From ee3afb6b0e2c8e1f34a8b502830ee2c7ae855d8b Mon Sep 17 00:00:00 2001 From: Maarten de Kruijf Date: Mon, 6 May 2024 15:41:47 +0200 Subject: [PATCH 01/27] Added HTTP_SKIP_CERT_VALIDATION and http implementation to http util --- .env.example | 4 +++- docker-compose.yaml | 1 + docker/soarca/docker-compose.yml | 1 + internal/controller/controller.go | 3 +++ utils/http/http.go | 15 +++++++++++++-- 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 19ac3430..58b5f0d3 100644 --- a/.env.example +++ b/.env.example @@ -16,4 +16,6 @@ LOG_FORMAT: "json" ENABLE_FINS: false MQTT_BROKER: "localhost" -MQTT_PORT: 1883 \ No newline at end of file +MQTT_PORT: 1883 + +HTTP_SKIP_CERT_VALIDATION: false \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index dd6ebcba..df1465c6 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -27,6 +27,7 @@ services: DB_PASSWORD: "rootpassword" PLAYBOOK_API_LOG_LEVEL: trace DATABASE: "false" + HTTP_SKIP_CERT_VALIDATION: false ports: - 127.0.0.1:8080:8080 depends_on: diff --git a/docker/soarca/docker-compose.yml b/docker/soarca/docker-compose.yml index e85ff61f..d5e0dc92 100644 --- a/docker/soarca/docker-compose.yml +++ b/docker/soarca/docker-compose.yml @@ -58,6 +58,7 @@ services: ENABLE_FINS: true MQTT_BROKER: "mosquitto" MQTT_PORT: 1883 + HTTP_SKIP_CERT_VALIDATION: false networks: - db-net ports: diff --git a/internal/controller/controller.go b/internal/controller/controller.go index c4563d8b..757ac379 100644 --- a/internal/controller/controller.go +++ b/internal/controller/controller.go @@ -51,7 +51,10 @@ func (controller *Controller) NewDecomposer() decomposer.IDecomposer { ssh := new(ssh.SshCapability) capabilities := map[string]capability.ICapability{ssh.GetType(): ssh} + skip, _ := strconv.ParseBool(utils.GetEnv("HTTP_SKIP_CERT_VALIDATION", "false")) + httpUtil := new(httpUtil.HttpRequest) + httpUtil.SkipCertificateValidation(skip) http := http.New(httpUtil) capabilities[http.GetType()] = http diff --git a/utils/http/http.go b/utils/http/http.go index aead1c08..60caeada 100644 --- a/utils/http/http.go +++ b/utils/http/http.go @@ -2,6 +2,7 @@ package http import ( "bytes" + "crypto/tls" "encoding/base64" "errors" "fmt" @@ -35,7 +36,9 @@ type IHttpRequest interface { Request(httpOptions HttpOptions) ([]byte, error) } -type HttpRequest struct{} +type HttpRequest struct { + skipCertificateValidation bool +} // https://gist.githubusercontent.com/ahmetozer/ffa4cd0b319aff32ea9ed0068c8b81cf/raw/fc8742e6e087451e954bf0da214794a620356a4d/IPv4-IPv6-domain-regex.go const ( @@ -44,6 +47,10 @@ const ( domainRegex = `^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$` ) +func (httpRequest *HttpRequest) SkipCertificateValidation(skip bool) { + httpRequest.skipCertificateValidation = skip +} + func (httpRequest *HttpRequest) Request(httpOptions HttpOptions) ([]byte, error) { log = logger.Logger(component, logger.Info, "", logger.Json) request, err := httpOptions.setupRequest() @@ -51,7 +58,11 @@ func (httpRequest *HttpRequest) Request(httpOptions HttpOptions) ([]byte, error) return []byte{}, err } - client := &http.Client{} + transport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: httpRequest.skipCertificateValidation}, + } + + client := &http.Client{Transport: transport} log.Trace(request) response, err := client.Do(request) if err != nil { From c3de6f32725c2a918dab28f5ae3bb5554f84779b Mon Sep 17 00:00:00 2001 From: Maarten de Kruijf Date: Mon, 6 May 2024 16:58:31 +0200 Subject: [PATCH 02/27] Added logging to http for request response --- utils/http/http.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/http/http.go b/utils/http/http.go index 60caeada..d2a51a5b 100644 --- a/utils/http/http.go +++ b/utils/http/http.go @@ -123,6 +123,8 @@ func (httpRequest *HttpOptions) handleResponse(response *http.Response) ([]byte, return []byte{}, err } sc := response.StatusCode + log.Trace(fmt.Sprint(sc)) + log.Trace(string(responseBytes)) if sc < 200 || sc > 299 { return []byte{}, errors.New(string(responseBytes)) } From e5def20e8b792171c409a517803f8f231e628fda Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 11:52:55 +0200 Subject: [PATCH 03/27] added insecure testing to http test + a docker compose file for setting a insecure endpoint --- .github/workflows/ci.yml | 1 + .../testing/httpbin-test/docker-compose.yml | 14 +++++++++ test/unittest/utils/http/http_test.go | 30 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 docker/testing/httpbin-test/docker-compose.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e80eba4..fbeba4c7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,5 +63,6 @@ jobs: useradd sshtest echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd service ssh start + docker compose -f docker/testing/httpbin-test/docker-compose.yml up -d make ci-test diff --git a/docker/testing/httpbin-test/docker-compose.yml b/docker/testing/httpbin-test/docker-compose.yml new file mode 100644 index 00000000..d326f67e --- /dev/null +++ b/docker/testing/httpbin-test/docker-compose.yml @@ -0,0 +1,14 @@ +version: '2' + +services: + httpbin: + image: kennethreitz/httpbin + proxy: + image: fsouza/docker-ssl-proxy + environment: + DOMAIN: localhost + TARGET_HOST: httpbin + links: + - httpbin + ports: + - 443:443 \ No newline at end of file diff --git a/test/unittest/utils/http/http_test.go b/test/unittest/utils/http/http_test.go index 68ac2a6c..f3878cf8 100644 --- a/test/unittest/utils/http/http_test.go +++ b/test/unittest/utils/http/http_test.go @@ -34,6 +34,36 @@ type httpBinResponseBody struct { } // Test general http options, we do not check responses body, as these are variable for the general connection tests + +func TestInsecureHTTPConnection(t *testing.T) { + httpRequest := http.HttpRequest{} + + target := cacao.AgentTarget{ + Address: map[cacao.NetAddressType][]string{ + "url": {"https://localhost/get"}, + }, + } + command := cacao.Command{ + Type: "http-api", + Command: "GET / HTTP/1.1", + Headers: map[string][]string{"accept": {"application/json"}}, + } + httpOptions := http.HttpOptions{ + Command: &command, + Target: &target, + } + httpRequest.SkipCertificateValidation(true) + response, err := httpRequest.Request(httpOptions) + t.Log(string(response)) + if err != nil { + t.Error("http get request test has failed: ", err) + } + if len(response) == 0 { + t.Error("empty response") + } + t.Log(string(response)) +} + func TestHttpGetConnection(t *testing.T) { httpRequest := http.HttpRequest{} From 8e25c8abcb741d82ff0ab1ba46f8de4fd26dfd08 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 11:56:52 +0200 Subject: [PATCH 04/27] added a docker installer to ci --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fbeba4c7..15338f5b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,8 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - uses: docker-practice/actions-setup-docker@master + timeout-minutes: 12 - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo @@ -65,4 +67,3 @@ jobs: service ssh start docker compose -f docker/testing/httpbin-test/docker-compose.yml up -d make ci-test - From f2c8f463db1643c806f1ca9b1dcff5c83d2f751f Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 11:59:02 +0200 Subject: [PATCH 05/27] ci change for different github action --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15338f5b..7e95d508 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,7 +53,6 @@ jobs: with: fetch-depth: 0 - uses: docker-practice/actions-setup-docker@master - timeout-minutes: 12 - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo From bc7a11e24e09d2a4b609d77e3b20f0ea3d9b612d Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:03:32 +0200 Subject: [PATCH 06/27] change usage of docker action to different step --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7e95d508..26f619eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,12 +52,12 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: docker-practice/actions-setup-docker@master - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - name: Run tests + uses: docker-practice/actions-setup-docker@master run: | apt update apt install openssh-server -y From 3e8a8727a686e6b2576a0f6718b93201921ef04c Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:05:02 +0200 Subject: [PATCH 07/27] move of step in ci --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 26f619eb..dad4911f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,10 +54,11 @@ jobs: fetch-depth: 0 - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA + - name: Get docker binary + uses: docker-practice/actions-setup-docker@master - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - name: Run tests - uses: docker-practice/actions-setup-docker@master run: | apt update apt install openssh-server -y From 6eabc90d2cfb33e49e7d7a523bb4260f366abbe2 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:08:31 +0200 Subject: [PATCH 08/27] timeout added to ci --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dad4911f..fe414af9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,6 +56,7 @@ jobs: run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Get docker binary uses: docker-practice/actions-setup-docker@master + timeout-minutes: 12 - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - name: Run tests From bdd4eba505784a4be46b570aad6cca07a923cf0e Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:11:21 +0200 Subject: [PATCH 09/27] change in docker binary --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe414af9..c6c6afb1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,8 +55,7 @@ jobs: - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Get docker binary - uses: docker-practice/actions-setup-docker@master - timeout-minutes: 12 + uses: docker/setup-qemu-action@v3 - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - name: Run tests From 3903643a9cd2f8b8420780dcbe97b92a603fb545 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:14:45 +0200 Subject: [PATCH 10/27] ci debug added docker version to see if it lives in container --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6c6afb1..4056ef03 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,14 +54,14 @@ jobs: fetch-depth: 0 - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - - name: Get docker binary - uses: docker/setup-qemu-action@v3 - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - name: Run tests run: | + set -x apt update apt install openssh-server -y + docker version useradd sshtest echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd service ssh start From 48948cc8ef4aa0cccdb0900bf1581fbe6fbab794 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:17:55 +0200 Subject: [PATCH 11/27] setup docker --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4056ef03..94b6408d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,6 +56,11 @@ jobs: run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Run tests run: | set -x From 5cb97232dc736df6510ead8f759b3ae9070d9013 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:24:42 +0200 Subject: [PATCH 12/27] different action ci docker setup --- .github/workflows/ci.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94b6408d..2eab7e68 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,12 +55,10 @@ jobs: - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo - run: go install github.com/swaggo/swag/cmd/swag@latest - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + run: go install github.com/swaggo/swag/cmd/swag@latest + - name: Install docker + uses: docker-practice/actions-setup-docker@master + timeout-minutes: 12 - name: Run tests run: | set -x From 4c98bfd89ba903f1c4959259a14c22e07adfd3ac Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:31:23 +0200 Subject: [PATCH 13/27] ci ohter command --- .github/workflows/ci.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2eab7e68..04a64c58 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,17 +56,15 @@ jobs: run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest - - name: Install docker - uses: docker-practice/actions-setup-docker@master timeout-minutes: 12 + - name: Start dokcer httpbin containers + run: docker compose -f "docker/testing/httpbin-test/docker-compose.yml" up -d - name: Run tests run: | set -x apt update apt install openssh-server -y - docker version useradd sshtest echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd service ssh start - docker compose -f docker/testing/httpbin-test/docker-compose.yml up -d make ci-test From 202fbdabf1a1e48756be49702932aef934a97aa5 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:36:06 +0200 Subject: [PATCH 14/27] removed go container and install go directly in ubuntu container --- .github/workflows/ci.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04a64c58..5fc1bb9f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,24 +45,23 @@ jobs: test: name: Run ci-tests runs-on: ubuntu-latest - container: - image: golang:latest steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 + - name: setup Go + - uses: actions/setup-go@v5 + with: + go-version: '1.22.2' # - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest timeout-minutes: 12 - - name: Start dokcer httpbin containers - run: docker compose -f "docker/testing/httpbin-test/docker-compose.yml" up -d - name: Run tests run: | - set -x - apt update + sudo apt update apt install openssh-server -y useradd sshtest echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd From 1a062fd521fe667704afdf8466dd447bf0a34660 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:37:27 +0200 Subject: [PATCH 15/27] added go run version --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5fc1bb9f..6f5ce8c1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,6 +54,7 @@ jobs: - uses: actions/setup-go@v5 with: go-version: '1.22.2' # + run: go version - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo From fd64b9a7d9b4fe41640b53fa021464d8d9a0bc9c Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:38:08 +0200 Subject: [PATCH 16/27] typo on setup action for go --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6f5ce8c1..e36c7038 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,7 +51,7 @@ jobs: with: fetch-depth: 0 - name: setup Go - - uses: actions/setup-go@v5 + uses: actions/setup-go@v5 with: go-version: '1.22.2' # run: go version From 7947e2bfd40c32dfc6816d40c447eb4e975e40f4 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:39:33 +0200 Subject: [PATCH 17/27] removed redundant run --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e36c7038..bf42f62d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,7 +54,6 @@ jobs: uses: actions/setup-go@v5 with: go-version: '1.22.2' # - run: go version - name: Make repo safe run: git config --global --add safe.directory /__w/SOARCA/SOARCA - name: Install swaggo From c3bfb45429b446be7487d7f9c7f084eb1cbf4c26 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:42:20 +0200 Subject: [PATCH 18/27] added sudo and seperate step for docker container spin up --- .github/workflows/ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf42f62d..21777632 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,11 +59,14 @@ jobs: - name: Install swaggo run: go install github.com/swaggo/swag/cmd/swag@latest timeout-minutes: 12 + - name: Start docker containers for test + run: docker-compose -f "docker-compose.yml" up -d --build - name: Run tests run: | sudo apt update - apt install openssh-server -y - useradd sshtest - echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd - service ssh start + sudo apt install openssh-server -y + sudo useradd sshtest + sudo echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd + sudo service ssh start make ci-test + From ac5ba819d0bf74f2d7256875a3153ec5ac084f19 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:43:28 +0200 Subject: [PATCH 19/27] fix in docker compose path --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 21777632..b7fa9863 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,7 +60,7 @@ jobs: run: go install github.com/swaggo/swag/cmd/swag@latest timeout-minutes: 12 - name: Start docker containers for test - run: docker-compose -f "docker-compose.yml" up -d --build + run: docker-compose -f "docker/testing/httpbin-test/docker-compose.yml" up -d --build - name: Run tests run: | sudo apt update From 1f08648f6404118d1c17c55e73b4d9a0d14c23de Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:45:21 +0200 Subject: [PATCH 20/27] fix in password chnage --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7fa9863..984e934e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,7 +66,7 @@ jobs: sudo apt update sudo apt install openssh-server -y sudo useradd sshtest - sudo echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | chpasswd + echo "sshtest:pdKY77qNxpI5MAizirtjCVOcm0KFKIs" | sudo chpasswd sudo service ssh start make ci-test From d064c42b976ceabccb25e82946b7fd00303db2b0 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 12:53:15 +0200 Subject: [PATCH 21/27] =?UTF-8?q?=C3=A4dded=20test=20for=20insecure=20conn?= =?UTF-8?q?ection=20that=20should=20fail?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test/unittest/utils/http/http_test.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/test/unittest/utils/http/http_test.go b/test/unittest/utils/http/http_test.go index f3878cf8..ed55777c 100644 --- a/test/unittest/utils/http/http_test.go +++ b/test/unittest/utils/http/http_test.go @@ -64,6 +64,31 @@ func TestInsecureHTTPConnection(t *testing.T) { t.Log(string(response)) } +func TestInsecureHTTPConnectionWithFailure(t *testing.T) { + httpRequest := http.HttpRequest{} + + target := cacao.AgentTarget{ + Address: map[cacao.NetAddressType][]string{ + "url": {"https://localhost/get"}, + }, + } + command := cacao.Command{ + Type: "http-api", + Command: "GET / HTTP/1.1", + Headers: map[string][]string{"accept": {"application/json"}}, + } + httpOptions := http.HttpOptions{ + Command: &command, + Target: &target, + } + + response, err := httpRequest.Request(httpOptions) + t.Log(string(response)) + if err == nil { + t.Error("test should have failed as insecure is not allowed") + } +} + func TestHttpGetConnection(t *testing.T) { httpRequest := http.HttpRequest{} From 3ec3a7bb3a7583109530177cb31681fb478d6f77 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 13:52:53 +0200 Subject: [PATCH 22/27] added assertions --- test/unittest/utils/http/http_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/unittest/utils/http/http_test.go b/test/unittest/utils/http/http_test.go index ed55777c..61657279 100644 --- a/test/unittest/utils/http/http_test.go +++ b/test/unittest/utils/http/http_test.go @@ -62,6 +62,7 @@ func TestInsecureHTTPConnection(t *testing.T) { t.Error("empty response") } t.Log(string(response)) + assert.Equal(t, err, nil) } func TestInsecureHTTPConnectionWithFailure(t *testing.T) { @@ -87,6 +88,7 @@ func TestInsecureHTTPConnectionWithFailure(t *testing.T) { if err == nil { t.Error("test should have failed as insecure is not allowed") } + assert.NotEqual(t, err, nil) } func TestHttpGetConnection(t *testing.T) { From dd43add1463b576bfa5c6178e06605c8eb989621 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 13:55:20 +0200 Subject: [PATCH 23/27] moved insecure tests to integration --- .../capability/http/http_integration_test.go | 84 ++++++++++++++++--- test/unittest/utils/http/http_test.go | 56 ------------- 2 files changed, 72 insertions(+), 68 deletions(-) diff --git a/test/integration/capability/http/http_integration_test.go b/test/integration/capability/http/http_integration_test.go index 5125649e..c83ce95e 100644 --- a/test/integration/capability/http/http_integration_test.go +++ b/test/integration/capability/http/http_integration_test.go @@ -2,12 +2,16 @@ package http_integrations_test import ( "fmt" + "testing" + "soarca/internal/capability/http" "soarca/models/cacao" "soarca/models/execution" httpUtil "soarca/utils/http" - "testing" + http "soarca/utils/http" + + "github.com/go-playground/assert" "github.com/google/uuid" ) @@ -26,15 +30,15 @@ func TestHttpConnection(t *testing.T) { Headers: map[string][]string{"accept": {"application/json"}}, } - var variable1 = cacao.Variable{ + variable1 := cacao.Variable{ Type: "string", Name: "test_auth", Value: "", } - var executionId, _ = uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") - var playbookId, _ = uuid.Parse("playbook--d09351a2-a075-40c8-8054-0b7c423db83f") - var stepId, _ = uuid.Parse("action--81eff59f-d084-4324-9e0a-59e353dbd28f") + executionId, _ := uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") + playbookId, _ := uuid.Parse("playbook--d09351a2-a075-40c8-8054-0b7c423db83f") + stepId, _ := uuid.Parse("action--81eff59f-d084-4324-9e0a-59e353dbd28f") metadata := execution.Metadata{ExecutionId: executionId, PlaybookId: playbookId.String(), StepId: stepId.String()} // But what to do if there is no target and no AuthInfo? @@ -74,9 +78,9 @@ func TestHttpOAuth2(t *testing.T) { Headers: map[string][]string{"accept": {"application/json"}}, } - var executionId, _ = uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") - var playbookId, _ = uuid.Parse("d09351a2-a075-40c8-8054-0b7c423db83f") - var stepId, _ = uuid.Parse("81eff59f-d084-4324-9e0a-59e353dbd28f") + executionId, _ := uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") + playbookId, _ := uuid.Parse("d09351a2-a075-40c8-8054-0b7c423db83f") + stepId, _ := uuid.Parse("81eff59f-d084-4324-9e0a-59e353dbd28f") metadata := execution.Metadata{ExecutionId: executionId, PlaybookId: playbookId.String(), StepId: stepId.String()} results, err := httpCapability.Execute( metadata, @@ -100,7 +104,7 @@ func TestHttpBasicAuth(t *testing.T) { target := cacao.AgentTarget{ Address: map[cacao.NetAddressType][]string{ - "url": []string{url}, + "url": {url}, }, AuthInfoIdentifier: "d0c7e6a0-f7fe-464e-9935-e6b3443f5b91", } @@ -117,9 +121,9 @@ func TestHttpBasicAuth(t *testing.T) { Command: "GET / HTTP/1.1", Headers: map[string][]string{"accept": {"application/json"}}, } - var executionId, _ = uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") - var playbookId, _ = uuid.Parse("d09351a2-a075-40c8-8054-0b7c423db83f") - var stepId, _ = uuid.Parse("81eff59f-d084-4324-9e0a-59e353dbd28f") + executionId, _ := uuid.Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8") + playbookId, _ := uuid.Parse("d09351a2-a075-40c8-8054-0b7c423db83f") + stepId, _ := uuid.Parse("81eff59f-d084-4324-9e0a-59e353dbd28f") metadata := execution.Metadata{ExecutionId: executionId, PlaybookId: playbookId.String(), StepId: stepId.String()} results, err := httpCapability.Execute( metadata, @@ -133,3 +137,59 @@ func TestHttpBasicAuth(t *testing.T) { } fmt.Println(results) } + +func TestInsecureHTTPConnection(t *testing.T) { + httpRequest := http.HttpRequest{} + + target := cacao.AgentTarget{ + Address: map[cacao.NetAddressType][]string{ + "url": {"https://localhost/get"}, + }, + } + command := cacao.Command{ + Type: "http-api", + Command: "GET / HTTP/1.1", + Headers: map[string][]string{"accept": {"application/json"}}, + } + httpOptions := http.HttpOptions{ + Command: &command, + Target: &target, + } + httpRequest.SkipCertificateValidation(true) + response, err := httpRequest.Request(httpOptions) + t.Log(string(response)) + if err != nil { + t.Error("http get request test has failed: ", err) + } + if len(response) == 0 { + t.Error("empty response") + } + t.Log(string(response)) + assert.Equal(t, err, nil) +} + +func TestInsecureHTTPConnectionWithFailure(t *testing.T) { + httpRequest := http.HttpRequest{} + + target := cacao.AgentTarget{ + Address: map[cacao.NetAddressType][]string{ + "url": {"https://localhost/get"}, + }, + } + command := cacao.Command{ + Type: "http-api", + Command: "GET / HTTP/1.1", + Headers: map[string][]string{"accept": {"application/json"}}, + } + httpOptions := http.HttpOptions{ + Command: &command, + Target: &target, + } + + response, err := httpRequest.Request(httpOptions) + t.Log(string(response)) + if err == nil { + t.Error("test should have failed as insecure is not allowed") + } + assert.NotEqual(t, err, nil) +} diff --git a/test/unittest/utils/http/http_test.go b/test/unittest/utils/http/http_test.go index 61657279..59002843 100644 --- a/test/unittest/utils/http/http_test.go +++ b/test/unittest/utils/http/http_test.go @@ -35,62 +35,6 @@ type httpBinResponseBody struct { // Test general http options, we do not check responses body, as these are variable for the general connection tests -func TestInsecureHTTPConnection(t *testing.T) { - httpRequest := http.HttpRequest{} - - target := cacao.AgentTarget{ - Address: map[cacao.NetAddressType][]string{ - "url": {"https://localhost/get"}, - }, - } - command := cacao.Command{ - Type: "http-api", - Command: "GET / HTTP/1.1", - Headers: map[string][]string{"accept": {"application/json"}}, - } - httpOptions := http.HttpOptions{ - Command: &command, - Target: &target, - } - httpRequest.SkipCertificateValidation(true) - response, err := httpRequest.Request(httpOptions) - t.Log(string(response)) - if err != nil { - t.Error("http get request test has failed: ", err) - } - if len(response) == 0 { - t.Error("empty response") - } - t.Log(string(response)) - assert.Equal(t, err, nil) -} - -func TestInsecureHTTPConnectionWithFailure(t *testing.T) { - httpRequest := http.HttpRequest{} - - target := cacao.AgentTarget{ - Address: map[cacao.NetAddressType][]string{ - "url": {"https://localhost/get"}, - }, - } - command := cacao.Command{ - Type: "http-api", - Command: "GET / HTTP/1.1", - Headers: map[string][]string{"accept": {"application/json"}}, - } - httpOptions := http.HttpOptions{ - Command: &command, - Target: &target, - } - - response, err := httpRequest.Request(httpOptions) - t.Log(string(response)) - if err == nil { - t.Error("test should have failed as insecure is not allowed") - } - assert.NotEqual(t, err, nil) -} - func TestHttpGetConnection(t *testing.T) { httpRequest := http.HttpRequest{} From bcd50c8db8f8d7c1678b1b864b1d95174a6cdab7 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 14:00:47 +0200 Subject: [PATCH 24/27] fixed import issues http utils for integration test file --- .../capability/http/http_integration_test.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/test/integration/capability/http/http_integration_test.go b/test/integration/capability/http/http_integration_test.go index c83ce95e..4ce01b4e 100644 --- a/test/integration/capability/http/http_integration_test.go +++ b/test/integration/capability/http/http_integration_test.go @@ -9,8 +9,6 @@ import ( "soarca/models/execution" httpUtil "soarca/utils/http" - http "soarca/utils/http" - "github.com/go-playground/assert" "github.com/google/uuid" ) @@ -139,7 +137,7 @@ func TestHttpBasicAuth(t *testing.T) { } func TestInsecureHTTPConnection(t *testing.T) { - httpRequest := http.HttpRequest{} + httpRequest := httpUtil.HttpRequest{} target := cacao.AgentTarget{ Address: map[cacao.NetAddressType][]string{ @@ -151,7 +149,7 @@ func TestInsecureHTTPConnection(t *testing.T) { Command: "GET / HTTP/1.1", Headers: map[string][]string{"accept": {"application/json"}}, } - httpOptions := http.HttpOptions{ + httpOptions := httpUtil.HttpOptions{ Command: &command, Target: &target, } @@ -169,7 +167,7 @@ func TestInsecureHTTPConnection(t *testing.T) { } func TestInsecureHTTPConnectionWithFailure(t *testing.T) { - httpRequest := http.HttpRequest{} + httpRequest := httpUtil.HttpRequest{} target := cacao.AgentTarget{ Address: map[cacao.NetAddressType][]string{ @@ -181,7 +179,7 @@ func TestInsecureHTTPConnectionWithFailure(t *testing.T) { Command: "GET / HTTP/1.1", Headers: map[string][]string{"accept": {"application/json"}}, } - httpOptions := http.HttpOptions{ + httpOptions := httpUtil.HttpOptions{ Command: &command, Target: &target, } From 1d6261878ec8d43ff43716ea8f79e70fa637fa34 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 14:01:28 +0200 Subject: [PATCH 25/27] fixed import of assertion package --- test/integration/capability/http/http_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/capability/http/http_integration_test.go b/test/integration/capability/http/http_integration_test.go index 4ce01b4e..d2635f9b 100644 --- a/test/integration/capability/http/http_integration_test.go +++ b/test/integration/capability/http/http_integration_test.go @@ -9,7 +9,7 @@ import ( "soarca/models/execution" httpUtil "soarca/utils/http" - "github.com/go-playground/assert" + "github.com/go-playground/assert/v2" "github.com/google/uuid" ) From 991e60fb1722e23432731377414af6950ec22b68 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 14:04:37 +0200 Subject: [PATCH 26/27] removal of redundant error checks --- test/integration/capability/http/http_integration_test.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/integration/capability/http/http_integration_test.go b/test/integration/capability/http/http_integration_test.go index d2635f9b..651ab820 100644 --- a/test/integration/capability/http/http_integration_test.go +++ b/test/integration/capability/http/http_integration_test.go @@ -156,9 +156,6 @@ func TestInsecureHTTPConnection(t *testing.T) { httpRequest.SkipCertificateValidation(true) response, err := httpRequest.Request(httpOptions) t.Log(string(response)) - if err != nil { - t.Error("http get request test has failed: ", err) - } if len(response) == 0 { t.Error("empty response") } @@ -186,8 +183,5 @@ func TestInsecureHTTPConnectionWithFailure(t *testing.T) { response, err := httpRequest.Request(httpOptions) t.Log(string(response)) - if err == nil { - t.Error("test should have failed as insecure is not allowed") - } assert.NotEqual(t, err, nil) } From b0bc78a71e7e48e1fe0aad11cc31fe466d813428 Mon Sep 17 00:00:00 2001 From: jp Date: Wed, 8 May 2024 14:05:13 +0200 Subject: [PATCH 27/27] moved assertion higher op in tests --- test/integration/capability/http/http_integration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/capability/http/http_integration_test.go b/test/integration/capability/http/http_integration_test.go index 651ab820..59312508 100644 --- a/test/integration/capability/http/http_integration_test.go +++ b/test/integration/capability/http/http_integration_test.go @@ -155,12 +155,12 @@ func TestInsecureHTTPConnection(t *testing.T) { } httpRequest.SkipCertificateValidation(true) response, err := httpRequest.Request(httpOptions) + assert.Equal(t, err, nil) t.Log(string(response)) if len(response) == 0 { t.Error("empty response") } t.Log(string(response)) - assert.Equal(t, err, nil) } func TestInsecureHTTPConnectionWithFailure(t *testing.T) { @@ -182,6 +182,6 @@ func TestInsecureHTTPConnectionWithFailure(t *testing.T) { } response, err := httpRequest.Request(httpOptions) - t.Log(string(response)) assert.NotEqual(t, err, nil) + t.Log(string(response)) }