Tests: Mark ZeroLogon tests as slow

The ZerologonExploiter relies on impacket. Importing impacket is slow
(approximately .72s). By moving the import statement in zerologon tests
and marking them as slow, the import (and tests) can now be skipped by
running `pytest -m 'not slow'`.
This commit is contained in:
Mike Salvatore 2021-07-19 14:26:40 -04:00
parent 2496ed0889
commit d9a1f22969
2 changed files with 14 additions and 2 deletions

View File

@ -1,6 +1,5 @@
import pytest import pytest
from infection_monkey.exploit.zerologon import ZerologonExploiter
from infection_monkey.model.host import VictimHost from infection_monkey.model.host import VictimHost
DOMAIN_NAME = "domain-name" DOMAIN_NAME = "domain-name"
@ -15,6 +14,8 @@ NT_HASHES = ["def456", "765vut"]
@pytest.fixture @pytest.fixture
def zerologon_exploiter_object(monkeypatch): def zerologon_exploiter_object(monkeypatch):
from infection_monkey.exploit.zerologon import ZerologonExploiter
def mock_report_login_attempt(**kwargs): def mock_report_login_attempt(**kwargs):
return None return None
@ -25,11 +26,13 @@ def zerologon_exploiter_object(monkeypatch):
return obj return obj
@pytest.mark.slow
def test_assess_exploit_attempt_result_no_error(zerologon_exploiter_object): def test_assess_exploit_attempt_result_no_error(zerologon_exploiter_object):
dummy_exploit_attempt_result = {"ErrorCode": 0} dummy_exploit_attempt_result = {"ErrorCode": 0}
assert zerologon_exploiter_object.assess_exploit_attempt_result(dummy_exploit_attempt_result) assert zerologon_exploiter_object.assess_exploit_attempt_result(dummy_exploit_attempt_result)
@pytest.mark.slow
def test_assess_exploit_attempt_result_with_error(zerologon_exploiter_object): def test_assess_exploit_attempt_result_with_error(zerologon_exploiter_object):
dummy_exploit_attempt_result = {"ErrorCode": 1} dummy_exploit_attempt_result = {"ErrorCode": 1}
assert not zerologon_exploiter_object.assess_exploit_attempt_result( assert not zerologon_exploiter_object.assess_exploit_attempt_result(
@ -37,6 +40,7 @@ def test_assess_exploit_attempt_result_with_error(zerologon_exploiter_object):
) )
@pytest.mark.slow
def test_assess_restoration_attempt_result_restored(zerologon_exploiter_object): def test_assess_restoration_attempt_result_restored(zerologon_exploiter_object):
dummy_restoration_attempt_result = object() dummy_restoration_attempt_result = object()
assert zerologon_exploiter_object.assess_restoration_attempt_result( assert zerologon_exploiter_object.assess_restoration_attempt_result(
@ -44,6 +48,7 @@ def test_assess_restoration_attempt_result_restored(zerologon_exploiter_object):
) )
@pytest.mark.slow
def test_assess_restoration_attempt_result_not_restored(zerologon_exploiter_object): def test_assess_restoration_attempt_result_not_restored(zerologon_exploiter_object):
dummy_restoration_attempt_result = False dummy_restoration_attempt_result = False
assert not zerologon_exploiter_object.assess_restoration_attempt_result( assert not zerologon_exploiter_object.assess_restoration_attempt_result(
@ -51,6 +56,7 @@ def test_assess_restoration_attempt_result_not_restored(zerologon_exploiter_obje
) )
@pytest.mark.slow
def test__extract_user_creds_from_secrets_good_data(zerologon_exploiter_object): def test__extract_user_creds_from_secrets_good_data(zerologon_exploiter_object):
mock_dumped_secrets = [ mock_dumped_secrets = [
f"{USERS[i]}:{RIDS[i]}:{LM_HASHES[i]}:{NT_HASHES[i]}:::" for i in range(len(USERS)) f"{USERS[i]}:{RIDS[i]}:{LM_HASHES[i]}:{NT_HASHES[i]}:::" for i in range(len(USERS))
@ -71,6 +77,7 @@ def test__extract_user_creds_from_secrets_good_data(zerologon_exploiter_object):
assert zerologon_exploiter_object._extracted_creds == expected_extracted_creds assert zerologon_exploiter_object._extracted_creds == expected_extracted_creds
@pytest.mark.slow
def test__extract_user_creds_from_secrets_bad_data(zerologon_exploiter_object): def test__extract_user_creds_from_secrets_bad_data(zerologon_exploiter_object):
mock_dumped_secrets = [ mock_dumped_secrets = [
f"{USERS[i]}:{RIDS[i]}:::{LM_HASHES[i]}:{NT_HASHES[i]}:::" for i in range(len(USERS)) f"{USERS[i]}:{RIDS[i]}:::{LM_HASHES[i]}:{NT_HASHES[i]}:::" for i in range(len(USERS))

View File

@ -2,7 +2,6 @@ import pytest
from nmb.NetBIOS import NetBIOS from nmb.NetBIOS import NetBIOS
from common.utils.exceptions import DomainControllerNameFetchError from common.utils.exceptions import DomainControllerNameFetchError
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details
from infection_monkey.model.host import VictimHost from infection_monkey.model.host import VictimHost
DOMAIN_NAME = "domain-name" DOMAIN_NAME = "domain-name"
@ -21,7 +20,10 @@ def _get_stub_queryIPForName(netbios_names):
return stub_queryIPForName return stub_queryIPForName
@pytest.mark.slow
def test_get_dc_details_multiple_netbios_names(host, monkeypatch): def test_get_dc_details_multiple_netbios_names(host, monkeypatch):
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details
NETBIOS_NAMES = ["Name1", "Name2", "Name3"] NETBIOS_NAMES = ["Name1", "Name2", "Name3"]
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES) stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)
@ -33,7 +35,10 @@ def test_get_dc_details_multiple_netbios_names(host, monkeypatch):
assert dc_handle == f"\\\\{NETBIOS_NAMES[0]}" assert dc_handle == f"\\\\{NETBIOS_NAMES[0]}"
@pytest.mark.slow
def test_get_dc_details_no_netbios_names(host, monkeypatch): def test_get_dc_details_no_netbios_names(host, monkeypatch):
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details
NETBIOS_NAMES = [] NETBIOS_NAMES = []
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES) stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)