Skip to content

Commit

Permalink
SOAR-15940-updated unit tests for advanced_query_on_log_set to includ…
Browse files Browse the repository at this point in the history 
…e schema validation
  • Loading branch information
@rbowden-r7
rbowden-r7 committed Nov 10, 2023
1 parent d8b899c commit de57cfb
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 39 deletions.
12 changes: 6 additions & 6 deletions plugins/rapid7_insightidr/unit_test/payloads/logsets.json.resp
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
{
"logsets": [
{
"name": "log_set",
"name": "Advanced Malware Alert",
"id": "log_id"
},
{
"name": "log_set2",
"name": "Active Directory Admin Activity",
"id": "log_id2"
},
{
"name": "log_set3",
"name": "Asset Authentication",
"id": "log_id3"
},
{
"name": "log_set4",
"name": "Cloud Service Admin Activity",
"id": "log_id4"
},
{
"name": "log_set5",
"name": "Cloud Service Activity",
"id": "log_id5"
},
{
"name": "log_set7",
"name": "DNS Query",
"id": "log_id7"
}
]
Expand Down
99 changes: 68 additions & 31 deletions plugins/rapid7_insightidr/unit_test/test_advanced_query_on_log_set_unit.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@

from unittest import TestCase
from komand_rapid7_insightidr.actions.advanced_query_on_log_set import AdvancedQueryOnLogSet
from komand_rapid7_insightidr.actions.advanced_query_on_log_set.schema import Input, Output
from komand_rapid7_insightidr.actions.advanced_query_on_log_set.schema import Input, Output, AdvancedQueryOnLogSetInput, AdvancedQueryOnLogSetOutput
from util import Util
from unittest.mock import patch
from jsonschema import validate


@patch("requests.Session.get", side_effect=Util.mocked_requests)
Expand All @@ -18,60 +19,90 @@ def setUpClass(cls) -> None:
cls.action = Util.default_connector(AdvancedQueryOnLogSet())

def test_advanced_query_on_log_set_one_label(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "",
Input.LOG_SET: "log_set",
}
)
Input.LOG_SET: "Advanced Malware Alert",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)

expected = ["Out of order entry"]

self.assertEqual(actual.get(Output.COUNT), 1)
self.assertEqual(actual.get(Output.RESULTS_EVENTS)[0].get("labels"), expected)

validate(actual, AdvancedQueryOnLogSetOutput.schema)

def test_advanced_query_on_log_set_two_label(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "",
Input.LOG_SET: "log_set2",
}
)
Input.LOG_SET: "Active Directory Admin Activity",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)

expected = ["Out of order entry", "Out of events"]

self.assertEqual(actual.get(Output.COUNT), 1)
self.assertEqual(actual.get(Output.RESULTS_EVENTS)[0].get("labels"), expected)

validate(actual, AdvancedQueryOnLogSetOutput.schema)

def test_advanced_query_on_log_set_without_label(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "",
Input.LOG_SET: "log_set3",
}
)
Input.LOG_SET: "Asset Authentication",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)
expected = []

self.assertEqual(actual.get(Output.COUNT), 1)
self.assertEqual(actual.get(Output.RESULTS_EVENTS)[0].get("labels"), expected)

validate(actual, AdvancedQueryOnLogSetOutput.schema)

def test_advanced_query_on_log_set_wrong_label(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "",
Input.LOG_SET: "log_set4",
}
)
Input.LOG_SET: "Cloud Service Admin Activity",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)
expected = []

self.assertEqual(actual.get(Output.COUNT), 1)
self.assertEqual(actual.get(Output.RESULTS_EVENTS)[0].get("labels"), expected)

validate(actual, AdvancedQueryOnLogSetOutput.schema)

def test_advanced_query_on_log_statistical_result_calculate(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "where(hostname='WindowsX64') calculate(count)",
Input.LOG_SET: "log_set5",
}
)
Input.LOG_SET: "Cloud Service Activity",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)
expected = {
"count": 4,
"results_statistical": {
Expand Down Expand Up @@ -121,14 +152,19 @@ def test_advanced_query_on_log_statistical_result_calculate(self, mock_get, mock
}

self.assertEqual(actual, expected)
validate(actual, AdvancedQueryOnLogSetOutput.schema)

def test_advanced_query_on_log_statistical_result_groupby(self, mock_get, mock_async_get):
actual = self.action.run(
{
test_input = {
Input.QUERY: "groupby(r7_context.asset.name)",
Input.LOG_SET: "log_set7",
}
)
Input.LOG_SET: "DNS Query",
Input.TIMEOUT: 60,
Input.RELATIVE_TIME: "Last 5 Minutes"
}

validate(test_input, AdvancedQueryOnLogSetInput.schema)

actual = self.action.run(test_input)
expected = {
"count": 4,
"results_statistical": {
Expand Down Expand Up @@ -201,3 +237,4 @@ def test_advanced_query_on_log_statistical_result_groupby(self, mock_get, mock_a
}

self.assertEqual(actual, expected)
validate(actual, AdvancedQueryOnLogSetOutput.schema)
2 changes: 0 additions & 2 deletions plugins/rapid7_insightidr/unit_test/util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,8 +252,6 @@ def json(self):
elif args[0] == f"{Util.STUB_URL_API}/log_search/management/logsets":
return MockResponse("logsets", 200)

print(args)

if args[0] == "https://us.api.insight.rapid7.com/log_search/query/logsets/log_id5":
return MockResponse("log_id5", 200)

Expand Down

0 comments on commit de57cfb

Please sign in to comment.