def test_invalid_body(self, test_client, session): agent = AgentFactory.create(workspace=self.workspace) session.add(agent) session.commit() res = test_client.post(self.url() + f'{agent.id}/run/', data='[" broken]"{') assert res.status_code == 400
def test_invalid_body(self, test_client, session): agent = AgentFactory.create(workspaces=[self.workspace]) session.add(agent) session.commit() res = test_client.post(urljoin(self.url(agent), 'run'), data='[" broken]"{') assert res.status_code == 400
def test_run_fails(self, test_client, session,csrf_token): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) session.commit() agent = AgentFactory.create( workspaces=[workspace, other_workspace] ) executor = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param1": True }, "executor": executor.name }, } res = test_client.post( self.url(agent) + 'run/', json=payload ) assert res.status_code == 404
def test_update_bug_case(self, test_client, session): agent = AgentFactory.create(workspace=self.workspace) session.add(agent) session.commit() update_data = {"id": 1, "name": "Agent test", "is_online": True} res = test_client.put(self.url(agent.id), data=update_data) assert res.status_code == 200
def test_get_workspaced_other_fails(self, test_client, session): other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[other_workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 404
def test_update_agent(self, test_client, session): agent = AgentFactory.create(workspace=self.workspace, active=True) session.commit() raw_agent = self.create_raw_agent(active=False) res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 200 assert not res.json['active']
def test_happy_path_valid_json(self, test_client, session, csrf_token): agent = AgentFactory.create(workspaces=[self.workspace]) executor = ExecutorFactory.create(agent=agent) executor2 = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() assert agent.last_run is None assert executor.last_run is None assert executor2.last_run is None payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param_name": "test" }, "executor": executor.name }, } res = test_client.post(urljoin(self.url(agent), 'run'), json=payload) assert res.status_code == 200 command_id = res.json["command_id"] command = Command.query.filter( Command.workspace_id == self.workspace.id).one() assert command_id == command.id assert agent.last_run is not None assert executor.last_run is not None assert executor2.last_run is None assert agent.last_run == executor.last_run
def test_get_workspaced(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[self.workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 200 assert 'workspaces' not in res.json
def test_run_agent_invalid_missing_executorData(self, csrf_token, session, test_client): agent = AgentFactory.create(workspaces=[self.workspace]) session.add(agent) session.commit() payload = {'csrf_token': csrf_token} res = test_client.post(self.url(agent) + 'run/', json=payload) assert res.status_code == 400
def test_delete_agent(self, test_client, session): initial_agent_count = len(session.query(Agent).all()) agent = AgentFactory.create(workspace=self.workspace) session.commit() assert len(session.query(Agent).all()) == initial_agent_count + 1 res = test_client.delete(self.url(agent.id)) assert res.status_code == 204 assert len(session.query(Agent).all()) == initial_agent_count
def _join_agent(test_client, session): agent = AgentFactory.create(token='pepito') session.add(agent) session.commit() headers = {"Authorization": "Agent {}".format(agent.token)} token = test_client.post('v2/agent_websocket_token/', headers=headers).json['token'] return token
def test_get_not_workspaced(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 200 assert len(res.json['workspaces']) == 1 assert workspace.name in res.json['workspaces'][0]
def _join_agent(self, test_client, session): agent = AgentFactory.create(token='pepito') session.add(agent) session.commit() headers = {"Authorization": f"Agent {agent.token}"} token = test_client.post(self.check_url('/v2/agent_websocket_token/'), headers=headers).json['token'] return token
def test_run_agent(self, session, csrf_token, test_client): agent = AgentFactory.create(workspaces=[self.workspace]) session.add(agent) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': '', } res = test_client.post(urljoin(self.url(agent), 'run'), json=payload) assert res.status_code == 400
def test_new_executors_not_in_database(self, session): agent = AgentFactory.create() executors = [{ 'executor_name': 'nmap_executor', 'args': { 'param1': True } }] assert update_executors(agent, executors)
def test_run_agent(self, session, csrf_token, test_client): agent = AgentFactory.create(workspace=self.workspace) session.add(agent) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': '', } res = test_client.post(self.url() + f'{agent.id}/run/', json=payload) assert res.status_code == 400
def test_invalid_json_on_executorData_breaks_the_api( self, csrf_token, session, test_client): agent = AgentFactory.create(workspaces=[self.workspace]) session.add(agent) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': '[][dassa', } res = test_client.post(self.url(agent) + 'run/', json=payload) assert res.status_code == 400
def test_update_agent(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() raw_agent = self.create_raw_agent(active=False, workspaces=[workspace]) res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 200, (res.json, raw_agent) assert not res.json['active'] assert len(res.json['workspaces']) == 1 assert workspace.name in res.json['workspaces'][0]
def test_remove_all_executors(self, session): agent = AgentFactory.create() params = {'old_param': True} executor = ExecutorFactory.create(name='old_executor', agent=agent, parameters_metadata=params) session.add(executor) session.commit() executors = [] assert update_executors(agent, executors) count_executors = Executor.query.filter_by(agent=agent).count() assert count_executors == 0
def test_executors_with_some_invalid_executors(self, session): agent = AgentFactory.create() executors = [{ 'invalid_key': 'nmap_executor' }, { 'executor_name': 'executor 1', 'args': { 'param1': True } }] assert update_executors(agent, executors) count_executors = Executor.query.filter_by(agent=agent).count() assert count_executors == 1
def test_happy_path_valid_json(self, test_client, session, csrf_token): agent = AgentFactory.create(workspace=self.workspace) session.add(agent) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param1": True }, "executor": "executor_name" }, } res = test_client.post(self.url() + f'{agent.id}/run/', json=payload) assert res.status_code == 200
def test_invalid_executor(self, test_client, session, csrf_token): agent = AgentFactory.create(workspaces=[self.workspace]) session.add(agent) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param1": True }, "executor": "executor_name" }, } res = test_client.post(self.url(agent) + 'run/', json=payload) assert res.status_code == 400
def test_executor_already_in_database_but_new_parameters_incoming( self, session): agent = AgentFactory.create() old_params = {'old_param': True} executor = ExecutorFactory.create(agent=agent, parameters_metadata=old_params) session.add(executor) session.commit() new_params = old_params new_params.update({'param1': True}) executors = [{'executor_name': executor.name, 'args': new_params}] assert update_executors(agent, executors) from_db_executor = Executor.query.filter_by(id=executor.id, agent=agent).first() assert from_db_executor.parameters_metadata == new_params
def test_update_bug_case(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace]) session.add(agent) session.commit() update_data = { "id": 1, "name": "Agent test", "is_online": True, "workspaces": [workspace.name] } res = test_client.put(self.url(agent.id), data=update_data) assert res.status_code == 200, (res.json, update_data) assert workspace.name in res.json['workspaces'] assert len(res.json['workspaces']) == 1
def test_update_agent_add_a_inexistent_workspace(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() raw_agent = self.create_raw_agent( workspaces=[workspace, other_workspace]) raw_agent["workspaces"] = ["donotexist"] res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 404 workspaces = Agent.query.get(agent.id).workspaces assert len(workspaces) == 1 assert workspace in workspaces
def test_update_agent_delete_a_workspace(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[workspace, other_workspace], active=True) session.commit() raw_agent = self.create_raw_agent(workspaces=[workspace]) res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 200 assert len(res.json['workspaces']) == 1 assert other_workspace.name not in res.json['workspaces'] assert workspace.name in res.json['workspaces'] workspaces = Agent.query.get(agent.id).workspaces assert len(workspaces) == 1 assert workspaces[0] == workspace
def test_happy_path_valid_json(self, test_client, session, csrf_token): agent = AgentFactory.create(workspaces=[self.workspace]) executor = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param1": True }, "executor": executor.name }, } res = test_client.post(self.url(agent.id) + 'run/', json=payload) assert res.status_code == 200
def test_workspaced_delete(self, session, test_client): initial_agent_count = len(session.query(Agent).all()) other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create( workspaces=[self.workspace, other_workspace]) session.commit() assert len(session.query(Agent).all()) == initial_agent_count + 1 res = test_client.delete(self.url(agent.id)) assert res.status_code == 204 assert len(session.query(Agent).all()) == initial_agent_count + 1 res = test_client.delete(self.url(agent.id)) assert res.status_code == 404 res = test_client.get(self.url(agent.id)) assert res.status_code == 404 workspaces = Agent.query.get(agent.id).workspaces assert len(workspaces) == 1 assert other_workspace in workspaces
def test_invalid_parameter_type(self, test_client, session, csrf_token): agent = AgentFactory.create(workspaces=[self.workspace]) executor = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param_name": ["test"] }, "executor": executor.name }, } res = test_client.post(urljoin(self.url(agent), 'run'), json=payload) assert res.status_code == 400
def test_run_agent_invalid_executor_argument(self, session, test_client): agent = AgentFactory.create(workspaces=[self.workspace]) executor = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() payload = { 'executorData': { "args": { "another_param_name": 'param_content' }, "executor": executor.name } } res = test_client.post(urljoin(self.url(agent), 'run'), json=payload) assert res.status_code == 400