2018-02-01 03:07:59 +03:00
|
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
2019-08-02 02:41:37 +03:00
|
|
|
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
2018-02-01 03:07:59 +03:00
|
|
|
# Copyright (c) 2017 Mozilla Corporation
|
|
|
|
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
sys.path.append(os.path.join(os.path.dirname(__file__), "../../../mq/plugins"))
|
|
|
|
from cloudtrail import message
|
|
|
|
|
|
|
|
|
|
|
|
class TestCloudtrailPlugin():
|
|
|
|
def setup(self):
|
|
|
|
self.plugin = message()
|
|
|
|
|
2018-02-01 22:02:30 +03:00
|
|
|
def test_nonexistent_source(self):
|
2018-02-01 03:07:59 +03:00
|
|
|
msg = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'category': 'someother',
|
2018-02-01 03:07:59 +03:00
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
assert retmessage == msg
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-02-01 22:02:30 +03:00
|
|
|
def test_incorrect_source(self):
|
2018-02-01 03:07:59 +03:00
|
|
|
msg = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'source': 'someother',
|
2018-02-01 03:07:59 +03:00
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
assert retmessage == msg
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-05-08 05:27:45 +03:00
|
|
|
def test_bad_details(self):
|
|
|
|
msg = {
|
|
|
|
'details': 'someother',
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
assert retmessage == msg
|
|
|
|
assert 'raw_value' not in msg['details']
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-02-01 03:07:59 +03:00
|
|
|
def test_iamInstanceProfile(self):
|
|
|
|
msg = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'source': 'cloudtrail',
|
2018-02-01 03:07:59 +03:00
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'iaminstanceprofile': 'astringvalue',
|
2018-02-01 03:07:59 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'source': 'cloudtrail',
|
2018-02-01 03:07:59 +03:00
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'iaminstanceprofile': {
|
2018-02-01 03:10:53 +03:00
|
|
|
'raw_value': 'astringvalue',
|
2018-02-01 03:07:59 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
|
|
|
def test_attribute(self):
|
|
|
|
msg = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'source': 'cloudtrail',
|
2018-02-01 03:07:59 +03:00
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'attribute': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
2018-02-01 22:02:30 +03:00
|
|
|
'source': 'cloudtrail',
|
2018-02-01 03:07:59 +03:00
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'attribute': {
|
2018-02-01 03:10:53 +03:00
|
|
|
'raw_value': 'astringvalue',
|
2018-02-01 03:07:59 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-02-07 20:43:58 +03:00
|
|
|
|
|
|
|
def test_description(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'description': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'description': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-02-13 23:53:43 +03:00
|
|
|
|
|
|
|
def test_filter(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'filter': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'filter': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
|
|
|
def test_role(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'role': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'role': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
|
|
|
def test_additionaleventdata(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'additionaleventdata': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'additionaleventdata': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-05-09 02:12:34 +03:00
|
|
|
def test_additionaleventdata_int(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'additionaleventdata': 1,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'additionaleventdata': {
|
|
|
|
'raw_value': '1',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-02-13 23:53:43 +03:00
|
|
|
def test_serviceeventdetails(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'serviceeventdetails': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'serviceeventdetails': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-02-14 20:07:40 +03:00
|
|
|
|
|
|
|
def test_rule(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'rule': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
|
|
|
'rule': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
|
|
|
def test_subnets(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'subnets': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'subnets': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-02-15 22:32:35 +03:00
|
|
|
|
|
|
|
def test_endpoint(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'endpoint': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'endpoint': {
|
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-02-26 23:09:58 +03:00
|
|
|
|
|
|
|
def test_ebs_optimized(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'ebsoptimized': 'astringvalue',
|
2018-02-26 23:09:58 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'ebsoptimized': {
|
2018-02-26 23:09:58 +03:00
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-03-15 20:52:07 +03:00
|
|
|
|
|
|
|
def test_securityGroups(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'securitygroups': 'astringvalue',
|
2018-03-15 20:52:07 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'securitygroups': {
|
2018-03-15 20:52:07 +03:00
|
|
|
'raw_value': 'astringvalue',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
2018-05-08 05:33:47 +03:00
|
|
|
|
|
|
|
def test_disableApiTermination(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'disableapitermination': 'astringvalue'
|
2018-05-08 05:33:47 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'requestparameters': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'disableapitermination': {
|
2018-05-08 05:33:47 +03:00
|
|
|
'raw_value': 'astringvalue'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-07-20 20:08:26 +03:00
|
|
|
def test_responseelements_lastModified(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'lastmodified': 'astringvalue'
|
2018-07-20 20:08:26 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'lastmodified': {
|
2018-07-20 20:08:26 +03:00
|
|
|
'raw_value': 'astringvalue'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|
|
|
|
|
2018-05-08 05:33:47 +03:00
|
|
|
def test_unusual(self):
|
|
|
|
msg = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'findings': {
|
|
|
|
'service': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'additionalinfo': {
|
2018-05-08 05:33:47 +03:00
|
|
|
'unusual': 'astringvalue'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
|
|
|
|
|
|
|
|
expected_message = {
|
|
|
|
'source': 'cloudtrail',
|
|
|
|
'details': {
|
|
|
|
'responseelements': {
|
|
|
|
'findings': {
|
|
|
|
'service': {
|
2018-11-27 03:38:51 +03:00
|
|
|
'additionalinfo': {
|
2018-05-08 05:33:47 +03:00
|
|
|
'unusual': {
|
|
|
|
'raw_value': 'astringvalue'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
assert retmessage == expected_message
|
|
|
|
assert retmeta == {}
|