost().key.id() exm_key = test_utils.CreateExemption(expected_host_id) actual_host_id = exemption.Exemption.GetHostId(exm_key) self.assertEqual(expected_host_id, actual_host_id)
def testInvalidClientModeError(self, mock_metric): host_id = test_utils.CreateSantaHost().key.id() with self.assertRaises(api.InvalidClientModeError): api._ChangeEnforcementInSanta(host_id, 'WHATEVER') mock_metric.Increment.assert_called_once()
def testSanta(self, mock_change): host_id = test_utils.CreateSantaHost().key.id() exm_key = test_utils.CreateExemption(host_id) api._DisableLockdown(exm_key) mock_change.assert_called_once_with(host_id, _SANTA_MODE.MONITOR)
def setUp(self): app = webapp2.WSGIApplication(routes=[events.ROUTES]) super(EventsTest, self).setUp(wsgi_app=app) self.santa_cert = test_utils.CreateSantaCertificate() self.santa_blockable1 = test_utils.CreateSantaBlockable( id='aaaabbbbccccddddeeeeffffgggg', file_name='Product.app', cert_key=self.santa_cert.key, cert_sha256=self.santa_cert.key.id()) self.santa_blockable2 = test_utils.CreateSantaBlockable( id='hhhhiiiijjjjkkkkllllmmmmnnnn', file_name='Another Product.app') self.bit9_blockable1 = test_utils.CreateBit9Binary( id='zzzzaaaayyyybbbbxxxxccccwwww', file_name='notepad++.exe') self.user_1 = test_utils.CreateUser() self.user_2 = test_utils.CreateUser() self.santa_host1 = test_utils.CreateSantaHost( id='AAAAAAAA-1111-BBBB-2222-CCCCCCCCCCCC', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_host2 = test_utils.CreateSantaHost( id='DDDDDDDD-3333-EEEE-33333-FFFFFFFFFFFF', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host1 = test_utils.CreateSantaHost( id='CHANGE-ME', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.bit9_host2 = test_utils.CreateSantaHost( id='CHANGE-ME2', recorded_dt=datetime.datetime(2015, 2, 1, 1, 0, 0)) self.santa_event1_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable1.key)) self.santa_event2_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable1, cert_key=self.santa_cert.key, cert_sha256=self.santa_blockable1.cert_sha256, executing_user=self.user_1.nickname, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host2.key, self.santa_blockable1.key)) self.santa_event3_from_user1 = test_utils.CreateSantaEvent( self.santa_blockable2, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_1.nickname, file_name=self.santa_blockable2.file_name, file_path='/Applications/Another Product.app/Contents/MacOs', host_id=self.santa_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 5, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.santa_host1.key, self.santa_blockable2.key)) self.santa_event1_from_user2 = test_utils.CreateSantaEvent( self.santa_blockable1, event_type=constants.EVENT_TYPE.ALLOW_UNKNOWN, executing_user=self.user_2.nickname, file_name=self.santa_blockable1.file_name, file_path='/Applications/Product.app/Contents/MacOs', host_id=self.santa_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 3, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.santa_host2.key, self.santa_blockable1.key)) self.bit9_event1_from_user1 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_1.nickname, file_name=self.bit9_blockable1.file_name, file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host1.key.id(), last_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 6, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_1.key, self.bit9_host1.key, self.bit9_blockable1.key)) self.bit9_event1_from_user2 = test_utils.CreateBit9Event( self.bit9_blockable1, executing_user=self.user_2.nickname, file_name='notepad++.exe', file_path=r'c:\program files (x86)\notepad++', host_id=self.bit9_host2.key.id(), last_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), first_blocked_dt=datetime.datetime(2015, 4, 1, 1, 0, 0), parent=utils.ConcatenateKeys(self.user_2.key, self.bit9_host2.key, self.bit9_blockable1.key)) self.PatchValidateXSRFToken()
def testHostIsAssociatedWithUser_PrimaryUser(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) self.assertTrue(host.IsAssociatedWithUser(user))
def testNotAssociated_NoEvent(self): user = test_utils.CreateUser() # Create a host not owned by `user`. host = test_utils.CreateSantaHost(primary_user='******') self.assertFalse(model_utils.IsSantaHostAssociatedWithUser(host, user))
def testAssociated_PrimaryUser(self): user = test_utils.CreateUser() host = test_utils.CreateSantaHost(primary_user=user.nickname) self.assertTrue(model_utils.IsSantaHostAssociatedWithUser(host, user))
def testPost_NoPermission(self): user = test_utils.CreateUser(roles=[constants.USER_ROLE.UNTRUSTED_USER]) host = test_utils.CreateSantaHost(primary_user=user.nickname) with self.LoggedInUser(user=user): self.testapp.post(self.ROUTE % host.key.id(), status=httplib.FORBIDDEN) self.mock_process.assert_not_called()