|
6 | 6 |
|
7 | 7 | import pytest |
8 | 8 | from pytest_httpserver import HTTPServer |
| 9 | +from pydantic import ValidationError |
| 10 | + |
9 | 11 |
|
10 | 12 | from _incydr_cli.cmds.options.output_options import TableFormat |
11 | 13 | from _incydr_cli.cursor import CursorStore |
|
564 | 566 |
|
565 | 567 | TEST_SAVED_SEARCH_ID = "saved-search-1" |
566 | 568 |
|
| 569 | +TEST_BAD_EVENT_JSON = """{ |
| 570 | + "fileEvents": [ |
| 571 | + { |
| 572 | + "@timestamp": "2025-08-04T01:01:01.081Z", |
| 573 | + "event": { |
| 574 | + "id": "example_id", |
| 575 | + "inserted": "2025-08-04T01:01:01.816033973Z", |
| 576 | + "action": "removable-media-created", |
| 577 | + "observer": "Endpoint", |
| 578 | + "detectorDisplayName": null, |
| 579 | + "shareType": [], |
| 580 | + "ingested": "2025-08-04T01:01:01.366Z", |
| 581 | + "vector": "REMOVABLE_MEDIA_OUT", |
| 582 | + "xfcEventId": "exampleid" |
| 583 | + }, |
| 584 | + "user": { |
| 585 | + "email": "example@example.com", |
| 586 | + "id": "12345678", |
| 587 | + "deviceUid": "1234565", |
| 588 | + "actorHour": "12345678/2025-08-04T09:00:00Z", |
| 589 | + "department": "12345", |
| 590 | + "groups": [ |
| 591 | + { |
| 592 | + "id": "12345", |
| 593 | + "displayName": "examplegroup" |
| 594 | + } |
| 595 | + ] |
| 596 | + }, |
| 597 | + "file": { |
| 598 | + "name": "examplename.GIF", |
| 599 | + "originalName": "examplename.GIF", |
| 600 | + "directory": "D:/exaple/path/on/drive/", |
| 601 | + "originalDirectory": "C:/example/path/to/original/", |
| 602 | + "category": "Image", |
| 603 | + "mimeType": "image/gif", |
| 604 | + "mimeTypeByBytes": "image/gif", |
| 605 | + "categoryByBytes": null, |
| 606 | + "mimeTypeByExtension": "image/gif", |
| 607 | + "categoryByExtension": null, |
| 608 | + "sizeInBytes": 37757, |
| 609 | + "owner":"\Everyone", |
| 610 | + "created": "2018-08-14T05:55:09.650Z", |
| 611 | + "modified": "2009-02-04T05:49:16Z", |
| 612 | + "hash": { |
| 613 | + "md5": "da4655be40a207f0ae3bf53c7d255cb9", |
| 614 | + "sha256": "2dbc974a038924019344cf44858a863c90f64a3a6c6d2ad24e61d1b019aae9a7", |
| 615 | + "md5Error": null, |
| 616 | + "sha256Error": null |
| 617 | + }, |
| 618 | + "id": null, |
| 619 | + "url": null, |
| 620 | + "directoryId": [], |
| 621 | + "cloudDriveId": null, |
| 622 | + "classifications": [], |
| 623 | + "acquiredFrom": [], |
| 624 | + "changeType": "COPIED", |
| 625 | + "archiveId": null, |
| 626 | + "parentArchiveId": null, |
| 627 | + "passwordProtected": null |
| 628 | + }, |
| 629 | + "report": { |
| 630 | + "id": null, |
| 631 | + "name": null, |
| 632 | + "description": null, |
| 633 | + "headers": [], |
| 634 | + "count": null, |
| 635 | + "type": null |
| 636 | + }, |
| 637 | + "source": { |
| 638 | + "category": "Device", |
| 639 | + "name": "example-device", |
| 640 | + "user": { |
| 641 | + "email": [] |
| 642 | + }, |
| 643 | + "domain": "example.domain.com", |
| 644 | + "ip": "1.2.3.4", |
| 645 | + "privateIp": [ |
| 646 | + "1.2.3.4" |
| 647 | + ], |
| 648 | + "operatingSystem": "Windows", |
| 649 | + "email": { |
| 650 | + "sender": null, |
| 651 | + "from": null |
| 652 | + }, |
| 653 | + "removableMedia": { |
| 654 | + "vendor": null, |
| 655 | + "name": null, |
| 656 | + "serialNumber": null, |
| 657 | + "capacity": null, |
| 658 | + "busType": null, |
| 659 | + "mediaName": null, |
| 660 | + "volumeName": [], |
| 661 | + "partitionId": [] |
| 662 | + }, |
| 663 | + "tabs": [], |
| 664 | + "accountName": null, |
| 665 | + "accountType": null, |
| 666 | + "domains": [], |
| 667 | + "remoteHostname": null, |
| 668 | + "identifiers": null |
| 669 | + }, |
| 670 | + "destination": { |
| 671 | + "category": "Device", |
| 672 | + "name": "Removable Media", |
| 673 | + "user": { |
| 674 | + "email": [], |
| 675 | + "emailDomain": [] |
| 676 | + }, |
| 677 | + "ip": null, |
| 678 | + "privateIp": [], |
| 679 | + "operatingSystem": null, |
| 680 | + "printJobName": null, |
| 681 | + "printerName": null, |
| 682 | + "printedFilesBackupPath": null, |
| 683 | + "removableMedia": { |
| 684 | + "vendor": "example vendor", |
| 685 | + "name": "example name", |
| 686 | + "serialNumber": "exampleserial", |
| 687 | + "capacity": 1000204883968, |
| 688 | + "busType": "USB", |
| 689 | + "mediaName": "example name", |
| 690 | + "volumeName": [ |
| 691 | + "Kavitha-HDD (D:)" |
| 692 | + ], |
| 693 | + "partitionId": [ |
| 694 | + "exampleid" |
| 695 | + ] |
| 696 | + }, |
| 697 | + "email": { |
| 698 | + "recipients": [], |
| 699 | + "subject": null |
| 700 | + }, |
| 701 | + "tabs": [], |
| 702 | + "accountName": null, |
| 703 | + "accountType": null, |
| 704 | + "domains": [], |
| 705 | + "remoteHostname": null, |
| 706 | + "identifiers": [ |
| 707 | + { |
| 708 | + "key": "mediaName", |
| 709 | + "value": "example name" |
| 710 | + }, |
| 711 | + { |
| 712 | + "key": "serialNumber", |
| 713 | + "value": "asdf" |
| 714 | + } |
| 715 | + ] |
| 716 | + }, |
| 717 | + "process": { |
| 718 | + "executable": "C:/Windows/explorer.exe", |
| 719 | + "owner": "exampleowner", |
| 720 | + "extension": { |
| 721 | + "browser": null, |
| 722 | + "version": null, |
| 723 | + "loggedInUser": null |
| 724 | + } |
| 725 | + }, |
| 726 | + "risk": { |
| 727 | + "score": 3, |
| 728 | + "severity": "LOW", |
| 729 | + "indicators": [ |
| 730 | + { |
| 731 | + "name": "Remote", |
| 732 | + "id": "Remote", |
| 733 | + "weight": 0 |
| 734 | + }, |
| 735 | + { |
| 736 | + "name": "Removable media", |
| 737 | + "id": "Removable media", |
| 738 | + "weight": 3 |
| 739 | + }, |
| 740 | + { |
| 741 | + "name": "Image", |
| 742 | + "id": "Image", |
| 743 | + "weight": 0 |
| 744 | + } |
| 745 | + ], |
| 746 | + "activityTier": "Default", |
| 747 | + "trusted": false, |
| 748 | + "trustReason": null, |
| 749 | + "untrustedValues": { |
| 750 | + "accountNames": [], |
| 751 | + "domains": [], |
| 752 | + "gitRepositoryUris": [], |
| 753 | + "slackWorkspaces": [], |
| 754 | + "urlPaths": [] |
| 755 | + } |
| 756 | + }, |
| 757 | + "git": { |
| 758 | + "eventId": null, |
| 759 | + "lastCommitHash": null, |
| 760 | + "repositoryUri": null, |
| 761 | + "repositoryUser": null, |
| 762 | + "repositoryEmail": null, |
| 763 | + "repositoryEndpointPath": null |
| 764 | + }, |
| 765 | + "responseControls": { |
| 766 | + "preventativeControl": null, |
| 767 | + "reason": null, |
| 768 | + "userJustification": { |
| 769 | + "reason": null, |
| 770 | + "text": null |
| 771 | + } |
| 772 | + }, |
| 773 | + "paste": { |
| 774 | + "mimeTypes": [], |
| 775 | + "totalContentSize": null, |
| 776 | + "visibleContentSize": null |
| 777 | + } |
| 778 | + } |
| 779 | + ], |
| 780 | + "nextPgToken": "", |
| 781 | + "problems": null, |
| 782 | + "totalCount": 1 |
| 783 | +}""" |
| 784 | + |
567 | 785 |
|
568 | 786 | @pytest.fixture |
569 | 787 | def mock_get_saved_search(httpserver_auth): |
@@ -593,7 +811,6 @@ def mock_list_saved_searches(httpserver_auth): |
593 | 811 | "/v2/file-events/saved-searches", method="GET" |
594 | 812 | ).respond_with_json(search_data) |
595 | 813 |
|
596 | | - |
597 | 814 | @pytest.mark.parametrize( |
598 | 815 | "query, expected_query", |
599 | 816 | [(TEST_EVENT_QUERY, TEST_DICT_QUERY)], |
@@ -661,6 +878,16 @@ def test_get_saved_search_returns_expected_data_when_search_has_subgroups( |
661 | 878 | assert isinstance(search, SavedSearch) |
662 | 879 | assert search.json() == TEST_SAVED_SEARCH_3.json() |
663 | 880 |
|
| 881 | +def test_search_raises_exception_when_bad_event_json(httpserver_auth: HTTPServer): |
| 882 | + httpserver_auth.expect_request("/v2/file-events", method="POST").respond_with_data( |
| 883 | + TEST_BAD_EVENT_JSON |
| 884 | + ) |
| 885 | + |
| 886 | + client = Client() |
| 887 | + query = EventQuery.construct(**TEST_DICT_QUERY) |
| 888 | + with pytest.raises(ValidationError): |
| 889 | + client.file_events.v2.search(query) |
| 890 | + |
664 | 891 |
|
665 | 892 | # ************************************************ CLI ************************************************ |
666 | 893 |
|
|
0 commit comments