def setup(self):
"""Setup before each method"""
self._dispatcher = PhantomOutput(REGION, FUNCTION_NAME, CONFIG)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self):
"""Setup before each method"""
self._mock_s3 = mock_s3()
self._mock_s3.start()
self._mock_kms = mock_kms()
self._mock_kms.start()
self._dispatcher = PhantomOutput(None)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def test_dispatch_container_query(self, post_mock, get_mock):
"""PhantomOutput - Container Query URL"""
rule_description = 'Info about this rule and what actions to take'
headers = {'ph-auth-token': 'mocked_auth_token'}
assert_false(
PhantomOutput._setup_container('rule_name', rule_description,
self.CREDS['url'], headers))
full_url = '{}/rest/container'.format(self.CREDS['url'])
params = {'_filter_name': '"rule_name"', 'page_size': 1}
get_mock.assert_has_calls([call(full_url, params, headers, False)])
ph_container = {'name': 'rule_name', 'description': rule_description}
post_mock.assert_has_calls(
[call(full_url, ph_container, headers, False)])
class TestPhantomOutput(object):
"""Test class for PhantomOutput"""
DESCRIPTOR = 'unit_test_phantom'
SERVICE = 'phantom'
CREDS = {
'url': 'http://phantom.foo.bar',
'ph_auth_token': 'mocked_auth_token'
}
def setup(self):
"""Setup before each method"""
self._dispatcher = PhantomOutput(REGION, ACCOUNT_ID, FUNCTION_NAME,
CONFIG)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
@patch('logging.Logger.info')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_existing_container(self, post_mock, get_mock, log_mock):
"""PhantomOutput - Dispatch Success, Existing Container"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {
'count': 1,
'data': [{
'id': 1948
}]
}
# dispatch
post_mock.return_value.status_code = 200
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.info')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_new_container(self, post_mock, get_mock, log_mock):
"""PhantomOutput - Dispatch Success, New Container"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {'count': 0, 'data': []}
# _setup_container, dispatch
post_mock.return_value.status_code = 200
post_mock.return_value.json.return_value = {'id': 1948}
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_container_failure(self, post_mock, get_mock, log_mock):
"""PhantomOutput - Dispatch Failure, Setup Container"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {'count': 0, 'data': []}
# _setup_container
post_mock.return_value.status_code = 400
json_error = {'message': 'error message', 'errors': ['error1']}
post_mock.return_value.json.return_value = json_error
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_check_container_error(self, post_mock, get_mock,
log_mock):
"""PhantomOutput - Dispatch Failure, Decode Error w/ Container Check"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.text = '{}'
# _setup_container
post_mock.return_value.status_code = 400
json_error = {'message': 'error message', 'errors': ['error1']}
post_mock.return_value.json.return_value = json_error
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_check_container_no_response(self, post_mock, get_mock,
log_mock):
"""PhantomOutput - Dispatch Failure, No Response Container Check"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {}
# _setup_container
post_mock.return_value.status_code = 200
post_mock.return_value.json.return_value = {}
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_setup_container_error(self, post_mock, get_mock,
log_mock):
"""PhantomOutput - Dispatch Failure, Decode Error w/ Container Creation)"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {'count': 0, 'data': []}
# _setup_container
post_mock.return_value.status_code = 200
post_mock.return_value.json.return_value = dict()
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
@patch('requests.get')
@patch('requests.post')
def test_dispatch_failure(self, post_mock, get_mock, log_mock):
"""PhantomOutput - Dispatch Failure, Artifact"""
# _check_container_exists
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {'count': 0, 'data': []}
# _setup_container, dispatch
type(post_mock.return_value).status_code = PropertyMock(
side_effect=[200, 400])
json_error = {'message': 'error message', 'errors': ['error1']}
post_mock.return_value.json.return_value.side_effect = [{
'id': 1948
}, json_error]
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
@patch('logging.Logger.error')
def test_dispatch_bad_descriptor(self, log_error_mock):
"""PhantomOutput - Dispatch Failure, Bad Descriptor"""
assert_false(
self._dispatcher.dispatch(descriptor='bad_descriptor',
rule_name='rule_name',
alert=get_alert()))
log_error_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, 'bad_descriptor')
@patch(
'stream_alert.alert_processor.outputs.output_base.OutputDispatcher._get_request'
)
@patch(
'stream_alert.alert_processor.outputs.output_base.OutputDispatcher._post_request'
)
def test_dispatch_container_query(self, post_mock, get_mock):
"""PhantomOutput - Container Query URL"""
rule_description = 'Info about this rule and what actions to take'
headers = {'ph-auth-token': 'mocked_auth_token'}
assert_false(
PhantomOutput._setup_container('rule_name', rule_description,
self.CREDS['url'], headers))
full_url = '{}/rest/container'.format(self.CREDS['url'])
params = {'_filter_name': '"rule_name"', 'page_size': 1}
get_mock.assert_has_calls([call(full_url, params, headers, False)])
ph_container = {'name': 'rule_name', 'description': rule_description}
post_mock.assert_has_calls(
[call(full_url, ph_container, headers, False)])