github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/20_hub_parsers.bats (about) 1 #!/usr/bin/env bats 2 # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si: 3 4 set -u 5 6 setup_file() { 7 load "../lib/setup_file.sh" 8 ./instance-data load 9 HUB_DIR=$(config_get '.config_paths.hub_dir') 10 export HUB_DIR 11 INDEX_PATH=$(config_get '.config_paths.index_path') 12 export INDEX_PATH 13 CONFIG_DIR=$(config_get '.config_paths.config_dir') 14 export CONFIG_DIR 15 } 16 17 teardown_file() { 18 load "../lib/teardown_file.sh" 19 } 20 21 setup() { 22 load "../lib/setup.sh" 23 load "../lib/bats-file/load.bash" 24 ./instance-data load 25 hub_strip_index 26 } 27 28 teardown() { 29 ./instance-crowdsec stop 30 } 31 32 #---------- 33 34 @test "cscli parsers list" { 35 hub_purge_all 36 37 # no items 38 rune -0 cscli parsers list 39 assert_output --partial "PARSERS" 40 rune -0 cscli parsers list -o json 41 assert_json '{parsers:[]}' 42 rune -0 cscli parsers list -o raw 43 assert_output 'name,status,version,description' 44 45 # some items 46 rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/windows-auth 47 48 rune -0 cscli parsers list 49 assert_output --partial crowdsecurity/whitelists 50 assert_output --partial crowdsecurity/windows-auth 51 rune -0 grep -c enabled <(output) 52 assert_output "2" 53 54 rune -0 cscli parsers list -o json 55 assert_output --partial crowdsecurity/whitelists 56 assert_output --partial crowdsecurity/windows-auth 57 rune -0 jq '.parsers | length' <(output) 58 assert_output "2" 59 60 rune -0 cscli parsers list -o raw 61 assert_output --partial crowdsecurity/whitelists 62 assert_output --partial crowdsecurity/windows-auth 63 rune -0 grep -vc 'name,status,version,description' <(output) 64 assert_output "2" 65 } 66 67 @test "cscli parsers list -a" { 68 expected=$(jq <"$INDEX_PATH" -r '.parsers | length') 69 70 rune -0 cscli parsers list -a 71 rune -0 grep -c disabled <(output) 72 assert_output "$expected" 73 74 rune -0 cscli parsers list -o json -a 75 rune -0 jq '.parsers | length' <(output) 76 assert_output "$expected" 77 78 rune -0 cscli parsers list -o raw -a 79 rune -0 grep -vc 'name,status,version,description' <(output) 80 assert_output "$expected" 81 82 # the list should be the same in all formats, and sorted (not case sensitive) 83 84 list_raw=$(cscli parsers list -o raw -a | tail -n +2 | cut -d, -f1) 85 list_human=$(cscli parsers list -o human -a | tail -n +6 | head -n -1 | cut -d' ' -f2) 86 list_json=$(cscli parsers list -o json -a | jq -r '.parsers[].name') 87 88 rune -0 sort -f <<<"$list_raw" 89 assert_output "$list_raw" 90 91 assert_equal "$list_raw" "$list_json" 92 assert_equal "$list_raw" "$list_human" 93 } 94 95 @test "cscli parsers list [parser]..." { 96 # non-existent 97 rune -1 cscli parsers install foo/bar 98 assert_stderr --partial "can't find 'foo/bar' in parsers" 99 100 # not installed 101 rune -0 cscli parsers list crowdsecurity/whitelists 102 assert_output --regexp 'crowdsecurity/whitelists.*disabled' 103 104 # install two items 105 rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/windows-auth 106 107 # list an installed item 108 rune -0 cscli parsers list crowdsecurity/whitelists 109 assert_output --regexp "crowdsecurity/whitelists.*enabled" 110 refute_output --partial "crowdsecurity/windows-auth" 111 112 # list multiple installed and non installed items 113 rune -0 cscli parsers list crowdsecurity/whitelists crowdsecurity/windows-auth crowdsecurity/traefik-logs 114 assert_output --partial "crowdsecurity/whitelists" 115 assert_output --partial "crowdsecurity/windows-auth" 116 assert_output --partial "crowdsecurity/traefik-logs" 117 118 rune -0 cscli parsers list crowdsecurity/whitelists -o json 119 rune -0 jq '.parsers | length' <(output) 120 assert_output "1" 121 rune -0 cscli parsers list crowdsecurity/whitelists crowdsecurity/windows-auth crowdsecurity/traefik-logs -o json 122 rune -0 jq '.parsers | length' <(output) 123 assert_output "3" 124 125 rune -0 cscli parsers list crowdsecurity/whitelists -o raw 126 rune -0 grep -vc 'name,status,version,description' <(output) 127 assert_output "1" 128 rune -0 cscli parsers list crowdsecurity/whitelists crowdsecurity/windows-auth crowdsecurity/traefik-logs -o raw 129 rune -0 grep -vc 'name,status,version,description' <(output) 130 assert_output "3" 131 } 132 133 @test "cscli parsers install" { 134 rune -1 cscli parsers install 135 assert_stderr --partial 'requires at least 1 arg(s), only received 0' 136 137 # not in hub 138 rune -1 cscli parsers install crowdsecurity/blahblah 139 assert_stderr --partial "can't find 'crowdsecurity/blahblah' in parsers" 140 141 # simple install 142 rune -0 cscli parsers install crowdsecurity/whitelists 143 rune -0 cscli parsers inspect crowdsecurity/whitelists --no-metrics 144 assert_output --partial 'crowdsecurity/whitelists' 145 assert_output --partial 'installed: true' 146 147 # autocorrect 148 rune -1 cscli parsers install crowdsecurity/sshd-logz 149 assert_stderr --partial "can't find 'crowdsecurity/sshd-logz' in parsers, did you mean 'crowdsecurity/sshd-logs'?" 150 151 # install multiple 152 rune -0 cscli parsers install crowdsecurity/pgsql-logs crowdsecurity/postfix-logs 153 rune -0 cscli parsers inspect crowdsecurity/pgsql-logs --no-metrics 154 assert_output --partial 'crowdsecurity/pgsql-logs' 155 assert_output --partial 'installed: true' 156 rune -0 cscli parsers inspect crowdsecurity/postfix-logs --no-metrics 157 assert_output --partial 'crowdsecurity/postfix-logs' 158 assert_output --partial 'installed: true' 159 } 160 161 @test "cscli parsers install (file location and download-only)" { 162 rune -0 cscli parsers install crowdsecurity/whitelists --download-only 163 rune -0 cscli parsers inspect crowdsecurity/whitelists --no-metrics 164 assert_output --partial 'crowdsecurity/whitelists' 165 assert_output --partial 'installed: false' 166 assert_file_exists "$HUB_DIR/parsers/s02-enrich/crowdsecurity/whitelists.yaml" 167 assert_file_not_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 168 169 rune -0 cscli parsers install crowdsecurity/whitelists 170 rune -0 cscli parsers inspect crowdsecurity/whitelists --no-metrics 171 assert_output --partial 'installed: true' 172 assert_file_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 173 } 174 175 @test "cscli parsers install --force (tainted)" { 176 rune -0 cscli parsers install crowdsecurity/whitelists 177 echo "dirty" >"$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 178 179 rune -1 cscli parsers install crowdsecurity/whitelists 180 assert_stderr --partial "error while installing 'crowdsecurity/whitelists': while enabling crowdsecurity/whitelists: crowdsecurity/whitelists is tainted, won't enable unless --force" 181 182 rune -0 cscli parsers install crowdsecurity/whitelists --force 183 assert_stderr --partial "crowdsecurity/whitelists: overwrite" 184 assert_stderr --partial "Enabled crowdsecurity/whitelists" 185 } 186 187 @test "cscli parsers install --ignore (skip on errors)" { 188 rune -1 cscli parsers install foo/bar crowdsecurity/whitelists 189 assert_stderr --partial "can't find 'foo/bar' in parsers" 190 refute_stderr --partial "Enabled parsers: crowdsecurity/whitelists" 191 192 rune -0 cscli parsers install foo/bar crowdsecurity/whitelists --ignore 193 assert_stderr --partial "can't find 'foo/bar' in parsers" 194 assert_stderr --partial "Enabled parsers: crowdsecurity/whitelists" 195 } 196 197 @test "cscli parsers inspect" { 198 rune -1 cscli parsers inspect 199 assert_stderr --partial 'requires at least 1 arg(s), only received 0' 200 # required for metrics 201 ./instance-crowdsec start 202 203 rune -1 cscli parsers inspect blahblah/blahblah 204 assert_stderr --partial "can't find 'blahblah/blahblah' in parsers" 205 206 # one item 207 rune -0 cscli parsers inspect crowdsecurity/sshd-logs --no-metrics 208 assert_line 'type: parsers' 209 assert_line 'stage: s01-parse' 210 assert_line 'name: crowdsecurity/sshd-logs' 211 assert_line 'author: crowdsecurity' 212 assert_line 'path: parsers/s01-parse/crowdsecurity/sshd-logs.yaml' 213 assert_line 'installed: false' 214 refute_line --partial 'Current metrics:' 215 216 # one item, with metrics 217 rune -0 cscli parsers inspect crowdsecurity/sshd-logs 218 assert_line --partial 'Current metrics:' 219 220 # one item, json 221 rune -0 cscli parsers inspect crowdsecurity/sshd-logs -o json 222 rune -0 jq -c '[.type, .stage, .name, .author, .path, .installed]' <(output) 223 assert_json '["parsers","s01-parse","crowdsecurity/sshd-logs","crowdsecurity","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",false]' 224 225 # one item, raw 226 rune -0 cscli parsers inspect crowdsecurity/sshd-logs -o raw 227 assert_line 'type: parsers' 228 assert_line 'name: crowdsecurity/sshd-logs' 229 assert_line 'stage: s01-parse' 230 assert_line 'author: crowdsecurity' 231 assert_line 'path: parsers/s01-parse/crowdsecurity/sshd-logs.yaml' 232 assert_line 'installed: false' 233 refute_line --partial 'Current metrics:' 234 235 # multiple items 236 rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists --no-metrics 237 assert_output --partial 'crowdsecurity/sshd-logs' 238 assert_output --partial 'crowdsecurity/whitelists' 239 rune -1 grep -c 'Current metrics:' <(output) 240 assert_output "0" 241 242 # multiple items, with metrics 243 rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists 244 rune -0 grep -c 'Current metrics:' <(output) 245 assert_output "2" 246 247 # multiple items, json 248 rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists -o json 249 rune -0 jq -sc '[.[] | [.type, .stage, .name, .author, .path, .installed]]' <(output) 250 assert_json '[["parsers","s01-parse","crowdsecurity/sshd-logs","crowdsecurity","parsers/s01-parse/crowdsecurity/sshd-logs.yaml",false],["parsers","s02-enrich","crowdsecurity/whitelists","crowdsecurity","parsers/s02-enrich/crowdsecurity/whitelists.yaml",false]]' 251 252 # multiple items, raw 253 rune -0 cscli parsers inspect crowdsecurity/sshd-logs crowdsecurity/whitelists -o raw 254 assert_output --partial 'crowdsecurity/sshd-logs' 255 assert_output --partial 'crowdsecurity/whitelists' 256 rune -1 grep -c 'Current metrics:' <(output) 257 assert_output "0" 258 } 259 260 @test "cscli parsers remove" { 261 rune -1 cscli parsers remove 262 assert_stderr --partial "specify at least one parser to remove or '--all'" 263 rune -1 cscli parsers remove blahblah/blahblah 264 assert_stderr --partial "can't find 'blahblah/blahblah' in parsers" 265 266 rune -0 cscli parsers install crowdsecurity/whitelists --download-only 267 rune -0 cscli parsers remove crowdsecurity/whitelists 268 assert_stderr --partial "removing crowdsecurity/whitelists: not installed -- no need to remove" 269 270 rune -0 cscli parsers install crowdsecurity/whitelists 271 rune -0 cscli parsers remove crowdsecurity/whitelists 272 assert_stderr --partial "Removed crowdsecurity/whitelists" 273 274 rune -0 cscli parsers remove crowdsecurity/whitelists --purge 275 assert_stderr --partial 'Removed source file [crowdsecurity/whitelists]' 276 277 rune -0 cscli parsers remove crowdsecurity/whitelists 278 assert_stderr --partial "removing crowdsecurity/whitelists: not installed -- no need to remove" 279 280 rune -0 cscli parsers remove crowdsecurity/whitelists --purge --debug 281 assert_stderr --partial 'removing crowdsecurity/whitelists: not downloaded -- no need to remove' 282 refute_stderr --partial 'Removed source file [crowdsecurity/whitelists]' 283 284 # install, then remove, check files 285 rune -0 cscli parsers install crowdsecurity/whitelists 286 assert_file_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 287 rune -0 cscli parsers remove crowdsecurity/whitelists 288 assert_file_not_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 289 290 # delete is an alias for remove 291 rune -0 cscli parsers install crowdsecurity/whitelists 292 assert_file_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 293 rune -0 cscli parsers delete crowdsecurity/whitelists 294 assert_file_not_exists "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 295 296 # purge 297 assert_file_exists "$HUB_DIR/parsers/s02-enrich/crowdsecurity/whitelists.yaml" 298 rune -0 cscli parsers remove crowdsecurity/whitelists --purge 299 assert_file_not_exists "$HUB_DIR/parsers/s02-enrich/crowdsecurity/whitelists.yaml" 300 301 rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/windows-auth 302 303 # --all 304 rune -0 cscli parsers list -o raw 305 rune -0 grep -vc 'name,status,version,description' <(output) 306 assert_output "2" 307 308 rune -0 cscli parsers remove --all 309 310 rune -0 cscli parsers list -o raw 311 rune -1 grep -vc 'name,status,version,description' <(output) 312 assert_output "0" 313 } 314 315 @test "cscli parsers remove --force" { 316 # remove a parser that belongs to a collection 317 rune -0 cscli collections install crowdsecurity/sshd 318 rune -0 cscli parsers remove crowdsecurity/sshd-logs 319 assert_stderr --partial "crowdsecurity/sshd-logs belongs to collections: [crowdsecurity/sshd]" 320 assert_stderr --partial "Run 'sudo cscli parsers remove crowdsecurity/sshd-logs --force' if you want to force remove this parser" 321 } 322 323 @test "cscli parsers upgrade" { 324 rune -1 cscli parsers upgrade 325 assert_stderr --partial "specify at least one parser to upgrade or '--all'" 326 rune -1 cscli parsers upgrade blahblah/blahblah 327 assert_stderr --partial "can't find 'blahblah/blahblah' in parsers" 328 rune -0 cscli parsers remove crowdsecurity/pam-logs --purge 329 rune -1 cscli parsers upgrade crowdsecurity/pam-logs 330 assert_stderr --partial "can't upgrade crowdsecurity/pam-logs: not installed" 331 rune -0 cscli parsers install crowdsecurity/pam-logs --download-only 332 rune -1 cscli parsers upgrade crowdsecurity/pam-logs 333 assert_stderr --partial "can't upgrade crowdsecurity/pam-logs: downloaded but not installed" 334 335 # hash of the string "v0.0" 336 sha256_0_0="dfebecf42784a31aa3d009dbcec0c657154a034b45f49cf22a895373f6dbf63d" 337 338 # add version 0.0 to all parsers 339 new_hub=$(jq --arg DIGEST "$sha256_0_0" <"$INDEX_PATH" '.parsers |= with_entries(.value.versions["0.0"] = {"digest": $DIGEST, "deprecated": false})') 340 echo "$new_hub" >"$INDEX_PATH" 341 342 rune -0 cscli parsers install crowdsecurity/whitelists 343 344 echo "v0.0" > "$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 345 rune -0 cscli parsers inspect crowdsecurity/whitelists -o json 346 rune -0 jq -e '.local_version=="0.0"' <(output) 347 348 # upgrade 349 rune -0 cscli parsers upgrade crowdsecurity/whitelists 350 rune -0 cscli parsers inspect crowdsecurity/whitelists -o json 351 rune -0 jq -e '.local_version==.version' <(output) 352 353 # taint 354 echo "dirty" >"$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 355 # XXX: should return error 356 rune -0 cscli parsers upgrade crowdsecurity/whitelists 357 assert_stderr --partial "crowdsecurity/whitelists is tainted, --force to overwrite" 358 rune -0 cscli parsers inspect crowdsecurity/whitelists -o json 359 rune -0 jq -e '.local_version=="?"' <(output) 360 361 # force upgrade with taint 362 rune -0 cscli parsers upgrade crowdsecurity/whitelists --force 363 rune -0 cscli parsers inspect crowdsecurity/whitelists -o json 364 rune -0 jq -e '.local_version==.version' <(output) 365 366 # multiple items 367 rune -0 cscli parsers install crowdsecurity/windows-auth 368 echo "v0.0" >"$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 369 echo "v0.0" >"$CONFIG_DIR/parsers/s01-parse/windows-auth.yaml" 370 rune -0 cscli parsers list -o json 371 rune -0 jq -e '[.parsers[].local_version]==["0.0","0.0"]' <(output) 372 rune -0 cscli parsers upgrade crowdsecurity/whitelists crowdsecurity/windows-auth 373 rune -0 cscli parsers list -o json 374 rune -0 jq -e 'any(.parsers[].local_version; .=="0.0") | not' <(output) 375 376 # upgrade all 377 echo "v0.0" >"$CONFIG_DIR/parsers/s02-enrich/whitelists.yaml" 378 echo "v0.0" >"$CONFIG_DIR/parsers/s01-parse/windows-auth.yaml" 379 rune -0 cscli parsers list -o json 380 rune -0 jq -e '[.parsers[].local_version]==["0.0","0.0"]' <(output) 381 rune -0 cscli parsers upgrade --all 382 rune -0 cscli parsers list -o json 383 rune -0 jq -e 'any(.parsers[].local_version; .=="0.0") | not' <(output) 384 }