From 6595910a62415029f314c32f198f8b7ec357ec5a Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 19 Dec 2024 15:31:26 -0700 Subject: [PATCH] pydoc comments for initial tests --- pyproject.toml | 2 +- src/maltest/tests/test_arkime_api.py | 94 ++++++++++++++++++++ src/maltest/tests/test_common_protocols.py | 60 ++++++++++++- src/maltest/tests/test_connectivity.py | 23 +++++ src/maltest/tests/test_detection_packages.py | 37 ++++++++ src/maltest/tests/test_evtx.py | 11 +++ src/maltest/tests/test_mapi.py | 32 +++++++ src/maltest/tests/test_netbox.py | 18 ++++ src/maltest/tests/test_nginx_access.py | 10 +++ src/maltest/tests/test_ot_protocols.py | 18 ++++ src/maltest/tests/test_severity.py | 9 ++ src/maltest/tests/test_upstreams.py | 88 ++++++++++++++++++ 12 files changed, 400 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 99deab4..9824fe5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "malcolm-test" -version = "0.9.0" +version = "0.9.1" authors = [ { name="Seth Grover", email="mero.mero.guero@gmail.com" }, ] diff --git a/src/maltest/tests/test_arkime_api.py b/src/maltest/tests/test_arkime_api.py index 2ce73ef..0dabcf3 100644 --- a/src/maltest/tests/test_arkime_api.py +++ b/src/maltest/tests/test_arkime_api.py @@ -30,6 +30,14 @@ def test_arkime_views( malcolm_url, malcolm_http_auth, ): +"""test_arkime_views + +Test the Arkime views API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/api/views", headers={"Content-Type": "application/json"}, @@ -50,6 +58,15 @@ def test_arkime_sessions( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_sessions + +Test the Arkime sessions API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for viewName in EXPECTED_VIEWS: response = requests.post( f"{malcolm_url}/arkime/api/sessions", @@ -77,6 +94,15 @@ def test_arkime_connections( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_connections + +Test the Arkime connections API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/arkime/api/connections", headers={"Content-Type": "application/json"}, @@ -102,6 +128,15 @@ def test_arkime_pcap_payload( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_pcap_payload + +Test the Arkime sessions/pcap API (download a PCAP payload) + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/arkime/api/sessions", headers={"Content-Type": "application/json"}, @@ -140,6 +175,15 @@ def test_arkime_spiview( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_spiview + +Test the Arkime SPIview API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/arkime/api/spiview", headers={"Content-Type": "application/json"}, @@ -167,6 +211,15 @@ def test_arkime_spigraph( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_spigraph + +Test the Arkime SPIgraph API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/arkime/api/spigraph", headers={"Content-Type": "application/json"}, @@ -193,6 +246,14 @@ def test_arkime_files( malcolm_url, malcolm_http_auth, ): +"""test_arkime_files + +Test the Arkime files API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/api/files", headers={"Content-Type": "application/json"}, @@ -211,6 +272,14 @@ def test_arkime_fields( malcolm_url, malcolm_http_auth, ): +"""test_arkime_fields + +Test the Arkime fields API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/api/fields", headers={"Content-Type": "application/json"}, @@ -229,6 +298,14 @@ def test_arkime_valueactions( malcolm_url, malcolm_http_auth, ): +"""test_arkime_valueactions + +Test the Arkime valueactions API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/api/valueactions", headers={"Content-Type": "application/json"}, @@ -247,6 +324,14 @@ def test_arkime_fieldactions( malcolm_url, malcolm_http_auth, ): +"""test_arkime_fieldactions + +Test the Arkime fieldactions API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/api/fieldactions", headers={"Content-Type": "application/json"}, @@ -267,6 +352,15 @@ def test_arkime_unique( malcolm_http_auth, artifact_hash_map, ): +"""test_arkime_unique + +Test the Arkime unique API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/arkime/api/unique", headers={"Content-Type": "application/json"}, diff --git a/src/maltest/tests/test_common_protocols.py b/src/maltest/tests/test_common_protocols.py index 3abe887..93c9eed 100644 --- a/src/maltest/tests/test_common_protocols.py +++ b/src/maltest/tests/test_common_protocols.py @@ -96,11 +96,20 @@ @pytest.mark.mapi @pytest.mark.pcap -def test_common_protocols( +def test_common_protocols_zeek( malcolm_http_auth, malcolm_url, artifact_hash_map, ): +"""test_common_protocols_zeek + +Checks for the existence of various Zeek logs (event.dataset) + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -133,6 +142,15 @@ def test_mapi_document_lookup( malcolm_http_auth, artifact_hash_map, ): +"""test_mapi_document_lookup + +Test the /mapi/document API by looking up the JSON document for a zeek log + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/document", headers={"Content-Type": "application/json"}, @@ -166,6 +184,17 @@ def test_extracted_files_download( malcolm_url, malcolm_http_auth, ): +"""test_extracted_files_download + +List the quarantined .exe files from the /extracted-files/quarantine page, then download one of them. + With the assumption that the downloaded .exe file is zipped (the test suite's default) and + encrypted with a password of "infected" (the test suite's default), it attempts to decrypt + and unzip the file. + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/extracted-files/quarantine", allow_redirects=True, @@ -213,6 +242,16 @@ def test_freq( malcolm_url, artifact_hash_map, ): +"""test_freq + +Test that the event.freq_score_v1 and event.freq_score_v2 fields were calculated. These fields + represent the entropy of dns.host values. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/agg/dns.host,event.freq_score_v1,event.freq_score_v2", headers={"Content-Type": "application/json"}, @@ -250,6 +289,15 @@ def test_geo_asn( malcolm_url, artifact_hash_map, ): +"""test_geo_asn + +Test that GeoIP and ASN lookups were performed for Zeek and Suricata logs + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for provider in ('zeek', 'suricata'): for field in ('destination.geo.city_name', 'source.geo.city_name', 'destination.as.full', 'source.as.full'): response = requests.post( @@ -280,6 +328,16 @@ def test_conn_info( malcolm_url, artifact_hash_map, ): +"""test_conn_info + +Check that connection-related enrichment information (source and destination OUIs, direction, transport, + user agent, etc.) are calculated. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for provider in ['zeek']: for field in ( 'source.oui', diff --git a/src/maltest/tests/test_connectivity.py b/src/maltest/tests/test_connectivity.py index e90c348..9e823cd 100644 --- a/src/maltest/tests/test_connectivity.py +++ b/src/maltest/tests/test_connectivity.py @@ -9,6 +9,13 @@ def test_vm_exists( malcolm_vm_info, ): +"""test_vm_exists + +Check that the VM in which the Malcolm instance is running is exists and has an IP address. + +Args: + malcolm_vm_info (dict): information relating to the Malcolm instance (see MalcolmVM.Info()) +""" LOGGER.debug(malcolm_vm_info) assert isinstance(malcolm_vm_info, dict) and malcolm_vm_info.get("ip", None) @@ -18,6 +25,14 @@ def test_ping( malcolm_url, malcolm_http_auth, ): +"""test_ping + +Test the /mapi/ping API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/mapi/ping", allow_redirects=True, @@ -35,6 +50,14 @@ def test_db_health( malcolm_url, database_objs, ): +"""test_db_health + +Check the OpenSearch API and that the cluster's health returns "green" or "yellow" + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + database_objs (DatabaseObjs): object containing classes references for either the OpenSearch or Elasticsearch Python libraries +""" dbObjs = database_objs healthDict = dict( dbObjs.DatabaseClass( diff --git a/src/maltest/tests/test_detection_packages.py b/src/maltest/tests/test_detection_packages.py index ac5c3cf..c2d543e 100644 --- a/src/maltest/tests/test_detection_packages.py +++ b/src/maltest/tests/test_detection_packages.py @@ -153,6 +153,15 @@ def test_detection_packages( malcolm_url, artifact_hash_map, ): +"""test_detection_packages + +Check the rule.category field for various values related to Zeek packages that detect CVEs, etc. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -187,6 +196,15 @@ def test_hassh_package( malcolm_url, artifact_hash_map, ): +"""test_hassh_package + +Test for the presence of zeek.ssh.hassh field generated by the HASSH package + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/agg/zeek.ssh.hassh", headers={"Content-Type": "application/json"}, @@ -216,6 +234,16 @@ def test_xor_decrypt_package( malcolm_url, artifact_hash_map, ): +"""test_xor_decrypt_package + +Test for the existence of a file.source value of "XOR decrypted", which is generated by the + corelight/zeek-xor-exe-plugin package. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/agg/file.path", headers={"Content-Type": "application/json"}, @@ -245,6 +273,15 @@ def test_http_sniffpass( malcolm_url, artifact_hash_map, ): +"""test_http_sniffpass + +Check for the existence of the zeek.http.post_username field, which is generated by the cybera/zeek-sniffpass package + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/agg/zeek.http.post_username", headers={"Content-Type": "application/json"}, diff --git a/src/maltest/tests/test_evtx.py b/src/maltest/tests/test_evtx.py index dce5c59..cde803d 100644 --- a/src/maltest/tests/test_evtx.py +++ b/src/maltest/tests/test_evtx.py @@ -17,6 +17,17 @@ def test_all_evtx( malcolm_url, artifact_hash_map, # actually artifact_hash_map holds evtx files too... ): +"""test_all_evtx + +Check the existance of the event.module value of winlog, which is populated from the parsing of + Windows event logs. Note that the "doctype": "host" filter is used passed to the mapi/agg API + so that host log data is queried instead of network log data. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( diff --git a/src/maltest/tests/test_mapi.py b/src/maltest/tests/test_mapi.py index 1d45b24..67a679e 100644 --- a/src/maltest/tests/test_mapi.py +++ b/src/maltest/tests/test_mapi.py @@ -13,6 +13,14 @@ def test_mapi_indices( malcolm_url, malcolm_http_auth, ): +"""test_mapi_indices + +Test the /mapi/indices API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/mapi/indices", headers={"Content-Type": "application/json"}, @@ -31,6 +39,14 @@ def test_mapi_fields( malcolm_url, malcolm_http_auth, ): +"""test_mapi_fields + +Test the /mapi/fields API + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/mapi/fields", headers={"Content-Type": "application/json"}, @@ -51,6 +67,14 @@ def test_mapi_dashboard_export( malcolm_url, malcolm_http_auth, ): +"""test_mapi_dashboard_export + +Test the /mapi/dashboard-export API by exporting the "Overview" dashboard and checking its title + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/mapi/dashboard-export/0ad3d7c2-3441-485e-9dfe-dbb22e84e576", headers={"Content-Type": "application/json"}, @@ -69,6 +93,14 @@ def test_event_log_mapi( malcolm_http_auth, malcolm_url, ): +"""test_event_log_mapi + +Test the /mapi/event API to log an event via the loopback alert webhook + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance +""" alert = { "alert": { "monitor": {"name": "Malcolm API Loopback Monitor"}, diff --git a/src/maltest/tests/test_netbox.py b/src/maltest/tests/test_netbox.py index 70d206f..d2727aa 100644 --- a/src/maltest/tests/test_netbox.py +++ b/src/maltest/tests/test_netbox.py @@ -27,6 +27,15 @@ def test_netbox_cross_segment( malcolm_url, artifact_hash_map, ): +"""test_netbox_cross_segment + +After netbox enrichment/autopopulation happens, check that cross-segment traffic was detected + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" response = requests.post( f"{malcolm_url}/mapi/agg/event.provider,source.segment.name,destination.segment.name", headers={"Content-Type": "application/json"}, @@ -70,6 +79,15 @@ def test_netbox_enrichment( malcolm_url, artifact_hash_map, ): +"""test_netbox_enrichment + +Check for various fields populated by netbox enrichment (manufacturer, device type, device name, etc.) + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for field in [ "related.manufacturer", "related.device_type", diff --git a/src/maltest/tests/test_nginx_access.py b/src/maltest/tests/test_nginx_access.py index 2848f78..22601c8 100644 --- a/src/maltest/tests/test_nginx_access.py +++ b/src/maltest/tests/test_nginx_access.py @@ -13,6 +13,16 @@ def test_nginx_logs( malcolm_url, artifact_hash_map, ): +"""test_nginx_logs + +Test the the NGINX access and error logs that are generated by Malcolm's access itself (NGINX_LOG_ACCESS_AND_ERRORS) + get logged/parsed/indexed correctly. + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for field in [ "http.request.method", "http.response.status_code", diff --git a/src/maltest/tests/test_ot_protocols.py b/src/maltest/tests/test_ot_protocols.py index 062fbff..3ddd842 100644 --- a/src/maltest/tests/test_ot_protocols.py +++ b/src/maltest/tests/test_ot_protocols.py @@ -134,6 +134,15 @@ def test_ot_protocols( malcolm_url, artifact_hash_map, ): +"""test_ot_protocols + +Checks for the existence of various Zeek logs (event.dataset) related to ICS/OT protocols + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -167,6 +176,15 @@ def test_ics_best_guess( malcolm_url, artifact_hash_map, ): +"""test_ics_best_guess + +Check that the zeek.bestguess.* fields are generated + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" for field in [ "zeek.bestguess.category", "zeek.bestguess.name", diff --git a/src/maltest/tests/test_severity.py b/src/maltest/tests/test_severity.py index 035e1cf..2e99929 100644 --- a/src/maltest/tests/test_severity.py +++ b/src/maltest/tests/test_severity.py @@ -60,6 +60,15 @@ def test_severity_tags( malcolm_url, artifact_hash_map, ): +"""test_severity_tags + +Test that the expected event.severity_tags are generated correctly + +Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash +""" assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( diff --git a/src/maltest/tests/test_upstreams.py b/src/maltest/tests/test_upstreams.py index 4964cb2..549a59a 100644 --- a/src/maltest/tests/test_upstreams.py +++ b/src/maltest/tests/test_upstreams.py @@ -16,6 +16,14 @@ def test_local_account_management_page_exists( malcolm_url, malcolm_http_auth, ): +"""test_local_account_management_page_exists + +Test that the local account management authentication page is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/auth/", allow_redirects=True, @@ -33,6 +41,14 @@ def test_upload_page_exists( malcolm_url, malcolm_http_auth, ): +"""test_upload_page_exists + +Test that the PCAP upload page is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/upload/", allow_redirects=True, @@ -50,6 +66,14 @@ def test_landing_page_exists( malcolm_url, malcolm_http_auth, ): +"""test_landing_page_exists + +Test that the Malcolm landing page is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/", allow_redirects=True, @@ -67,6 +91,14 @@ def test_documentation_exists( malcolm_url, malcolm_http_auth, ): +"""test_documentation_exists + +Test that the Malcolm documentation page is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/readme/", allow_redirects=True, @@ -88,6 +120,14 @@ def test_dashboards_exists( malcolm_url, malcolm_http_auth, ): +"""test_dashboards_exists + +Test that the Malcolm OpenSearch Dashboards UI is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/dashboards/", headers={"osd-xsrf": "anything"}, @@ -107,6 +147,14 @@ def test_dashboards_maps_exists( malcolm_url, malcolm_http_auth, ): +"""test_dashboards_maps_exists + +Test that the Malcolm OpenSearch Dashboards offline map geojson file is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/world.geojson", headers={"Content-Type": "application/json"}, @@ -126,6 +174,14 @@ def test_netbox_exists( malcolm_url, malcolm_http_auth, ): +"""test_netbox_exists + +Test that the NetBox UI is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/netbox/", allow_redirects=True, @@ -144,6 +200,14 @@ def test_netbox_health_plugin( malcolm_url, malcolm_http_auth, ): +"""test_netbox_health_plugin + +Check the accessibility and result of the NetBox health check plugin + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/netbox/plugins/netbox_healthcheck_plugin/healthcheck/?format=json", headers={"Content-Type": "application/json"}, @@ -163,6 +227,14 @@ def test_arkime_exists( malcolm_url, malcolm_http_auth, ): +"""test_arkime_exists + +Test that the Arkime UI is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/", allow_redirects=True, @@ -180,6 +252,14 @@ def test_cyberchef_exists( malcolm_url, malcolm_http_auth, ): +"""test_cyberchef_exists + +Test that the CyberChef UI is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/arkime/cyberchef/", allow_redirects=True, @@ -198,6 +278,14 @@ def test_extracted_files_exists( malcolm_url, malcolm_http_auth, ): +"""test_extracted_files_exists + +Check the extracted files download UI is served up + +Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance +""" response = requests.get( f"{malcolm_url}/extracted-files/", allow_redirects=True,