MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

add: tests and finish EventBlocklistsController migration

pull/9060/head
Luciano Righetti 2023-05-05 17:43:48 +02:00
parent 11c7a76fcb
commit db0bbd74c8
12 changed files with 336 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/Controller/Component/ACLComponent.php
View File

@ -218,6 +218,38 @@ class ACLComponent extends Component
'saveMyBookmark' => ['*'],
'deleteMyBookmark' => ['*']
],
'EventBlocklists' => [
'add' => [
'AND' => [
'host_org_user',
'perm_add'
]
],
'delete' => [
'AND' => [
'host_org_user',
'perm_add'
]
],
'edit' => [
'AND' => [
'host_org_user',
'perm_add'
]
],
'index' => [
'AND' => [
'host_org_user',
'perm_add'
]
],
'massDelete' => [
'AND' => [
'host_org_user',
'perm_add'
]
]
],
'Api' => [
'index' => ['*']
]
@ -281,13 +313,13 @@ class ACLComponent extends Component
$this->Log = TableRegistry::get('Log');
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'User',
'model_id' => $user['id'],
'email' => $user['email'],
'action' => 'security',
'user_id' => $user['id'],
'title' => __('User triggered security alert by attempting to access /%s/%s. Reason why this endpoint is of interest: %s', $controller, $action, $message),
'org' => 'SYSTEM',
'model' => 'User',
'model_id' => $user['id'],
'email' => $user['email'],
'action' => 'security',
'user_id' => $user['id'],
'title' => __('User triggered security alert by attempting to access /%s/%s. Reason why this endpoint is of interest: %s', $controller, $action, $message),
));
}
}
@ -477,8 +509,10 @@ class ACLComponent extends Component
if (in_array($function, ['beforeFilter', 'beforeRender', 'initialize', 'afterFilter'])) {
continue;
}
if (!isset($this->aclList[$controller])
|| !in_array($function, array_keys($this->aclList[$controller]))) {
if (
!isset($this->aclList[$controller])
|| !in_array($function, array_keys($this->aclList[$controller]))
) {
$missing[$controller][] = $function;
}
}

29
src/Controller/Component/BlockListComponent.php
View File

@ -3,6 +3,7 @@
namespace App\Controller\Component;
use Cake\Controller\Component;
use Cake\Validation\Validation;
class BlocklistComponent extends Component
{
@ -35,7 +36,7 @@ class BlocklistComponent extends Component
{
if ($this->controller->getRequest()->is('post')) {
if ($rest) {
if ($this->controller->getResponse()->type() === 'application/json') {
if ($this->controller->getResponse()->getType() === 'application/json') {
$isJson = true;
$data = $this->controller->getRequest()->input('json_decode', true);
} else {
@ -100,13 +101,13 @@ class BlocklistComponent extends Component
public function edit($id, $rest = false)
{
if (Validation::uuid($id)) {
$blockEntry = $this->controller->{$this->defaultModel}->find('first', [
$blockEntry = $this->controller->{$this->defaultModel}->find('all', [
'conditions' => array(
$this->controller->{$this->defaultModel}->blocklistTarget . '_uuid' => $id
)
]);
])->first();
} else {
$blockEntry = $this->controller->{$this->defaultModel}->find('first', array('conditions' => array('id' => $id)));
$blockEntry = $this->controller->{$this->defaultModel}->find('all', array('conditions' => array('id' => $id)))->first();
}
if (empty($blockEntry)) {
throw new NotFoundException(__('Blocklist item not found.'));
@ -114,7 +115,7 @@ class BlocklistComponent extends Component
$this->controller->set('blockEntry', $blockEntry);
if ($this->controller->getRequest()->is('post')) {
if ($rest) {
if ($this->controller->getResponse()->type() === 'application/json') {
if ($this->controller->getResponse()->getType() === 'application/json') {
$data = $this->controller->getRequest()->input('json_decode', true);
} else {
$data = $this->controller->getRequest()->getData();
@ -134,18 +135,14 @@ class BlocklistComponent extends Component
continue;
}
if (isset($data[$this->defaultModel][$f])) {
$blockEntry[$this->defaultModel][$f] = $data[$this->defaultModel][$f];
$blockEntry[$f] = $data[$this->defaultModel][$f];
}
}
if ($this->controller->{$this->defaultModel}->save($blockEntry)) {
if ($rest) {
return $this->RestResponse->viewData(
$this->controller->{$this->defaultModel}->find('first', [
'recursive' => -1,
'conditions' => [
'id' => $this->controller->{$this->defaultModel}->id
]
])
$this->controller->{$this->defaultModel}->get($blockEntry->id)
);
} else {
$this->controller->Flash->success(__('Blocklist item added.'));
@ -165,19 +162,19 @@ class BlocklistComponent extends Component
public function delete($id, $rest = false)
{
if (Validation::uuid($id)) {
$blockEntry = $this->controller->{$this->defaultModel}->find('first', [
$blockEntry = $this->controller->{$this->defaultModel}->find('all', [
'conditions' => array(
$this->controller->{$this->defaultModel}->blocklistTarget . '_uuid' => $id
)
]);
])->first();
} else {
$blockEntry = $this->controller->{$this->defaultModel}->find('first', array('conditions' => array('id' => $id)));
$blockEntry = $this->controller->{$this->defaultModel}->find('all', array('conditions' => array('id' => $id)))->first();
}
if (empty($blockEntry)) {
throw new NotFoundException(__('Invalid blocklist entry'));
}
if ($this->controller->{$this->defaultModel}->delete($blockEntry[$this->defaultModel]['id'])) {
if ($this->controller->{$this->defaultModel}->delete($blockEntry)) {
$message = __('Blocklist entry removed');
if ($rest) {
return $this->RestResponse->saveSuccessResponse($this->defaultModel, 'delete', $id, false, $message);

19
src/Controller/EventBlocklistsController.php
View File

@ -50,18 +50,17 @@ class EventBlocklistsController extends AppController
public function massDelete()
{
if ($this->request->is('post') || $this->request->is('put')) {
if (!isset($this->request->data['EventBlocklist'])) {
$this->request->data = array('EventBlocklist' => $this->request->data);
$ids = $this->request->getData();
if (empty($ids)) {
throw new NotFoundException(__('Invalid EventBlocklists IDs.'));
}
$ids = $this->request->data['EventBlocklist']['ids'];
$event_ids = json_decode($ids, true);
if (empty($event_ids)) {
throw new NotFoundException(__('Invalid event IDs.'));
}
$result = $this->EventBlocklist->deleteAll(array('EventBlocklist.id' => $event_ids));
$eventBlocklists = $this->EventBlocklists->find('all', [
'conditions' => ['id IN' => $ids]
]);
$result = $this->EventBlocklists->deleteMany($eventBlocklists);
if ($result) {
if ($this->ParamHandler->isRest()) {
return $this->RestResponse->saveSuccessResponse('EventBlocklist', 'Deleted', $ids, $this->response->type());
return $this->RestResponse->saveSuccessResponse('EventBlocklist', 'Deleted', implode(',', $ids), $this->response->getType());
} else {
$this->Flash->success('Blocklist entry removed');
$this->redirect(array('controller' => 'eventBlocklists', 'action' => 'index'));
@ -69,7 +68,7 @@ class EventBlocklistsController extends AppController
} else {
$error = __('Failed to delete Event from EventBlocklist. Error: ') . PHP_EOL . h($result);
if ($this->ParamHandler->isRest()) {
return $this->RestResponse->saveFailResponse('EventBlocklist', 'Deleted', false, $error, $this->response->type());
return $this->RestResponse->saveFailResponse('EventBlocklist', 'Deleted', false, $error, $this->response->getType());
} else {
$this->Flash->error($error);
$this->redirect(array('controller' => 'eventBlocklists', 'action' => 'index'));

2
src/Model/Table/AuthKeysTable.php
View File

@ -3,14 +3,12 @@
namespace App\Model\Table;
use App\Model\Table\AppTable;
use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\Datasource\EntityInterface;
use Cake\Event\Event;
use Cake\Event\EventInterface;
use Cake\Auth\DefaultPasswordHasher;
use Cake\Utility\Security;
use Cake\Http\Exception\MethodNotAllowedException;
use ArrayObject;
class AuthKeysTable extends AppTable

4
src/Model/Table/EventBlocklistsTable.php
View File

@ -40,10 +40,10 @@ class EventBlocklistsTable extends AppTable
public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
{
if (empty($data['id'])) {
if (empty($entity->id)) {
$entity->created = date('Y-m-d H:i:s');
}
if (empty($data['comment'])) {
if (empty($entity->comment)) {
$entity->comment = '';
}
return true;

2
tests/Fixture/AuthKeysFixture.php
View File

@ -14,11 +14,9 @@ class AuthKeysFixture extends TestFixture
public const ADMIN_API_ID = 1;
public const ADMIN_API_KEY = 'sL9hrjIyY405RyGQHLx5DoCAM92BNmmGa8P4ck1E';
public const SYNC_API_ID = 2;
public const SYNC_API_KEY = '6b387ced110858dcbcda36edb044dc18f91a0894';
public const ORG_ADMIN_API_ID = 3;
public const ORG_ADMIN_API_KEY = '1c4685d281d478dbcebd494158024bc3539004d0';

41
tests/Fixture/EventBlocklistsFixture.php Normal file
View File

@ -0,0 +1,41 @@
<?php
declare(strict_types=1);
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class EventBlocklistsFixture extends TestFixture
{
public $connection = 'test';
public const EVENT_BLOCK_LIST_1_ID = 1;
public const EVENT_BLOCK_LIST_1_EVENT_UUID = '9a9287e4-6b38-4d7b-b957-801746b71892';
public const EVENT_BLOCK_LIST_2_ID = 2;
public const EVENT_BLOCK_LIST_2_EVENT_UUID = '4ca98b8a-5ae5-4c5e-9250-7d2f56e3e6e2';
public function init(): void
{
$faker = \Faker\Factory::create();
$this->records = [
[
'id' => self::EVENT_BLOCK_LIST_1_ID,
'event_uuid' => self::EVENT_BLOCK_LIST_1_EVENT_UUID,
'created' => $faker->dateTime()->getTimestamp(),
'event_info' => 'Blocked event',
'event_orgc' => 'ORGC'
],
[
'id' => self::EVENT_BLOCK_LIST_2_ID,
'event_uuid' => self::EVENT_BLOCK_LIST_2_EVENT_UUID,
'created' => $faker->dateTime()->getTimestamp(),
'event_info' => 'Blocked event',
'event_orgc' => 'ORGC'
]
];
parent::init();
}
}

44
tests/TestCase/Api/EventBlockLists/AddEventBlocklistApiTest.php Normal file
View File

@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Helper\ApiTestTrait;
class AddEventBlocklistApiTest extends TestCase
{
use ApiTestTrait;
protected const ENDPOINT = '/event-blocklists/add';
protected $fixtures = [
'app.Organisations',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.EventBlocklists'
];
public function testAddEventBlocklist(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$faker = \Faker\Factory::create();
$event_uuid = $faker->uuid();
$this->post(
self::ENDPOINT,
[
'uuids' => [$event_uuid],
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('EventBlocklists', ['event_uuid' => $event_uuid]);
}
}

49
tests/TestCase/Api/EventBlockLists/DeleteEventBlocklistApiTest.php Normal file
View File

@ -0,0 +1,49 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Helper\ApiTestTrait;
use App\Test\Fixture\EventBlocklistsFixture;
class DeleteEventBlocklistApiTest extends TestCase
{
use ApiTestTrait;
protected const ENDPOINT = '/event-blocklists/delete';
protected $fixtures = [
'app.Organisations',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.EventBlocklists'
];
public function testDeleteEventBlocklistByUUID(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID);
$this->delete($url);
$this->assertResponseOk();
$this->assertDbRecordNotExists('EventBlocklists', ['event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID]);
}
public function testDeleteEventBlocklistById(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID);
$this->delete($url);
$this->assertResponseOk();
$this->assertDbRecordNotExists('EventBlocklists', ['event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID]);
}
}

54
tests/TestCase/Api/EventBlockLists/EditEventBlocklistApiTest.php Normal file
View File

@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Helper\ApiTestTrait;
use App\Test\Fixture\EventBlocklistsFixture;
class EditEventBlocklistApiTest extends TestCase
{
use ApiTestTrait;
protected const ENDPOINT = '/event-blocklists/edit';
protected $fixtures = [
'app.Organisations',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.EventBlocklists'
];
public function testEditEventBlocklist(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$new_event_info = "NEW EVENT INFO";
$new_comment = "NEW COMMENT";
$new_event_orgc = "NEW ORGC";
$url = sprintf('%s/%s', self::ENDPOINT, EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID);
$this->post(
$url,
[
'event_info' => $new_event_info,
'comment' => $new_comment,
'event_orgc' => $new_event_orgc,
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('EventBlocklists', [
'event_uuid' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID,
'event_info' => $new_event_info,
'comment' => $new_comment,
'event_orgc' => $new_event_orgc
]);
}
}

37
tests/TestCase/Api/EventBlockLists/IndexEventBlocklistsApiTest.php Normal file
View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Fixture\EventBlocklistsFixture;
use App\Test\Helper\ApiTestTrait;
class IndexEventBlocklistsApiTest extends TestCase
{
use ApiTestTrait;
protected const ENDPOINT = '/event-blocklists/index';
protected $fixtures = [
'app.Organisations',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.EventBlocklists'
];
public function testIndexEventBlocklists(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->get(self::ENDPOINT);
$this->assertResponseOk();
$this->assertResponseContains(sprintf('"event_uuid": "%s"', EventBlocklistsFixture::EVENT_BLOCK_LIST_1_EVENT_UUID));
}
}

44
tests/TestCase/Api/EventBlockLists/MassDeleteBlocklistsApiTest.php Normal file
View File

@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Helper\ApiTestTrait;
use App\Test\Fixture\EventBlocklistsFixture;
class MassDeleteBlocklistsApiTest extends TestCase
{
use ApiTestTrait;
protected const ENDPOINT = '/event-blocklists/massDelete';
protected $fixtures = [
'app.Organisations',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.EventBlocklists'
];
public function testMassDeleteEventBlocklists(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->post(
self::ENDPOINT,
[
EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID,
EventBlocklistsFixture::EVENT_BLOCK_LIST_2_ID
]
);
$this->assertResponseOk();
$this->assertDbRecordNotExists('EventBlocklists', ['id' => EventBlocklistsFixture::EVENT_BLOCK_LIST_1_ID]);
$this->assertDbRecordNotExists('EventBlocklists', ['id' => EventBlocklistsFixture::EVENT_BLOCK_LIST_2_ID]);
}
}