mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-11 20:36:12 +02:00
Revamp unit tests (#1368)
* Revamp unit tests * Increase coverage * Use go-acc to get cross packages coverage Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
This commit is contained in:
Thibault "bui" Koechlin
GitHub
parent
3f24bcdbcf
commit
d8dc01cd94
23 changed files with 8536 additions and 989 deletions
|
|
@ -3,13 +3,11 @@ package apiserver
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/crowdsecurity/crowdsec/pkg/csplugin"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/models"
|
||||
|
|
@ -19,6 +17,48 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
type LAPI struct {
|
||||
router *gin.Engine
|
||||
loginResp models.WatcherAuthResponse
|
||||
bouncerKey string
|
||||
t *testing.T
|
||||
}
|
||||
|
||||
func SetupLAPITest(t *testing.T) LAPI {
|
||||
t.Helper()
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
t.Fatal(err.Error())
|
||||
}
|
||||
|
||||
APIKey, err := CreateTestBouncer()
|
||||
if err != nil {
|
||||
t.Fatalf("%s", err.Error())
|
||||
}
|
||||
return LAPI{
|
||||
router: router,
|
||||
loginResp: loginResp,
|
||||
bouncerKey: APIKey,
|
||||
}
|
||||
}
|
||||
|
||||
func (l *LAPI) InsertAlertFromFile(path string) *httptest.ResponseRecorder {
|
||||
alertReader := GetAlertReaderFromFile(path)
|
||||
return l.RecordResponse("POST", "/v1/alerts", alertReader)
|
||||
}
|
||||
|
||||
func (l *LAPI) RecordResponse(verb string, url string, body *strings.Reader) *httptest.ResponseRecorder {
|
||||
w := httptest.NewRecorder()
|
||||
req, err := http.NewRequest(verb, url, body)
|
||||
if err != nil {
|
||||
l.t.Fatal(err)
|
||||
}
|
||||
req.Header.Add("X-Api-Key", l.bouncerKey)
|
||||
AddAuthHeaders(req, l.loginResp)
|
||||
l.router.ServeHTTP(w, req)
|
||||
return w
|
||||
}
|
||||
|
||||
func InitMachineTest() (*gin.Engine, models.WatcherAuthResponse, error) {
|
||||
router, err := NewAPITest()
|
||||
if err != nil {
|
||||
|
|
@ -61,82 +101,40 @@ func AddAuthHeaders(request *http.Request, authResponse models.WatcherAuthRespon
|
|||
}
|
||||
|
||||
func TestSimulatedAlert(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_minibulk+simul.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
lapi := SetupLAPITest(t)
|
||||
lapi.InsertAlertFromFile("./tests/alert_minibulk+simul.json")
|
||||
alertContent := GetAlertReaderFromFile("./tests/alert_minibulk+simul.json")
|
||||
//exclude decision in simulation mode
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?simulated=false", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w := lapi.RecordResponse("GET", "/v1/alerts?simulated=false", alertContent)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), `"message":"Ip 91.121.79.178 performed crowdsecurity/ssh-bf (6 events over `)
|
||||
assert.NotContains(t, w.Body.String(), `"message":"Ip 91.121.79.179 performed crowdsecurity/ssh-bf (6 events over `)
|
||||
//include decision in simulation mode
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?simulated=true", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?simulated=true", alertContent)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), `"message":"Ip 91.121.79.178 performed crowdsecurity/ssh-bf (6 events over `)
|
||||
assert.Contains(t, w.Body.String(), `"message":"Ip 91.121.79.179 performed crowdsecurity/ssh-bf (6 events over `)
|
||||
}
|
||||
|
||||
func TestCreateAlert(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
lapi := SetupLAPITest(t)
|
||||
// Create Alert with invalid format
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader("test"))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w := lapi.RecordResponse("POST", "/v1/alerts", strings.NewReader("test"))
|
||||
assert.Equal(t, 400, w.Code)
|
||||
assert.Equal(t, "{\"message\":\"invalid character 'e' in literal true (expecting 'r')\"}", w.Body.String())
|
||||
|
||||
// Create Alert with invalid input
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/invalidAlert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
alertContent := GetAlertReaderFromFile("./tests/invalidAlert_sample.json")
|
||||
|
||||
w = lapi.RecordResponse("POST", "/v1/alerts", alertContent)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, "{\"message\":\"validation failure list:\\n0.scenario in body is required\\n0.scenario_hash in body is required\\n0.scenario_version in body is required\\n0.simulated in body is required\\n0.source in body is required\"}", w.Body.String())
|
||||
|
||||
// Create Valid Alert
|
||||
alertContentBytes, err = ioutil.ReadFile("./tests/alert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent = string(alertContentBytes)
|
||||
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assert.Equal(t, 201, w.Code)
|
||||
assert.Equal(t, "[\"1\"]", w.Body.String())
|
||||
}
|
||||
|
|
@ -154,12 +152,7 @@ func TestCreateAlertChannels(t *testing.T) {
|
|||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_ssh-bf.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
lapi := LAPI{router: apiServer.router, loginResp: loginResp}
|
||||
|
||||
var pd csplugin.ProfileAlert
|
||||
var wg sync.WaitGroup
|
||||
|
|
@ -170,389 +163,248 @@ func TestCreateAlertChannels(t *testing.T) {
|
|||
wg.Done()
|
||||
}()
|
||||
|
||||
go func() {
|
||||
for {
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
apiServer.controller.Router.ServeHTTP(w, req)
|
||||
break
|
||||
}
|
||||
}()
|
||||
go lapi.InsertAlertFromFile("./tests/alert_ssh-bf.json")
|
||||
wg.Wait()
|
||||
assert.Equal(t, len(pd.Alert.Decisions), 1)
|
||||
apiServer.Close()
|
||||
}
|
||||
|
||||
func TestAlertListFilters(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_ssh-bf.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
alerts := make([]*models.Alert, 0)
|
||||
if err := json.Unmarshal(alertContentBytes, &alerts); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
for _, alert := range alerts {
|
||||
*alert.StartAt = time.Now().UTC().Format(time.RFC3339)
|
||||
*alert.StopAt = time.Now().UTC().Format(time.RFC3339)
|
||||
}
|
||||
|
||||
alertContent, err := json.Marshal(alerts)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
//create one alert
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(string(alertContent)))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
lapi := SetupLAPITest(t)
|
||||
lapi.InsertAlertFromFile("./tests/alert_ssh-bf.json")
|
||||
alertContent := GetAlertReaderFromFile("./tests/alert_ssh-bf.json")
|
||||
|
||||
//bad filter
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?test=test", strings.NewReader(string(alertContent)))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w := lapi.RecordResponse("GET", "/v1/alerts?test=test", alertContent)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, "{\"message\":\"Filter parameter 'test' is unknown (=test): invalid filter\"}", w.Body.String())
|
||||
|
||||
//get without filters
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
//check alert and decision
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test decision_type filter (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?decision_type=ban", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?decision_type=ban", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test decision_type filter (bad value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?decision_type=ratata", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?decision_type=ratata", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test scope (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?scope=Ip", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?scope=Ip", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test scope (bad value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?scope=rarara", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?scope=rarara", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test scenario (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?scenario=crowdsecurity/ssh-bf", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?scenario=crowdsecurity/ssh-bf", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test scenario (bad value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?scenario=crowdsecurity/nope", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?scenario=crowdsecurity/nope", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test ip (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?ip=91.121.79.195", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?ip=91.121.79.195", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test ip (bad value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?ip=99.122.77.195", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?ip=99.122.77.195", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test ip (invalid value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?ip=gruueq", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?ip=gruueq", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, `{"message":"unable to convert 'gruueq' to int: invalid address: invalid ip address / range"}`, w.Body.String())
|
||||
|
||||
//test range (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?range=91.121.79.0/24&contains=false", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?range=91.121.79.0/24&contains=false", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test range
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?range=99.122.77.0/24&contains=false", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?range=99.122.77.0/24&contains=false", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test range (invalid value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?range=ratata", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?range=ratata", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, `{"message":"unable to convert 'ratata' to int: invalid address: invalid ip address / range"}`, w.Body.String())
|
||||
|
||||
//test since (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?since=1h", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?since=1h", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test since (ok but yelds no results)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?since=1ns", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?since=1ns", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test since (invalid value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?since=1zuzu", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?since=1zuzu", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Contains(t, w.Body.String(), `{"message":"while parsing duration: time: unknown unit`)
|
||||
|
||||
//test until (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?until=1ns", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?until=1ns", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test until (ok but no return)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?until=1m", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?until=1m", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test until (invalid value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?until=1zuzu", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?until=1zuzu", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Contains(t, w.Body.String(), `{"message":"while parsing duration: time: unknown unit`)
|
||||
|
||||
//test simulated (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?simulated=true", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?simulated=true", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test simulated (ok)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?simulated=false", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?simulated=false", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test has active decision
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?has_active_decision=true", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?has_active_decision=true", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "Ip 91.121.79.195 performed 'crowdsecurity/ssh-bf' (6 events over ")
|
||||
assert.Contains(t, w.Body.String(), `scope":"Ip","simulated":false,"type":"ban","value":"91.121.79.195"`)
|
||||
|
||||
//test has active decision
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?has_active_decision=false", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?has_active_decision=false", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, "null", w.Body.String())
|
||||
|
||||
//test has active decision (invalid value)
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?has_active_decision=ratatqata", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts?has_active_decision=ratatqata", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, `{"message":"'ratatqata' is not a boolean: strconv.ParseBool: parsing \"ratatqata\": invalid syntax: unable to parse type"}`, w.Body.String())
|
||||
|
||||
}
|
||||
|
||||
func TestAlertBulkInsert(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
lapi := SetupLAPITest(t)
|
||||
//insert a bulk of 20 alerts to trigger bulk insert
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_bulk.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
lapi.InsertAlertFromFile("./tests/alert_bulk.json")
|
||||
alertContent := GetAlertReaderFromFile("./tests/alert_bulk.json")
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
w := lapi.RecordResponse("GET", "/v1/alerts", alertContent)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
}
|
||||
|
||||
func TestListAlert(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
lapi := SetupLAPITest(t)
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
// List Alert with invalid filter
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts?test=test", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w := lapi.RecordResponse("GET", "/v1/alerts?test=test", emptyBody)
|
||||
assert.Equal(t, 500, w.Code)
|
||||
assert.Equal(t, "{\"message\":\"Filter parameter 'test' is unknown (=test): invalid filter\"}", w.Body.String())
|
||||
|
||||
// List Alert
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("GET", "/v1/alerts", nil)
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
w = lapi.RecordResponse("GET", "/v1/alerts", emptyBody)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "crowdsecurity/test")
|
||||
}
|
||||
|
||||
func TestCreateAlertErrors(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
lapi := SetupLAPITest(t)
|
||||
alertContent := GetAlertReaderFromFile("./tests/alert_sample.json")
|
||||
|
||||
//test invalid bearer
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", alertContent)
|
||||
req.Header.Add("User-Agent", UserAgent)
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", "ratata"))
|
||||
router.ServeHTTP(w, req)
|
||||
lapi.router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 401, w.Code)
|
||||
|
||||
//test invalid bearer
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
req, _ = http.NewRequest("POST", "/v1/alerts", alertContent)
|
||||
req.Header.Add("User-Agent", UserAgent)
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", loginResp.Token+"s"))
|
||||
router.ServeHTTP(w, req)
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", lapi.loginResp.Token+"s"))
|
||||
lapi.router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 401, w.Code)
|
||||
|
||||
}
|
||||
|
||||
func TestDeleteAlert(t *testing.T) {
|
||||
router, loginResp, err := InitMachineTest()
|
||||
if err != nil {
|
||||
log.Fatalln(err.Error())
|
||||
}
|
||||
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
lapi := SetupLAPITest(t)
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
|
||||
// Fail Delete Alert
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("DELETE", "/v1/alerts", strings.NewReader(""))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("DELETE", "/v1/alerts", strings.NewReader(""))
|
||||
AddAuthHeaders(req, lapi.loginResp)
|
||||
req.RemoteAddr = "127.0.0.2:4242"
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
lapi.router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 403, w.Code)
|
||||
assert.Equal(t, `{"message":"access forbidden from this IP (127.0.0.2)"}`, w.Body.String())
|
||||
|
||||
// Delete Alert
|
||||
w = httptest.NewRecorder()
|
||||
req, _ = http.NewRequest("DELETE", "/v1/alerts", strings.NewReader(""))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
AddAuthHeaders(req, lapi.loginResp)
|
||||
req.RemoteAddr = "127.0.0.1:4242"
|
||||
router.ServeHTTP(w, req)
|
||||
lapi.router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, `{"nbDeleted":"1"}`, w.Body.String())
|
||||
}
|
||||
|
|
@ -579,17 +431,10 @@ func TestDeleteAlertTrustedIPS(t *testing.T) {
|
|||
if err != nil {
|
||||
log.Fatal(err.Error())
|
||||
}
|
||||
|
||||
insertAlert := func() {
|
||||
alertContentBytes, err := ioutil.ReadFile("./tests/alert_sample.json")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
alertContent := string(alertContentBytes)
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("POST", "/v1/alerts", strings.NewReader(alertContent))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
router.ServeHTTP(w, req)
|
||||
lapi := LAPI{
|
||||
router: router,
|
||||
loginResp: loginResp,
|
||||
t: t,
|
||||
}
|
||||
|
||||
assertAlertDeleteFailedFromIP := func(ip string) {
|
||||
|
|
@ -598,6 +443,7 @@ func TestDeleteAlertTrustedIPS(t *testing.T) {
|
|||
|
||||
AddAuthHeaders(req, loginResp)
|
||||
req.RemoteAddr = ip + ":1234"
|
||||
|
||||
router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 403, w.Code)
|
||||
assert.Contains(t, w.Body.String(), fmt.Sprintf(`{"message":"access forbidden from this IP (%s)"}`, ip))
|
||||
|
|
@ -608,23 +454,24 @@ func TestDeleteAlertTrustedIPS(t *testing.T) {
|
|||
req, _ := http.NewRequest("DELETE", "/v1/alerts", strings.NewReader(""))
|
||||
AddAuthHeaders(req, loginResp)
|
||||
req.RemoteAddr = ip + ":1234"
|
||||
|
||||
router.ServeHTTP(w, req)
|
||||
assert.Equal(t, 200, w.Code)
|
||||
assert.Equal(t, `{"nbDeleted":"1"}`, w.Body.String())
|
||||
}
|
||||
|
||||
insertAlert()
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assertAlertDeleteFailedFromIP("4.3.2.1")
|
||||
assertAlertDeletedFromIP("1.2.3.4")
|
||||
|
||||
insertAlert()
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assertAlertDeletedFromIP("1.2.4.0")
|
||||
insertAlert()
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assertAlertDeletedFromIP("1.2.4.1")
|
||||
insertAlert()
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assertAlertDeletedFromIP("1.2.4.255")
|
||||
|
||||
insertAlert()
|
||||
lapi.InsertAlertFromFile("./tests/alert_sample.json")
|
||||
assertAlertDeletedFromIP("127.0.0.1")
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue