8000 Integrations code sanitization by RamosFe · Pull Request #21195 · wazuh/wazuh · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Integrations code sanitization #21195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jan 24, 2024
Merged

Integrations code sanitization #21195

merged 8 commits into from
Jan 24, 2024

Conversation

RamosFe
Copy link
Member
@RamosFe RamosFe commented Jan 4, 2024
Related issue
#20758

Description

Code sanitization for the /integrations folder.

@RamosFe RamosFe self-assigned this Jan 4, 2024
@RamosFe RamosFe linked an issue Jan 4, 2024 that may be closed by this pull request
Integrations code sanitization #20758
Closed
4 tasks
nico-stefani
nico-stefani previously requested changes Jan 5, 2024
View reviewed changes
@RamosFe
Copy link
Member Author
RamosFe commented Jan 8, 2024

Update

Added tests to maltiverse:

wazuh/integrations/tests/test_maltiverse.py

Lines 254 to 342 in 3009a61

8000
@pytest.mark.parametrize(
'alert, expected', [({}, 0), ({'syscheck': {}}, 0), ({'syscheck': {'md5_after': '1'}, 'id': '1'}, 1)]
)
def test_get_md5_in_alert(alert, expected):
"""
Test the function that extracts MD5-related information from an alert.
"""
example_token = 'example_token'
testing_maltiverse = maltiverse.Maltiverse(example_token)
with patch('maltiverse.maltiverse_alert') as alert_mock:
alert_mock.return_value = {}
result = maltiverse.get_md5_in_alert(alert, testing_maltiverse)
assert len(result) == expected
@pytest.mark.parametrize(
'alert, expected', [({}, 0), ({'syscheck': {}}, 0), ({'syscheck': {'sha1_after': '1'}, 'id': '1'}, 1)]
)
def test_get_sha1_in_alert(alert, expected):
"""
Test the function that extracts SHA-1-related information from an alert.
"""
example_token = 'example_token'
testing_maltiverse = maltiverse.Maltiverse(example_token)
with patch('maltiverse.maltiverse_alert') as alert_mock:
alert_mock.return_value = {}
result = maltiverse.get_sha1_in_alert(alert, testing_maltiverse)
assert len(result) == expected
@pytest.mark.parametrize(
'alert, is_private, expected',
[
({}, True, 0),
({'data': {}}, True, 0),
({'data': {'srcip': '8.8.8.8'}}, True, 0),
({'data': {'srcip': '8.8.8.8'}, 'id': '1'}, False, 1),
],
)
def test_get_source_ip_in_alert(alert, is_private, expected):
"""
Test the function that extracts source IP-related information from an alert.
"""
example_token = 'example_token'
testing_maltiverse = maltiverse.Maltiverse(example_token)
with patch('maltiverse.maltiverse_alert') as alert_mock, patch('ipaddress.IPv4Address') as ip_mock:
alert_mock.return_value = {}
ip_mock_instance = ip_mock.return_value
ip_mock_instance.is_private = is_private
result = maltiverse.get_source_ip_in_alert(alert, testing_maltiverse)
assert len(result) == expected
@pytest.mark.parametrize(
'alert, expected', [({}, 0), ({'data': {}}, 0), ({'data': {'hostname': 'somehostname'}, 'id': 1}, 1)]
)
def test_get_hostname_in_alert(alert, expected):
"""
Test the function that extracts hostname-related information from an alert.
"""
example_token = 'example_token'
testing_maltiverse = maltiverse.Maltiverse(example_token)
with patch('maltiverse.maltiverse_alert') as alert_mock:
alert_mock.return_value = {}
result = maltiverse.get_hostname_in_alert(alert, testing_maltiverse)
assert len(result) == expected
@pytest.mark.parametrize('alert, expected', [({}, 0), ({'data': {}}, 0), ({'data': {'url': 'someurl'}, 'id': 1}, 1)])
def test_get_url_in_alert(alert, expected):
"""
Test the function that extracts URL-related information from an alert.
"""
example_token = 'example_token'
testing_maltiverse = maltiverse.Maltiverse(example_token)
with patch('maltiverse.maltiverse_alert') as alert_mock:
alert_mock.return_value = {}
result = maltiverse.get_url_in_alert(alert, testing_maltiverse)
assert len(result) == expected

Refactored already existing tests for virustotal:

wazuh/integrations/tests/test_virustotal.py

Lines 274 to 306 in 3009a61

def test_request_info_from_api_exception():
"""Test that the query_api function fails with no retries when an Exception happens."""
with patch('virustotal.query_api', side_effect=[Exception(), None]), patch('virustotal.debug'), pytest.raises(
SystemExit
) as pytest_wrapped_e:
virustotal.request_info_from_api(alert_template_md5[8], {'virustotal': {}}, apikey_virustotal)
assert pytest_wrapped_e.value.code == ERR_NO_RESPONSE_VT
def test_request_info_from_api_timeout_and_retries_expired():
"""Test that the query_api function fails with retries when an Timeout exception happens (retries expired)."""
virustotal.retries = 2
with patch('virustotal.query_api', side_effect=[Timeout(), Timeout(), Timeout(), None]), patch(
'virustotal.send_msg'
), patch('virustotal.debug'), pytest.raises(SystemExit) as pytest_wrapped_e:
virustotal.request_info_from_api(alert_template_md5[8], {'virustotal': {}}, apikey_virustotal)
assert pytest_wrapped_e.value.code == ERR_NO_RESPONSE_VT
def test_request_info_from_api_timeout_and_retries_not_expired():
"""Test that the query_api function fails with retries when an Timeout exception happens (retries not expired)."""
virustotal.retries = 2
with patch('virustotal.query_api', side_effect=[Timeout(), Timeout(), alert_output]), patch(
'virustotal.in_database', return_value=False
), patch('virustotal.debug') as debug:
response = virustotal.request_info_from_api(alert_template_md5[8], {'virustotal': {}}, apikey_virustotal)
debug.assert_has_calls(
[
call('# Error: Request timed out. Remaining retries: 2'),
call('# Error: Request timed out. Remaining retries: 1'),
]
)
assert response == alert_output

Results

(venv) federamos@pop-os:~/Documents/Wazuh/Repositories/wazuh/integrations$ python3 -m pytest tests/
========================================================================================================== test session starts ==========================================================================================================
platform linux -- Python 3.9.18, pytest-5.4.3, py-1.10.0, pluggy-0.13.1
rootdir: /home/federamos/Documents/Wazuh/Repositories/wazuh/integrations, inifile: pytest.ini
plugins: metadata-2.0.4, html-2.1.1, tavern-1.2.2, asyncio-0.15.1, cov-2.12.0
collected 122 items                                                                                                                                                               
8000
                                                      

tests/test_maltiverse.py ..............................................................                                                                                                                                           [ 50%]
tests/test_pagerduty.py ..........                                                                                                                                                                                                [ 59%]
tests/test_shuffle.py ..................                                                                                                                                                                                          [ 73%]
tests/test_slack.py ..........                                                                                                                                                                                                    [ 81%]
tests/test_virustotal.py ......................                                                                                                                                                                                   [100%]

========================================================================================================== 122 passed in 3.72s ==========================================================================================================

EduLeon12
EduLeon12 previously approved these changes Jan 11, 2024
View reviewed changes
Copy link
Contributor
@EduLeon12 EduLeon12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

Selutario
Selutario suggested changes Jan 15, 2024
View reviewed changes
Copy link
Contributor
@Selutario Selutario left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GJ. However, after reviewing how this new format actually looks, I think we should add this rule to the .ruff.toml file (as Nico mentioned, do not include the file here yet):

We are following the numpy docstring format and it always contain a short summary on the first line as shown here:
image

Update these files to comply with this additional requirement please.

integrations/shuffle.py Outdated

Returns
-------
{}: any
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{}: any
dict: any

Selutario
Selutario approved these changes Jan 24, 2024
View reviewed changes
integrations/maltiverse.py
@@ -5,8 +5,7 @@
# License (version 2) as published by the FSF - Free Software
# Foundation.

"""
What is Maltiverse?
"""What is Maltiverse?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This module docstring looks slightly strange when applying D212 rule since the first line in this case is not a summary but a title.

@Selutario
Copy link
Contributor

Merging since the failing checks are unrelated to these changes.

@Selutario Selutario dismissed nico-stefani’s stale review January 24, 2024 11:18

Nico is out-of-office so Edu approved the PR in the meantime.

@Selutario Selutario merged commit 77cfa7f into master Jan 24, 2024
@Selutario Selutario deleted the fix/20758-integrations-code-sanitization branch January 24, 2024 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Selutario Selutario Selutario approved these changes

@nico-stefani nico-stefani nico-stefani left review comments

@EduLeon12 EduLeon12 EduLeon12 left review comments

Assignees

@RamosFe RamosFe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Integrations code sanitization
4 participants
@RamosFe @Selutario @nico-stefani @EduLeon12
0