def test_endpoint_command(mocker, requests_mock):
"""Unit test
Given
- a hostname
When
- we mock the endpoint command
Then
- Validate that there is one result
- Validate that the correct readable output is returned
"""
from GuardiCoreV2 import Client, endpoint_command
mock_response = util_load_json('test_data/get_endpoint_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False,
proxy=False,
username='******',
password='******')
args = {'hostname': 'Accounting-web-1'}
mocker.patch.object(client, '_http_request', return_value=mock_response)
response = endpoint_command(client, args)
assert len(response) == 1
assert response[0].readable_output == open(
'test_data/endpoint_command_human.md').read()
def test_fetch_incidents_no_first(mocker, requests_mock):
"""Unit test
Given
- na
When
- we mock the fetch incidents flow
Then
- Validate that the last_fetch is correct (deafult of 3 past days)
"""
from dateparser import parse
from pytz import utc
from GuardiCoreV2 import Client, fetch_incidents
incidents_data = util_load_json('test_data/fetch_incidents_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
requests_mock.get('https://api.guardicoreexample.com/api/v3.0/incidents',
json=incidents_data.get('first'))
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False,
proxy=False,
username='******',
password='******')
incidents, last_fetch = fetch_incidents(client, {})
# Fetch first time, then change last fetch
last_three = int(parse('3 days').replace(tzinfo=utc).timestamp()) * 1000
assert last_fetch == last_three
def test_get_assets(mocker, requests_mock):
"""Unit test
Given
- an ip
When
- we mock the endpoint asset get api call
Then
- Validate that there is one result
- Validate that the correct output is returned
"""
from GuardiCoreV2 import Client, get_assets
mock_response = util_load_json('test_data/get_assets_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False,
proxy=False,
username='******',
password='******')
args = {'ip_address': '1.1.1.1'}
mocker.patch.object(client, '_http_request', return_value=mock_response)
response = get_assets(client, args)
assert len(response) == 1
response = response[0]
assert response.outputs == {
'asset_id': '920b9a05-889e-429e-97d0-94a92ccbe376',
'ip_addresses': ['1.1.1.1', 'fe80::250:56ff:fe84:da1e'],
'last_seen': 1627910241995,
'name': 'Accounting-web-1',
'status': 'on',
'tenant_name': 'esx10/lab_a/Apps/Accounting'
}
def test_get_incidents(mocker, requests_mock):
"""Unit test
Given
- an incident from and to time, with a limit of 3
When
- we mock the incidents get api call
Then
- Validate that the correct responses are returned
"""
from GuardiCoreV2 import Client, get_incidents, INCIDENT_COLUMNS, \
filter_human_readable
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False, proxy=False, username='******', password='******')
args = {'from_time': '2021-07-07T15:31:17Z',
'to_time': '2022-07-07T15:31:17Z', 'limit': 3}
mock_response = util_load_json('test_data/get_incidents_response.json')
mocker.patch.object(client, '_http_request', return_value=mock_response)
response = get_incidents(client, args)
# Transform the raw results to be more readable
hr = []
for res in response.raw_response:
row = filter_human_readable(res, human_columns=INCIDENT_COLUMNS)
row['start_time'] = timestamp_to_datestring(row['start_time'])
row['end_time'] = timestamp_to_datestring(row['end_time'])
hr.append(row)
assert response.outputs == hr
assert response.raw_response == mock_response.get('objects')
def test_fetch_incidents(mocker, requests_mock):
"""Unit test
Given
- a first_fetch time (of 40 days)
When
- we mock the fetch incidents flow
- we mock the fetch incidents flow is called twice
Then
- Validate that the last_fetch is correct (unix time of 40 days)
- Validate that the first incident returned has a correct id
- Validate that the length of the incidents is correct
- Validate that the last_fetch is the last incident fetched
- Validate that the incidents are all fetched (only 1 new one)
"""
from GuardiCoreV2 import Client, fetch_incidents
from CommonServerPython import \
demisto # noqa # pylint: disable=unused-wildcard-importcommon
incidents_data = util_load_json('test_data/fetch_incidents_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
requests_mock.get('https://api.guardicoreexample.com/api/v3.0/incidents',
json=incidents_data.get('first'))
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False,
proxy=False,
username='******',
password='******')
incidents, last_fetch = fetch_incidents(
client, {'first_fetch': '40 years'}
) # if xsoar is still here when this is a bug then we have a good problem on our hands :)
# Fetch first time, then change last fetch
assert last_fetch == 1611322222222
assert incidents[0].get('name') == 'Guardicore Incident (INC-ADB636B7)'
assert len(incidents) == 2
mocker.patch.object(demisto,
'getLastRun',
return_value={'last_fetch': last_fetch})
requests_mock.get('https://api.guardicoreexample.com/api/v3.0/incidents',
json=incidents_data.get('second'))
incidents, last_fetch = fetch_incidents(client, {})
# Now we should see the last fetch changed
assert last_fetch == 1611322333333
assert len(incidents) == 1
def test_authenticate(requests_mock):
"""Unit test
Given
- a username and password
When
- we mock the authentication to the integration api endpoint.
Then
- Validate that the access_token is returned correctly.
"""
from GuardiCoreV2 import Client
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False, proxy=False, username='******', password='******')
assert client.access_token == TEST_API_KEY
def test_endpoint_command_fails(mocker, requests_mock):
"""Unit test
Given
- no parameters
When
- we mock the endpoint command
Then
- Validate that there is a correct error
"""
from GuardiCoreV2 import Client, endpoint_command
mock_response = util_load_json('test_data/get_endpoint_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False, proxy=False, username='******', password='******')
args = {}
mocker.patch.object(client, '_http_request', return_value=mock_response)
with raises(DemistoException):
endpoint_command(client, args)
def test_get_incident(mocker, requests_mock):
"""Unit test
Given
- an incident id
When
- we mock the incident get api call
Then
- Validate that the correct response is returned
"""
from GuardiCoreV2 import Client, get_indicent
mock_response = util_load_json('test_data/get_incident_response.json')
requests_mock.post(
'https://api.guardicoreexample.com/api/v3.0/authenticate',
json={'access_token': TEST_API_KEY})
client = Client(base_url='https://api.guardicoreexample.com/api/v3.0',
verify=False, proxy=False, username='******', password='******')
args = {
'id': 'c2acca07-e9bf-4d63-9a26-ff6c749d24d2'
}
mocker.patch.object(client, '_http_request', return_value=mock_response)
response = get_indicent(client, args)
assert response.outputs == mock_response
