wipwip
This commit is contained in:
marco
parent
4ecefdd849
commit
0be5fbb07a
|
|
@ -1,7 +1,5 @@
|
||||||
package exprhelpers
|
package exprhelpers
|
||||||
|
|
||||||
/*
|
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
@ -18,14 +16,18 @@ import (
|
||||||
"github.com/crowdsecurity/go-cs-lib/ptr"
|
"github.com/crowdsecurity/go-cs-lib/ptr"
|
||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/cti"
|
"github.com/crowdsecurity/crowdsec/pkg/cti"
|
||||||
|
legacycti "github.com/crowdsecurity/crowdsec/pkg/cticlient"
|
||||||
)
|
)
|
||||||
|
|
||||||
var sampledata = map[string]cticlient.SmokeItem{
|
type CTIClassifications = legacycti.CTIClassifications
|
||||||
|
type CTIClassification = legacycti.CTIClassification
|
||||||
|
|
||||||
|
var sampledata = map[string]legacycti.SmokeItem{
|
||||||
//1.2.3.4 is a known false positive
|
//1.2.3.4 is a known false positive
|
||||||
"1.2.3.4": {
|
"1.2.3.4": {
|
||||||
Ip: "1.2.3.4",
|
Ip: "1.2.3.4",
|
||||||
Classifications: cticlient.CTIClassifications{
|
Classifications: CTIClassifications{
|
||||||
FalsePositives: []cticlient.CTIClassification{
|
FalsePositives: []CTIClassification{
|
||||||
{
|
{
|
||||||
Name: "example_false_positive",
|
Name: "example_false_positive",
|
||||||
Label: "Example False Positive",
|
Label: "Example False Positive",
|
||||||
|
|
@ -36,8 +38,8 @@ var sampledata = map[string]cticlient.SmokeItem{
|
||||||
//1.2.3.5 is a known bad-guy, and part of FIRE
|
//1.2.3.5 is a known bad-guy, and part of FIRE
|
||||||
"1.2.3.5": {
|
"1.2.3.5": {
|
||||||
Ip: "1.2.3.5",
|
Ip: "1.2.3.5",
|
||||||
Classifications: cticlient.CTIClassifications{
|
Classifications: CTIClassifications{
|
||||||
Classifications: []cticlient.CTIClassification{
|
Classifications: []CTIClassification{
|
||||||
{
|
{
|
||||||
Name: "community-blocklist",
|
Name: "community-blocklist",
|
||||||
Label: "CrowdSec Community Blocklist",
|
Label: "CrowdSec Community Blocklist",
|
||||||
|
|
@ -50,10 +52,10 @@ var sampledata = map[string]cticlient.SmokeItem{
|
||||||
"1.2.3.6": {
|
"1.2.3.6": {
|
||||||
Ip: "1.2.3.6",
|
Ip: "1.2.3.6",
|
||||||
BackgroundNoiseScore: new(int),
|
BackgroundNoiseScore: new(int),
|
||||||
Behaviors: []*cticlient.CTIBehavior{
|
Behaviors: []*legacycti.CTIBehavior{
|
||||||
{Name: "ssh:bruteforce", Label: "SSH Bruteforce", Description: "SSH Bruteforce"},
|
{Name: "ssh:bruteforce", Label: "SSH Bruteforce", Description: "SSH Bruteforce"},
|
||||||
},
|
},
|
||||||
AttackDetails: []*cticlient.CTIAttackDetails{
|
AttackDetails: []*legacycti.CTIAttackDetails{
|
||||||
{Name: "crowdsecurity/ssh-bf", Label: "Example Attack"},
|
{Name: "crowdsecurity/ssh-bf", Label: "Example Attack"},
|
||||||
{Name: "crowdsecurity/ssh-slow-bf", Label: "Example Attack"},
|
{Name: "crowdsecurity/ssh-slow-bf", Label: "Example Attack"},
|
||||||
},
|
},
|
||||||
|
|
@ -114,79 +116,86 @@ func smokeHandler(req *http.Request) *http.Response {
|
||||||
func TestNillClient(t *testing.T) {
|
func TestNillClient(t *testing.T) {
|
||||||
defer ShutdownCrowdsecCTI()
|
defer ShutdownCrowdsecCTI()
|
||||||
|
|
||||||
if err := InitCrowdsecCTI(ptr.Of(""), nil, nil, nil); !errors.Is(err, cticlient.ErrDisabled) {
|
if err := InitCrowdsecCTI(ptr.Of(""), nil, nil, nil); !errors.Is(err, cti.ErrDisabled) {
|
||||||
t.Fatalf("failed to init CTI : %s", err)
|
t.Fatalf("failed to init CTI : %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
item, err := CrowdsecCTI("1.2.3.4")
|
item, err := CrowdsecCTI("1.2.3.4")
|
||||||
assert.Equal(t, err, cticlient.ErrDisabled)
|
assert.Equal(t, err, cti.ErrDisabled)
|
||||||
assert.Equal(t, item, &cticlient.SmokeItem{})
|
assert.Equal(t, item, &cti.CTIObject{})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInvalidAuth(t *testing.T) {
|
func TestInvalidAuth(t *testing.T) {
|
||||||
defer ShutdownCrowdsecCTI()
|
defer ShutdownCrowdsecCTI()
|
||||||
|
|
||||||
if err := InitCrowdsecCTI(ptr.Of("asdasd"), nil, nil, nil); err != nil {
|
if err := InitCrowdsecCTI(ptr.Of("asdasd"), nil, nil, nil); err != nil {
|
||||||
t.Fatalf("failed to init CTI : %s", err)
|
t.Fatalf("failed to init CTI : %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
|
||||||
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
||||||
ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{
|
ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{
|
||||||
Transport: RoundTripFunc(smokeHandler),
|
Transport: RoundTripFunc(smokeHandler),
|
||||||
}))
|
}))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
item, err := CrowdsecCTI("1.2.3.4")
|
item, err := CrowdsecCTI("1.2.3.4")
|
||||||
assert.Equal(t, item, &cticlient.SmokeItem{})
|
assert.Equal(t, item, &cti.CTIObject{})
|
||||||
assert.False(t, CTIApiEnabled)
|
assert.False(t, CTIApiEnabled)
|
||||||
assert.Equal(t, err, cticlient.ErrUnauthorized)
|
assert.Equal(t, err, cti.ErrDisabled)
|
||||||
|
|
||||||
//CTI is now disabled, all requests should return empty
|
//CTI is now disabled, all requests should return empty
|
||||||
ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{
|
ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{
|
||||||
Transport: RoundTripFunc(smokeHandler),
|
Transport: RoundTripFunc(smokeHandler),
|
||||||
}))
|
}))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
item, err = CrowdsecCTI("1.2.3.4")
|
item, err = CrowdsecCTI("1.2.3.4")
|
||||||
assert.Equal(t, item, &cticlient.SmokeItem{})
|
assert.Equal(t, item, &cti.CTIObject{})
|
||||||
assert.False(t, CTIApiEnabled)
|
assert.False(t, CTIApiEnabled)
|
||||||
assert.Equal(t, err, cticlient.ErrDisabled)
|
assert.Equal(t, err, cti.ErrDisabled)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNoKey(t *testing.T) {
|
func TestNoKey(t *testing.T) {
|
||||||
defer ShutdownCrowdsecCTI()
|
defer ShutdownCrowdsecCTI()
|
||||||
|
|
||||||
err := InitCrowdsecCTI(nil, nil, nil, nil)
|
err := InitCrowdsecCTI(nil, nil, nil, nil)
|
||||||
require.ErrorIs(t, err, cticlient.ErrDisabled)
|
require.ErrorIs(t, err, cti.ErrDisabled)
|
||||||
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
||||||
ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{
|
ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{
|
||||||
Transport: RoundTripFunc(smokeHandler),
|
Transport: RoundTripFunc(smokeHandler),
|
||||||
}))
|
}))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
item, err := CrowdsecCTI("1.2.3.4")
|
item, err := CrowdsecCTI("1.2.3.4")
|
||||||
assert.Equal(t, item, &cticlient.SmokeItem{})
|
assert.Equal(t, item, &cti.CTIObject{})
|
||||||
assert.False(t, CTIApiEnabled)
|
assert.False(t, CTIApiEnabled)
|
||||||
assert.Equal(t, err, cticlient.ErrDisabled)
|
assert.Equal(t, err, cti.ErrDisabled)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCache(t *testing.T) {
|
func TestCache(t *testing.T) {
|
||||||
defer ShutdownCrowdsecCTI()
|
defer ShutdownCrowdsecCTI()
|
||||||
|
var err error
|
||||||
|
|
||||||
cacheDuration := 1 * time.Second
|
cacheDuration := 1 * time.Second
|
||||||
if err := InitCrowdsecCTI(ptr.Of(validApiKey), &cacheDuration, nil, nil); err != nil {
|
if err := InitCrowdsecCTI(ptr.Of(validApiKey), &cacheDuration, nil, nil); err != nil {
|
||||||
t.Fatalf("failed to init CTI : %s", err)
|
t.Fatalf("failed to init CTI : %s", err)
|
||||||
}
|
}
|
||||||
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
|
||||||
ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{
|
ctiClient, err = cti.NewClientWithResponses(CTIUrl+"/v2/", cti.WithRequestEditorFn(cti.APIKeyInserter(validApiKey)), cti.WithHTTPClient(&http.Client{
|
||||||
Transport: RoundTripFunc(smokeHandler),
|
Transport: RoundTripFunc(smokeHandler),
|
||||||
}))
|
}))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
item, err := CrowdsecCTI("1.2.3.4")
|
item, err := CrowdsecCTI("1.2.3.4")
|
||||||
ctiResp := item.(*cticlient.SmokeItem)
|
ctiResp := item.(*cti.CTIObject)
|
||||||
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
||||||
assert.True(t, CTIApiEnabled)
|
assert.True(t, CTIApiEnabled)
|
||||||
assert.Equal(t, 1, CTICache.Len(true))
|
assert.Equal(t, 1, CTICache.Len(true))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
item, err = CrowdsecCTI("1.2.3.4")
|
item, err = CrowdsecCTI("1.2.3.4")
|
||||||
ctiResp = item.(*cticlient.SmokeItem)
|
ctiResp = item.(*cti.CTIObject)
|
||||||
|
|
||||||
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
||||||
assert.True(t, CTIApiEnabled)
|
assert.True(t, CTIApiEnabled)
|
||||||
|
|
@ -198,12 +207,10 @@ func TestCache(t *testing.T) {
|
||||||
assert.Equal(t, 0, CTICache.Len(true))
|
assert.Equal(t, 0, CTICache.Len(true))
|
||||||
|
|
||||||
item, err = CrowdsecCTI("1.2.3.4")
|
item, err = CrowdsecCTI("1.2.3.4")
|
||||||
ctiResp = item.(*cticlient.SmokeItem)
|
ctiResp = item.(*cti.CTIObject)
|
||||||
|
|
||||||
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
assert.Equal(t, "1.2.3.4", ctiResp.Ip)
|
||||||
assert.True(t, CTIApiEnabled)
|
assert.True(t, CTIApiEnabled)
|
||||||
assert.Equal(t, 1, CTICache.Len(true))
|
assert.Equal(t, 1, CTICache.Len(true))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
*/
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue