github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/20_hub_scenarios.bats (about) 1 #!/usr/bin/env bats 2 # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si: 3 4 set -u 5 6 setup_file() { 7 load "../lib/setup_file.sh" 8 ./instance-data load 9 HUB_DIR=$(config_get '.config_paths.hub_dir') 10 export HUB_DIR 11 INDEX_PATH=$(config_get '.config_paths.index_path') 12 export INDEX_PATH 13 CONFIG_DIR=$(config_get '.config_paths.config_dir') 14 export CONFIG_DIR 15 } 16 17 teardown_file() { 18 load "../lib/teardown_file.sh" 19 } 20 21 setup() { 22 load "../lib/setup.sh" 23 load "../lib/bats-file/load.bash" 24 ./instance-data load 25 hub_strip_index 26 } 27 28 teardown() { 29 ./instance-crowdsec stop 30 } 31 32 #---------- 33 34 @test "cscli scenarios list" { 35 hub_purge_all 36 37 # no items 38 rune -0 cscli scenarios list 39 assert_output --partial "SCENARIOS" 40 rune -0 cscli scenarios list -o json 41 assert_json '{scenarios:[]}' 42 rune -0 cscli scenarios list -o raw 43 assert_output 'name,status,version,description' 44 45 # some items 46 rune -0 cscli scenarios install crowdsecurity/ssh-bf crowdsecurity/telnet-bf 47 48 rune -0 cscli scenarios list 49 assert_output --partial crowdsecurity/ssh-bf 50 assert_output --partial crowdsecurity/telnet-bf 51 rune -0 grep -c enabled <(output) 52 assert_output "2" 53 54 rune -0 cscli scenarios list -o json 55 assert_output --partial crowdsecurity/ssh-bf 56 assert_output --partial crowdsecurity/telnet-bf 57 rune -0 jq '.scenarios | length' <(output) 58 assert_output "2" 59 60 rune -0 cscli scenarios list -o raw 61 assert_output --partial crowdsecurity/ssh-bf 62 assert_output --partial crowdsecurity/telnet-bf 63 rune -0 grep -vc 'name,status,version,description' <(output) 64 assert_output "2" 65 } 66 67 @test "cscli scenarios list -a" { 68 expected=$(jq <"$INDEX_PATH" -r '.scenarios | length') 69 70 rune -0 cscli scenarios list -a 71 rune -0 grep -c disabled <(output) 72 assert_output "$expected" 73 74 rune -0 cscli scenarios list -o json -a 75 rune -0 jq '.scenarios | length' <(output) 76 assert_output "$expected" 77 78 rune -0 cscli scenarios list -o raw -a 79 rune -0 grep -vc 'name,status,version,description' <(output) 80 assert_output "$expected" 81 82 # the list should be the same in all formats, and sorted (not case sensitive) 83 84 list_raw=$(cscli scenarios list -o raw -a | tail -n +2 | cut -d, -f1) 85 list_human=$(cscli scenarios list -o human -a | tail -n +6 | head -n -1 | cut -d' ' -f2) 86 list_json=$(cscli scenarios list -o json -a | jq -r '.scenarios[].name') 87 88 rune -0 sort -f <<<"$list_raw" 89 assert_output "$list_raw" 90 91 assert_equal "$list_raw" "$list_json" 92 assert_equal "$list_raw" "$list_human" 93 } 94 95 @test "cscli scenarios list [scenario]..." { 96 # non-existent 97 rune -1 cscli scenario install foo/bar 98 assert_stderr --partial "can't find 'foo/bar' in scenarios" 99 100 # not installed 101 rune -0 cscli scenarios list crowdsecurity/ssh-bf 102 assert_output --regexp 'crowdsecurity/ssh-bf.*disabled' 103 104 # install two items 105 rune -0 cscli scenarios install crowdsecurity/ssh-bf crowdsecurity/telnet-bf 106 107 # list an installed item 108 rune -0 cscli scenarios list crowdsecurity/ssh-bf 109 assert_output --regexp "crowdsecurity/ssh-bf.*enabled" 110 refute_output --partial "crowdsecurity/telnet-bf" 111 112 # list multiple installed and non installed items 113 rune -0 cscli scenarios list crowdsecurity/ssh-bf crowdsecurity/telnet-bf crowdsecurity/aws-bf crowdsecurity/aws-bf 114 assert_output --partial "crowdsecurity/ssh-bf" 115 assert_output --partial "crowdsecurity/telnet-bf" 116 assert_output --partial "crowdsecurity/aws-bf" 117 118 rune -0 cscli scenarios list crowdsecurity/ssh-bf -o json 119 rune -0 jq '.scenarios | length' <(output) 120 assert_output "1" 121 rune -0 cscli scenarios list crowdsecurity/ssh-bf crowdsecurity/telnet-bf crowdsecurity/aws-bf -o json 122 rune -0 jq '.scenarios | length' <(output) 123 assert_output "3" 124 125 rune -0 cscli scenarios list crowdsecurity/ssh-bf -o raw 126 rune -0 grep -vc 'name,status,version,description' <(output) 127 assert_output "1" 128 rune -0 cscli scenarios list crowdsecurity/ssh-bf crowdsecurity/telnet-bf crowdsecurity/aws-bf -o raw 129 rune -0 grep -vc 'name,status,version,description' <(output) 130 assert_output "3" 131 } 132 133 @test "cscli scenarios install" { 134 rune -1 cscli scenarios install 135 assert_stderr --partial 'requires at least 1 arg(s), only received 0' 136 137 # not in hub 138 rune -1 cscli scenarios install crowdsecurity/blahblah 139 assert_stderr --partial "can't find 'crowdsecurity/blahblah' in scenarios" 140 141 # simple install 142 rune -0 cscli scenarios install crowdsecurity/ssh-bf 143 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics 144 assert_output --partial 'crowdsecurity/ssh-bf' 145 assert_output --partial 'installed: true' 146 147 # autocorrect 148 rune -1 cscli scenarios install crowdsecurity/ssh-tf 149 assert_stderr --partial "can't find 'crowdsecurity/ssh-tf' in scenarios, did you mean 'crowdsecurity/ssh-bf'?" 150 151 # install multiple 152 rune -0 cscli scenarios install crowdsecurity/ssh-bf crowdsecurity/telnet-bf 153 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics 154 assert_output --partial 'crowdsecurity/ssh-bf' 155 assert_output --partial 'installed: true' 156 rune -0 cscli scenarios inspect crowdsecurity/telnet-bf --no-metrics 157 assert_output --partial 'crowdsecurity/telnet-bf' 158 assert_output --partial 'installed: true' 159 } 160 161 @test "cscli scenarios install (file location and download-only)" { 162 # simple install 163 rune -0 cscli scenarios install crowdsecurity/ssh-bf --download-only 164 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics 165 assert_output --partial 'crowdsecurity/ssh-bf' 166 assert_output --partial 'installed: false' 167 assert_file_exists "$HUB_DIR/scenarios/crowdsecurity/ssh-bf.yaml" 168 assert_file_not_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 169 170 rune -0 cscli scenarios install crowdsecurity/ssh-bf 171 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics 172 assert_output --partial 'installed: true' 173 assert_file_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 174 } 175 176 @test "cscli scenarios install --force (tainted)" { 177 rune -0 cscli scenarios install crowdsecurity/ssh-bf 178 echo "dirty" >"$CONFIG_DIR/scenarios/ssh-bf.yaml" 179 180 rune -1 cscli scenarios install crowdsecurity/ssh-bf 181 assert_stderr --partial "error while installing 'crowdsecurity/ssh-bf': while enabling crowdsecurity/ssh-bf: crowdsecurity/ssh-bf is tainted, won't enable unless --force" 182 183 rune -0 cscli scenarios install crowdsecurity/ssh-bf --force 184 assert_stderr --partial "crowdsecurity/ssh-bf: overwrite" 185 assert_stderr --partial "Enabled crowdsecurity/ssh-bf" 186 } 187 188 @test "cscli scenarios install --ignore (skip on errors)" { 189 rune -1 cscli scenarios install foo/bar crowdsecurity/ssh-bf 190 assert_stderr --partial "can't find 'foo/bar' in scenarios" 191 refute_stderr --partial "Enabled scenarios: crowdsecurity/ssh-bf" 192 193 rune -0 cscli scenarios install foo/bar crowdsecurity/ssh-bf --ignore 194 assert_stderr --partial "can't find 'foo/bar' in scenarios" 195 assert_stderr --partial "Enabled scenarios: crowdsecurity/ssh-bf" 196 } 197 198 @test "cscli scenarios inspect" { 199 rune -1 cscli scenarios inspect 200 assert_stderr --partial 'requires at least 1 arg(s), only received 0' 201 # required for metrics 202 ./instance-crowdsec start 203 204 rune -1 cscli scenarios inspect blahblah/blahblah 205 assert_stderr --partial "can't find 'blahblah/blahblah' in scenarios" 206 207 # one item 208 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf --no-metrics 209 assert_line 'type: scenarios' 210 assert_line 'name: crowdsecurity/ssh-bf' 211 assert_line 'author: crowdsecurity' 212 assert_line 'path: scenarios/crowdsecurity/ssh-bf.yaml' 213 assert_line 'installed: false' 214 refute_line --partial 'Current metrics:' 215 216 # one item, with metrics 217 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf 218 assert_line --partial 'Current metrics:' 219 220 # one item, json 221 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 222 rune -0 jq -c '[.type, .name, .author, .path, .installed]' <(output) 223 assert_json '["scenarios","crowdsecurity/ssh-bf","crowdsecurity","scenarios/crowdsecurity/ssh-bf.yaml",false]' 224 225 # one item, raw 226 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o raw 227 assert_line 'type: scenarios' 228 assert_line 'name: crowdsecurity/ssh-bf' 229 assert_line 'author: crowdsecurity' 230 assert_line 'path: scenarios/crowdsecurity/ssh-bf.yaml' 231 assert_line 'installed: false' 232 refute_line --partial 'Current metrics:' 233 234 # multiple items 235 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf crowdsecurity/telnet-bf --no-metrics 236 assert_output --partial 'crowdsecurity/ssh-bf' 237 assert_output --partial 'crowdsecurity/telnet-bf' 238 rune -1 grep -c 'Current metrics:' <(output) 239 assert_output "0" 240 241 # multiple items, with metrics 242 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf crowdsecurity/telnet-bf 243 rune -0 grep -c 'Current metrics:' <(output) 244 assert_output "2" 245 246 # multiple items, json 247 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf crowdsecurity/telnet-bf -o json 248 rune -0 jq -sc '[.[] | [.type, .name, .author, .path, .installed]]' <(output) 249 assert_json '[["scenarios","crowdsecurity/ssh-bf","crowdsecurity","scenarios/crowdsecurity/ssh-bf.yaml",false],["scenarios","crowdsecurity/telnet-bf","crowdsecurity","scenarios/crowdsecurity/telnet-bf.yaml",false]]' 250 251 # multiple items, raw 252 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf crowdsecurity/telnet-bf -o raw 253 assert_output --partial 'crowdsecurity/ssh-bf' 254 assert_output --partial 'crowdsecurity/telnet-bf' 255 run -1 grep -c 'Current metrics:' <(output) 256 assert_output "0" 257 } 258 259 @test "cscli scenarios remove" { 260 rune -1 cscli scenarios remove 261 assert_stderr --partial "specify at least one scenario to remove or '--all'" 262 rune -1 cscli scenarios remove blahblah/blahblah 263 assert_stderr --partial "can't find 'blahblah/blahblah' in scenarios" 264 265 rune -0 cscli scenarios install crowdsecurity/ssh-bf --download-only 266 rune -0 cscli scenarios remove crowdsecurity/ssh-bf 267 assert_stderr --partial "removing crowdsecurity/ssh-bf: not installed -- no need to remove" 268 269 rune -0 cscli scenarios install crowdsecurity/ssh-bf 270 rune -0 cscli scenarios remove crowdsecurity/ssh-bf 271 assert_stderr --partial "Removed crowdsecurity/ssh-bf" 272 273 rune -0 cscli scenarios remove crowdsecurity/ssh-bf --purge 274 assert_stderr --partial 'Removed source file [crowdsecurity/ssh-bf]' 275 276 rune -0 cscli scenarios remove crowdsecurity/ssh-bf 277 assert_stderr --partial "removing crowdsecurity/ssh-bf: not installed -- no need to remove" 278 279 rune -0 cscli scenarios remove crowdsecurity/ssh-bf --purge --debug 280 assert_stderr --partial 'removing crowdsecurity/ssh-bf: not downloaded -- no need to remove' 281 refute_stderr --partial 'Removed source file [crowdsecurity/ssh-bf]' 282 283 # install, then remove, check files 284 rune -0 cscli scenarios install crowdsecurity/ssh-bf 285 assert_file_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 286 rune -0 cscli scenarios remove crowdsecurity/ssh-bf 287 assert_file_not_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 288 289 # delete is an alias for remove 290 rune -0 cscli scenarios install crowdsecurity/ssh-bf 291 assert_file_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 292 rune -0 cscli scenarios delete crowdsecurity/ssh-bf 293 assert_file_not_exists "$CONFIG_DIR/scenarios/ssh-bf.yaml" 294 295 # purge 296 assert_file_exists "$HUB_DIR/scenarios/crowdsecurity/ssh-bf.yaml" 297 rune -0 cscli scenarios remove crowdsecurity/ssh-bf --purge 298 assert_file_not_exists "$HUB_DIR/scenarios/crowdsecurity/ssh-bf.yaml" 299 300 rune -0 cscli scenarios install crowdsecurity/ssh-bf crowdsecurity/telnet-bf 301 302 # --all 303 rune -0 cscli scenarios list -o raw 304 rune -0 grep -vc 'name,status,version,description' <(output) 305 assert_output "2" 306 307 rune -0 cscli scenarios remove --all 308 309 rune -0 cscli scenarios list -o raw 310 rune -1 grep -vc 'name,status,version,description' <(output) 311 assert_output "0" 312 } 313 314 @test "cscli scenarios remove --force" { 315 # remove a scenario that belongs to a collection 316 rune -0 cscli collections install crowdsecurity/sshd 317 rune -0 cscli scenarios remove crowdsecurity/ssh-bf 318 assert_stderr --partial "crowdsecurity/ssh-bf belongs to collections: [crowdsecurity/sshd]" 319 assert_stderr --partial "Run 'sudo cscli scenarios remove crowdsecurity/ssh-bf --force' if you want to force remove this scenario" 320 } 321 322 @test "cscli scenarios upgrade" { 323 rune -1 cscli scenarios upgrade 324 assert_stderr --partial "specify at least one scenario to upgrade or '--all'" 325 rune -1 cscli scenarios upgrade blahblah/blahblah 326 assert_stderr --partial "can't find 'blahblah/blahblah' in scenarios" 327 rune -0 cscli scenarios remove crowdsecurity/vsftpd-bf --purge 328 rune -1 cscli scenarios upgrade crowdsecurity/vsftpd-bf 329 assert_stderr --partial "can't upgrade crowdsecurity/vsftpd-bf: not installed" 330 rune -0 cscli scenarios install crowdsecurity/vsftpd-bf --download-only 331 rune -1 cscli scenarios upgrade crowdsecurity/vsftpd-bf 332 assert_stderr --partial "can't upgrade crowdsecurity/vsftpd-bf: downloaded but not installed" 333 334 # hash of the string "v0.0" 335 sha256_0_0="dfebecf42784a31aa3d009dbcec0c657154a034b45f49cf22a895373f6dbf63d" 336 337 # add version 0.0 to all scenarios 338 new_hub=$(jq --arg DIGEST "$sha256_0_0" <"$INDEX_PATH" '.scenarios |= with_entries(.value.versions["0.0"] = {"digest": $DIGEST, "deprecated": false})') 339 echo "$new_hub" >"$INDEX_PATH" 340 341 rune -0 cscli scenarios install crowdsecurity/ssh-bf 342 343 echo "v0.0" > "$CONFIG_DIR/scenarios/ssh-bf.yaml" 344 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 345 rune -0 jq -e '.local_version=="0.0"' <(output) 346 347 # upgrade 348 rune -0 cscli scenarios upgrade crowdsecurity/ssh-bf 349 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 350 rune -0 jq -e '.local_version==.version' <(output) 351 352 # taint 353 echo "dirty" >"$CONFIG_DIR/scenarios/ssh-bf.yaml" 354 # XXX: should return error 355 rune -0 cscli scenarios upgrade crowdsecurity/ssh-bf 356 assert_stderr --partial "crowdsecurity/ssh-bf is tainted, --force to overwrite" 357 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 358 rune -0 jq -e '.local_version=="?"' <(output) 359 360 # force upgrade with taint 361 rune -0 cscli scenarios upgrade crowdsecurity/ssh-bf --force 362 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 363 rune -0 jq -e '.local_version==.version' <(output) 364 365 # multiple items 366 rune -0 cscli scenarios install crowdsecurity/telnet-bf 367 echo "v0.0" >"$CONFIG_DIR/scenarios/ssh-bf.yaml" 368 echo "v0.0" >"$CONFIG_DIR/scenarios/telnet-bf.yaml" 369 rune -0 cscli scenarios list -o json 370 rune -0 jq -e '[.scenarios[].local_version]==["0.0","0.0"]' <(output) 371 rune -0 cscli scenarios upgrade crowdsecurity/ssh-bf crowdsecurity/telnet-bf 372 rune -0 cscli scenarios list -o json 373 rune -0 jq -e 'any(.scenarios[].local_version; .=="0.0") | not' <(output) 374 375 # upgrade all 376 echo "v0.0" >"$CONFIG_DIR/scenarios/ssh-bf.yaml" 377 echo "v0.0" >"$CONFIG_DIR/scenarios/telnet-bf.yaml" 378 rune -0 cscli scenarios list -o json 379 rune -0 jq -e '[.scenarios[].local_version]==["0.0","0.0"]' <(output) 380 rune -0 cscli scenarios upgrade --all 381 rune -0 cscli scenarios list -o json 382 rune -0 jq -e 'any(.scenarios[].local_version; .=="0.0") | not' <(output) 383 }