mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
MozDef/tests/mq/plugins/test_cloudtrail.py

424 строки
12 KiB
Python
Исходник Обычный вид История

Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Copyright (c) 2017 Mozilla Corporation
import os
import sys
sys.path.append(os.path.join(os.path.dirname(__file__), "../../../mq/plugins"))
from cloudtrail import message
class TestCloudtrailPlugin():
def setup(self):
self.plugin = message()
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
def test_nonexistent_source(self):
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
msg = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'category': 'someother',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
assert retmessage == msg
assert retmeta == {}
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
def test_incorrect_source(self):
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
msg = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'source': 'someother',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
assert retmessage == msg
assert retmeta == {}
Convert cloudtrail over to dynamic string mapping modification
2018-05-08 05:27:45 +03:00
def test_bad_details(self):
msg = {
'details': 'someother',
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
assert retmessage == msg
assert 'raw_value' not in msg['details']
assert retmeta == {}
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
def test_iamInstanceProfile(self):
msg = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'source': 'cloudtrail',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
'details': {
'requestparameters': {
'iamInstanceProfile': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'source': 'cloudtrail',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
'details': {
'requestparameters': {
'iamInstanceProfile': {
Change key names to raw_value for details string in messages
2018-02-01 03:10:53 +03:00
'raw_value': 'astringvalue',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
def test_attribute(self):
msg = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'source': 'cloudtrail',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
'details': {
'requestparameters': {
'attribute': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
Modify cloudtrail plugin to match on source
2018-02-01 22:02:30 +03:00
'source': 'cloudtrail',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
'details': {
'requestparameters': {
'attribute': {
Change key names to raw_value for details string in messages
2018-02-01 03:10:53 +03:00
'raw_value': 'astringvalue',
Convert object type handling for cloudtrail into plugin
2018-02-01 03:07:59 +03:00
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Update cloudtrail plugin to handle description field type error
2018-02-07 20:43:58 +03:00
def test_description(self):
msg = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'description': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'description': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Improve cloudtrail plugin parsing of string fields
2018-02-13 23:53:43 +03:00
def test_filter(self):
msg = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'filter': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'filter': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
def test_role(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'role': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'role': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
def test_additionaleventdata(self):
msg = {
'source': 'cloudtrail',
'details': {
'additionaleventdata': 'astringvalue',
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'additionaleventdata': {
'raw_value': 'astringvalue',
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Convert value to string for cloudtrail plugin
2018-05-09 02:12:34 +03:00
def test_additionaleventdata_int(self):
msg = {
'source': 'cloudtrail',
'details': {
'additionaleventdata': 1,
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'additionaleventdata': {
'raw_value': '1',
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Improve cloudtrail plugin parsing of string fields
2018-02-13 23:53:43 +03:00
def test_serviceeventdetails(self):
msg = {
'source': 'cloudtrail',
'details': {
'serviceeventdetails': 'astringvalue',
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'serviceeventdetails': {
'raw_value': 'astringvalue',
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add rule and subnets to cloudtrail plugin
2018-02-14 20:07:40 +03:00
def test_rule(self):
msg = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'rule': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'rule': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
def test_subnets(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'subnets': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'subnets': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Modify cloudtrail plugin to handle details.responseelements.endpoint
2018-02-15 22:32:35 +03:00
def test_endpoint(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'endpoint': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'endpoint': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add mapping exception for ebsoptimized in cloudtrail plugin
2018-02-26 23:09:58 +03:00
def test_ebs_optimized(self):
msg = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'ebsOptimized': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'ebsOptimized': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add handling of securitygroups in cloudtrail plugin
2018-03-15 20:52:07 +03:00
def test_securityGroups(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'securityGroups': 'astringvalue',
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'securityGroups': {
'raw_value': 'astringvalue',
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add few more keys to cloudtrail plugin
2018-05-08 05:33:47 +03:00
def test_disableApiTermination(self):
msg = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'disableApiTermination': 'astringvalue'
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'requestparameters': {
'disableApiTermination': {
'raw_value': 'astringvalue'
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add responseelements lastModified in cloudtrail plugin
2018-07-20 20:08:26 +03:00
def test_responseelements_lastModified(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'lastModified': 'astringvalue'
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'lastModified': {
'raw_value': 'astringvalue'
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}
Add few more keys to cloudtrail plugin
2018-05-08 05:33:47 +03:00
def test_unusual(self):
msg = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'findings': {
'service': {
'additionalInfo': {
'unusual': 'astringvalue'
}
}
}
}
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
expected_message = {
'source': 'cloudtrail',
'details': {
'responseelements': {
'findings': {
'service': {
'additionalInfo': {
'unusual': {
'raw_value': 'astringvalue'
}
}
}
}
}
}
}
assert retmessage == expected_message
assert retmeta == {}