From 8c8ed0584dca464aa3a397c9cbc855c0718f26a9 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 24 Jan 2023 12:03:40 +0530 Subject: [PATCH 01/32] Auth0 Testcase Added --- collectors/auth0/package.json | 2 +- collectors/auth0/test/utils_test.js | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index ded77742..48179e96 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -6,7 +6,7 @@ "private": true, "scripts": { "lint": "jshint --exclude \"./node_modules/*\" **/*.js", - "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text mocha --colors" + "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text --reporter=json-summary mocha --colors" }, "devDependencies": { "aws-sdk": "*", diff --git a/collectors/auth0/test/utils_test.js b/collectors/auth0/test/utils_test.js index 550286e9..b1a27e73 100644 --- a/collectors/auth0/test/utils_test.js +++ b/collectors/auth0/test/utils_test.js @@ -39,6 +39,33 @@ describe('Unit Tests', function () { }); }); + describe('Get API Logs with error', function () { + it('Get API Logs with error', function (done) { + getLogsStub = sinon.stub(auth0Client, 'getLogs').callsFake( + function fakeFn() { + return new Promise(function (resolve, reject) { + return reject(new Error("Test Error")); + }); + }); + + const startDate = moment().subtract(5, 'minutes'); + let state = { + since: startDate.toISOString(), + poll_interval_sec: 1 + }; + let maxPagesPerInvocation = 5; + let accumulator = []; + + utils.getAPILogs(auth0Client, state, accumulator, maxPagesPerInvocation) + .catch(err => { + assert.equal(err.message, "Test Error", "Error message is not correct"); + getLogsStub.restore(); + done(); + }); + }); + }); + + describe('Get API Logs with last log id', function () { it('Get API Logs with last log id', function (done) { getLogsStub = sinon.stub(auth0Client, 'getLogs').callsFake( From 1358bbd8411835e4ff77555aa0d59319e0a79819 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 24 Jan 2023 14:19:55 +0530 Subject: [PATCH 02/32] updated package.json version for auth0 collector --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 48179e96..7d92ff07 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -1,6 +1,6 @@ { "name": "auth0-collector", - "version": "1.1.41", + "version": "1.1.42", "description": "Alert Logic AWS based Auth0 Log Collector extension", "repository": {}, "private": true, From 5d69890e213ea6e8bb0acae336b05a12beadad45 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 12:31:55 +0530 Subject: [PATCH 03/32] Added Test Cases for auth0_collector --- collectors/auth0/test/auth0_test.js | 48 +++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 04c93a72..e94bdc66 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -154,6 +154,54 @@ describe('Unit Tests', function () { done(); }); }); + + it('log format when type is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: auth0Mock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + Auth0Collector.load().then(function (creds) { + var collector = new Auth0Collector(ctx, creds); + const msg = { + "type": null, + "date": "2020-01-13T15:19:38.386Z" + }; + let fmt = collector.pawsFormatLog(msg); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + + it('log format when date is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: auth0Mock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + Auth0Collector.load().then(function (creds) { + var collector = new Auth0Collector(ctx, creds); + const msg = { + "type": "fsa", + "date": null + }; + let fmt = collector.pawsFormatLog(msg); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('pawsGetLogs', function () { From 957c0498d675a45f8edbe7c865c07f836cdd52a7 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 13:07:17 +0530 Subject: [PATCH 04/32] updated package.json version for auth0 collector --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 25a6a3d4..3b8bb229 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -1,6 +1,6 @@ { "name": "auth0-collector", - "version": "1.1.42", + "version": "1.1.43", "description": "Alert Logic AWS based Auth0 Log Collector extension", "repository": {}, "private": true, From c44b5818d410bcca0d68bad18f9e8f5dc7310346 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 13:09:41 +0530 Subject: [PATCH 05/32] changes in package.json test scripts --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 3b8bb229..801dc79e 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -6,7 +6,7 @@ "private": true, "scripts": { "lint": "jshint --exclude \"./node_modules/*\" **/*.js", - "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text --reporter=json-summary mocha --colors" + "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text mocha --colors" }, "devDependencies": { "aws-sdk": "*", From a50b6c431fb9cddfbfc1dd9d3f44af482c43e83a Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 24 Jan 2023 12:03:40 +0530 Subject: [PATCH 06/32] Auth0 Testcase Added --- collectors/auth0/package.json | 2 +- collectors/auth0/test/utils_test.js | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 47c38c19..87b6f382 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -6,7 +6,7 @@ "private": true, "scripts": { "lint": "jshint --exclude \"./node_modules/*\" **/*.js", - "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text mocha --colors" + "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text --reporter=json-summary mocha --colors" }, "devDependencies": { "aws-sdk": "*", diff --git a/collectors/auth0/test/utils_test.js b/collectors/auth0/test/utils_test.js index 550286e9..b1a27e73 100644 --- a/collectors/auth0/test/utils_test.js +++ b/collectors/auth0/test/utils_test.js @@ -39,6 +39,33 @@ describe('Unit Tests', function () { }); }); + describe('Get API Logs with error', function () { + it('Get API Logs with error', function (done) { + getLogsStub = sinon.stub(auth0Client, 'getLogs').callsFake( + function fakeFn() { + return new Promise(function (resolve, reject) { + return reject(new Error("Test Error")); + }); + }); + + const startDate = moment().subtract(5, 'minutes'); + let state = { + since: startDate.toISOString(), + poll_interval_sec: 1 + }; + let maxPagesPerInvocation = 5; + let accumulator = []; + + utils.getAPILogs(auth0Client, state, accumulator, maxPagesPerInvocation) + .catch(err => { + assert.equal(err.message, "Test Error", "Error message is not correct"); + getLogsStub.restore(); + done(); + }); + }); + }); + + describe('Get API Logs with last log id', function () { it('Get API Logs with last log id', function (done) { getLogsStub = sinon.stub(auth0Client, 'getLogs').callsFake( From 2011867e953d9860391888518cc34b9fa04fb4f4 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 24 Jan 2023 14:19:55 +0530 Subject: [PATCH 07/32] updated package.json version for auth0 collector --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 87b6f382..5e2aeda6 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -1,6 +1,6 @@ { "name": "auth0-collector", - "version": "1.1.43", + "version": "1.1.44", "description": "Alert Logic AWS based Auth0 Log Collector extension", "repository": {}, "private": true, From c0367db024b0421d4d1368ca2ac7591df43b1865 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 12:31:55 +0530 Subject: [PATCH 08/32] Added Test Cases for auth0_collector --- collectors/auth0/test/auth0_test.js | 48 +++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 04c93a72..e94bdc66 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -154,6 +154,54 @@ describe('Unit Tests', function () { done(); }); }); + + it('log format when type is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: auth0Mock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + Auth0Collector.load().then(function (creds) { + var collector = new Auth0Collector(ctx, creds); + const msg = { + "type": null, + "date": "2020-01-13T15:19:38.386Z" + }; + let fmt = collector.pawsFormatLog(msg); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + + it('log format when date is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: auth0Mock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + Auth0Collector.load().then(function (creds) { + var collector = new Auth0Collector(ctx, creds); + const msg = { + "type": "fsa", + "date": null + }; + let fmt = collector.pawsFormatLog(msg); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('pawsGetLogs', function () { From f9f996a5c2412bdda47a6116e52cfedf4f1a5d3a Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 13:09:41 +0530 Subject: [PATCH 09/32] changes in package.json test scripts --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 5e2aeda6..78849957 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -6,7 +6,7 @@ "private": true, "scripts": { "lint": "jshint --exclude \"./node_modules/*\" **/*.js", - "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text --reporter=json-summary mocha --colors" + "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=text mocha --colors" }, "devDependencies": { "aws-sdk": "*", From b74653a7e962660b6ea3f76bc17ae28bcf4f9392 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 27 Jan 2023 18:24:50 +0530 Subject: [PATCH 10/32] updated auth0_mock.js and auth0_test.js --- collectors/auth0/test/auth0_mock.js | 108 +++++++++++++++++++++++++++- collectors/auth0/test/auth0_test.js | 12 +--- 2 files changed, 108 insertions(+), 12 deletions(-) diff --git a/collectors/auth0/test/auth0_mock.js b/collectors/auth0/test/auth0_mock.js index 00470c4a..5407c37c 100644 --- a/collectors/auth0/test/auth0_mock.js +++ b/collectors/auth0/test/auth0_mock.js @@ -70,7 +70,109 @@ const AUTH0_LOG_EVENT = { "log_id": "90020200113151943625000993024408641221974042823186448498", "_id": "90020200113151943625000993024408641221974042823186448498", "isMobile": false - }; +}; + +const AUTH0_LOG_EVENT_WHEN_TYPE_NULL = { + "date": "2020-01-13T15:19:38.386Z", + "type": null, + "description": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "ip": "186.146.147.72", + "user_agent": "Chrome 79.0.3945 / Mac OS X 10.14.6", + "details": { + "body": {}, + "qs": { + "client_id": "SomeClienIt", + "response_type": "token id_token", + "redirect_uri": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", + "scope": "openid user_metadata", + "audience": "https://alertlogic.com/", + "prompt": "none", + "state": "kZHEddx~cnenEqTXpQZO3-6ekOqtz~CO", + "nonce": "byqjPRX1tDj9dX_8SB3eHG54e4lUNQLE", + "response_mode": "web_message", + "auth0Client": "auth0Client=" + }, + "connection": null, + "error": { + "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "code": "unauthorized_client", + "status": 403, + "name": "CallbackMismatchError", + "authorized": [ + "http://localhost:8080" + ], + "attempt": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", + "client": { + "clientID": "8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4" + }, + "log_url": "https://manage.auth0.com/#/logs/" + }, + "type": "callback-url-mismatch" + } + }, + "hostname": "alertlogic-integration.auth0.com", + "auth0_client": { + "name": "auth0.js", + "version": "9.12.1" + }, + "log_id": "90020200113151943625000993024408641221974042823186448498", + "_id": "90020200113151943625000993024408641221974042823186448498", + "isMobile": false +}; + +const AUTH0_LOG_EVENT_WHEN_DATE_NULL = { + "date": null, + "type": "fsa", + "description": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "ip": "186.146.147.72", + "user_agent": "Chrome 79.0.3945 / Mac OS X 10.14.6", + "details": { + "body": {}, + "qs": { + "client_id": "SomeClienIt", + "response_type": "token id_token", + "redirect_uri": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", + "scope": "openid user_metadata", + "audience": "https://alertlogic.com/", + "prompt": "none", + "state": "kZHEddx~cnenEqTXpQZO3-6ekOqtz~CO", + "nonce": "byqjPRX1tDj9dX_8SB3eHG54e4lUNQLE", + "response_mode": "web_message", + "auth0Client": "auth0Client=" + }, + "connection": null, + "error": { + "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "oauthError": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4/settings' and make sure you are sending the same callback url from your application.", + "payload": { + "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", + "code": "unauthorized_client", + "status": 403, + "name": "CallbackMismatchError", + "authorized": [ + "http://localhost:8080" + ], + "attempt": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", + "client": { + "clientID": "8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4" + }, + "log_url": "https://manage.auth0.com/#/logs/" + }, + "type": "callback-url-mismatch" + } + }, + "hostname": "alertlogic-integration.auth0.com", + "auth0_client": { + "name": "auth0.js", + "version": "9.12.1" + }, + "log_id": "90020200113151943625000993024408641221974042823186448498", + "_id": "90020200113151943625000993024408641221974042823186448498", + "isMobile": false +}; const FUNCTION_ARN = 'arn:aws:lambda:us-east-1:352283894008:function:test-01-CollectLambdaFunction-2CWNLPPW5XO8'; const FUNCTION_NAME = 'test-TestCollectLambdaFunction-1JNNKQIPOTEST'; @@ -79,5 +181,7 @@ module.exports = { AIMS_TEST_CREDS: AIMS_TEST_CREDS, FUNCTION_ARN: FUNCTION_ARN, FUNCTION_NAME: FUNCTION_NAME, - AUTH0_LOG_EVENT: AUTH0_LOG_EVENT + AUTH0_LOG_EVENT: AUTH0_LOG_EVENT, + AUTH0_LOG_EVENT_WHEN_TYPE_NULL: AUTH0_LOG_EVENT_WHEN_TYPE_NULL, + AUTH0_LOG_EVENT_WHEN_DATE_NULL: AUTH0_LOG_EVENT_WHEN_DATE_NULL }; diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index e94bdc66..2cdead96 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -169,11 +169,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - const msg = { - "type": null, - "date": "2020-01-13T15:19:38.386Z" - }; - let fmt = collector.pawsFormatLog(msg); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT_WHEN_TYPE_NULL); assert.equal(fmt.messageTypeId, undefined); done(); }); @@ -193,11 +189,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - const msg = { - "type": "fsa", - "date": null - }; - let fmt = collector.pawsFormatLog(msg); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT_WHEN_DATE_NULL); assert.equal(fmt.messageTsUs, undefined); done(); }); From 7eccf99e45e118b87ed221fe749a18abfece23a6 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 25 Jan 2023 13:09:41 +0530 Subject: [PATCH 11/32] changes in package.json test scripts From d028934cecc526b17f1a17fe77709cf0860cc317 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 31 Jan 2023 18:46:14 +0530 Subject: [PATCH 12/32] changes in auth0_mock.js and auth0_test.js --- collectors/auth0/test/auth0_mock.js | 106 +--------------------------- collectors/auth0/test/auth0_test.js | 4 +- 2 files changed, 3 insertions(+), 107 deletions(-) diff --git a/collectors/auth0/test/auth0_mock.js b/collectors/auth0/test/auth0_mock.js index 5407c37c..85ea6c8a 100644 --- a/collectors/auth0/test/auth0_mock.js +++ b/collectors/auth0/test/auth0_mock.js @@ -72,108 +72,6 @@ const AUTH0_LOG_EVENT = { "isMobile": false }; -const AUTH0_LOG_EVENT_WHEN_TYPE_NULL = { - "date": "2020-01-13T15:19:38.386Z", - "type": null, - "description": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "ip": "186.146.147.72", - "user_agent": "Chrome 79.0.3945 / Mac OS X 10.14.6", - "details": { - "body": {}, - "qs": { - "client_id": "SomeClienIt", - "response_type": "token id_token", - "redirect_uri": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", - "scope": "openid user_metadata", - "audience": "https://alertlogic.com/", - "prompt": "none", - "state": "kZHEddx~cnenEqTXpQZO3-6ekOqtz~CO", - "nonce": "byqjPRX1tDj9dX_8SB3eHG54e4lUNQLE", - "response_mode": "web_message", - "auth0Client": "auth0Client=" - }, - "connection": null, - "error": { - "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "oauthError": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4/settings' and make sure you are sending the same callback url from your application.", - "payload": { - "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "code": "unauthorized_client", - "status": 403, - "name": "CallbackMismatchError", - "authorized": [ - "http://localhost:8080" - ], - "attempt": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", - "client": { - "clientID": "8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4" - }, - "log_url": "https://manage.auth0.com/#/logs/" - }, - "type": "callback-url-mismatch" - } - }, - "hostname": "alertlogic-integration.auth0.com", - "auth0_client": { - "name": "auth0.js", - "version": "9.12.1" - }, - "log_id": "90020200113151943625000993024408641221974042823186448498", - "_id": "90020200113151943625000993024408641221974042823186448498", - "isMobile": false -}; - -const AUTH0_LOG_EVENT_WHEN_DATE_NULL = { - "date": null, - "type": "fsa", - "description": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "ip": "186.146.147.72", - "user_agent": "Chrome 79.0.3945 / Mac OS X 10.14.6", - "details": { - "body": {}, - "qs": { - "client_id": "SomeClienIt", - "response_type": "token id_token", - "redirect_uri": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", - "scope": "openid user_metadata", - "audience": "https://alertlogic.com/", - "prompt": "none", - "state": "kZHEddx~cnenEqTXpQZO3-6ekOqtz~CO", - "nonce": "byqjPRX1tDj9dX_8SB3eHG54e4lUNQLE", - "response_mode": "web_message", - "auth0Client": "auth0Client=" - }, - "connection": null, - "error": { - "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "oauthError": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4/settings' and make sure you are sending the same callback url from your application.", - "payload": { - "message": "Callback URL mismatch. https://account-beta-navigation.ui-dev.product.dev.alertlogic.com is not in the list of allowed callback URLs", - "code": "unauthorized_client", - "status": 403, - "name": "CallbackMismatchError", - "authorized": [ - "http://localhost:8080" - ], - "attempt": "https://account-beta-navigation.ui-dev.product.dev.alertlogic.com", - "client": { - "clientID": "8eMblSx2Ead6nT7SeXffXbHT1I4JyAI4" - }, - "log_url": "https://manage.auth0.com/#/logs/" - }, - "type": "callback-url-mismatch" - } - }, - "hostname": "alertlogic-integration.auth0.com", - "auth0_client": { - "name": "auth0.js", - "version": "9.12.1" - }, - "log_id": "90020200113151943625000993024408641221974042823186448498", - "_id": "90020200113151943625000993024408641221974042823186448498", - "isMobile": false -}; - const FUNCTION_ARN = 'arn:aws:lambda:us-east-1:352283894008:function:test-01-CollectLambdaFunction-2CWNLPPW5XO8'; const FUNCTION_NAME = 'test-TestCollectLambdaFunction-1JNNKQIPOTEST'; @@ -181,7 +79,5 @@ module.exports = { AIMS_TEST_CREDS: AIMS_TEST_CREDS, FUNCTION_ARN: FUNCTION_ARN, FUNCTION_NAME: FUNCTION_NAME, - AUTH0_LOG_EVENT: AUTH0_LOG_EVENT, - AUTH0_LOG_EVENT_WHEN_TYPE_NULL: AUTH0_LOG_EVENT_WHEN_TYPE_NULL, - AUTH0_LOG_EVENT_WHEN_DATE_NULL: AUTH0_LOG_EVENT_WHEN_DATE_NULL + AUTH0_LOG_EVENT: AUTH0_LOG_EVENT }; diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 2cdead96..895fc4fa 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -169,7 +169,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT_WHEN_TYPE_NULL); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.type=null); assert.equal(fmt.messageTypeId, undefined); done(); }); @@ -189,7 +189,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT_WHEN_DATE_NULL); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.date=null); assert.equal(fmt.messageTsUs, undefined); done(); }); From ec6bb05fa423f66adf06f9f8a14c2b2650baa92a Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 1 Feb 2023 13:18:32 +0530 Subject: [PATCH 13/32] updated package.json version --- collectors/auth0/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json index 44a29e98..8d235f79 100644 --- a/collectors/auth0/package.json +++ b/collectors/auth0/package.json @@ -1,6 +1,6 @@ { "name": "auth0-collector", - "version": "1.1.44", + "version": "1.1.45", "description": "Alert Logic AWS based Auth0 Log Collector extension", "repository": {}, "private": true, From 0676e484a85803faf07d9a7c0127b48ca87abb29 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Thu, 2 Feb 2023 13:12:54 +0530 Subject: [PATCH 14/32] updated auth0_test.js and utils_test.js --- collectors/auth0/test/auth0_test.js | 6 ++++-- collectors/auth0/test/utils_test.js | 7 +++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 895fc4fa..805b14ee 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -169,7 +169,8 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.type=null); + auth0Mock.AUTH0_LOG_EVENT.type = null; + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.type); assert.equal(fmt.messageTypeId, undefined); done(); }); @@ -189,7 +190,8 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.date=null); + auth0Mock.AUTH0_LOG_EVENT.date=null; + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.date); assert.equal(fmt.messageTsUs, undefined); done(); }); diff --git a/collectors/auth0/test/utils_test.js b/collectors/auth0/test/utils_test.js index b1a27e73..a2f8179e 100644 --- a/collectors/auth0/test/utils_test.js +++ b/collectors/auth0/test/utils_test.js @@ -44,7 +44,10 @@ describe('Unit Tests', function () { getLogsStub = sinon.stub(auth0Client, 'getLogs').callsFake( function fakeFn() { return new Promise(function (resolve, reject) { - return reject(new Error("Test Error")); + return reject({ statusCode: 503, + error: "Service Unavailable", + message: "The API service is temporarily unavailable, please try again later" + }); }); }); @@ -58,7 +61,7 @@ describe('Unit Tests', function () { utils.getAPILogs(auth0Client, state, accumulator, maxPagesPerInvocation) .catch(err => { - assert.equal(err.message, "Test Error", "Error message is not correct"); + assert.equal(err.message, "The API service is temporarily unavailable, please try again later", "Error message is not correct"); getLogsStub.restore(); done(); }); From 9ed908b450bec3c80efda5dcb656a31be3116b69 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Thu, 9 Feb 2023 15:22:03 +0530 Subject: [PATCH 15/32] carbon black testcases added --- .../carbonblack/test/carbonblack_mock.js | 2 + collectors/carbonblack/test/utils_test.js | 99 +++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/collectors/carbonblack/test/carbonblack_mock.js b/collectors/carbonblack/test/carbonblack_mock.js index 89932bb8..3e028b44 100644 --- a/collectors/carbonblack/test/carbonblack_mock.js +++ b/collectors/carbonblack/test/carbonblack_mock.js @@ -19,6 +19,8 @@ process.env.paws_api_secret = "api-secret"; process.env.collector_streams = "[\"AuditLogEvents\", \"SearchAlerts\",\"SearchAlertsCBAnalytics\", \"SearchAlertsWatchlist\"]"; process.env.paws_collector_param_string_2 = "carbonblackOrgKey"; process.env.paws_endpoint = "https://api-url.conferdeploy.net"; +process.env.collector_streams_null = "[\"AuditLogEventsCB\", \"SearchAlertsCB\",\"SearchAlertsCBAnalyticsCB\", \"SearchAlertsWatchlistCB\"]"; + const AIMS_TEST_CREDS = { access_key_id: 'test-access-key-id', diff --git a/collectors/carbonblack/test/utils_test.js b/collectors/carbonblack/test/utils_test.js index e3c81727..9c0ce61c 100644 --- a/collectors/carbonblack/test/utils_test.js +++ b/collectors/carbonblack/test/utils_test.js @@ -115,5 +115,104 @@ describe('Unit Tests', function () { }); }); }); +describe('Get API Logs (GET) with Error', function () { + it('Get API Logs with Error (GET)', function (done) { + alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( + function fakeFn(path, extraOptions) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + let maxPagesPerInvocation = 5; + const startDate = moment().subtract(5, 'minutes'); + let state = { + stream: "AuditLogEvents", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + let apiDetails = { + url: "url", + method: "GET", + requestBody:"", + typeIdPaths: [{ path: ["eventId"] }], + tsPaths: [{ path: ["eventTime"] }] + }; + let accumulator = []; + const apiEndpoint = process.env.paws_endpoint; + const clientSecret = process.env.paws_api_secret; + const clientId = process.env.paws_api_client_id; + + utils.getAPILogs(apiDetails, accumulator, apiEndpoint, state, clientSecret, clientId, maxPagesPerInvocation).catch(err => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + alserviceStub.get.restore(); + done(); + }); + }); +}); + + +describe('Get API Logs (POST Request) with Error', function () { + it('Get API Logs with Error (POST)', function (done) { + alserviceStub.post = sinon.stub(RestServiceClient.prototype, 'post').callsFake( + function fakeFn(path, extraOptions) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + let maxPagesPerInvocation = 5; + const startDate = moment().subtract(5, 'minutes'); + let state = { + stream: "SearchAlerts", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + let apiDetails = { + url: "url", + method: "POST", + requestBody:{ + "criteria": { + "create_time": { + "end": state.until, + "start": state.since + }, + }, + "rows": 0, + "start": 0 + }, + typeIdPaths: [{ path: ["id"] }], + tsPaths: [{ path: ["last_update_time"] }] + }; + let accumulator = []; + const apiEndpoint = process.env.paws_endpoint; + const clientSecret = process.env.paws_api_secret; + const clientId = process.env.paws_api_client_id; + utils.getAPILogs(apiDetails, accumulator, apiEndpoint, state, clientSecret, clientId, maxPagesPerInvocation).catch(err => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + alserviceStub.post.restore(); + done(); + }); + }); +}); +describe('Get API Details when state.stream is null', function () { + it('Get API Details when state.stream is null', function (done) { + const startDate = moment().subtract(5, 'minutes'); + const orgKey = "orgKey"; + let apiDetails = []; + const apiNames = JSON.parse(process.env.collector_streams_null); + apiNames.map(stream => { + let state = { + stream: null, + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + apiDetails.push(utils.getAPIDetails(state, orgKey)); + }); + assert(apiDetails.length == apiNames.length, "apiDetails length is wrong"); + done(); + }); +}); \ No newline at end of file From 8ea74737b96e6d72d41499e7587e5483cb027fb9 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 17 Feb 2023 11:42:55 +0530 Subject: [PATCH 16/32] updated log format testcase for auth0 --- collectors/auth0/test/auth0_test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 805b14ee..2dd85395 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -191,7 +191,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); auth0Mock.AUTH0_LOG_EVENT.date=null; - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.date); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT); assert.equal(fmt.messageTsUs, undefined); done(); }); From e14dd72bdad64cbb673cce443eb625918ccb972f Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 17 Feb 2023 11:46:56 +0530 Subject: [PATCH 17/32] updated testcase --- collectors/auth0/test/auth0_test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/auth0/test/auth0_test.js b/collectors/auth0/test/auth0_test.js index 2dd85395..c85f8dec 100644 --- a/collectors/auth0/test/auth0_test.js +++ b/collectors/auth0/test/auth0_test.js @@ -170,7 +170,7 @@ describe('Unit Tests', function () { Auth0Collector.load().then(function (creds) { var collector = new Auth0Collector(ctx, creds); auth0Mock.AUTH0_LOG_EVENT.type = null; - let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT.type); + let fmt = collector.pawsFormatLog(auth0Mock.AUTH0_LOG_EVENT); assert.equal(fmt.messageTypeId, undefined); done(); }); From 6574067cf41a1a709e57798e3cd34a597b398383 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 17 Feb 2023 14:12:29 +0530 Subject: [PATCH 18/32] added testcase for googlestackdriver when the difference between the current moment and a given startTs timestamp is more than 7 days --- collectors/googlestackdriver/package.json | 2 +- collectors/googlestackdriver/test/test.js | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/collectors/googlestackdriver/package.json b/collectors/googlestackdriver/package.json index 42bb0355..384afe3e 100644 --- a/collectors/googlestackdriver/package.json +++ b/collectors/googlestackdriver/package.json @@ -1,6 +1,6 @@ { "name": "googlestackdriver-collector", - "version": "1.1.46", + "version": "1.1.47", "description": "Alert Logic AWS based Googlestackdriver Log Collector", "repository": {}, "private": true, diff --git a/collectors/googlestackdriver/test/test.js b/collectors/googlestackdriver/test/test.js index af33fd59..a8899522 100644 --- a/collectors/googlestackdriver/test/test.js +++ b/collectors/googlestackdriver/test/test.js @@ -102,6 +102,20 @@ describe('Unit Tests', function() { }); }); }); + it('when the difference between the current moment and a given startTs timestamp is more than 7 days', function(done) { + GooglestackdriverCollector.load().then(function(creds) { + var collector = new GooglestackdriverCollector(ctx, creds); + const startDate = moment().subtract(8, 'days').toISOString(); + process.env.paws_collection_start_ts = startDate; + + collector.pawsInitCollectionState(googlestackdriverMock.LOG_EVENT, (err, initialStates, nextPoll) => { + initialStates.forEach((state) => { + assert.equal(moment(state.until).diff(state.since, 'days'), 7); + }); + done(); + }); + }); + }); }); describe('pawsGetLogs', function() { From 0f985df0f5d5a7c1939413195578ded961c68f24 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 17 Feb 2023 15:20:04 +0530 Subject: [PATCH 19/32] testcases added for crowdstrike --- collectors/crowdstrike/package.json | 2 +- .../crowdstrike/test/crowd-strike-test.js | 158 ++++++++++++++++++ collectors/crowdstrike/test/utils-test.js | 27 ++- 3 files changed, 185 insertions(+), 2 deletions(-) diff --git a/collectors/crowdstrike/package.json b/collectors/crowdstrike/package.json index f583e7da..da64d2fc 100644 --- a/collectors/crowdstrike/package.json +++ b/collectors/crowdstrike/package.json @@ -1,6 +1,6 @@ { "name": "crowdstrike-collector", - "version": "1.0.22", + "version": "1.0.23", "description": "Alert Logic AWS based Crowdstrike Log Collector", "repository": {}, "private": true, diff --git a/collectors/crowdstrike/test/crowd-strike-test.js b/collectors/crowdstrike/test/crowd-strike-test.js index c06da378..b455c9cf 100644 --- a/collectors/crowdstrike/test/crowd-strike-test.js +++ b/collectors/crowdstrike/test/crowd-strike-test.js @@ -169,6 +169,164 @@ describe('Unit Tests', function () { }); }); }); + describe('pawsGetLogs Success when state.stream is Incident', function () { + let ctx = { + invokedFunctionArn: crowdstrikeMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + }, + succeed: function () { } + }; + it('Paws Get Logs Success when state.stream is Incident', function (done) { + setAlServiceStub(); + CrowdstrikeCollector.load().then(function (creds) { + var collector = new CrowdstrikeCollector(ctx, creds, 'crowdstrike'); + const startDate = moment().subtract(3, 'days'); + const curState = { + stream: "Incident", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + offset: 0, + poll_interval_sec: 1 + }; + + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(logs.length, 1); + assert.equal(newState.poll_interval_sec, 1); + assert.ok(logs[0].incident_id); + done(); + }); + + }); + }); + }); + + describe('pawsGetLogs (getIncidents) Error', function () { + let ctx = { + invokedFunctionArn: crowdstrikeMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + }, + succeed: function () { } + }; + + it('Paws Get Logs (getIncidents) Error', function (done) { + authenticate = sinon.stub(utils, 'authenticate').callsFake( + function fakeFn(baseUrl, client_id, client_secret) { + return new Promise(function (resolve, reject) { + return resolve(crowdstrikeMock.AUTHENTICATE.access_token); + }); + } + ); + getList = sinon.stub(utils, 'getList').callsFake( + function fakeFn(apiDetails, accumulator, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return resolve({ accumulator: crowdstrikeMock.LIST.resources, total: 1 }); + }); + }); + getIncidents = sinon.stub(utils, 'getIncidents').callsFake( + function fakeFn(ids, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + getDetections = sinon.stub(utils, 'getDetections').callsFake( + function fakeFn(ids, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return resolve({ resources: crowdstrikeMock.DETECTION_LOG_EVENT.resources}); + }); + }); + getAPIDetails = sinon.stub(utils, 'getAPIDetails').callsFake( + function fakeFn(state) { + return { + url: "url", + method: "GET", + requestBody: "sortFieldName", + typeIdPaths: [{ path: ["incident_id"] }], + tsPaths: [{ path: ["created_timestamp"] }] + }; + }); + CrowdstrikeCollector.load().then(function (creds) { + var collector = new CrowdstrikeCollector(ctx, creds, 'crowdstrike'); + const startDate = moment().subtract(3, 'days'); + const curState = { + stream: "Incident", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + offset: 0, + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + done(); + }); + + }); + }); + }); + + describe('pawsGetLogs (getDetections) Error', function () { + let ctx = { + invokedFunctionArn: crowdstrikeMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + }, + succeed: function () { } + }; + it('Paws Get Logs (getDetections) Error', function (done) { + authenticate = sinon.stub(utils, 'authenticate').callsFake( + function fakeFn(baseUrl, client_id, client_secret) { + return new Promise(function (resolve, reject) { + return resolve(crowdstrikeMock.AUTHENTICATE.access_token); + }); + } + ); + getList = sinon.stub(utils, 'getList').callsFake( + function fakeFn(apiDetails, accumulator, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return resolve({ accumulator: crowdstrikeMock.LIST.resources, total: 1 }); + }); + }); + getIncidents = sinon.stub(utils, 'getIncidents').callsFake( + function fakeFn(ids, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return resolve({ resources: crowdstrikeMock.INCIDENT_LOG_EVENT.resources}); + }); + }); + getDetections = sinon.stub(utils, 'getDetections').callsFake( + function fakeFn(ids, apiEndpoint, token) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + getAPIDetails = sinon.stub(utils, 'getAPIDetails').callsFake( + function fakeFn(state) { + return { + url: "url", + method: "GET", + requestBody: "sortFieldName", + typeIdPaths: [{ path: ["detection_id"] }], + tsPaths: [{ path: ["created_timestamp"] }] + }; + }); + CrowdstrikeCollector.load().then(function (creds) { + var collector = new CrowdstrikeCollector(ctx, creds, 'crowdstrike'); + const startDate = moment().subtract(3, 'days'); + const curState = { + stream: "Detection", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + offset: 0, + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + done(); + }); + + }); + }); + }); describe('Format Tests', function () { it('log format success', function (done) { diff --git a/collectors/crowdstrike/test/utils-test.js b/collectors/crowdstrike/test/utils-test.js index bfc621a1..1372e7a7 100644 --- a/collectors/crowdstrike/test/utils-test.js +++ b/collectors/crowdstrike/test/utils-test.js @@ -168,5 +168,30 @@ describe('Unit Tests', function () { }); }); }); - +describe('Get API Logs (GET) with Error', function () { + it('Get API Logs with Error (GET)', function (done) { + alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( + function fakeFn(path, extraOptions) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + let apiDetails = { + url: "url", + method: "GET", + requestBody:"", + typeIdPaths: [{ path: ["eventId"] }], + tsPaths: [{ path: ["eventTime"] }] + }; + let accumulator = []; + const apiEndpoint = process.env.paws_endpoint; + const token = crowdstrikeMock.AUTHENTICATE.access_token; + + utils.getList(apiDetails, accumulator, apiEndpoint, token).catch(err => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + alserviceStub.get.restore(); + done(); + }); + }); +}); From a77f036e3b8a6ef6a7106c2519867082b565f62b Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Fri, 17 Feb 2023 16:32:03 +0530 Subject: [PATCH 20/32] updated version in package.json --- collectors/carbonblack/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collectors/carbonblack/package.json b/collectors/carbonblack/package.json index a6610ad0..abf2e36d 100644 --- a/collectors/carbonblack/package.json +++ b/collectors/carbonblack/package.json @@ -1,6 +1,6 @@ { "name": "carbonblack-collector", - "version": "1.0.40", + "version": "1.0.41", "description": "Alert Logic AWS based Carbonblack Log Collector", "repository": {}, "private": true, From 293c68e4ceca48474db6f1cee4e88e95f4b4b999 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Mon, 20 Feb 2023 19:18:29 +0530 Subject: [PATCH 21/32] added one testcase for googlestackdriver --- collectors/googlestackdriver/test/test.js | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/collectors/googlestackdriver/test/test.js b/collectors/googlestackdriver/test/test.js index a8899522..b2e1b392 100644 --- a/collectors/googlestackdriver/test/test.js +++ b/collectors/googlestackdriver/test/test.js @@ -403,6 +403,22 @@ describe('Unit Tests', function() { done(); }); }); + it('get next state when pageSize is given and less than MAX_PAGE_SIZE', function(done) { + GooglestackdriverCollector.load().then(function(creds) { + var collector = new GooglestackdriverCollector(ctx, creds); + const startDate = moment().subtract(collector.pollInterval * 2, 'seconds'); + const curState = { + since: startDate.toISOString(), + until: startDate.add(collector.pollInterval, 'seconds').toISOString(), + poll_interval_sec: 1, + pageSize: 370 + }; + const newState = collector._getNextCollectionState(curState); + assert.equal(moment(newState.until).diff(newState.since, 'seconds'), collector.pollInterval); + assert.equal(newState.poll_interval_sec, 300); + done(); + }); + }); }); describe('Format Tests', function() { it('log format JSON success', function(done) { From d64d6aa063728d94e874dd2405eca274220fac54 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Wed, 22 Feb 2023 18:24:08 +0530 Subject: [PATCH 22/32] added testcases for gsuite collector --- collectors/gsuite/package.json | 2 +- collectors/gsuite/test/gsuite_test.js | 69 +++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/collectors/gsuite/package.json b/collectors/gsuite/package.json index 90394e0d..6dc7c9a5 100644 --- a/collectors/gsuite/package.json +++ b/collectors/gsuite/package.json @@ -1,6 +1,6 @@ { "name": "gsuite-collector", - "version": "1.2.39", + "version": "1.2.40", "description": "Alert Logic AWS based Gsuite Log Collector", "repository": {}, "private": true, diff --git a/collectors/gsuite/test/gsuite_test.js b/collectors/gsuite/test/gsuite_test.js index e3a40a38..c42db1f0 100644 --- a/collectors/gsuite/test/gsuite_test.js +++ b/collectors/gsuite/test/gsuite_test.js @@ -156,6 +156,35 @@ describe('Unit Tests', function () { }); }); + it('Paws Get Logs Success when nextPage is not undefined', function (done) { + listEvent = sinon.stub(utils, 'listEvents').callsFake( + function fakeFn(path) { + return new Promise(function (resolve, reject) { + return resolve({ accumulator: [gsuiteMock.LOG_EVENT, gsuiteMock.LOG_EVENT], nextPage: null }); + }); + }); + + GsuiteCollector.load().then(function (creds) { + var collector = new GsuiteCollector(ctx, creds, 'gsuite'); + const startDate = moment().subtract(3, 'days'); + const curState = { + application: "login", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(logs.length, 2); + assert.equal(newState.poll_interval_sec, 1); + assert.ok(logs[0].kind); + listEvent.restore(); + done(); + }); + + }); + }); + it('Paws Get Logs with API Quota Reset Date', function (done) { listEvent = sinon.stub(utils, 'listEvents').callsFake( function fakeFn(path) { @@ -272,6 +301,46 @@ describe('Unit Tests', function () { done(); }); }); + it('log format when kind is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: gsuiteMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + GsuiteCollector.load().then(function (creds) { + var collector = new GsuiteCollector(ctx, creds, 'gsuite'); + gsuiteMock.LOG_EVENT.kind = null; + let fmt = collector.pawsFormatLog(gsuiteMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + it('log format when time is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: gsuiteMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + GsuiteCollector.load().then(function (creds) { + var collector = new GsuiteCollector(ctx, creds, 'gsuite'); + gsuiteMock.LOG_EVENT.id.time=null; + let fmt = collector.pawsFormatLog(gsuiteMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('Next State Tests', function () { From a198c8ee973ec42618007a0eebf727b09a854b19 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Thu, 23 Feb 2023 15:02:54 +0530 Subject: [PATCH 23/32] added testcases for salesforce collector --- collectors/salesforce/package.json | 2 +- collectors/salesforce/test/salesforce_test.js | 162 +++++++++++++++ collectors/salesforce/test/utils_test.js | 187 ++++++++++++++++++ 3 files changed, 350 insertions(+), 1 deletion(-) diff --git a/collectors/salesforce/package.json b/collectors/salesforce/package.json index 5c40e42c..f44bf039 100644 --- a/collectors/salesforce/package.json +++ b/collectors/salesforce/package.json @@ -1,6 +1,6 @@ { "name": "salesforce-collector", - "version": "1.1.43", + "version": "1.1.44", "description": "Alert Logic AWS based Salesforce Log Collector", "repository": {}, "private": true, diff --git a/collectors/salesforce/test/salesforce_test.js b/collectors/salesforce/test/salesforce_test.js index 83976e6c..3461a135 100644 --- a/collectors/salesforce/test/salesforce_test.js +++ b/collectors/salesforce/test/salesforce_test.js @@ -186,6 +186,36 @@ describe('Unit Tests', function () { }); }); + it('Paws Get Logs Success when nextPage is not undefined', function (done) { + + getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( + function fakeFn(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return resolve({ accumulator: [salesforceMock.LOG_EVENT, salesforceMock.LOG_EVENT], nextPage: null }); + }); + }); + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + const startDate = moment().subtract(3, 'days'); + const curState = { + object: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(logs.length, 2); + assert.equal(newState.poll_interval_sec, 1); + assert.ok(logs[0].attributes); + getObjectLogs.restore(); + done(); + }); + + }); + }); + it('Paws Get Logs with API Quota Reset Date', function (done) { getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( @@ -250,6 +280,116 @@ describe('Unit Tests', function () { }); }); + + it('Paws Get Logs error when Error code is other than REQUEST_LIMIT_EXCEEDED', function (done) { + + getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( + function fakeFn(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject({ errorCode: "Service Unavailable" }); + }); + }); + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + const startDate = moment().subtract(3, 'days'); + const curState = { + object: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.strictEqual(err.errorCode, 'Service Unavailable'); + getObjectLogs.restore(); + done(); + }); + + }); + }); + + it('Paws Get Logs error when Error code is INVALID_FIELD', function (done) { + + getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( + function fakeFn(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject({ errorCode: "INVALID_FIELD" }); + }); + }); + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + const startDate = moment().subtract(3, 'days'); + const curState = { + object: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.strictEqual(err.errorCode, 'INVALID_FIELD'); + getObjectLogs.restore(); + done(); + }); + + }); + }); + + it('Paws Get Logs error when Error code is INVALID_TYPE', function (done) { + + getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( + function fakeFn(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject({ errorCode: "INVALID_TYPE" }); + }); + }); + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + const startDate = moment().subtract(3, 'days'); + const curState = { + object: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.strictEqual(err.errorCode, 'INVALID_TYPE'); + getObjectLogs.restore(); + done(); + }); + + }); + }); + + it('Paws Get Logs error when Error code is INVALID_SESSION_ID', function (done) { + + getObjectLogs = sinon.stub(utils, 'getObjectLogs').callsFake( + function fakeFn(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject({ errorCode: "INVALID_SESSION_ID" }); + }); + }); + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + const startDate = moment().subtract(3, 'days'); + const curState = { + object: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.strictEqual(err.errorCode, 'INVALID_SESSION_ID'); + getObjectLogs.restore(); + done(); + }); + + }); + }); + + }); @@ -355,6 +495,28 @@ describe('Unit Tests', function () { done(); }); }); + it('log format when type is null or undefined', function (done) { + setAlServiceStub(); + let ctx = { + invokedFunctionArn: salesforceMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + SalesforceCollector.load().then(function (creds) { + var collector = new SalesforceCollector(ctx, creds, 'salesforce'); + collector.tsPaths = [{ path: ["LastLoginDate"] }]; + salesforceMock.LOG_EVENT.attributes = null; + let fmt = collector.pawsFormatLog(salesforceMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); }); diff --git a/collectors/salesforce/test/utils_test.js b/collectors/salesforce/test/utils_test.js index 879004b6..996fbc30 100644 --- a/collectors/salesforce/test/utils_test.js +++ b/collectors/salesforce/test/utils_test.js @@ -49,6 +49,66 @@ describe('Unit Tests', function () { done(); }); }); + + it('Get Object Logs when state.stream is LoginHistory', function (done) { + mockActivityObject = sinon.stub(conn, 'query').callsFake( + function fakeFn(err, result) { + return result(null, { records: [salesforceMock.LOG_EVENT] }); + }); + let maxPagesPerInvocation = 5; + let response = { + body: `{}` + }; + let objectQueryDetails = { + query: "query", + tsPaths: [{ path: ["LastLoginDate"] }], + sortFieldName: "Id", + sortType: "ASC" + }; + const startDate = moment().subtract(5, 'minutes'); + let state = { + object: "LoginHistory", + stream: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + let accumulator = []; + utils.getObjectLogs(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation).then(data => { + assert(accumulator.length == 5, "accumulator length is wrong"); + done(); + }); + }); + + it('Get Object Logs when state.stream is LoginAsEvent', function (done) { + mockActivityObject = sinon.stub(conn, 'query').callsFake( + function fakeFn(err, result) { + return result(null, { records: [salesforceMock.LOG_EVENT] }); + }); + let maxPagesPerInvocation = 5; + let response = { + body: `{}` + }; + let objectQueryDetails = { + query: "query", + tsPaths: [{ path: ["LastLoginDate"] }], + sortFieldName: "Id", + sortType: "ASC" + }; + const startDate = moment().subtract(5, 'minutes'); + let state = { + object: "LoginAsEvent", + stream: "LoginAsEvent", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + let accumulator = []; + utils.getObjectLogs(response, objectQueryDetails, accumulator, state, maxPagesPerInvocation).then(data => { + assert(accumulator.length == 5, "accumulator length is wrong"); + done(); + }); + }); }); describe('Get Object Logs with no records', function () { @@ -99,5 +159,132 @@ describe('Unit Tests', function () { assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); done(); }); + + it('Get Object Query when state.stream is LoginHistory', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "LoginHistory", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is EventLogFile', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "EventLogFile", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is ApiEvent', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "ApiEvent", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is LoginEvent', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "LoginEvent", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is LogoutEvent', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "LogoutEvent", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is LoginAsEvent', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: "LoginAsEvent", + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + + it('Get Object Query when state.stream is null', function (done) { + const startDate = moment().subtract(5, 'minutes'); + let objectQueryDetails = []; + const objectNames = JSON.parse(process.env.collector_streams); + objectNames.map(object => { + let state = { + object: object, + stream: null, + since: startDate.toISOString(), + until: startDate.add(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + objectQueryDetails.push(utils.getObjectQuery(state)); + }); + assert(objectQueryDetails.length == objectNames.length, "objectQueryDetails length is wrong"); + done(); + }); + }); }); \ No newline at end of file From 954c5e9f2310487466970fb9f19937e05fecc2f6 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Thu, 23 Feb 2023 19:15:12 +0530 Subject: [PATCH 24/32] added testcases for sentinelone collector --- collectors/sentinelone/package.json | 2 +- .../sentinelone/test/sentinelone_test.js | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/collectors/sentinelone/package.json b/collectors/sentinelone/package.json index f0fe7982..6cba193e 100644 --- a/collectors/sentinelone/package.json +++ b/collectors/sentinelone/package.json @@ -1,6 +1,6 @@ { "name": "sentinelone-collector", - "version": "1.0.40", + "version": "1.0.41", "description": "Alert Logic AWS based Sentinelone Log Collector", "repository": {}, "private": true, diff --git a/collectors/sentinelone/test/sentinelone_test.js b/collectors/sentinelone/test/sentinelone_test.js index 4f4ad76e..a4759f20 100644 --- a/collectors/sentinelone/test/sentinelone_test.js +++ b/collectors/sentinelone/test/sentinelone_test.js @@ -189,6 +189,47 @@ describe('Unit Tests', function () { done(); }); }); + it('log format when id is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: sentineloneMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + SentineloneCollector.load().then(function (creds) { + var collector = new SentineloneCollector(ctx, creds, 'sentinelone'); + sentineloneMock.LOG_EVENT.id = null; + let fmt = collector.pawsFormatLog(sentineloneMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + + it('log format when createdAt is null or undefined', function (done) { + let ctx = { + invokedFunctionArn: sentineloneMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + SentineloneCollector.load().then(function (creds) { + var collector = new SentineloneCollector(ctx, creds, 'sentinelone'); + sentineloneMock.LOG_EVENT.createdAt = null; + let fmt = collector.pawsFormatLog(sentineloneMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithNextPage', function () { From b0868e4efe16d832da91fea8832fe6a248b0a6e7 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Mon, 27 Feb 2023 13:32:30 +0530 Subject: [PATCH 25/32] testcases added for sophossiem collector --- collectors/sophossiem/package.json | 2 +- collectors/sophossiem/test/sophossiem_test.js | 55 +++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/collectors/sophossiem/package.json b/collectors/sophossiem/package.json index 2592c810..268bbbd4 100644 --- a/collectors/sophossiem/package.json +++ b/collectors/sophossiem/package.json @@ -1,6 +1,6 @@ { "name": "sophossiem-collector", - "version": "1.0.38", + "version": "1.0.39", "description": "Alert Logic AWS based Sophossiem Log Collector", "repository": {}, "private": true, diff --git a/collectors/sophossiem/test/sophossiem_test.js b/collectors/sophossiem/test/sophossiem_test.js index 18735794..26d331a6 100644 --- a/collectors/sophossiem/test/sophossiem_test.js +++ b/collectors/sophossiem/test/sophossiem_test.js @@ -270,6 +270,23 @@ describe('Unit Tests', function () { done(); }); }); + it('Next state tests success when nextPage is null', function (done) { + SophossiemCollector.load().then(function (creds) { + var collector = new SophossiemCollector(ctx, creds, 'sophossiem'); + const startDate = moment(); + const curState = { + stream: "Events", + from_date: startDate.unix(), + poll_interval_sec: 1 + }; + const nextPage = null; + const has_more = true; + let nextState = collector._getNextCollectionState(curState, nextPage, has_more); + assert.equal(nextState.poll_interval_sec, 1); + assert.equal(nextState.nextPage, null); + done(); + }); + }); }); describe('Format Tests', function () { @@ -292,5 +309,43 @@ describe('Unit Tests', function () { done(); }); }); + it('log format success when id is null', function (done) { + let ctx = { + invokedFunctionArn: sophossiemMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + SophossiemCollector.load().then(function (creds) { + var collector = new SophossiemCollector(ctx, creds, 'sophossiem'); + sophossiemMock.LOG_EVENT.id = null; + let fmt = collector.pawsFormatLog(sophossiemMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + it('log format success when created_at is null', function (done) { + let ctx = { + invokedFunctionArn: sophossiemMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + SophossiemCollector.load().then(function (creds) { + var collector = new SophossiemCollector(ctx, creds, 'sophossiem'); + sophossiemMock.LOG_EVENT.created_at = null; + let fmt = collector.pawsFormatLog(sophossiemMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); }); From 2d7fa17186a8058e660917e888ff4a8121ed1f91 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Mon, 27 Feb 2023 13:47:39 +0530 Subject: [PATCH 26/32] added testcases for sophos collector --- collectors/sophos/package.json | 2 +- collectors/sophos/test/sophos_mock.js | 2 +- collectors/sophos/test/sophos_test.js | 42 +++++++++++++++++++++++++++ collectors/sophos/test/utils_test.js | 31 ++++++++++++++++++++ 4 files changed, 75 insertions(+), 2 deletions(-) diff --git a/collectors/sophos/package.json b/collectors/sophos/package.json index 044760a9..f1d319b0 100644 --- a/collectors/sophos/package.json +++ b/collectors/sophos/package.json @@ -1,6 +1,6 @@ { "name": "sophos-collector", - "version": "1.0.40", + "version": "1.0.41", "description": "Alert Logic AWS based Sophos Log Collector", "repository": {}, "private": true, diff --git a/collectors/sophos/test/sophos_mock.js b/collectors/sophos/test/sophos_mock.js index 763b472e..8d1501ca 100644 --- a/collectors/sophos/test/sophos_mock.js +++ b/collectors/sophos/test/sophos_mock.js @@ -43,7 +43,7 @@ const LOG_EVENT = { "person": { "id": "4CC323EE-6D93-4CC5-AD3E-7AF5DC3B1AB9" }, - "raisedAt": "2020-05-30T13:49:11.000Z", + "raisedAt": "2020-05-30T13:49:11.789012Z", "allowedActions": [ "acknowledge", "authPua", diff --git a/collectors/sophos/test/sophos_test.js b/collectors/sophos/test/sophos_test.js index 352788be..2e7528cb 100644 --- a/collectors/sophos/test/sophos_test.js +++ b/collectors/sophos/test/sophos_test.js @@ -32,6 +32,7 @@ describe('Unit Tests', function () { afterEach(function () { responseStub.restore(); + }); describe('pawsInitCollectionState', function () { @@ -435,6 +436,47 @@ describe('Unit Tests', function () { done(); }); }); + it('log format success when id is null', function (done) { + let ctx = { + invokedFunctionArn: sophosMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + SophosCollector.load().then(function (creds) { + var collector = new SophosCollector(ctx, creds, 'sophos'); + sophosMock.LOG_EVENT.id = null; + let fmt = collector.pawsFormatLog(sophosMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + + it('log format success when raisedAt is null', function (done) { + let ctx = { + invokedFunctionArn: sophosMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + SophosCollector.load().then(function (creds) { + var collector = new SophosCollector(ctx, creds, 'sophos'); + sophosMock.LOG_EVENT.raisedAt = null; + let fmt = collector.pawsFormatLog(sophosMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithNextPage', function () { diff --git a/collectors/sophos/test/utils_test.js b/collectors/sophos/test/utils_test.js index ff5e0de9..a10a0142 100644 --- a/collectors/sophos/test/utils_test.js +++ b/collectors/sophos/test/utils_test.js @@ -36,6 +36,37 @@ describe('Unit Tests', function () { }); }); + describe('Get API Logs with Error', function () { + it('Get API Logs with Error', function (done) { + alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( + function fakeFn() { + return new Promise(function (resolve, reject) { + return reject({ statusCode: 503, + error: "Service Unavailable", + message: "The API service is temporarily unavailable, please try again later" + }); + }); + }); + let maxPagesPerInvocation = 5; + let accumulator = []; + let token = "token"; + let tenant_Id = "57ca9a6b-885f-4e36-95ec-290548c26059"; + const baseUrl = "api-us03.central.sophos.com"; + const startDate = moment().subtract(3, 'days'); + const state = { + since: startDate.toISOString(), + until: startDate.add(2, 'days').toISOString(), + nextPage: null, + poll_interval_sec: 1 + }; + utils.getAPILogs(baseUrl, token, tenant_Id, state, accumulator, maxPagesPerInvocation).catch(err => { + assert.equal(err.message, "The API service is temporarily unavailable, please try again later", "Error message is not correct"); + alserviceStub.get.restore(); + done(); + }); + }); + }); + describe('Get API Logs with nextPage', function () { it('Get API Logs with nextPage success', function (done) { alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( From c09c93b1ef12474632ffe638443e1a56bc1661ae Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Mon, 27 Feb 2023 18:50:19 +0530 Subject: [PATCH 27/32] added testcases for office365 collector --- collectors/o365/package.json | 2 +- collectors/o365/test/o365_test.js | 39 ++ collectors/o365/test/o365managment_test.js | 393 +++++++++++++++++++++ 3 files changed, 433 insertions(+), 1 deletion(-) diff --git a/collectors/o365/package.json b/collectors/o365/package.json index 8dbc3404..5aa040e8 100644 --- a/collectors/o365/package.json +++ b/collectors/o365/package.json @@ -1,6 +1,6 @@ { "name": "o365-collector", - "version": "1.2.51", + "version": "1.2.52", "description": "Alert Logic AWS based O365 Log Collector", "repository": {}, "private": true, diff --git a/collectors/o365/test/o365_test.js b/collectors/o365/test/o365_test.js index f36b95cb..313a10d7 100644 --- a/collectors/o365/test/o365_test.js +++ b/collectors/o365/test/o365_test.js @@ -913,5 +913,44 @@ describe('O365 Collector Tests', function() { done(); }); }); + + it('log format when RecordType is null', function(done) { + let ctx = { + invokedFunctionArn : o365Mock.FUNCTION_ARN, + fail : function(error) { + assert.fail(error); + done(); + }, + succeed : function() { + done(); + } + }; + O365Collector.load().then(function(creds) { + var collector = new O365Collector(ctx, creds, 'o365'); + o365Mock.LOG_EVENT.RecordType = null; + let fmt = collector.pawsFormatLog(o365Mock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + it('log format when CreationTime is null', function(done) { + let ctx = { + invokedFunctionArn : o365Mock.FUNCTION_ARN, + fail : function(error) { + assert.fail(error); + done(); + }, + succeed : function() { + done(); + } + }; + O365Collector.load().then(function(creds) { + var collector = new O365Collector(ctx, creds, 'o365'); + o365Mock.LOG_EVENT.CreationTime = null; + let fmt = collector.pawsFormatLog(o365Mock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); }); diff --git a/collectors/o365/test/o365managment_test.js b/collectors/o365/test/o365managment_test.js index 17760ba3..10c5763d 100644 --- a/collectors/o365/test/o365managment_test.js +++ b/collectors/o365/test/o365managment_test.js @@ -16,6 +16,17 @@ function createManagmentInstance(){ return new O365Management(g_appAdCreds, process.env.paws_collector_param_string_1); } +// function createManagmentInstance1(){ +// var g_appAdCreds = new ApplicationTokenCredentials( +// process.env.paws_api_client_id, +// process.env.paws_collector_param_string_1, +// 'a secret', +// 'https://manage.office.com' +// ); + +// return new O365Management(g_appAdCreds, process.env.paws_collector_param_string_1, process.env.publisherId); +// } + describe('O365 managment tests', function() { @@ -151,6 +162,93 @@ describe('O365 managment tests', function() { done(); }); }); + + it('in startSubscription when generateClientRequestId is false', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'POST'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.generateClientRequestId = false; + managementInstance.startSubscription('AFAkeStream', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in startSubscription when acceptedLanguage is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'POST'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.acceptLanguage = null; + managementInstance.startSubscription('AFAkeStream', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in startSubscription when option is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'POST'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.startSubscription('AFAkeStream', null).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + }); describe('listSubscriptions', () => { @@ -216,6 +314,65 @@ describe('O365 managment tests', function() { done(); }); }); + + it('in listSubscriptions when generateClientRequestId is false', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.generateClientRequestId = false; + managementInstance.listSubscriptions({}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in listSubscriptions when acceptedLanguage is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.acceptLanguage = null; + managementInstance.listSubscriptions({}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + }); describe('subscriptionsContent', () => { @@ -281,6 +438,149 @@ describe('O365 managment tests', function() { done(); }); }); + + it('in subscriptionContent when startDate is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.subscriptionsContent('AFakeStream', null, 'endDate', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in subscriptionContent when endDate is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.subscriptionsContent('AFakeStream', 'startDate', null, {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in subscriptionContent when generateClientRequestId is false', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.generateClientRequestId = false; + managementInstance.subscriptionsContent('AFakeStream', 'startDate', 'endDate', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in subscriptionContent when acceptedLanguage is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.acceptLanguage = null; + managementInstance.subscriptionsContent('AFakeStream', 'startDate', 'endDate', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in subscriptionContent when option is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + assert.equal(request.method, 'GET'); + assert.notEqual(request.headers.headersArray(), 0); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.subscriptionsContent('AFakeStream', 'startDate', 'endDate', null).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + }); describe('getPreFormedUrl', () => { @@ -408,6 +708,99 @@ describe('O365 managment tests', function() { done(); }); }); + + it('in getPreFormedUrl when generateClientRequestId is false', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + const query = url.parse(request.url,true).query; + const queryKeys = Object.keys(query); + assert.equal(queryKeys.length, 1); + assert.equal(query.PublisherIdentifier, '79ca7c9d-83ce-498f-952f-4c03b56ab573'); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.generateClientRequestId = false; + managementInstance.getPreFormedUrl('https://www.joeiscool.com', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in getPreFormedUrl when acceptedLanguage is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + const query = url.parse(request.url,true).query; + const queryKeys = Object.keys(query); + assert.equal(queryKeys.length, 1); + assert.equal(query.PublisherIdentifier, '79ca7c9d-83ce-498f-952f-4c03b56ab573'); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.acceptLanguage = null; + managementInstance.getPreFormedUrl('https://www.joeiscool.com', {}).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + + it('in getPreFormedUrl when option is null', (done) => { + sendRequestStub = sinon.stub(O365Management.prototype, 'sendRequest').callsFake( + function fakeFn(request) { + return new Promise(function(resolve, reject) { + const mockRes = { + headers: { + get(key){ + return 'some-header-value'; + } + }, + parsedBody: [{foo: "bar"}], + bodyAsText: '[{"foo": "bar"}]', + status: 200 + }; + + const query = url.parse(request.url,true).query; + const queryKeys = Object.keys(query); + assert.equal(queryKeys.length, 1); + assert.equal(query.PublisherIdentifier, '79ca7c9d-83ce-498f-952f-4c03b56ab573'); + return resolve(mockRes); + }); + }); + + const managementInstance = createManagmentInstance(); + managementInstance.getPreFormedUrl('https://www.joeiscool.com', null).then(() => { + sendRequestStub.restore(); + done(); + }); + }); + }); }); From c2027a5b35720a406a9d398045224b2633dc5d62 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 28 Feb 2023 11:05:41 +0530 Subject: [PATCH 28/32] changes in office365 PR --- collectors/o365/test/o365managment_test.js | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/collectors/o365/test/o365managment_test.js b/collectors/o365/test/o365managment_test.js index 10c5763d..b58f549d 100644 --- a/collectors/o365/test/o365managment_test.js +++ b/collectors/o365/test/o365managment_test.js @@ -16,16 +16,6 @@ function createManagmentInstance(){ return new O365Management(g_appAdCreds, process.env.paws_collector_param_string_1); } -// function createManagmentInstance1(){ -// var g_appAdCreds = new ApplicationTokenCredentials( -// process.env.paws_api_client_id, -// process.env.paws_collector_param_string_1, -// 'a secret', -// 'https://manage.office.com' -// ); - -// return new O365Management(g_appAdCreds, process.env.paws_collector_param_string_1, process.env.publisherId); -// } describe('O365 managment tests', function() { From e80130124770d9e16e16b7ec94a7fcc7d2b1e180 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 28 Feb 2023 12:18:54 +0530 Subject: [PATCH 29/32] added few more testcases for carbonblack --- .../carbonblack/test/Carbonblack_test.js | 44 ++++++++++++++++++- .../carbonblack/test/carbonblack_mock.js | 2 +- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/collectors/carbonblack/test/Carbonblack_test.js b/collectors/carbonblack/test/Carbonblack_test.js index 9c2945ea..d44a6ff0 100644 --- a/collectors/carbonblack/test/Carbonblack_test.js +++ b/collectors/carbonblack/test/Carbonblack_test.js @@ -202,6 +202,48 @@ describe('Unit Tests', function () { done(); }); }); + it('log format success when id is null', function (done) { + setAlServiceStub(); + let ctx = { + invokedFunctionArn: carbonblackMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CarbonblackCollector.load().then(function (creds) { + var collector = new CarbonblackCollector(ctx, creds, 'carbonblack'); + carbonblackMock.LOG_EVENT.eventId = null; + let fmt = collector.pawsFormatLog(carbonblackMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + it('log format success when eventTime is null', function (done) { + setAlServiceStub(); + let ctx = { + invokedFunctionArn: carbonblackMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CarbonblackCollector.load().then(function (creds) { + var collector = new CarbonblackCollector(ctx, creds, 'carbonblack'); + carbonblackMock.LOG_EVENT.eventTime = null; + let fmt = collector.pawsFormatLog(carbonblackMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithNextPage', function () { @@ -275,7 +317,7 @@ describe('Unit Tests', function () { var collector = new CarbonblackCollector(ctx, creds, 'carbonblack'); const startDate = moment().subtract(3, 'days'); const curState = { - stream: "AuditLogEvents", + stream: null, since: startDate.toISOString(), until: startDate.add(2, 'days').toISOString(), nextPage: null, diff --git a/collectors/carbonblack/test/carbonblack_mock.js b/collectors/carbonblack/test/carbonblack_mock.js index 3e028b44..dd4934cf 100644 --- a/collectors/carbonblack/test/carbonblack_mock.js +++ b/collectors/carbonblack/test/carbonblack_mock.js @@ -29,7 +29,7 @@ const AIMS_TEST_CREDS = { const LOG_EVENT = { "requestUrl": null, - "eventTime": 1529332687006, + "eventTime": "2020-05-30T13:49:11.789012Z", "eventId": "37075c01730511e89504c9ba022c3fbf", "loginName": "bs@carbonblack.com", "orgName": "example.org", From 9eaf5d08b428e1290d370572cbd424e72e99ee8c Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 28 Feb 2023 12:34:36 +0530 Subject: [PATCH 30/32] added testcases for ciscoamp collector --- collectors/ciscoamp/package.json | 2 +- collectors/ciscoamp/test/ciscoamp_mock.js | 29 ++++- collectors/ciscoamp/test/ciscoamp_test.js | 123 +++++++++++++++++++++- collectors/ciscoamp/test/utils_test.js | 39 +++++++ 4 files changed, 187 insertions(+), 6 deletions(-) diff --git a/collectors/ciscoamp/package.json b/collectors/ciscoamp/package.json index 10962a96..3f1c6e44 100644 --- a/collectors/ciscoamp/package.json +++ b/collectors/ciscoamp/package.json @@ -1,6 +1,6 @@ { "name": "ciscoamp-collector", - "version": "1.0.41", + "version": "1.0.42", "description": "Alert Logic AWS based Ciscoamp Log Collector", "repository": {}, "private": true, diff --git a/collectors/ciscoamp/test/ciscoamp_mock.js b/collectors/ciscoamp/test/ciscoamp_mock.js index 70e2d479..68904d18 100644 --- a/collectors/ciscoamp/test/ciscoamp_mock.js +++ b/collectors/ciscoamp/test/ciscoamp_mock.js @@ -31,7 +31,7 @@ const LOG_EVENT = { audit_log_type: 'Computer', audit_log_id: 'b72fd5c0-1ec8-4b7a-b5aa-a500e64635f4', audit_log_user: '16db5cf986eec6f44422', - created_at: '2020-04-20T05:30:18Z', + created_at: '2020-04-20T05:30:18.789012Z', date: "2022-09-27T04:52:54+00:00", old_attributes: { @@ -51,6 +51,30 @@ const LOG_EVENT = { } }; +const LOG_EVENT_WITHOUT_DATE = { + event: 'create', + audit_log_type: 'Computer', + audit_log_id: 'b72fd5c0-1ec8-4b7a-b5aa-a500e64635f4', + audit_log_user: '16db5cf986eec6f44422', + created_at: '2020-04-20T05:30:18Z', + old_attributes: + { + name: null, + desc: null, + hostname: null, + group_id: null, + operating_system_id: null + }, + new_attributes: + { + name: 'Demo_AMP_Intel', + desc: 'Computer populated with demo data', + hostname: 'Demo_AMP_Intel', + group_id: 609190, + operating_system_id: 21810 + } +}; + const FUNCTION_ARN = 'arn:aws:lambda:us-east-1:352283894008:function:test-01-CollectLambdaFunction-2CWNLPPW5XO8'; @@ -60,5 +84,6 @@ module.exports = { AIMS_TEST_CREDS: AIMS_TEST_CREDS, FUNCTION_ARN: FUNCTION_ARN, FUNCTION_NAME: FUNCTION_NAME, - LOG_EVENT: LOG_EVENT + LOG_EVENT: LOG_EVENT, + LOG_EVENT_WITHOUT_DATE: LOG_EVENT_WITHOUT_DATE }; diff --git a/collectors/ciscoamp/test/ciscoamp_test.js b/collectors/ciscoamp/test/ciscoamp_test.js index d3614fb9..9861cbdd 100644 --- a/collectors/ciscoamp/test/ciscoamp_test.js +++ b/collectors/ciscoamp/test/ciscoamp_test.js @@ -177,7 +177,7 @@ describe('Unit Tests', function () { collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { assert.equal(logs.length, 2); assert.equal(newState.poll_interval_sec, 1); - assert.equal(newState.nextPage,'nextPageUrl'); + assert.equal(newState.nextPage, 'nextPageUrl'); assert.equal(newState.apiQuotaResetDate, null); assert.ok(logs[0].audit_log_id); done(); @@ -375,7 +375,7 @@ describe('Unit Tests', function () { }); }); - + it('Paws Get Logs with throttle error and set apiQuotaResetDate', function (done) { let errorObj = { statusCode: 429, @@ -478,7 +478,6 @@ describe('Unit Tests', function () { totalLogsCount: 0, poll_interval_sec: 1 }; - collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { assert.equal(err.errorCode, 401); done(); @@ -540,6 +539,48 @@ describe('Unit Tests', function () { done(); }); }); + + it('log format when state.stream is Audit_Logs and audit_log_id is null', function (done) { + let ctx = { + invokedFunctionArn: ciscoampMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CiscoampCollector.load().then(function (creds) { + var collector = new CiscoampCollector(ctx, creds, 'ciscoamp'); + ciscoampMock.LOG_EVENT.audit_log_id = null; + let fmt = collector.pawsFormatLog(ciscoampMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + + it('log format when state.stream is Audit_Logs and created_at is null', function (done) { + let ctx = { + invokedFunctionArn: ciscoampMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CiscoampCollector.load().then(function (creds) { + var collector = new CiscoampCollector(ctx, creds, 'ciscoamp'); + ciscoampMock.LOG_EVENT.created_at = null; + let fmt = collector.pawsFormatLog(ciscoampMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithNextPage', function () { @@ -577,3 +618,79 @@ describe('Unit Tests', function () { }); }); + +describe('Unit Tests 2', function () { + beforeEach(function () { + AWS.mock('SSM', 'getParameter', function (params, callback) { + const data = new Buffer('test-secret'); + return callback(null, { Parameter: { Value: data.toString('base64') } }); + }); + AWS.mock('KMS', 'decrypt', function (params, callback) { + const data = { + Plaintext: '{}' + }; + return callback(null, data); + }); + }); + + it('Paws Get Logs when currentInterval is less than 120 seconds', function (done) { + getAPILogs = sinon.stub(utils, 'getAPILogs').callsFake( + function fakeFn(baseUrl, authorization, apiUrl, accumulator, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + CiscoampCollector.load().then(function (creds) { + const state = { + stream: "AuditLogs", + since: "2023-01-31T13:20:00.000Z", + until: "2023-01-31T13:21:00.000Z", + nextPage: null, + apiQuotaResetDate: null, + totalLogsCount: 0, + poll_interval_sec: 1 + }; + const baseUrl = process.env.paws_endpoint; + let maxPagesPerInvocation = 5; + let accumulator = []; + let authorization = "authorization"; + let apiUrl = "apiUrl"; + utils.getAPILogs(baseUrl, authorization, apiUrl, state, accumulator, maxPagesPerInvocation).catch(err => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + getAPILogs.restore(); + done(); + }); + + }); + }); + it('Paws Get Logs when state.since is null', function (done) { + getAPILogs = sinon.stub(utils, 'getAPILogs').callsFake( + function fakeFn(baseUrl, authorization, apiUrl, accumulator, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return reject(new Error("Failed to fetch API logs due to an authentication issue")); + }); + }); + CiscoampCollector.load().then(function (creds) { + const state = { + stream: "AuditLogs", + since: null, + until: "2023-01-31T13:21:00.000Z", + nextPage: null, + apiQuotaResetDate: null, + totalLogsCount: 0, + poll_interval_sec: 1 + }; + const baseUrl = process.env.paws_endpoint; + let maxPagesPerInvocation = 5; + let accumulator = []; + let authorization = "authorization"; + let apiUrl = "apiUrl"; + utils.getAPILogs(baseUrl, authorization, apiUrl, state, accumulator, maxPagesPerInvocation).catch(err => { + assert.equal(err.message, "Failed to fetch API logs due to an authentication issue", "Error message is not correct"); + getAPILogs.restore(); + done(); + }); + + }); + }); +}); \ No newline at end of file diff --git a/collectors/ciscoamp/test/utils_test.js b/collectors/ciscoamp/test/utils_test.js index b7dc7f52..c651b65e 100644 --- a/collectors/ciscoamp/test/utils_test.js +++ b/collectors/ciscoamp/test/utils_test.js @@ -68,6 +68,45 @@ describe('Unit Tests', function () { }); }); + describe('Get API Logs with no date property', function () { + it('Get API Logs with no date property', function (done) { + alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( + function fakeFn() { + return new Promise(function (resolve, reject) { + return resolve({ body: { data: [ciscoampMock.LOG_EVENT_WITHOUT_DATE], metadata: { links: { self: "selfPageUrl" }, results: { total: 100 } } } }); + }); + }); + + const startDate = moment().subtract(5, 'days'); + let state = { + since: startDate.toISOString(), + poll_interval_sec: 1, + stream: 'Events' + }; + let maxPagesPerInvocation = 5; + let accumulator = []; + let authorization = "authorization"; + let apiUrl = "apiUrl"; + + const baseUrl = process.env.paws_endpoint; + utils.getAPILogs(baseUrl, authorization, apiUrl, state, accumulator, maxPagesPerInvocation) + .then(data => { + assert(accumulator.length == 1, "accumulator length is wrong"); + alserviceStub.get.restore(); + done(); + }) + .catch(err => { + if (err === 'CAMP000005 Date is not available in Events api response') { + console.log("Error message matches expected value"); + } else { + console.error("Unexpected error message:", err); + } + alserviceStub.get.restore(); + done(); + }); + + }); + }); describe('Get API Logs with nextPage', function () { it('Page count is more than maxPagesPerInvocation then return tha nextPage url for next invocation', function (done) { alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( From b9cdde7bf951840891dcd7fcdbc1f3312f6821ce Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 28 Feb 2023 13:06:37 +0530 Subject: [PATCH 31/32] added one testcase for crowdstrike collector --- .../crowdstrike/test/crowd-strike-test.js | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/collectors/crowdstrike/test/crowd-strike-test.js b/collectors/crowdstrike/test/crowd-strike-test.js index b455c9cf..011f45b1 100644 --- a/collectors/crowdstrike/test/crowd-strike-test.js +++ b/collectors/crowdstrike/test/crowd-strike-test.js @@ -350,6 +350,27 @@ describe('Unit Tests', function () { done(); }); }); + it('log format success when incident_type is null', function (done) { + setAlServiceStub(); + let ctx = { + invokedFunctionArn: crowdstrikeMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CrowdstrikeCollector.load().then(function (creds) { + var collector = new CrowdstrikeCollector(ctx, creds, 'crowdstrike'); + crowdstrikeMock.INCIDENT_LOG_EVENT.resources.incident_type = null; + let fmt = collector.pawsFormatLog(crowdstrikeMock.INCIDENT_LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithOffset', function () { From ab6cd63966aecbfe67de80ad9f4cff1c479ef8c8 Mon Sep 17 00:00:00 2001 From: Pranav-Arya37 Date: Tue, 28 Feb 2023 13:46:25 +0530 Subject: [PATCH 32/32] added testcases for ciscoduo collector --- collectors/ciscoduo/package.json | 2 +- collectors/ciscoduo/test/ciscoduo_mock.js | 2 +- collectors/ciscoduo/test/ciscoduo_test.js | 100 +++++++++++++++++++++- collectors/ciscoduo/test/utils_test.js | 86 +++++++++++++++++++ 4 files changed, 187 insertions(+), 3 deletions(-) diff --git a/collectors/ciscoduo/package.json b/collectors/ciscoduo/package.json index bb9b77ab..bea5ad16 100644 --- a/collectors/ciscoduo/package.json +++ b/collectors/ciscoduo/package.json @@ -1,6 +1,6 @@ { "name": "ciscoduo-collector", - "version": "1.0.40", + "version": "1.0.41", "description": "Alert Logic AWS based Ciscoduo Log Collector", "repository": {}, "private": true, diff --git a/collectors/ciscoduo/test/ciscoduo_mock.js b/collectors/ciscoduo/test/ciscoduo_mock.js index 476208d4..11cad8bf 100644 --- a/collectors/ciscoduo/test/ciscoduo_mock.js +++ b/collectors/ciscoduo/test/ciscoduo_mock.js @@ -47,7 +47,7 @@ const LOG_EVENT = { isotimestamp: '2020-06-03T14:29:17.668359+00:00', reason: 'bypass_user', result: 'success', - timestamp: 1591194557, + timestamp: "2020-05-30T13:49:11.789012Z", trusted_endpoint_status: 'unknown', txid: 'qwewqewq-23123-adasd-123112d-12323qd', user: { key: 'qweqwewqeqw', name: 'testuser' } diff --git a/collectors/ciscoduo/test/ciscoduo_test.js b/collectors/ciscoduo/test/ciscoduo_test.js index a80e24a7..68517099 100644 --- a/collectors/ciscoduo/test/ciscoduo_test.js +++ b/collectors/ciscoduo/test/ciscoduo_test.js @@ -7,7 +7,6 @@ var CiscoduoCollector = require('../collector').CiscoduoCollector; const moment = require('moment'); const utils = require("../utils"); - var responseStub = {}; let getAPIDetails; let getAPILogs; @@ -101,6 +100,11 @@ describe('Unit Tests', function () { }, succeed: function () { } }; + afterEach(function () { + // responseStub.restore(); + getAPILogs.restore(); + getAPIDetails.restore(); + }); it('Paws Get Logs Success', function (done) { getAPILogs = sinon.stub(utils, 'getAPILogs').callsFake( function fakeFn(client, objectDetails, state, accumulator, maxPagesPerInvocation) { @@ -282,6 +286,60 @@ describe('Unit Tests', function () { }); }); + describe('When object details are null', function() { + let ctx = { + invokedFunctionArn: ciscoduoMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + }, + succeed: function () { } + }; + it('when object details are null(process.env.collector_streams) is null', function (done) { + getAPILogs = sinon.stub(utils, 'getAPILogs').callsFake( + function fakeFn(client, objectDetails, state, accumulator, maxPagesPerInvocation) { + return new Promise(function (resolve, reject) { + return resolve({ accumulator: [ciscoduoMock.LOG_EVENT, ciscoduoMock.LOG_EVENT] }); + }); + }); + getAPIDetails = sinon.stub(utils, 'getAPIDetails').callsFake( + function fakeFn(state) { + const startDate = moment().subtract(3, 'days'); + return { + url: "api_url", + typeIdPaths: [{ path: ["txid"] }], + tsPaths: [{ path: ["timestamp"] }], + query: { + mintime: startDate.valueOf(), + maxtime: startDate.add(2, 'days').valueOf(), + limit: 1000 + }, + method: "GET" + }; + }); + CiscoduoCollector.load().then(function (creds) { + var collector = new CiscoduoCollector(ctx, creds, 'ciscoduo'); + const startDate = moment().subtract(3, 'days'); + const curState = { + stream: "Authentication", + since: startDate.valueOf(), + until: startDate.add(2, 'days').valueOf(), + nextPage: null, + poll_interval_sec: 1 + }; + collector.pawsGetLogs(curState, (err, logs, newState, newPollInterval) => { + assert.equal(logs.length, 2); + assert.equal(newState.poll_interval_sec, 240); + assert.ok(logs[0].txid); + getAPILogs.restore(); + getAPIDetails.restore(); + done(); + }); + + }); + }); + + }); + describe('Next state tests', function () { let ctx = { invokedFunctionArn: ciscoduoMock.FUNCTION_ARN, @@ -366,6 +424,46 @@ describe('Unit Tests', function () { done(); }); }); + it('log format success when txid is null', function (done) { + let ctx = { + invokedFunctionArn: ciscoduoMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CiscoduoCollector.load().then(function (creds) { + var collector = new CiscoduoCollector(ctx, creds, 'ciscoduo'); + ciscoduoMock.LOG_EVENT.txid = null; + let fmt = collector.pawsFormatLog(ciscoduoMock.LOG_EVENT); + assert.equal(fmt.messageTypeId, undefined); + done(); + }); + }); + it('log format success when timestamp is null', function (done) { + let ctx = { + invokedFunctionArn: ciscoduoMock.FUNCTION_ARN, + fail: function (error) { + assert.fail(error); + done(); + }, + succeed: function () { + done(); + } + }; + + CiscoduoCollector.load().then(function (creds) { + var collector = new CiscoduoCollector(ctx, creds, 'ciscoduo'); + ciscoduoMock.LOG_EVENT.timestamp = null; + let fmt = collector.pawsFormatLog(ciscoduoMock.LOG_EVENT); + assert.equal(fmt.messageTsUs, undefined); + done(); + }); + }); }); describe('NextCollectionStateWithNextPage', function () { diff --git a/collectors/ciscoduo/test/utils_test.js b/collectors/ciscoduo/test/utils_test.js index d2a7b903..d70fd379 100644 --- a/collectors/ciscoduo/test/utils_test.js +++ b/collectors/ciscoduo/test/utils_test.js @@ -15,6 +15,9 @@ describe('Unit Tests', function () { }); describe('Get API Logs (Authentication)', function () { + afterEach(function () { + getLogsStub.restore(); + }); it('Get API Logs (Authentication) success', function (done) { getLogsStub = sinon.stub(client, 'jsonApiCall').yields({ response: { @@ -52,6 +55,35 @@ describe('Unit Tests', function () { done(); }); }); + it('Get API Logs (Authentication) fail', function (done) { + getLogsStub = sinon.stub(client, 'jsonApiCall').yields(new Error('Request failed'), null); + let maxPagesPerInvocation = 5; + let accumulator = []; + const startDate = moment().subtract(5, 'days'); + let state = { + stream: "Authentication", + since: startDate.valueOf(), + until: startDate.add(2, 'days').valueOf(), + nextPage: null, + poll_interval_sec: 1 + }; + let objectDetails = { + url: "api_url", + typeIdPaths: [{ path: ["txid"] }], + tsPaths: [{ path: ["timestamp"] }], + query: { + mintime: state.since, + maxtime: state.until, + limit: 1000 + }, + method: "GET" + }; + utils.getAPILogs(client, objectDetails, state, accumulator, maxPagesPerInvocation).catch(err => { + assert(err.message === 'Request failed', "error message is wrong"); + getLogsStub.restore(); + done(); + }); + }); }); describe('Get API Logs (Authentication) with nextPage', function () { @@ -92,6 +124,35 @@ describe('Unit Tests', function () { done(); }); }); + it('Get API Logs (Authentication) with nextPage fail', function (done) { + getLogsStub = sinon.stub(client, 'jsonApiCall').yields(new Error('Request failed'), null); + let maxPagesPerInvocation = 5; + let accumulator = []; + const startDate = moment().subtract(5, 'days'); + let state = { + stream: "Authentication", + since: startDate.valueOf(), + until: startDate.add(2, 'days').valueOf(), + nextPage: null, + poll_interval_sec: 1 + }; + let objectDetails = { + url: "api_url", + typeIdPaths: [{ path: ["txid"] }], + tsPaths: [{ path: ["timestamp"] }], + query: { + mintime: state.since, + maxtime: state.until, + limit: 1000 + }, + method: "GET" + }; + utils.getAPILogs(client, objectDetails, state, accumulator, maxPagesPerInvocation).catch(err => { + assert(err.message === 'Request failed', "error message is wrong"); + getLogsStub.restore(); + done(); + }); + }); }); describe('Get API Logs (Administrator)', function () { @@ -123,6 +184,31 @@ describe('Unit Tests', function () { done(); }); }); + it('Get API Logs (Administrator) fail', function (done) { + getLogsStub = sinon.stub(client, 'jsonApiCall').yields(new Error('Request failed'), null); + let maxPagesPerInvocation = 5; + let accumulator = []; + const startDate = moment().subtract(5, 'days'); + let state = { + stream: "Administrator", + since: startDate.unix(), + poll_interval_sec: 1 + }; + let objectDetails = { + url: "api_url", + typeIdPaths: [{ path: ["action"] }], + tsPaths: [{ path: ["timestamp"] }], + query: { + mintime: state.since + }, + method: "GET" + }; + utils.getAPILogs(client, objectDetails, state, accumulator, maxPagesPerInvocation).catch(err => { + assert(err.message === 'Request failed', "error message is wrong"); + getLogsStub.restore(); + done(); + }); + }); }); describe('Get API Logs (Administrator) with nextPage', function () {