From 0be5fbb07a12c43bbb4170a1d1a24ad3b3cd9bb2 Mon Sep 17 00:00:00 2001 From: marco Date: Tue, 6 Feb 2024 15:49:58 +0100 Subject: [PATCH] wipwip --- pkg/exprhelpers/crowdsec_cti_test.go | 65 +++++++++++++++------------- 1 file changed, 36 insertions(+), 29 deletions(-) diff --git a/pkg/exprhelpers/crowdsec_cti_test.go b/pkg/exprhelpers/crowdsec_cti_test.go index 37e118da3..38e8c69dc 100644 --- a/pkg/exprhelpers/crowdsec_cti_test.go +++ b/pkg/exprhelpers/crowdsec_cti_test.go @@ -1,7 +1,5 @@ package exprhelpers -/* - import ( "bytes" "encoding/json" @@ -18,14 +16,18 @@ import ( "github.com/crowdsecurity/go-cs-lib/ptr" "github.com/crowdsecurity/crowdsec/pkg/cti" + legacycti "github.com/crowdsecurity/crowdsec/pkg/cticlient" ) -var sampledata = map[string]cticlient.SmokeItem{ +type CTIClassifications = legacycti.CTIClassifications +type CTIClassification = legacycti.CTIClassification + +var sampledata = map[string]legacycti.SmokeItem{ //1.2.3.4 is a known false positive "1.2.3.4": { Ip: "1.2.3.4", - Classifications: cticlient.CTIClassifications{ - FalsePositives: []cticlient.CTIClassification{ + Classifications: CTIClassifications{ + FalsePositives: []CTIClassification{ { Name: "example_false_positive", Label: "Example False Positive", @@ -36,8 +38,8 @@ var sampledata = map[string]cticlient.SmokeItem{ //1.2.3.5 is a known bad-guy, and part of FIRE "1.2.3.5": { Ip: "1.2.3.5", - Classifications: cticlient.CTIClassifications{ - Classifications: []cticlient.CTIClassification{ + Classifications: CTIClassifications{ + Classifications: []CTIClassification{ { Name: "community-blocklist", Label: "CrowdSec Community Blocklist", @@ -50,10 +52,10 @@ var sampledata = map[string]cticlient.SmokeItem{ "1.2.3.6": { Ip: "1.2.3.6", BackgroundNoiseScore: new(int), - Behaviors: []*cticlient.CTIBehavior{ + Behaviors: []*legacycti.CTIBehavior{ {Name: "ssh:bruteforce", Label: "SSH Bruteforce", Description: "SSH Bruteforce"}, }, - AttackDetails: []*cticlient.CTIAttackDetails{ + AttackDetails: []*legacycti.CTIAttackDetails{ {Name: "crowdsecurity/ssh-bf", Label: "Example Attack"}, {Name: "crowdsecurity/ssh-slow-bf", Label: "Example Attack"}, }, @@ -114,79 +116,86 @@ func smokeHandler(req *http.Request) *http.Response { func TestNillClient(t *testing.T) { defer ShutdownCrowdsecCTI() - if err := InitCrowdsecCTI(ptr.Of(""), nil, nil, nil); !errors.Is(err, cticlient.ErrDisabled) { + if err := InitCrowdsecCTI(ptr.Of(""), nil, nil, nil); !errors.Is(err, cti.ErrDisabled) { t.Fatalf("failed to init CTI : %s", err) } item, err := CrowdsecCTI("1.2.3.4") - assert.Equal(t, err, cticlient.ErrDisabled) - assert.Equal(t, item, &cticlient.SmokeItem{}) + assert.Equal(t, err, cti.ErrDisabled) + assert.Equal(t, item, &cti.CTIObject{}) } func TestInvalidAuth(t *testing.T) { defer ShutdownCrowdsecCTI() - if err := InitCrowdsecCTI(ptr.Of("asdasd"), nil, nil, nil); err != nil { t.Fatalf("failed to init CTI : %s", err) } + + var err error + //Replace the client created by InitCrowdsecCTI with one that uses a custom transport - ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{ + ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{ Transport: RoundTripFunc(smokeHandler), })) + require.NoError(t, err) item, err := CrowdsecCTI("1.2.3.4") - assert.Equal(t, item, &cticlient.SmokeItem{}) + assert.Equal(t, item, &cti.CTIObject{}) assert.False(t, CTIApiEnabled) - assert.Equal(t, err, cticlient.ErrUnauthorized) + assert.Equal(t, err, cti.ErrDisabled) //CTI is now disabled, all requests should return empty - ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{ + ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{ Transport: RoundTripFunc(smokeHandler), })) + require.NoError(t, err) item, err = CrowdsecCTI("1.2.3.4") - assert.Equal(t, item, &cticlient.SmokeItem{}) + assert.Equal(t, item, &cti.CTIObject{}) assert.False(t, CTIApiEnabled) - assert.Equal(t, err, cticlient.ErrDisabled) + assert.Equal(t, err, cti.ErrDisabled) } func TestNoKey(t *testing.T) { defer ShutdownCrowdsecCTI() err := InitCrowdsecCTI(nil, nil, nil, nil) - require.ErrorIs(t, err, cticlient.ErrDisabled) + require.ErrorIs(t, err, cti.ErrDisabled) //Replace the client created by InitCrowdsecCTI with one that uses a custom transport - ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{ + ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{ Transport: RoundTripFunc(smokeHandler), })) + require.NoError(t, err) item, err := CrowdsecCTI("1.2.3.4") - assert.Equal(t, item, &cticlient.SmokeItem{}) + assert.Equal(t, item, &cti.CTIObject{}) assert.False(t, CTIApiEnabled) - assert.Equal(t, err, cticlient.ErrDisabled) + assert.Equal(t, err, cti.ErrDisabled) } func TestCache(t *testing.T) { defer ShutdownCrowdsecCTI() + var err error cacheDuration := 1 * time.Second if err := InitCrowdsecCTI(ptr.Of(validApiKey), &cacheDuration, nil, nil); err != nil { t.Fatalf("failed to init CTI : %s", err) } //Replace the client created by InitCrowdsecCTI with one that uses a custom transport - ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{ + ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{ Transport: RoundTripFunc(smokeHandler), })) + require.NoError(t, err) item, err := CrowdsecCTI("1.2.3.4") - ctiResp := item.(*cticlient.SmokeItem) + ctiResp := item.(*cti.CTIObject) assert.Equal(t, "1.2.3.4", ctiResp.Ip) assert.True(t, CTIApiEnabled) assert.Equal(t, 1, CTICache.Len(true)) require.NoError(t, err) item, err = CrowdsecCTI("1.2.3.4") - ctiResp = item.(*cticlient.SmokeItem) + ctiResp = item.(*cti.CTIObject) assert.Equal(t, "1.2.3.4", ctiResp.Ip) assert.True(t, CTIApiEnabled) @@ -198,12 +207,10 @@ func TestCache(t *testing.T) { assert.Equal(t, 0, CTICache.Len(true)) item, err = CrowdsecCTI("1.2.3.4") - ctiResp = item.(*cticlient.SmokeItem) + ctiResp = item.(*cti.CTIObject) assert.Equal(t, "1.2.3.4", ctiResp.Ip) assert.True(t, CTIApiEnabled) assert.Equal(t, 1, CTICache.Len(true)) require.NoError(t, err) } - -*/