def test_create_and_delete_file(self):
name = "file name"
type = "pdf"
res = create_report_file(name, type)
# Assert file name and directory and location are returned
assert res["report_file_name"] == "McAfeeATD_{}.{}".format(name, type)
assert res.get("report_file") is not None
assert res.get("tmp_dir") is not None
# Assert file exists
assert os.path.isfile(res.get("report_file")) is True
remove_dir(res.get("tmp_dir"))
# Assert file is removed
assert os.path.isdir(res.get("tmp_dir")) is False
def test_get_atd_report(self, mocked_requests_get, mocked_requests_delete):
name = "file name"
type = "pdf"
f = create_report_file(name, type)
try:
sim_get_content1 = {
"results": {
"session": "session_key",
"userId": "1"
}
}
sim_delete_content = {}
sim_get_content2 = str.encode("This is the report result")
generated_report = self._generateResponse(sim_get_content2, 200)
creds = MockCredsAfterCheck()
mocked_requests_get.side_effect = [
self._generateResponse(sim_get_content1, 200), generated_report
]
mocked_requests_delete.return_value = self._generateResponse(
sim_delete_content, 200)
res = get_atd_report(creds, '1', '', f.get("report_file"))
# Assert JSON report is returned
assert res == generated_report.content
# Assert file is empty
with open(f.get("report_file"), 'r') as r:
content = r.read()
assert content == ""
mocked_requests_get.side_effect = [
self._generateResponse(sim_get_content1, 200),
generated_report, generated_report
]
res = get_atd_report(creds, '1', "pdf", f)
# Assert JSON report is returned
assert res == generated_report.content
# Assert file contents is as expected
with open(f.get("report_file"), 'r') as r:
content = r.read()
assert generated_report.content.decode("utf-8") == content
finally:
remove_dir(f.get("tmp_dir"))
def _mcafee_atd_analyze_file_function(self, event, *args, **kwargs):
"""Function: """
report_file = None
try:
resilient_client = self.rest_client()
inputs = {}
start_time = time.time()
yield StatusMessage("Starting...")
# Get the function parameters:
incident_id = get_incident_id(**kwargs)
artifact_id = kwargs.get("artifact_id") # number
attachment_id = kwargs.get("attachment_id") # number
task_id = kwargs.get("task_id") # number
atd_report_type = self.get_select_param(
kwargs.get("mcafee_atd_report_type")) # select
inputs["macfee_atd_report_type"] = atd_report_type
log.info("incident_id: %s", incident_id)
inputs["incident_id"] = incident_id
if artifact_id is not None:
log.info("artifact_id: %s", artifact_id)
inputs["artifact_id"] = artifact_id
if attachment_id is not None:
log.info("attachment_id: %s", attachment_id)
inputs["attachment_id"] = attachment_id
if task_id is not None:
log.info("task_id: %s", task_id)
inputs["task_id"] = task_id
f_download = _get_file(resilient_client, **kwargs)
f = f_download["file"]
file_name = f_download["file_name"]
yield StatusMessage("File {} downloaded".format(file_name))
response = submit_file(self, f, file_name)
check_status_code(response)
content = response.json()
atd_task_id = content["results"][0]["taskId"]
files_wait = content["filesWait"]
estimated_time = content["estimatedTime"]
yield StatusMessage("File uploaded to ATD with taskId: {}".format(
str(atd_task_id)))
yield StatusMessage("Files waiting on: {}".format(files_wait))
yield StatusMessage(
"Estimated Time: {} minutes".format(estimated_time))
timeout_seconds = self.timeout_mins * 60
start = time.time()
try:
while check_atd_status(self, atd_task_id) is False:
if artifact_id is not None:
yield StatusMessage(
"Analysis on artifact_id {} is still running".
format(artifact_id))
else:
yield StatusMessage(
"Analysis on attachment_id {} is still running".
format(attachment_id))
check_timeout(start, self.polling_interval,
timeout_seconds)
except ValueError:
yield StatusMessage(
"ATD analysis probably failed, please check ATD system.")
raise FunctionError()
yield StatusMessage("Analysis Completed")
if atd_report_type == "pdf" or atd_report_type == "html":
yield StatusMessage(
"Obtaining {} report".format(atd_report_type))
report_file = create_report_file(file_name, atd_report_type)
results = get_atd_report(self, atd_task_id, atd_report_type,
report_file)
if report_file is not None:
resilient_client.post_attachment(
"/incidents/{}/attachments/".format(incident_id),
report_file["report_file"],
filename=report_file["report_file_name"])
yield StatusMessage(
"Report added to incident {} as Attachment".format(
str(incident_id)))
end_time = time.time()
results["Run Time"] = str(end_time - start_time)
results["Inputs"] = inputs
yield StatusMessage("done...")
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception as e:
log.info(e)
yield FunctionError("Failed")
finally:
if report_file is not None:
remove_dir(report_file["tmp_dir"])
def _mcafee_atd_analyze_url_function(self, event, *args, **kwargs):
"""Function: """
report_file = None
try:
inputs = {}
start_time = time.time()
yield StatusMessage("Starting...")
# Get the function parameters:
incident_id = get_incident_id(**kwargs)
artifact_id = kwargs.get("artifact_id") # number
url_to_analyze = kwargs.get("artifact_value") # text
atd_report_type = self.get_select_param(
kwargs.get("mcafee_atd_report_type")) # select
atd_url_submit_type = self.get_select_param(
kwargs.get("mcafee_atd_url_submit_type")) # select
log.info("incident_id: %s", incident_id)
inputs["incident_id"] = incident_id
if artifact_id is not None:
log.info("artifact_id: %s", artifact_id)
inputs["artifact_id"] = artifact_id
if url_to_analyze is not None:
yield StatusMessage("URL value: {}".format(url_to_analyze))
log.info("artifact_value: $s", url_to_analyze)
inputs["artifact_value"] = url_to_analyze
if atd_report_type is not None:
log.info("macfee_atd_report_type: %s", atd_report_type)
inputs["macfee_atd_report_type"] = atd_report_type
if atd_url_submit_type is not None:
log.info("mcafee_atd_url_submit_type: %s", atd_url_submit_type)
inputs["mcafee_atd_url_submit_type"] = atd_url_submit_type
submit_type = None
if atd_url_submit_type == "Analyze URL":
submit_type = '1'
elif atd_url_submit_type == "Download and analyze file from URL":
submit_type = '3'
else:
yield FunctionError(
"atd_url_submit_type is not set correctly.")
response = submit_url(self, url_to_analyze, submit_type)
check_status_code(response)
content = response.json()
atd_job_id = content["subId"]
files_wait = content["filesWait"]
yield StatusMessage("File uploaded to ATD with jobId: {}".format(
str(atd_job_id)))
yield StatusMessage("Files waiting on: {}".format(files_wait))
timeout_seconds = self.timeout_mins * 60
start = time.time()
try:
while check_job_status(self, atd_job_id) is False:
yield StatusMessage(
"Analysis on {} is still running".format(
url_to_analyze))
check_timeout(start, self.polling_interval,
timeout_seconds)
task_id_list = get_task_id_list(self, atd_job_id)
task_id = task_id_list[-1]
try:
while check_task_status(self, task_id) is False:
check_timeout(start, self.polling_interval,
timeout_seconds)
except ValueError:
log.info(
"ATD analysis probably failed, please check ATD system."
)
raise FunctionError()
except ValueError:
yield StatusMessage(
"ATD analysis probably failed, please check ATD system.")
raise FunctionError()
yield StatusMessage("Analysis Completed")
report_list = []
for task_id in task_id_list:
if atd_report_type == "pdf" or atd_report_type == "html":
yield StatusMessage(
"Obtaining {} report".format(atd_report_type))
report_file = create_report_file(url_to_analyze,
atd_report_type)
report = get_atd_report(self, task_id, atd_report_type,
report_file)
# If report does not exist continue to the next task
if not report:
continue
report_list.append(report)
if report_file is not None:
# Create Resilient Rest client
resilient_client = self.rest_client()
resilient_client.post_attachment(
"/incidents/{}/attachments/".format(incident_id),
report_file["report_file"],
filename=report_file["report_file_name"])
yield StatusMessage(
"Report added to incident {} as Attachment".format(
str(incident_id)))
end_time = time.time()
results = dict()
results["Run Time"] = str(end_time - start_time)
results["Inputs"] = inputs
results["report_list"] = report_list
yield StatusMessage("done...")
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception as e:
log.info(e)
yield FunctionError("Failed")
finally:
if report_file is not None:
remove_dir(report_file["tmp_dir"])