diff --git a/pyproject.toml b/pyproject.toml index 9824fe5..6457763 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "malcolm-test" -version = "0.9.1" +version = "0.9.2" authors = [ { name="Seth Grover", email="mero.mero.guero@gmail.com" }, ] diff --git a/src/maltest/tests/test_arkime_api.py b/src/maltest/tests/test_arkime_api.py index 0dabcf3..a1fe8b8 100644 --- a/src/maltest/tests/test_arkime_api.py +++ b/src/maltest/tests/test_arkime_api.py @@ -30,14 +30,14 @@ def test_arkime_views( malcolm_url, malcolm_http_auth, ): -"""test_arkime_views + """test_arkime_views -Test the Arkime views API + Test the Arkime views API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/api/views", headers={"Content-Type": "application/json"}, @@ -58,15 +58,15 @@ def test_arkime_sessions( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_sessions + """test_arkime_sessions -Test the Arkime sessions API + Test the Arkime sessions API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for viewName in EXPECTED_VIEWS: response = requests.post( f"{malcolm_url}/arkime/api/sessions", @@ -94,15 +94,15 @@ def test_arkime_connections( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_connections + """test_arkime_connections -Test the Arkime connections API + Test the Arkime connections API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/arkime/api/connections", headers={"Content-Type": "application/json"}, @@ -128,15 +128,15 @@ def test_arkime_pcap_payload( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_pcap_payload + """test_arkime_pcap_payload -Test the Arkime sessions/pcap API (download a PCAP payload) + Test the Arkime sessions/pcap API (download a PCAP payload) -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/arkime/api/sessions", headers={"Content-Type": "application/json"}, @@ -175,15 +175,15 @@ def test_arkime_spiview( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_spiview + """test_arkime_spiview -Test the Arkime SPIview API + Test the Arkime SPIview API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/arkime/api/spiview", headers={"Content-Type": "application/json"}, @@ -211,15 +211,15 @@ def test_arkime_spigraph( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_spigraph + """test_arkime_spigraph -Test the Arkime SPIgraph API + Test the Arkime SPIgraph API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/arkime/api/spigraph", headers={"Content-Type": "application/json"}, @@ -246,14 +246,14 @@ def test_arkime_files( malcolm_url, malcolm_http_auth, ): -"""test_arkime_files + """test_arkime_files -Test the Arkime files API + Test the Arkime files API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/api/files", headers={"Content-Type": "application/json"}, @@ -272,14 +272,14 @@ def test_arkime_fields( malcolm_url, malcolm_http_auth, ): -"""test_arkime_fields + """test_arkime_fields -Test the Arkime fields API + Test the Arkime fields API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/api/fields", headers={"Content-Type": "application/json"}, @@ -298,14 +298,14 @@ def test_arkime_valueactions( malcolm_url, malcolm_http_auth, ): -"""test_arkime_valueactions + """test_arkime_valueactions -Test the Arkime valueactions API + Test the Arkime valueactions API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/api/valueactions", headers={"Content-Type": "application/json"}, @@ -324,14 +324,14 @@ def test_arkime_fieldactions( malcolm_url, malcolm_http_auth, ): -"""test_arkime_fieldactions + """test_arkime_fieldactions -Test the Arkime fieldactions API + Test the Arkime fieldactions API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/api/fieldactions", headers={"Content-Type": "application/json"}, @@ -352,15 +352,15 @@ def test_arkime_unique( malcolm_http_auth, artifact_hash_map, ): -"""test_arkime_unique + """test_arkime_unique -Test the Arkime unique API + Test the Arkime unique API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/arkime/api/unique", headers={"Content-Type": "application/json"}, diff --git a/src/maltest/tests/test_common_protocols.py b/src/maltest/tests/test_common_protocols.py index 93c9eed..31a64dc 100644 --- a/src/maltest/tests/test_common_protocols.py +++ b/src/maltest/tests/test_common_protocols.py @@ -101,15 +101,15 @@ def test_common_protocols_zeek( malcolm_url, artifact_hash_map, ): -"""test_common_protocols_zeek + """test_common_protocols_zeek -Checks for the existence of various Zeek logs (event.dataset) + Checks for the existence of various Zeek logs (event.dataset) -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -142,15 +142,15 @@ def test_mapi_document_lookup( malcolm_http_auth, artifact_hash_map, ): -"""test_mapi_document_lookup + """test_mapi_document_lookup -Test the /mapi/document API by looking up the JSON document for a zeek log + Test the /mapi/document API by looking up the JSON document for a zeek log -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/document", headers={"Content-Type": "application/json"}, @@ -184,17 +184,17 @@ def test_extracted_files_download( malcolm_url, malcolm_http_auth, ): -"""test_extracted_files_download + """test_extracted_files_download -List the quarantined .exe files from the /extracted-files/quarantine page, then download one of them. - With the assumption that the downloaded .exe file is zipped (the test suite's default) and - encrypted with a password of "infected" (the test suite's default), it attempts to decrypt - and unzip the file. + List the quarantined .exe files from the /extracted-files/quarantine page, then download one of them. + With the assumption that the downloaded .exe file is zipped (the test suite's default) and + encrypted with a password of "infected" (the test suite's default), it attempts to decrypt + and unzip the file. -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/extracted-files/quarantine", allow_redirects=True, @@ -242,16 +242,16 @@ def test_freq( malcolm_url, artifact_hash_map, ): -"""test_freq + """test_freq -Test that the event.freq_score_v1 and event.freq_score_v2 fields were calculated. These fields - represent the entropy of dns.host values. + Test that the event.freq_score_v1 and event.freq_score_v2 fields were calculated. These fields + represent the entropy of dns.host values. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/agg/dns.host,event.freq_score_v1,event.freq_score_v2", headers={"Content-Type": "application/json"}, @@ -289,15 +289,15 @@ def test_geo_asn( malcolm_url, artifact_hash_map, ): -"""test_geo_asn + """test_geo_asn -Test that GeoIP and ASN lookups were performed for Zeek and Suricata logs + Test that GeoIP and ASN lookups were performed for Zeek and Suricata logs -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for provider in ('zeek', 'suricata'): for field in ('destination.geo.city_name', 'source.geo.city_name', 'destination.as.full', 'source.as.full'): response = requests.post( @@ -328,16 +328,16 @@ def test_conn_info( malcolm_url, artifact_hash_map, ): -"""test_conn_info + """test_conn_info -Check that connection-related enrichment information (source and destination OUIs, direction, transport, - user agent, etc.) are calculated. + Check that connection-related enrichment information (source and destination OUIs, direction, transport, + user agent, etc.) are calculated. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for provider in ['zeek']: for field in ( 'source.oui', diff --git a/src/maltest/tests/test_connectivity.py b/src/maltest/tests/test_connectivity.py index 9e823cd..eb658d7 100644 --- a/src/maltest/tests/test_connectivity.py +++ b/src/maltest/tests/test_connectivity.py @@ -9,13 +9,13 @@ def test_vm_exists( malcolm_vm_info, ): -"""test_vm_exists + """test_vm_exists -Check that the VM in which the Malcolm instance is running is exists and has an IP address. + Check that the VM in which the Malcolm instance is running is exists and has an IP address. -Args: - malcolm_vm_info (dict): information relating to the Malcolm instance (see MalcolmVM.Info()) -""" + Args: + malcolm_vm_info (dict): information relating to the Malcolm instance (see MalcolmVM.Info()) + """ LOGGER.debug(malcolm_vm_info) assert isinstance(malcolm_vm_info, dict) and malcolm_vm_info.get("ip", None) @@ -25,14 +25,14 @@ def test_ping( malcolm_url, malcolm_http_auth, ): -"""test_ping + """test_ping -Test the /mapi/ping API + Test the /mapi/ping API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/mapi/ping", allow_redirects=True, @@ -50,14 +50,14 @@ def test_db_health( malcolm_url, database_objs, ): -"""test_db_health + """test_db_health -Check the OpenSearch API and that the cluster's health returns "green" or "yellow" + Check the OpenSearch API and that the cluster's health returns "green" or "yellow" -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - database_objs (DatabaseObjs): object containing classes references for either the OpenSearch or Elasticsearch Python libraries -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + database_objs (DatabaseObjs): object containing classes references for either the OpenSearch or Elasticsearch Python libraries + """ dbObjs = database_objs healthDict = dict( dbObjs.DatabaseClass( diff --git a/src/maltest/tests/test_detection_packages.py b/src/maltest/tests/test_detection_packages.py index c2d543e..1f29aaf 100644 --- a/src/maltest/tests/test_detection_packages.py +++ b/src/maltest/tests/test_detection_packages.py @@ -153,15 +153,15 @@ def test_detection_packages( malcolm_url, artifact_hash_map, ): -"""test_detection_packages + """test_detection_packages -Check the rule.category field for various values related to Zeek packages that detect CVEs, etc. + Check the rule.category field for various values related to Zeek packages that detect CVEs, etc. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -196,15 +196,15 @@ def test_hassh_package( malcolm_url, artifact_hash_map, ): -"""test_hassh_package + """test_hassh_package -Test for the presence of zeek.ssh.hassh field generated by the HASSH package + Test for the presence of zeek.ssh.hassh field generated by the HASSH package -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/agg/zeek.ssh.hassh", headers={"Content-Type": "application/json"}, @@ -234,16 +234,16 @@ def test_xor_decrypt_package( malcolm_url, artifact_hash_map, ): -"""test_xor_decrypt_package + """test_xor_decrypt_package -Test for the existence of a file.source value of "XOR decrypted", which is generated by the - corelight/zeek-xor-exe-plugin package. + Test for the existence of a file.source value of "XOR decrypted", which is generated by the + corelight/zeek-xor-exe-plugin package. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/agg/file.path", headers={"Content-Type": "application/json"}, @@ -273,15 +273,15 @@ def test_http_sniffpass( malcolm_url, artifact_hash_map, ): -"""test_http_sniffpass + """test_http_sniffpass -Check for the existence of the zeek.http.post_username field, which is generated by the cybera/zeek-sniffpass package + Check for the existence of the zeek.http.post_username field, which is generated by the cybera/zeek-sniffpass package -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/agg/zeek.http.post_username", headers={"Content-Type": "application/json"}, diff --git a/src/maltest/tests/test_evtx.py b/src/maltest/tests/test_evtx.py index cde803d..bf04c92 100644 --- a/src/maltest/tests/test_evtx.py +++ b/src/maltest/tests/test_evtx.py @@ -17,17 +17,17 @@ def test_all_evtx( malcolm_url, artifact_hash_map, # actually artifact_hash_map holds evtx files too... ): -"""test_all_evtx + """test_all_evtx -Check the existance of the event.module value of winlog, which is populated from the parsing of - Windows event logs. Note that the "doctype": "host" filter is used passed to the mapi/agg API - so that host log data is queried instead of network log data. + Check the existance of the event.module value of winlog, which is populated from the parsing of + Windows event logs. Note that the "doctype": "host" filter is used passed to the mapi/agg API + so that host log data is queried instead of network log data. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( diff --git a/src/maltest/tests/test_mapi.py b/src/maltest/tests/test_mapi.py index 67a679e..bf8d75e 100644 --- a/src/maltest/tests/test_mapi.py +++ b/src/maltest/tests/test_mapi.py @@ -13,14 +13,14 @@ def test_mapi_indices( malcolm_url, malcolm_http_auth, ): -"""test_mapi_indices + """test_mapi_indices -Test the /mapi/indices API + Test the /mapi/indices API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/mapi/indices", headers={"Content-Type": "application/json"}, @@ -39,14 +39,14 @@ def test_mapi_fields( malcolm_url, malcolm_http_auth, ): -"""test_mapi_fields + """test_mapi_fields -Test the /mapi/fields API + Test the /mapi/fields API -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/mapi/fields", headers={"Content-Type": "application/json"}, @@ -67,14 +67,14 @@ def test_mapi_dashboard_export( malcolm_url, malcolm_http_auth, ): -"""test_mapi_dashboard_export + """test_mapi_dashboard_export -Test the /mapi/dashboard-export API by exporting the "Overview" dashboard and checking its title + Test the /mapi/dashboard-export API by exporting the "Overview" dashboard and checking its title -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/mapi/dashboard-export/0ad3d7c2-3441-485e-9dfe-dbb22e84e576", headers={"Content-Type": "application/json"}, @@ -93,14 +93,14 @@ def test_event_log_mapi( malcolm_http_auth, malcolm_url, ): -"""test_event_log_mapi + """test_event_log_mapi -Test the /mapi/event API to log an event via the loopback alert webhook + Test the /mapi/event API to log an event via the loopback alert webhook -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + """ alert = { "alert": { "monitor": {"name": "Malcolm API Loopback Monitor"}, diff --git a/src/maltest/tests/test_netbox.py b/src/maltest/tests/test_netbox.py index d2727aa..7da7b7f 100644 --- a/src/maltest/tests/test_netbox.py +++ b/src/maltest/tests/test_netbox.py @@ -27,15 +27,15 @@ def test_netbox_cross_segment( malcolm_url, artifact_hash_map, ): -"""test_netbox_cross_segment + """test_netbox_cross_segment -After netbox enrichment/autopopulation happens, check that cross-segment traffic was detected + After netbox enrichment/autopopulation happens, check that cross-segment traffic was detected -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ response = requests.post( f"{malcolm_url}/mapi/agg/event.provider,source.segment.name,destination.segment.name", headers={"Content-Type": "application/json"}, @@ -79,15 +79,15 @@ def test_netbox_enrichment( malcolm_url, artifact_hash_map, ): -"""test_netbox_enrichment + """test_netbox_enrichment -Check for various fields populated by netbox enrichment (manufacturer, device type, device name, etc.) + Check for various fields populated by netbox enrichment (manufacturer, device type, device name, etc.) -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for field in [ "related.manufacturer", "related.device_type", diff --git a/src/maltest/tests/test_nginx_access.py b/src/maltest/tests/test_nginx_access.py index 22601c8..ec87a9d 100644 --- a/src/maltest/tests/test_nginx_access.py +++ b/src/maltest/tests/test_nginx_access.py @@ -13,16 +13,16 @@ def test_nginx_logs( malcolm_url, artifact_hash_map, ): -"""test_nginx_logs + """test_nginx_logs -Test the the NGINX access and error logs that are generated by Malcolm's access itself (NGINX_LOG_ACCESS_AND_ERRORS) - get logged/parsed/indexed correctly. + Test the the NGINX access and error logs that are generated by Malcolm's access itself (NGINX_LOG_ACCESS_AND_ERRORS) + get logged/parsed/indexed correctly. -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for field in [ "http.request.method", "http.response.status_code", diff --git a/src/maltest/tests/test_ot_protocols.py b/src/maltest/tests/test_ot_protocols.py index 3ddd842..62fc04e 100644 --- a/src/maltest/tests/test_ot_protocols.py +++ b/src/maltest/tests/test_ot_protocols.py @@ -134,15 +134,15 @@ def test_ot_protocols( malcolm_url, artifact_hash_map, ): -"""test_ot_protocols + """test_ot_protocols -Checks for the existence of various Zeek logs (event.dataset) related to ICS/OT protocols + Checks for the existence of various Zeek logs (event.dataset) related to ICS/OT protocols -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( @@ -176,15 +176,15 @@ def test_ics_best_guess( malcolm_url, artifact_hash_map, ): -"""test_ics_best_guess + """test_ics_best_guess -Check that the zeek.bestguess.* fields are generated + Check that the zeek.bestguess.* fields are generated -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ for field in [ "zeek.bestguess.category", "zeek.bestguess.name", diff --git a/src/maltest/tests/test_severity.py b/src/maltest/tests/test_severity.py index 2e99929..597b5d7 100644 --- a/src/maltest/tests/test_severity.py +++ b/src/maltest/tests/test_severity.py @@ -60,15 +60,15 @@ def test_severity_tags( malcolm_url, artifact_hash_map, ): -"""test_severity_tags + """test_severity_tags -Test that the expected event.severity_tags are generated correctly + Test that the expected event.severity_tags are generated correctly -Args: - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance - malcolm_url (str): URL for connecting to the Malcolm instance - artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash -""" + Args: + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + malcolm_url (str): URL for connecting to the Malcolm instance + artifact_hash_map (defaultdict(lambda: None)): a map of artifact files' full path to their file hash + """ assert all([artifact_hash_map.get(x, None) for x in mmguero.GetIterable(UPLOAD_ARTIFACTS)]) response = requests.post( diff --git a/src/maltest/tests/test_upstreams.py b/src/maltest/tests/test_upstreams.py index 549a59a..fa44167 100644 --- a/src/maltest/tests/test_upstreams.py +++ b/src/maltest/tests/test_upstreams.py @@ -16,14 +16,14 @@ def test_local_account_management_page_exists( malcolm_url, malcolm_http_auth, ): -"""test_local_account_management_page_exists + """test_local_account_management_page_exists -Test that the local account management authentication page is served up + Test that the local account management authentication page is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/auth/", allow_redirects=True, @@ -41,14 +41,14 @@ def test_upload_page_exists( malcolm_url, malcolm_http_auth, ): -"""test_upload_page_exists + """test_upload_page_exists -Test that the PCAP upload page is served up + Test that the PCAP upload page is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/upload/", allow_redirects=True, @@ -66,14 +66,14 @@ def test_landing_page_exists( malcolm_url, malcolm_http_auth, ): -"""test_landing_page_exists + """test_landing_page_exists -Test that the Malcolm landing page is served up + Test that the Malcolm landing page is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/", allow_redirects=True, @@ -91,14 +91,14 @@ def test_documentation_exists( malcolm_url, malcolm_http_auth, ): -"""test_documentation_exists + """test_documentation_exists -Test that the Malcolm documentation page is served up + Test that the Malcolm documentation page is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/readme/", allow_redirects=True, @@ -120,14 +120,14 @@ def test_dashboards_exists( malcolm_url, malcolm_http_auth, ): -"""test_dashboards_exists + """test_dashboards_exists -Test that the Malcolm OpenSearch Dashboards UI is served up + Test that the Malcolm OpenSearch Dashboards UI is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/dashboards/", headers={"osd-xsrf": "anything"}, @@ -147,14 +147,14 @@ def test_dashboards_maps_exists( malcolm_url, malcolm_http_auth, ): -"""test_dashboards_maps_exists + """test_dashboards_maps_exists -Test that the Malcolm OpenSearch Dashboards offline map geojson file is served up + Test that the Malcolm OpenSearch Dashboards offline map geojson file is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/world.geojson", headers={"Content-Type": "application/json"}, @@ -174,14 +174,14 @@ def test_netbox_exists( malcolm_url, malcolm_http_auth, ): -"""test_netbox_exists + """test_netbox_exists -Test that the NetBox UI is served up + Test that the NetBox UI is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/netbox/", allow_redirects=True, @@ -200,14 +200,14 @@ def test_netbox_health_plugin( malcolm_url, malcolm_http_auth, ): -"""test_netbox_health_plugin + """test_netbox_health_plugin -Check the accessibility and result of the NetBox health check plugin + Check the accessibility and result of the NetBox health check plugin -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/netbox/plugins/netbox_healthcheck_plugin/healthcheck/?format=json", headers={"Content-Type": "application/json"}, @@ -227,14 +227,14 @@ def test_arkime_exists( malcolm_url, malcolm_http_auth, ): -"""test_arkime_exists + """test_arkime_exists -Test that the Arkime UI is served up + Test that the Arkime UI is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/", allow_redirects=True, @@ -252,14 +252,14 @@ def test_cyberchef_exists( malcolm_url, malcolm_http_auth, ): -"""test_cyberchef_exists + """test_cyberchef_exists -Test that the CyberChef UI is served up + Test that the CyberChef UI is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/arkime/cyberchef/", allow_redirects=True, @@ -278,14 +278,14 @@ def test_extracted_files_exists( malcolm_url, malcolm_http_auth, ): -"""test_extracted_files_exists + """test_extracted_files_exists -Check the extracted files download UI is served up + Check the extracted files download UI is served up -Args: - malcolm_url (str): URL for connecting to the Malcolm instance - malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance -""" + Args: + malcolm_url (str): URL for connecting to the Malcolm instance + malcolm_http_auth (HTTPBasicAuth): username and password for the Malcolm instance + """ response = requests.get( f"{malcolm_url}/extracted-files/", allow_redirects=True,