github.com/crowdsecurity/crowdsec@v1.6.1/docker/test/tests/test_hub_collections.py (about) 1 #!/usr/bin/env python 2 3 """ 4 Test collection management 5 """ 6 7 from http import HTTPStatus 8 import json 9 10 import pytest 11 12 pytestmark = pytest.mark.docker 13 14 15 def test_install_two_collections(crowdsec, flavor): 16 """Test installing collections at startup""" 17 it1 = 'crowdsecurity/apache2' 18 it2 = 'crowdsecurity/asterisk' 19 env = { 20 'COLLECTIONS': f'{it1} {it2}' 21 } 22 with crowdsec(flavor=flavor, environment=env) as cs: 23 cs.wait_for_http(8080, '/health', want_status=HTTPStatus.OK) 24 res = cs.cont.exec_run('cscli collections list -o json') 25 assert res.exit_code == 0 26 j = json.loads(res.output) 27 items = {c['name']: c for c in j['collections']} 28 assert items[it1]['status'] == 'enabled' 29 assert items[it2]['status'] == 'enabled' 30 cs.wait_for_log([ 31 # f'*collections install "{it1}"*' 32 # f'*collections install "{it2}"*' 33 f'*Enabled collections: {it1}*', 34 f'*Enabled collections: {it2}*', 35 ]) 36 37 38 def test_disable_collection(crowdsec, flavor): 39 """Test removing a pre-installed collection at startup""" 40 it = 'crowdsecurity/linux' 41 env = { 42 'DISABLE_COLLECTIONS': it 43 } 44 with crowdsec(flavor=flavor, environment=env) as cs: 45 cs.wait_for_log("*Starting processing data*") 46 cs.wait_for_http(8080, '/health', want_status=HTTPStatus.OK) 47 res = cs.cont.exec_run('cscli collections list -o json') 48 assert res.exit_code == 0 49 j = json.loads(res.output) 50 items = {c['name'] for c in j['collections']} 51 assert it not in items 52 cs.wait_for_log([ 53 # f'*collections remove "{it}*", 54 f'*Removed symlink [[]{it}[]]*', 55 ]) 56 57 58 def test_install_and_disable_collection(crowdsec, flavor): 59 """Declare a collection to install AND disable: disable wins""" 60 it = 'crowdsecurity/apache2' 61 env = { 62 'COLLECTIONS': it, 63 'DISABLE_COLLECTIONS': it, 64 } 65 with crowdsec(flavor=flavor, environment=env) as cs: 66 cs.wait_for_log("*Starting processing data*") 67 cs.wait_for_http(8080, '/health', want_status=HTTPStatus.OK) 68 res = cs.cont.exec_run('cscli collections list -o json') 69 assert res.exit_code == 0 70 j = json.loads(res.output) 71 items = {c['name'] for c in j['collections']} 72 assert it not in items 73 logs = cs.log_lines() 74 # check that there was no attempt to install 75 assert not any(f'Enabled collections: {it}' in line for line in logs) 76 77 78 # already done in bats, prividing here as example of a somewhat complex test 79 def test_taint_bubble_up(crowdsec, tmp_path_factory, flavor): 80 coll = 'crowdsecurity/nginx' 81 env = { 82 'COLLECTIONS': f'{coll}' 83 } 84 85 with crowdsec(flavor=flavor, environment=env) as cs: 86 cs.wait_for_http(8080, '/health', want_status=HTTPStatus.OK) 87 res = cs.cont.exec_run('cscli collections list -o json') 88 assert res.exit_code == 0 89 j = json.loads(res.output) 90 items = {c['name']: c for c in j['collections']} 91 # implicit check for tainted=False 92 assert items[coll]['status'] == 'enabled' 93 cs.wait_for_log([ 94 f'*Enabled collections: {coll}*', 95 ]) 96 97 scenario = 'crowdsecurity/http-crawl-non_statics' 98 99 # the description won't be read back, it's from the index 100 yq_command = f"yq -e -i '.description=\"tainted\"' /etc/crowdsec/hub/scenarios/{scenario}.yaml" 101 res = cs.cont.exec_run(yq_command) 102 assert res.exit_code == 0 103 104 res = cs.cont.exec_run(f'cscli scenarios inspect {scenario} -o json') 105 assert res.exit_code == 0 106 j = json.loads(res.output) 107 assert j['tainted'] is True 108 109 res = cs.cont.exec_run('cscli collections list -o json') 110 assert res.exit_code == 0 111 j = json.loads(res.output) 112 items = {c['name']: c for c in j['collections']} 113 assert items['crowdsecurity/nginx']['status'] == 'enabled,tainted' 114 assert items['crowdsecurity/base-http-scenarios']['status'] == 'enabled,tainted'