-
Notifications
You must be signed in to change notification settings - Fork 4
/
exfil_test.go
102 lines (85 loc) · 2.34 KB
/
exfil_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package limacharlie
import (
"testing"
"github.com/stretchr/testify/suite"
)
func TestExfilTestSuite(t *testing.T) {
suite.Run(t, new(ExfilTestSuite))
}
type ExfilTestSuite struct {
suite.Suite
org *Organization
unsubReplicantCB unsubscribeReplicantCB
}
func (s *ExfilTestSuite) SetupSuite() {
s.org = getTestOrgFromEnv(s.Assert())
cb, err := findUnsubscribeReplicantCallback(s.org, "exfil")
s.NoError(err)
s.unsubReplicantCB = cb
}
func (s *ExfilTestSuite) TearDownSuite() {
if s.unsubReplicantCB != nil {
s.unsubReplicantCB()
}
}
func (s *ExfilTestSuite) TestEventAddDelete() {
rules, err := s.org.ExfilRules()
s.NoError(err)
rulesEventsLenStart := len(rules.Events)
ruleName := "eventRule0"
ruleEvent := ExfilRuleEvent{
Events: []string{"NEW_TCP4_CONNECTION", "NEW_TCP6_CONNECTION"},
Filters: ExfilEventFilters{
Tags: []string{"vip"},
Platforms: []string{"windows", "linux"},
},
}
s.NoError(s.org.ExfilRuleEventAdd(ruleName, ruleEvent))
rules, err = s.org.ExfilRules()
s.NoError(err)
s.Equal(rulesEventsLenStart+1, len(rules.Events))
rule, found := rules.Events[ruleName]
s.True(found)
s.NotEmpty(rule.CreatedBy)
s.NotZero(rule.LastUpdated)
s.Equal(ruleEvent.Events, rule.Events)
s.Equal(ruleEvent.Filters, rule.Filters)
err = s.org.ExfilRuleEventDelete(ruleName)
s.NoError(err)
rules, err = s.org.ExfilRules()
s.NoError(err)
s.Equal(rulesEventsLenStart, len(rules.Events))
}
func (s *ExfilTestSuite) TestWatchAddDelete() {
rules, err := s.org.ExfilRules()
s.NoError(err)
s.Empty(rules.Watches)
ruleName := "watchRule0"
ruleWatch := ExfilRuleWatch{
Event: "MODULE_LOAD",
Operator: "ends with",
Value: "wininet.dll",
Path: []string{"FILE_PATH"},
Filters: ExfilEventFilters{
Tags: []string{"server"},
Platforms: []string{"windows"},
},
}
s.NoError(s.org.ExfilRuleWatchAdd(ruleName, ruleWatch))
rules, err = s.org.ExfilRules()
s.NoError(err)
s.NotEmpty(rules.Watches)
rule, found := rules.Watches[ruleName]
s.True(found)
s.NotEmpty(rule.CreatedBy)
s.NotZero(rule.LastUpdated)
s.Equal(ruleWatch.Event, rule.Event)
s.Equal(ruleWatch.Path, rule.Path)
s.Equal(ruleWatch.Operator, rule.Operator)
s.Equal(ruleWatch.Filters, rule.Filters)
err = s.org.ExfilRuleWatchDelete(ruleName)
s.NoError(err)
rules, err = s.org.ExfilRules()
s.NoError(err)
s.Empty(rules.Watches)
}