def pre_test_setup(self): account_type_result = AccountType.query.filter( AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() self.account = Account(identifier="012345678910", name="testing", active=True, third_party=False, account_type_id=account_type_result.id) self.technology = Technology(name="s3") self.item = Item(region="us-west-2", name="somebucket", arn=ARN_PREFIX + ":s3:::somebucket", technology=self.technology, account=self.account) db.session.add(self.account) db.session.add(self.technology) db.session.add(self.item) db.session.commit() mock_s3().start() client = boto3.client("s3") client.create_bucket(Bucket="somebucket") client.create_bucket(Bucket="someotherbucket") client.create_bucket(Bucket="someotherbucket2")
def pre_test_setup(self): self.account_type = AccountType(name="GitHub") db.session.add(self.account_type) db.session.commit() db.session.add( Account(name="octocat", account_type_id=self.account_type.id, identifier="octocat", active=True, third_party=False)) self.technology = Technology(name="repository") db.session.add(self.technology) db.session.commit() self.gh_items = [ GitHubOrgItem(account="octocat", name="Hello-World", arn="octocat/Hello-World", config=CONFIG_ONE), GitHubOrgItem(account="octocat", name="Repo-Private", arn="octocat/Repo-Private", config=CONFIG_TWO), ]
def pre_test_setup(self): RDSSnapshotAuditor(accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # main account = Account(identifier="123456789123", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) # friendly account2 = Account(identifier="222222222222", name="TEST_ACCOUNT_TWO", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_TWO", third_party=False, active=True) # third party account3 = Account(identifier="333333333333", name="TEST_ACCOUNT_THREE", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_THREE", third_party=True, active=True) db.session.add(account) db.session.add(account2) db.session.add(account3) db.session.commit()
def _setup_one_two_revisions(self): account_type_result = AccountType.query.filter(AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(number="012345678910", name="testing", s3_name="testing", role_name="SecurityMonkey", account_type_id=account_type_result.id) technology = Technology(name="iamrole") item = Item(region="us-west-2", name="testrole", arn="arn:aws:iam::012345678910:role/testrole", technology=technology, account=account) self.now = datetime(2016, 11, 3) self.yesterday = self.now - timedelta(days=1) item.revisions.append(ItemRevision(active=True, config={}, date_created=self.now)) item.revisions.append(ItemRevision(active=True, config={}, date_created=self.yesterday)) db.session.add(account) db.session.add(technology) db.session.add(item) db.session.commit() items = Item.query.all() for item in items: latest_revision = item.revisions.first() item.latest_revision_id = latest_revision.id db.session.add(item) db.session.commit()
def pre_test_setup(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="TEST_ACCOUNT1", account_type_id=account_type_result.id, notes="TEST_ACCOUNT1", third_party=False, active=True) db.session.add(account) account = Account(identifier="123123123123", name="TEST_ACCOUNT2", account_type_id=account_type_result.id, notes="TEST_ACCOUNT2", third_party=False, active=True) db.session.add(account) account = Account(identifier="109876543210", name="TEST_ACCOUNT3", account_type_id=account_type_result.id, notes="TEST_ACCOUNT3", third_party=False, active=False) db.session.add(account) account = Account(identifier="456456456456", name="TEST_ACCOUNT4", account_type_id=account_type_result.id, notes="TEST_ACCOUNT4", third_party=False, active=False) db.session.add(account) db.session.commit() RUNTIME_WATCHERS.clear() RUNTIME_AUDIT_COUNTS.clear()
def pre_test_setup(self): # Delete any remaining test cruft: if app.config.get("GITHUB_CREDENTIALS"): del app.config["GITHUB_CREDENTIALS"] self.account_type = AccountType(name="GitHub") self.accounts = [] db.session.add(self.account_type) db.session.commit() # Tests need to be run from the working dir such that `security_monkey/tests/utilities/templates/github_creds` # can be found! for x in ["one", "two", "three"]: account = Account(name="Org-{}".format(x), account_type_id=self.account_type.id, identifier="Org-{}".format(x), active=True) account.custom_fields.append( AccountTypeCustomValues(name="access_token_file", value="security_monkey/tests/" "utilities/templates/github_creds")) db.session.add(account) self.accounts.append(account) db.session.commit()
def pre_test_setup(self): self.gh_items = [ GitHubOrgItem(account="Netflix", name="Netflix", arn="Netflix", config=CONFIG_ONE), GitHubOrgItem(account="Netflix-PRIVATE", name="Netflix-PRIVATE", arn="Netflix-PRIVATE", config=CONFIG_TWO), ] self.account_type = AccountType(name="GitHub") db.session.add(self.account_type) db.session.commit() db.session.add( Account(name="Netflix", account_type_id=self.account_type.id, identifier="Netflix", active=True, third_party=False)) db.session.add( Account(name="Netflix-PRIVATE", account_type_id=self.account_type.id, identifier="Netflix-PRIVATE", active=True, third_party=False)) self.technology = Technology(name="organization") db.session.add(self.technology) db.session.commit()
def pre_test_setup(self): self.gh_items = [ GitHubTeamItem(account="Org-one", name="Org-one", arn="Org-one", config=CONFIG_ONE), GitHubTeamItem(account="Org-one", name="Org-one", arn="Org-one", config=CONFIG_TWO), ] self.account_type = AccountType(name="GitHub") db.session.add(self.account_type) db.session.commit() db.session.add( Account(name="Org-one", account_type_id=self.account_type.id, identifier="Org-one", active=True, third_party=False)) self.technology = Technology(name="team") db.session.add(self.technology) db.session.commit()
def _setup_account(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="test_account", account_type_id=account_type_result.id) db.session.add(account) db.session.commit()
def setup_db(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() self.account = Account(identifier="012345678910", name="testing", account_type_id=account_type_result.id) self.technology = Technology(name="iamrole") db.session.add(self.account) db.session.add(self.technology) db.session.commit()
def pre_test_setup(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() self.account = Account(identifier="012345678910", name="testing", third_party=False, active=True, account_type_id=account_type_result.id) self.technology = Technology(name="iamrole") self.total_roles = 75 db.session.add(self.account) db.session.add(self.technology) db.session.commit() mock_iam().start() client = boto3.client("iam") aspd = { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:AssumeRole", "Principal": { "Service": "ec2.amazonaws.com" } }] } policy = { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*" }] } for x in range(0, self.total_roles): # Create the IAM Role via Moto: aspd["Statement"][0][ "Resource"] = ARN_PREFIX + "arn:aws:iam:012345678910:role/roleNumber{}".format( x) client.create_role(Path="/", RoleName="roleNumber{}".format(x), AssumeRolePolicyDocument=json.dumps(aspd, indent=4)) client.put_role_policy(RoleName="roleNumber{}".format(x), PolicyName="testpolicy", PolicyDocument=json.dumps(policy, indent=4))
def pre_test_setup(self): self.es_items = [ ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test", config=CONFIG_ONE), ElasticSearchServiceItem(region="us-west-2", account="TEST_ACCOUNT", name="es_test_2", config=CONFIG_TWO), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_3", config=CONFIG_THREE), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_4", config=CONFIG_FOUR), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_5", config=CONFIG_FIVE), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_6", config=CONFIG_SIX), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_7", config=CONFIG_SEVEN), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_8", config=CONFIG_EIGHT), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_9", config=CONFIG_NINE), ] account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(account) db.session.commit()
def pre_test_setup(self): account_result = Account.query.filter( Account.name == 'TEST_ACCOUNT').first() if not account_result: account_type = AccountType(name='AWS') db.session.add(account_type) db.session.commit() account_result = Account(name='TEST_ACCOUNT', identifier='012345678910', account_type_id=account_type.id) db.session.add(account_result) db.session.commit()
def pre_test_setup(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() self.account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(self.account) db.session.commit()
def pre_test_setup(self): account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(account) db.session.commit() mock_file_system.clear() build_mock_result(watcher_configs, [])
def amazon_accounts(): """ Pre-populates standard AWS owned accounts """ import os import json from security_monkey.datastore import Account, AccountType data_file = os.path.join(os.path.dirname(__file__), "data", "aws_accounts.json") data = json.load(open(data_file, 'r')) app.logger.info('Adding / updating Amazon owned accounts') try: account_type_result = AccountType.query.filter( AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() db.session.refresh(account_type_result) for group, info in data.items(): for aws_account in info['accounts']: acct_name = "{group} ({region})".format( group=group, region=aws_account['region']) account = Account.query.filter( Account.number == aws_account['account_id']).first() if not account: app.logger.debug( ' Adding account {0}'.format(acct_name)) account = Account() else: app.logger.debug( ' Updating account {0}'.format(acct_name)) account.number = aws_account['account_id'] account.identifier = aws_account['account_id'] account.account_type_id = account_type_result.id account.active = False account.third_party = True account.name = acct_name account.notes = info['url'] db.session.add(account) db.session.commit() app.logger.info('Finished adding Amazon owned accounts') except Exception as e: app.logger.exception("An error occured while adding accounts") store_exception("manager-amazon-accounts", None, e)
def pre_test_setup(self): self.account_type = AccountType.query.filter( AccountType.name == 'AWS').first() if not self.account_type: self.account_type = AccountType(name='AWS') db.session.add(self.account_type) db.session.commit() self.test_account = Account(type=self.account_type, name="test_account", identifier="012345678910") self.technology = Technology(name="testtech") db.session.add(self.test_account) db.session.add(self.technology) db.session.commit()
def pre_test_setup(self): SecurityGroupAuditor(accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # main account = Account(identifier="123456789123", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(account) db.session.commit()
def pre_test_setup(self): self.account_type = AccountType(name="GitHub") db.session.add(self.account_type) db.session.commit() app.config["GITHUB_CREDENTIALS"] = { "Org-one": "token-one", "FAILURE": "FAILURE", "Netflix": "token-two" } db.session.add(Account(name="Org-one", account_type_id=self.account_type.id, identifier="Org-one", active=True, third_party=False)) self.technology = Technology(name="repository") db.session.add(self.technology) db.session.commit()
def pre_test_setup(self): account_type_result = AccountType.query.filter(AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() self.account = Account(identifier="012345678910", name="testing", account_type_id=account_type_result.id) self.technology = Technology(name="iamrole") item = Item(region="us-west-2", name="testrole", arn=ARN_PREFIX + ":iam::012345678910:role/testrole", technology=self.technology, account=self.account) db.session.add(self.account) db.session.add(self.technology) db.session.add(item) db.session.commit()
def pre_test_setup(self): self.account_type = AccountType(name='AWS') db.session.add(self.account_type) db.session.commit() for x in range(0, 9): db.session.add( Account(name="account{}".format(x), account_type_id=self.account_type.id, identifier="01234567891{}".format(x), active=True)) db.session.commit() mock_sts().start() mock_s3().start() self.s3_client = boto3.client("s3") self.s3_client.create_bucket(Bucket="testBucket")
def pre_test_setup(self): from security_monkey.auditors.iam.iam_role import IAMRoleAuditor from security_monkey.datastore import Account, AccountType from security_monkey import db IAMRoleAuditor(accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # main account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) # friendly account2 = Account(identifier="222222222222", name="TEST_ACCOUNT_TWO", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_TWO", third_party=False, active=True) # third party account3 = Account(identifier="333333333333", name="TEST_ACCOUNT_THREE", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_THREE", third_party=True, active=True) db.session.add(account) db.session.add(account2) db.session.add(account3) db.session.commit()
def applies_to_account(self, account): return True mock_query = MockAccountQuery() mock_db_session = MockDBSession() test_account = Account() test_account.name = "TEST_ACCOUNT" test_account.notes = "TEST ACCOUNT" test_account.s3_name = "TEST_ACCOUNT" test_account.number = "012345678910" test_account.role_name = "TEST_ACCOUNT" test_account.account_type = AccountType(name='AWS') test_account.third_party = False test_account.active = True mock_query.add_account(test_account) test_account2 = Account() test_account2.name = "TEST_ACCOUNT2" test_account2.notes = "TEST ACCOUNT2" test_account2.s3_name = "TEST_ACCOUNT2" test_account2.number = "123123123123" test_account2.role_name = "TEST_ACCOUNT" test_account2.account_type = AccountType(name='AWS') test_account2.third_party = False test_account2.active = True mock_query.add_account(test_account2)
def pre_test_setup(self): self.s3_items = [ CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket1", config=CONFIG_ONE), CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket2", config=CONFIG_TWO), CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT2", name="bucket3", config=CONFIG_THREE), CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT3", name="bucket4", config=CONFIG_FOUR) ] account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) account.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value="23984723987489237489237489237489uwedfjhdsjklfhksdf" "h2389")) account.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt1")) account2 = Account(identifier="012345678911", name="TEST_ACCOUNT2", account_type_id=account_type_result.id, notes="TEST_ACCOUNT2", third_party=False, active=True) account2.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value="lksdjfilou32890u47238974189237euhuu128937192837189" "uyh1hr3")) account2.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt2")) account3 = Account(identifier="012345678912", name="TEST_ACCOUNT3", account_type_id=account_type_result.id, notes="TEST_ACCOUNT3", third_party=True, active=True) account3.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value="dsfhgiouhy23984723789y4riuwhfkajshf91283742389u" "823723")) account3.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt3")) db.session.add(account) db.session.add(account2) db.session.add(account3) db.session.commit()
def pre_test_setup(self): ResourcePolicyAuditor(accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # main account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) # friendly account2 = Account(identifier="222222222222", name="TEST_ACCOUNT_TWO", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_TWO", third_party=False, active=True) # third party account3 = Account(identifier="333333333333", name="TEST_ACCOUNT_THREE", account_type_id=account_type_result.id, notes="TEST_ACCOUNT_THREE", third_party=True, active=True) db.session.add(account) db.session.add(account2) db.session.add(account3) db.session.commit() datastore = Datastore() # S3 datastore.store('s3', 'us-east-1', 'TEST_ACCOUNT', 'my-test-s3-bucket', True, dict(), arn='arn:aws:s3:::my-test-s3-bucket') datastore.store('s3', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-s3-bucket-two', True, dict(), arn='arn:aws:s3:::my-test-s3-bucket-two') datastore.store('s3', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-s3-bucket-three', True, dict(), arn='arn:aws:s3:::my-test-s3-bucket-three') # IAM User datastore.store('iamuser', 'us-east-1', 'TEST_ACCOUNT', 'my-test-iam-user', True, dict(UserId='AIDA11111111111111111', UserName='******'), arn='arn:aws:iam::012345678910:user/my-test-iam-user') datastore.store( 'iamuser', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-iam-user-two', True, dict(UserId='AIDA22222222222222222', UserName='******'), arn='arn:aws:iam::222222222222:user/my-test-iam-user-two') datastore.store( 'iamuser', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-iam-user-three', True, dict(UserId='AIDA33333333333333333', UserName='******'), arn='arn:aws:iam::333333333333:user/my-test-iam-user-three') # IAM Role datastore.store('iamrole', 'us-east-1', 'TEST_ACCOUNT', 'my-test-iam-role', True, dict(RoleId='AISA11111111111111111', RoleName='my-test-iam-role'), arn='arn:aws:iam::012345678910:role/my-test-iam-role') datastore.store( 'iamrole', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-iam-role-two', True, dict(RoleId='AISA22222222222222222', RoleName='my-test-iam-role-two'), arn='arn:aws:iam::222222222222:role/my-test-iam-role-two') datastore.store( 'iamrole', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-iam-role-three', True, dict(RoleId='AISA33333333333333333', RoleName='my-test-iam-role-three'), arn='arn:aws:iam::333333333333:role/my-test-iam-role-three') # NAT Gateway datastore.store( 'natgateway', 'us-east-1', 'TEST_ACCOUNT', 'my-test-natgateway', True, dict(nat_gateway_addresses=[ dict(public_ip='54.11.11.11', private_ip='172.16.11.11') ]), arn=None) # natgateway has no ARN :( datastore.store( 'natgateway', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-natgateway-two', True, dict(nat_gateway_addresses=[ dict(public_ip='54.22.22.22', private_ip='172.16.22.22') ]), arn=None) # natgateway has no ARN :( datastore.store( 'natgateway', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-natgateway-three', True, dict(nat_gateway_addresses=[ dict(public_ip='54.33.33.33', private_ip='172.16.33.33') ]), arn=None) # natgateway has no ARN :( # VPC datastore.store( 'vpc', 'us-east-1', 'TEST_ACCOUNT', 'my-test-vpc', True, dict(id='vpc-11111111', cidr_block='10.1.1.1/18'), arn='arn:aws:ec2:us-east-1:012345678910:vpc/vpc-11111111') datastore.store( 'vpc', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-vpc-two', True, dict(id='vpc-22222222', cidr_block='10.2.2.2/18'), arn='arn:aws:ec2:us-east-1:222222222222:vpc/vpc-22222222') datastore.store( 'vpc', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-vpc-three', True, dict(id='vpc-33333333', cidr_block='10.3.3.3/18'), arn='arn:aws:ec2:us-east-1:333333333333:vpc/vpc-33333333') # VPC Service Endpoint (For S3 and things) datastore.store('endpoint', 'us-east-1', 'TEST_ACCOUNT', 'my-test-vpce', True, dict(id='vpce-11111111'), arn=None) # vpce has no ARN :( datastore.store('endpoint', 'us-east-1', 'TEST_ACCOUNT_TWO', 'my-test-vpce-two', True, dict(id='vpce-22222222'), arn=None) # vpce has no ARN :( datastore.store('endpoint', 'us-east-1', 'TEST_ACCOUNT_THREE', 'my-test-vpce-three', True, dict(id='vpce-33333333'), arn=None) # vpce has no ARN :(
def pre_test_setup(self): ElasticSearchServiceAuditor( accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() self.es_items = [ ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test", config=CONFIG_ONE), ElasticSearchServiceItem(region="us-west-2", account="TEST_ACCOUNT", name="es_test_2", config=CONFIG_TWO), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_3", config=CONFIG_THREE), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_4", config=CONFIG_FOUR), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_5", config=CONFIG_FIVE), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_6", config=CONFIG_SIX), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_7", config=CONFIG_SEVEN), ElasticSearchServiceItem(region="eu-west-1", account="TEST_ACCOUNT", name="es_test_8", config=CONFIG_EIGHT), ElasticSearchServiceItem(region="us-east-1", account="TEST_ACCOUNT", name="es_test_9", config=CONFIG_NINE), ] account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(account) db.session.commit() # Add some test network whitelists into this: # es_auditor.network_whitelist = [] WHITELIST_CIDRS = [ ("Test one", "192.168.1.1/32"), ("Test two", "100.0.0.0/16"), ] for cidr in WHITELIST_CIDRS: whitelist_cidr = NetworkWhitelistEntry() whitelist_cidr.name = cidr[0] whitelist_cidr.notes = cidr[0] whitelist_cidr.cidr = cidr[1] db.session.add(whitelist_cidr) db.session.commit()
def test_celery_skipabeat(self, mock_store_exception, mock_expired_exceptions, mock_account_tech, mock_purge, mock_setup): from security_monkey.task_scheduler.beat import setup_the_tasks from security_monkey.watchers.github.org import GitHubOrg from security_monkey.auditors.github.org import GitHubOrgAuditor # Stop the watcher registry from stepping on everyone's toes: import security_monkey.watcher import security_monkey.monitors security_monkey.watcher.watcher_registry = {GitHubOrg.index: GitHubOrg} security_monkey.monitors.watcher_registry = security_monkey.watcher.watcher_registry app.config["GITHUB_CREDENTIALS"] = {} # Set up the monitor: self.account_type = AccountType(name="GitHub") db.session.add(self.account_type) db.session.commit() app.config["GITHUB_CREDENTIALS"] = {"Org-one": "token-one"} db.session.add( Account(name="Org-one", account_type_id=self.account_type.id, identifier="Org-one", active=True, third_party=False)) self.technology = Technology(name="organization") db.session.add(self.technology) db.session.commit() # Disable the other accounts: disable_account_1 = Account.query.filter( Account.name == "TEST_ACCOUNT1").one() disable_account_2 = Account.query.filter( Account.name == "TEST_ACCOUNT2").one() disable_account_1.active = False disable_account_2.active = False db.session.add(disable_account_1) db.session.add(disable_account_2) db.session.commit() test_account = Account.query.filter(Account.name == "Org-one").one() watcher = GitHubOrg(accounts=[test_account.name]) monitor = Monitor(GitHubOrg, test_account) monitor.watcher = watcher monitor.auditors = [GitHubOrgAuditor(accounts=[test_account.name])] # This is externally executed (as in not with Celery): db.session.add( WatcherConfig(index=GitHubOrg.index, active=True, interval=0)) db.session.commit() import security_monkey.task_scheduler.tasks old_get_monitors = security_monkey.task_scheduler.tasks.get_monitors security_monkey.task_scheduler.tasks.get_monitors = lambda x, y, z: [ monitor ] get_interval = mock.Mock() monitor.watcher.get_interval = get_interval setup_the_tasks(mock.Mock()) assert mock_setup.called assert mock_purge.called assert not mock_store_exception.called # "apply_async" will NOT be called... assert not mock_account_tech.apply_async.called # The ".s" are the scheduled tasks. Too lazy to grab the intervals out. assert not mock_account_tech.s.called # Will not be called assert mock_expired_exceptions.s.called assert mock_expired_exceptions.apply_async.called # Cleanup: security_monkey.task_scheduler.tasks.get_monitors = old_get_monitors disable_account_1.active = True disable_account_2.active = True test_account.active = False db.session.add(disable_account_1) db.session.add(disable_account_2) db.session.add(test_account) db.session.commit()
def pre_test_setup(self): S3Auditor(accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() self.s3_items = [ # Same Account CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket1", config=CONFIG_ONE), # ACL with unknown cross account access CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket2", config=CONFIG_TWO), # ACL with friendly access CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT2", name="bucket3", config=CONFIG_THREE), # ACL with friendly thirdparty access CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT3", name="bucket4", config=CONFIG_FOUR), # Bucket without a policy CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket5", config=CONFIG_FOUR), # Bucket with AllUsers CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket5", config=CONFIG_FIVE), # Bucket with AuthenticatedUsers CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket6", config=CONFIG_SIX), # Bucket with LogDelivery CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket7", config=CONFIG_SEVEN), # Bucket with deprecated friendly short s3 name CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket8", config=CONFIG_EIGHT), # Bucket with deprecated thirdparty short s3 name CloudAuxChangeItem(region="us-east-1", account="TEST_ACCOUNT", name="bucket9", config=CONFIG_NINE) ] account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # SAME Account account = Account(identifier="012345678910", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) account.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value="23984723987489237489237489237489uwedfjhdsjklfhksdfh2389" )) account.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt1")) # Friendly Account account2 = Account(identifier="012345678911", name="TEST_ACCOUNT2", account_type_id=account_type_result.id, notes="TEST_ACCOUNT2", third_party=False, active=True) account2.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value= "lksdjfilou32890u47238974189237euhuu128937192837189uyh1hr3")) account2.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt2")) # Thirdparty Account account3 = Account(identifier="012345678912", name="TEST_ACCOUNT3", account_type_id=account_type_result.id, notes="TEST_ACCOUNT3", third_party=True, active=True) account3.custom_fields.append( AccountTypeCustomValues( name="canonical_id", value="dsfhgiouhy23984723789y4riuwhfkajshf91283742389u823723")) account3.custom_fields.append( AccountTypeCustomValues(name="s3_name", value="test_accnt3")) db.session.add(account) db.session.add(account2) db.session.add(account3) db.session.commit()
def pre_test_setup(self): self.account_type = AccountType(name='AWS') db.session.add(self.account_type) db.session.commit()