p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Refactor ransomware report unit tests to mock "get_exploited()" method used. Also, minor refactorings in ransomware_report service and resource

This commit is contained in:
VakarisZ 2021-07-09 16:03:16 +03:00
parent 4254f8cd37
commit 2bcf3b0a90
3 changed files with 89 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/monkey_island/cc/resources/ransomware_report.py
View File

@ -2,14 +2,12 @@ import flask_restful
from flask import jsonify from flask import jsonify
from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.ransomware.ransomware_report import RansomwareReportService
from monkey_island.cc.services.ransomware import ransomware_report from monkey_island.cc.services.ransomware import ransomware_report
class RansomwareReport(flask_restful.Resource): class RansomwareReport(flask_restful.Resource):
@jwt_required @jwt_required
def get(self): def get(self):
encrypted_files_table = RansomwareReportService.get_encrypted_files_table() encrypted_files_table = ransomware_report.get_encrypted_files_table()
return jsonify({"encrypted_files_table": encrypted_files_table, return jsonify({"encrypted_files_table": encrypted_files_table,
"propagation_stats": ransomware_report.get_propagation_stats()} "propagation_stats": ransomware_report.get_propagation_stats()})
)

8
monkey/monkey_island/cc/services/ransomware/ransomware_report.py
View File

@ -5,8 +5,6 @@ from typing import Dict, List
from monkey_island.cc.services.reporting.report import ReportService from monkey_island.cc.services.reporting.report import ReportService
class RansomwareReportService:
@staticmethod
def get_encrypted_files_table(): def get_encrypted_files_table():
query = [ query = [
{"$match": {"telem_category": "file_encryption"}}, {"$match": {"telem_category": "file_encryption"}},
@ -44,7 +42,7 @@ class RansomwareReportService:
monkeys = list(mongo.db.telemetry.aggregate(query)) monkeys = list(mongo.db.telemetry.aggregate(query))
exploited_nodes = ReportService.get_exploited() exploited_nodes = ReportService.get_exploited()
for monkey in monkeys: for monkey in monkeys:
monkey["exploits"] = RansomwareReportService.get_monkey_origin_exploits( monkey["exploits"] = _get_monkey_origin_exploits(
monkey["monkey"]["hostname"], exploited_nodes monkey["monkey"]["hostname"], exploited_nodes
) )
monkey["hostname"] = monkey["monkey"]["hostname"] monkey["hostname"] = monkey["monkey"]["hostname"]
@ -52,8 +50,8 @@ class RansomwareReportService:
del monkey["_id"] del monkey["_id"]
return monkeys return monkeys
@staticmethod
def get_monkey_origin_exploits(monkey_hostname, exploited_nodes): def _get_monkey_origin_exploits(monkey_hostname, exploited_nodes):
origin_exploits = [ origin_exploits = [
exploited_node["exploits"] exploited_node["exploits"]
for exploited_node in exploited_nodes for exploited_node in exploited_nodes

50
monkey/tests/unit_tests/monkey_island/cc/services/ransomware/test_ransomware_report.py
View File

@ -1,4 +1,4 @@
import mongoengine import mongomock
import pytest import pytest
from mongoengine import get_connection from mongoengine import get_connection
import mongomock import mongomock
@ -15,22 +15,19 @@ import pytest
from monkey_island.cc.services.ransomware import ransomware_report from monkey_island.cc.services.ransomware import ransomware_report
from monkey_island.cc.services.reporting.report import ReportService from monkey_island.cc.services.reporting.report import ReportService
from monkey_island.cc.services.ransomware.ransomware_report import RansomwareReportService from monkey_island.cc.services.ransomware.ransomware_report import get_encrypted_files_table
from monkey_island.cc.services.reporting.report import ReportService
@pytest.fixture @pytest.fixture
def fake_mongo(monkeypatch): def fake_mongo(monkeypatch):
mongoengine.connect("mongoenginetest", host="mongomock://localhost") mongo = mongomock.MongoClient()
mongo = get_connection()
monkeypatch.setattr("monkey_island.cc.services.ransomware.ransomware_report.mongo", mongo) monkeypatch.setattr("monkey_island.cc.services.ransomware.ransomware_report.mongo", mongo)
monkeypatch.setattr("monkey_island.cc.services.reporting.report.mongo", mongo)
monkeypatch.setattr("monkey_island.cc.services.node.mongo", mongo)
return mongo return mongo
@pytest.mark.skip(reason="Can't find a way to use the same mock database client in Monkey model")
@pytest.mark.usefixtures("uses_database") @pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table(fake_mongo): def test_get_encrypted_files_table(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND) fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM) fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED) fake_mongo.db.edge.insert(EDGE_EXPLOITED)
@ -40,37 +37,56 @@ def test_get_encrypted_files_table(fake_mongo):
fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR) fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR)
fake_mongo.db.telemetry.insert(ENCRYPTION_ONE_FILE) fake_mongo.db.telemetry.insert(ENCRYPTION_ONE_FILE)
results = RansomwareReportService.get_encrypted_files_table() monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
results = get_encrypted_files_table()
assert results == [ assert results == [
{"hostname": "test-pc-2", "exploit": "Manual execution", "files_encrypted": True}, {"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": True},
{"hostname": "WinDev2010Eval", "exploit": "SMB", "files_encrypted": True}, {"hostname": "WinDev2010Eval", "exploits": ["SMB Exploiter"], "files_encrypted": True},
] ]
@pytest.mark.skip(reason="Can't find a way to use the same mock database client in Monkey model")
@pytest.mark.usefixtures("uses_database") @pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table__only_errors(fake_mongo): def test_get_encrypted_files_table__only_errors(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND) fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM) fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED) fake_mongo.db.edge.insert(EDGE_EXPLOITED)
fake_mongo.db.edge.insert(EDGE_SCANNED) fake_mongo.db.edge.insert(EDGE_SCANNED)
fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR) fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR)
results = RansomwareReportService.get_encrypted_files_table() monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
assert results == [] results = get_encrypted_files_table()
assert results == [
{"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": False}
]
@pytest.mark.skip(reason="Can't find a way to use the same mock database client in Monkey model") @pytest.mark.skip(reason="Can't find a way to use the same mock database client in Monkey model")
@pytest.mark.usefixtures("uses_database") @pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table__no_telemetries(fake_mongo): def test_get_encrypted_files_table__no_telemetries(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND) fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM) fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED) fake_mongo.db.edge.insert(EDGE_EXPLOITED)
fake_mongo.db.edge.insert(EDGE_SCANNED) fake_mongo.db.edge.insert(EDGE_SCANNED)
results = RansomwareReportService.get_encrypted_files_table() monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
results = get_encrypted_files_table()
assert results == [] assert results == []