From 1be06ad4541ee8beb73d7c08af4c300ddfaa92ff Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 16 Oct 2024 17:32:46 +0200 Subject: [PATCH 01/17] [Test]Simulation inject execution --- .../openbas/utils/fixtures/InjectFixture.java | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java index 42d700b1a1..c73b3eb52f 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java @@ -7,14 +7,21 @@ public class InjectFixture { - public static final String INJECT_EMAIL_NAME = "Test email inject"; + public static final String INJECT_EMAIL_NAME = "Test email inject"; - public static Inject getInjectForEmailContract(InjectorContract injectorContract) { - Inject inject = new Inject(); - inject.setTitle(INJECT_EMAIL_NAME); - inject.setInjectorContract(injectorContract); - inject.setEnabled(true); - inject.setDependsDuration(0L); - return inject; - } + /* + public static final String OVH_DEFAULT = "e9e902bc-b03d-4223-89e1-fca093ac79dd"; + public static final String MASTODON_DEFAULT = "aeab9ed6-ae98-4b48-b8cc-2e91ac54f2f9"; + openbas_implant: 49229430-b5b5-431f-ba5b-f36f599b0144 + caldera: 7736918d-6a3f-46c7-b303-cbf5dc476c84 + */ + + public static Inject getInjectForEmailContract(InjectorContract injectorContract) { + Inject inject = new Inject(); + inject.setTitle(INJECT_EMAIL_NAME); + inject.setInjectorContract(injectorContract); + inject.setEnabled(true); + inject.setDependsDuration(0L); + return inject; + } } From d77f609c3fbeb8204150fd843c84a5c9adc68b95 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Thu, 17 Oct 2024 15:24:15 +0200 Subject: [PATCH 02/17] [backend]Add inject execution test --- .../java/io/openbas/rest/InjectApiTest.java | 54 +++++++++++++++++++ .../openbas/utils/fixtures/InjectFixture.java | 10 ++++ 2 files changed, 64 insertions(+) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 96da970f1b..2c0ea65b47 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -5,7 +5,12 @@ import io.openbas.database.model.InjectorContract; import io.openbas.database.model.*; import io.openbas.database.repository.*; +import io.openbas.execution.ExecutableInject; +import io.openbas.execution.ExecutionContext; +import io.openbas.execution.ExecutionContextService; +import io.openbas.execution.Executor; import io.openbas.rest.exercise.service.ExerciseService; +import io.openbas.rest.inject.form.DirectInjectInput; import io.openbas.rest.inject.form.InjectInput; import io.openbas.service.ScenarioService; import io.openbas.utils.fixtures.InjectExpectationFixture; @@ -17,16 +22,21 @@ import org.springframework.test.web.servlet.MockMvc; import java.time.Instant; +import java.util.Collections; import java.util.List; +import static io.openbas.config.SessionHelper.currentUser; import static io.openbas.database.model.ExerciseStatus.RUNNING; import static io.openbas.injectors.email.EmailContract.EMAIL_DEFAULT; import static io.openbas.rest.exercise.ExerciseApi.EXERCISE_URI; import static io.openbas.rest.inject.InjectApi.INJECT_URI; import static io.openbas.rest.scenario.ScenarioApi.SCENARIO_URI; import static io.openbas.utils.JsonUtils.asJsonString; +import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; +import static io.openbas.utils.fixtures.UserFixture.getSavedUser; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; +import static org.mockito.Mockito.verify; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -50,6 +60,10 @@ class InjectApiTest extends IntegrationTest { @Autowired private ExerciseRepository exerciseRepository; @Autowired + private ExecutionContextService executionContextService; + @Autowired + private Executor executor; + @Autowired private ScenarioRepository scenarioRepository; @Autowired private InjectRepository injectRepository; @@ -63,6 +77,8 @@ class InjectApiTest extends IntegrationTest { private TeamRepository teamRepository; @Autowired private InjectorContractRepository injectorContractRepository; + @Autowired + private UserRepository userRepository; @BeforeAll void beforeAll() { @@ -327,6 +343,44 @@ void updateInjectForSimulationTest() throws Exception { assertEquals(injectTitle, JsonPath.read(response, "$.inject_title")); } + @DisplayName("Execute an email inject for exercise") + @Test + @Order(11) + @WithMockPlannerUser + void executeEmailInjectForExerciseTest() throws Exception { + // -- PREPARE -- + InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); + Inject inject = getInjectForEmailContract(injectorContract); + inject.setUser(userRepository.findById(currentUser().getId()).orElseThrow()); + inject.setExercise(EXERCISE); + Inject savedInject = this.injectRepository.save(inject); + List userInjectContexts = Collections.singletonList( + executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); + ExecutableInject injection = new ExecutableInject( + true, true, savedInject, List.of(), savedInject.getAssets(), + savedInject.getAssetGroups(), userInjectContexts + ); + + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(savedInject.getTitle()); + input.setDescription(savedInject.getDescription()); + input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(savedInject.getId())); + + // -- EXECUTE -- + mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + .content(asJsonString(input)) + .contentType(MediaType.APPLICATION_JSON) + .accept(MediaType.APPLICATION_JSON)) + .andExpect(status().is2xxSuccessful()); + + // -- ASSERT -- + verify(executor).execute(injection); + + //-- THEN --- + injectRepository.delete(savedInject); + } + // -- BULK DELETE -- @DisplayName("Delete list of inject for exercise") diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java index c73b3eb52f..2f77ad1691 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java @@ -8,6 +8,7 @@ public class InjectFixture { public static final String INJECT_EMAIL_NAME = "Test email inject"; + public static final String INJECT_SMS_NAME = "Test sms inject"; /* public static final String OVH_DEFAULT = "e9e902bc-b03d-4223-89e1-fca093ac79dd"; @@ -24,4 +25,13 @@ public static Inject getInjectForEmailContract(InjectorContract injectorContract inject.setDependsDuration(0L); return inject; } + + public static Inject getInjectForSmsContract(InjectorContract injectorContract) { + Inject inject = new Inject(); + inject.setTitle(INJECT_SMS_NAME); + inject.setInjectorContract(injectorContract); + inject.setEnabled(true); + inject.setDependsDuration(0L); + return inject; + } } From 3844dee1f4cf34235ee26da062e0adcf6891768a Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Fri, 18 Oct 2024 12:41:00 +0200 Subject: [PATCH 03/17] execution test with content --- .../java/io/openbas/rest/InjectApiTest.java | 44 ++++++++++++++++--- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 2c0ea65b47..b3dd7b833d 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -1,5 +1,8 @@ package io.openbas.rest; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.jayway.jsonpath.JsonPath; import io.openbas.IntegrationTest; import io.openbas.database.model.InjectorContract; @@ -16,11 +19,20 @@ import io.openbas.utils.fixtures.InjectExpectationFixture; import io.openbas.utils.mockUser.WithMockObserverUser; import io.openbas.utils.mockUser.WithMockPlannerUser; +import jakarta.annotation.Resource; +import jakarta.annotation.Resources; import org.junit.jupiter.api.*; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; +import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.util.ResourceUtils; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; import java.time.Instant; import java.util.Collections; import java.util.List; @@ -61,7 +73,7 @@ class InjectApiTest extends IntegrationTest { private ExerciseRepository exerciseRepository; @Autowired private ExecutionContextService executionContextService; - @Autowired + @SpyBean private Executor executor; @Autowired private ScenarioRepository scenarioRepository; @@ -79,6 +91,8 @@ class InjectApiTest extends IntegrationTest { private InjectorContractRepository injectorContractRepository; @Autowired private UserRepository userRepository; + @Resource + private ObjectMapper objectMapper; @BeforeAll void beforeAll() { @@ -345,7 +359,6 @@ void updateInjectForSimulationTest() throws Exception { @DisplayName("Execute an email inject for exercise") @Test - @Order(11) @WithMockPlannerUser void executeEmailInjectForExerciseTest() throws Exception { // -- PREPARE -- @@ -353,6 +366,11 @@ void executeEmailInjectForExerciseTest() throws Exception { Inject inject = getInjectForEmailContract(injectorContract); inject.setUser(userRepository.findById(currentUser().getId()).orElseThrow()); inject.setExercise(EXERCISE); + ObjectNode content = objectMapper.createObjectNode(); + content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); + content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); + inject.setContent(content); Inject savedInject = this.injectRepository.save(inject); List userInjectContexts = Collections.singletonList( executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); @@ -366,14 +384,26 @@ void executeEmailInjectForExerciseTest() throws Exception { input.setDescription(savedInject.getDescription()); input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); input.setUserIds(List.of(savedInject.getId())); + input.setContent(savedInject.getContent()); + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", + objectMapper.writeValueAsString(input).getBytes()); + + // Getting a test file + File testFile = ResourceUtils.getFile("classpath:xls-test-files/test_file_1.xlsx"); + InputStream in = new FileInputStream(testFile); + MockMultipartFile fileJson = new MockMultipartFile("file", + "my-awesome-file.xls", + "application/xlsx", + in.readAllBytes()); // -- EXECUTE -- mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") - .content(asJsonString(input)) - .contentType(MediaType.APPLICATION_JSON) - .accept(MediaType.APPLICATION_JSON)) - .andExpect(status().is2xxSuccessful()); - + .file(inputJson) + .file(fileJson)) + .andExpect(status().is2xxSuccessful()) + /*.andReturn() + .getResponse() + .getContentAsString()*/; // -- ASSERT -- verify(executor).execute(injection); From fe32a1561a5470c0b9cbda7b085129f64b1f617f Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Fri, 18 Oct 2024 15:28:11 +0200 Subject: [PATCH 04/17] test --- openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index b3dd7b833d..596c150f96 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -368,7 +368,7 @@ void executeEmailInjectForExerciseTest() throws Exception { inject.setExercise(EXERCISE); ObjectNode content = objectMapper.createObjectNode(); content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); - content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body g", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); inject.setContent(content); Inject savedInject = this.injectRepository.save(inject); From de33e3fbd8819710b28a43e9ee0fea029985feb8 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Mon, 21 Oct 2024 09:16:31 +0200 Subject: [PATCH 05/17] test --- .../java/io/openbas/rest/InjectApiTest.java | 17 +++-- .../utils/fixtures/ExerciseFixture.java | 74 ++++++++++--------- 2 files changed, 53 insertions(+), 38 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 596c150f96..55655323b3 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -22,6 +22,7 @@ import jakarta.annotation.Resource; import jakarta.annotation.Resources; import org.junit.jupiter.api.*; +import org.mockito.ArgumentCaptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; @@ -368,7 +369,7 @@ void executeEmailInjectForExerciseTest() throws Exception { inject.setExercise(EXERCISE); ObjectNode content = objectMapper.createObjectNode(); content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); - content.set("body", objectMapper.convertValue("Test body g", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); inject.setContent(content); Inject savedInject = this.injectRepository.save(inject); @@ -397,15 +398,21 @@ void executeEmailInjectForExerciseTest() throws Exception { in.readAllBytes()); // -- EXECUTE -- - mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + String response = mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") .file(inputJson) .file(fileJson)) .andExpect(status().is2xxSuccessful()) - /*.andReturn() + .andReturn() .getResponse() - .getContentAsString()*/; + .getContentAsString(); // -- ASSERT -- - verify(executor).execute(injection); + assertNotNull(response); + assertEquals("ERROR", JsonPath.read(response, "$.status_name")); + ArgumentCaptor executableInjectCaptor = ArgumentCaptor.forClass(ExecutableInject.class); + verify(executor).execute(executableInjectCaptor.capture()); + + ExecutableInject capturedInjection = executableInjectCaptor.getValue(); + assertEquals(injection.getExercise(), capturedInjection.getExercise()); //-- THEN --- injectRepository.delete(savedInject); diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java index 309d0ddfc8..651d4bb2e7 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java @@ -9,41 +9,49 @@ public class ExerciseFixture { - public static final String EXERCISE_NAME = "Exercise test"; + public static final String EXERCISE_NAME = "Exercise test"; - public static Exercise getExercise() { - return getExercise(null); - } - - public static Exercise getExercise(List exerciseTeams) { - Exercise exercise = new Exercise(); - exercise.setName(EXERCISE_NAME); - if(exerciseTeams != null){ - exercise.setTeams(exerciseTeams); - } - return exercise; - } - - public static Exercise createDefaultCrisisExercise() { - Exercise exercise = new Exercise(); - exercise.setName("Crisis exercise"); - exercise.setDescription("A crisis exercise for my enterprise"); - exercise.setSubtitle("A crisis exercise"); - exercise.setFrom("exercise@mail.fr"); - exercise.setCategory("crisis-communication"); - return exercise; - } + public static Exercise getExercise() { + return getExercise(null); + } - public static Exercise createDefaultIncidentResponseExercise() { - Exercise exercise = new Exercise(); - exercise.setName("Incident response exercise"); - exercise.setDescription("An incident response exercise for my enterprise"); - exercise.setSubtitle("An incident response exercise"); - exercise.setFrom("exercise@mail.fr"); - exercise.setCategory("incident-response"); - exercise.setStatus(ExerciseStatus.SCHEDULED); - exercise.setStart(Instant.now()); - return exercise; + public static Exercise getExercise(List exerciseTeams) { + Exercise exercise = new Exercise(); + exercise.setName(EXERCISE_NAME); + if (exerciseTeams != null) { + exercise.setTeams(exerciseTeams); } + return exercise; + } + + public static Exercise createDefaultCrisisExercise() { + Exercise exercise = new Exercise(); + exercise.setName("Crisis exercise"); + exercise.setDescription("A crisis exercise for my enterprise"); + exercise.setSubtitle("A crisis exercise"); + exercise.setFrom("exercise@mail.fr"); + exercise.setCategory("crisis-communication"); + return exercise; + } + + public static Exercise createDefaultIncidentResponseExercise() { + Exercise exercise = new Exercise(); + exercise.setName("Incident response exercise"); + exercise.setDescription("An incident response exercise for my enterprise"); + exercise.setSubtitle("An incident response exercise"); + exercise.setFrom("exercise@mail.fr"); + exercise.setCategory("incident-response"); + exercise.setStatus(ExerciseStatus.SCHEDULED); + exercise.setStart(Instant.now()); + return exercise; + } + + /* + _ create exercise with team containing a user with email (user enabled) + _ create exercise with team containing a user with email (user not enabled) + _ create exercise without team + _ create exercise with team without user + _ create email + */ } From 879e7b5d0067ca8ec805d49346f841c2293bfcc0 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Mon, 21 Oct 2024 15:59:05 +0200 Subject: [PATCH 06/17] test --- .../java/io/openbas/rest/InjectApiTest.java | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 55655323b3..fbfb30e9fd 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -21,11 +21,15 @@ import io.openbas.utils.mockUser.WithMockPlannerUser; import jakarta.annotation.Resource; import jakarta.annotation.Resources; +import jakarta.mail.internet.MimeMessage; import org.junit.jupiter.api.*; import org.mockito.ArgumentCaptor; +import org.mockito.InjectMocks; +import org.mockito.Mock; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; +import io.openbas.utils.EmailSenderUtil.mockJavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -46,10 +50,12 @@ import static io.openbas.rest.scenario.ScenarioApi.SCENARIO_URI; import static io.openbas.utils.JsonUtils.asJsonString; import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; +import static io.openbas.utils.fixtures.TeamFixture.getTeam; import static io.openbas.utils.fixtures.UserFixture.getSavedUser; +import static io.openbas.utils.fixtures.UserFixture.getUser; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; -import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -67,6 +73,8 @@ class InjectApiTest extends IntegrationTest { @Autowired private MockMvc mvc; @Autowired + private JavaMailSender mockJavaMailSender; + @Autowired private ScenarioService scenarioService; @Autowired private ExerciseService exerciseService; @@ -92,11 +100,15 @@ class InjectApiTest extends IntegrationTest { private InjectorContractRepository injectorContractRepository; @Autowired private UserRepository userRepository; + @Autowired + private ExerciseTeamUserRepository exerciseTeamUserRepository; @Resource private ObjectMapper objectMapper; @BeforeAll void beforeAll() { + reset(emailSender); + Scenario scenario = new Scenario(); scenario.setName("Scenario name"); scenario.setFrom("test@test.com"); @@ -372,6 +384,14 @@ void executeEmailInjectForExerciseTest() throws Exception { content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); inject.setContent(content); + User user = userRepository.save(getUser()); + Team team = teamRepository.save(getTeam(user)); + inject.setTeams(List.of(team)); + ExerciseTeamUser exerciseTeamUser = new ExerciseTeamUser(); + exerciseTeamUser.setExercise(EXERCISE); + exerciseTeamUser.setTeam(team); + exerciseTeamUser.setUser(user); + exerciseTeamUserRepository.save(exerciseTeamUser); Inject savedInject = this.injectRepository.save(inject); List userInjectContexts = Collections.singletonList( executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); @@ -384,7 +404,7 @@ void executeEmailInjectForExerciseTest() throws Exception { input.setTitle(savedInject.getTitle()); input.setDescription(savedInject.getDescription()); input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); - input.setUserIds(List.of(savedInject.getId())); + input.setUserIds(List.of(savedInject.getUser().getId())); input.setContent(savedInject.getContent()); MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); @@ -407,15 +427,19 @@ void executeEmailInjectForExerciseTest() throws Exception { .getContentAsString(); // -- ASSERT -- assertNotNull(response); - assertEquals("ERROR", JsonPath.read(response, "$.status_name")); + assertEquals("SUCCESS", JsonPath.read(response, "$.status_name")); ArgumentCaptor executableInjectCaptor = ArgumentCaptor.forClass(ExecutableInject.class); verify(executor).execute(executableInjectCaptor.capture()); + verify(mockJavaMailSender, times(1)).send((MimeMessage) any()); ExecutableInject capturedInjection = executableInjectCaptor.getValue(); assertEquals(injection.getExercise(), capturedInjection.getExercise()); //-- THEN --- injectRepository.delete(savedInject); + teamRepository.delete(team); + userRepository.delete(user); + exerciseTeamUserRepository.delete(exerciseTeamUser); } // -- BULK DELETE -- From 711a45dc941bbca94e9bc56079ec4103956601ad Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Mon, 21 Oct 2024 16:21:52 +0200 Subject: [PATCH 07/17] test --- .../src/test/java/io/openbas/rest/InjectApiTest.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index fbfb30e9fd..f66f6a73d3 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; -import io.openbas.utils.EmailSenderUtil.mockJavaMailSender; +import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -72,8 +72,8 @@ class InjectApiTest extends IntegrationTest { @Autowired private MockMvc mvc; - @Autowired - private JavaMailSender mockJavaMailSender; + @SpyBean + private JavaMailSender javaMailSender; @Autowired private ScenarioService scenarioService; @Autowired @@ -107,7 +107,7 @@ class InjectApiTest extends IntegrationTest { @BeforeAll void beforeAll() { - reset(emailSender); + reset(mockJavaMailSender); Scenario scenario = new Scenario(); scenario.setName("Scenario name"); From 99c0c76cfb47e72c70fcff5c799fcc061cbcb92d Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:12:01 +0200 Subject: [PATCH 08/17] test --- .../java/io/openbas/rest/InjectApiTest.java | 137 ++++++++++-------- .../utils/fixtures/ExerciseFixture.java | 8 - .../src/test/resources/application.properties | 31 +--- 3 files changed, 85 insertions(+), 91 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index f66f6a73d3..f3170f9eaa 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -8,10 +8,7 @@ import io.openbas.database.model.InjectorContract; import io.openbas.database.model.*; import io.openbas.database.repository.*; -import io.openbas.execution.ExecutableInject; -import io.openbas.execution.ExecutionContext; -import io.openbas.execution.ExecutionContextService; -import io.openbas.execution.Executor; +import io.openbas.injectors.email.EmailExecutor; import io.openbas.rest.exercise.service.ExerciseService; import io.openbas.rest.inject.form.DirectInjectInput; import io.openbas.rest.inject.form.InjectInput; @@ -20,26 +17,19 @@ import io.openbas.utils.mockUser.WithMockObserverUser; import io.openbas.utils.mockUser.WithMockPlannerUser; import jakarta.annotation.Resource; -import jakarta.annotation.Resources; -import jakarta.mail.internet.MimeMessage; +import jakarta.servlet.ServletException; import org.junit.jupiter.api.*; -import org.mockito.ArgumentCaptor; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; -import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.util.ResourceUtils; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.time.Instant; -import java.util.Collections; import java.util.List; import static io.openbas.config.SessionHelper.currentUser; @@ -50,12 +40,8 @@ import static io.openbas.rest.scenario.ScenarioApi.SCENARIO_URI; import static io.openbas.utils.JsonUtils.asJsonString; import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; -import static io.openbas.utils.fixtures.TeamFixture.getTeam; -import static io.openbas.utils.fixtures.UserFixture.getSavedUser; -import static io.openbas.utils.fixtures.UserFixture.getUser; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; -import static org.mockito.Mockito.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -72,8 +58,6 @@ class InjectApiTest extends IntegrationTest { @Autowired private MockMvc mvc; - @SpyBean - private JavaMailSender javaMailSender; @Autowired private ScenarioService scenarioService; @Autowired @@ -81,10 +65,6 @@ class InjectApiTest extends IntegrationTest { @Autowired private ExerciseRepository exerciseRepository; @Autowired - private ExecutionContextService executionContextService; - @SpyBean - private Executor executor; - @Autowired private ScenarioRepository scenarioRepository; @Autowired private InjectRepository injectRepository; @@ -100,15 +80,11 @@ class InjectApiTest extends IntegrationTest { private InjectorContractRepository injectorContractRepository; @Autowired private UserRepository userRepository; - @Autowired - private ExerciseTeamUserRepository exerciseTeamUserRepository; @Resource private ObjectMapper objectMapper; @BeforeAll void beforeAll() { - reset(mockJavaMailSender); - Scenario scenario = new Scenario(); scenario.setName("Scenario name"); scenario.setFrom("test@test.com"); @@ -377,35 +353,18 @@ void executeEmailInjectForExerciseTest() throws Exception { // -- PREPARE -- InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); Inject inject = getInjectForEmailContract(injectorContract); - inject.setUser(userRepository.findById(currentUser().getId()).orElseThrow()); - inject.setExercise(EXERCISE); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(user.getId())); ObjectNode content = objectMapper.createObjectNode(); content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); - inject.setContent(content); - User user = userRepository.save(getUser()); - Team team = teamRepository.save(getTeam(user)); - inject.setTeams(List.of(team)); - ExerciseTeamUser exerciseTeamUser = new ExerciseTeamUser(); - exerciseTeamUser.setExercise(EXERCISE); - exerciseTeamUser.setTeam(team); - exerciseTeamUser.setUser(user); - exerciseTeamUserRepository.save(exerciseTeamUser); - Inject savedInject = this.injectRepository.save(inject); - List userInjectContexts = Collections.singletonList( - executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); - ExecutableInject injection = new ExecutableInject( - true, true, savedInject, List.of(), savedInject.getAssets(), - savedInject.getAssetGroups(), userInjectContexts - ); + input.setContent(content); - DirectInjectInput input = new DirectInjectInput(); - input.setTitle(savedInject.getTitle()); - input.setDescription(savedInject.getDescription()); - input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); - input.setUserIds(List.of(savedInject.getUser().getId())); - input.setContent(savedInject.getContent()); MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); @@ -425,21 +384,83 @@ void executeEmailInjectForExerciseTest() throws Exception { .andReturn() .getResponse() .getContentAsString(); + // -- ASSERT -- assertNotNull(response); assertEquals("SUCCESS", JsonPath.read(response, "$.status_name")); - ArgumentCaptor executableInjectCaptor = ArgumentCaptor.forClass(ExecutableInject.class); - verify(executor).execute(executableInjectCaptor.capture()); - verify(mockJavaMailSender, times(1)).send((MimeMessage) any()); - ExecutableInject capturedInjection = executableInjectCaptor.getValue(); - assertEquals(injection.getExercise(), capturedInjection.getExercise()); + //-- THEN --- + userRepository.delete(user); + + } + + @DisplayName("Execute an email inject for exercise with no team") + @Test + @WithMockPlannerUser + void executeEmailInjectForExerciseWithNoTeam() throws Exception { + // -- PREPARE -- + InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); + Inject inject = getInjectForEmailContract(injectorContract); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + ObjectNode content = objectMapper.createObjectNode(); + content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); + content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); + input.setContent(content); + + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", + objectMapper.writeValueAsString(input).getBytes()); + + // -- EXECUTE -- + String response = mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + .file(inputJson)) + .andExpect(status().is2xxSuccessful()) + .andReturn() + .getResponse() + .getContentAsString(); + + // -- ASSERT -- + assertNotNull(response); + assertEquals("ERROR", JsonPath.read(response, "$.status_name")); + assertEquals("Email needs at least one user", JsonPath.read(response, "$.status_traces[0].execution_message")); + + //-- THEN --- + userRepository.delete(user); + } + + @DisplayName("Execute an email inject for exercise with no content") + @Test + @WithMockPlannerUser + void executeEmailInjectForExerciseWithNoContentTest() throws Exception { + // -- PREPARE -- + InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); + Inject inject = getInjectForEmailContract(injectorContract); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(user.getId())); + + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", + objectMapper.writeValueAsString(input).getBytes()); + + //-- ASSERT + Exception exception = assertThrows(ServletException.class, + () -> mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + .file(inputJson))); + + String expectedMessage = "Inject is empty"; + String actualMessage = exception.getMessage(); + + assertTrue(actualMessage.contains(expectedMessage)); //-- THEN --- - injectRepository.delete(savedInject); - teamRepository.delete(team); userRepository.delete(user); - exerciseTeamUserRepository.delete(exerciseTeamUser); } // -- BULK DELETE -- diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java index 651d4bb2e7..3cd7de50af 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java @@ -46,12 +46,4 @@ public static Exercise createDefaultIncidentResponseExercise() { return exercise; } - /* - _ create exercise with team containing a user with email (user enabled) - _ create exercise with team containing a user with email (user not enabled) - _ create exercise without team - _ create exercise with team without user - _ create email - */ - } diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties index e7d127e550..3f2b3b8548 100644 --- a/openbas-api/src/test/resources/application.properties +++ b/openbas-api/src/test/resources/application.properties @@ -3,21 +3,17 @@ info.app.name=OpenBAS # suppress inspection "SpringBootApplicationProperties" info.app.version=Testing - # OpenBAS configuration openbas.base-url=http://localhost:8080 openbas.admin.email=admin@openbas.io openbas.admin.password=admin openbas.admin.token=0d17ce9a-f3a8-4c6d-9721-c98dc3dc023f - # Server configuration server.servlet.context-path=/ - # rabbit mq openbas.rabbitmq.management-insecure=true openbas.rabbitmq.trust-store-password= openbas.rabbitmq.trust.store= - # Authenticators ## Local openbas.auth-local-enable=false @@ -25,33 +21,29 @@ openbas.auth-local-enable=false openbas.auth-openid-enable=false ## Kerberos openbas.auth-kerberos-enable=false - spring.datasource.url=jdbc:postgresql://localhost:5433/openbas spring.datasource.username=openbas spring.datasource.password=openbas - # Minio Properties minio.endpoint=localhost minio.port=10000 minio.bucket=openbas minio.access-key=minioadmin minio.access-secret=minioadmin - ############# # INJECTORS # ############# - # Mail config (Always available) -openbas.default-mailer=no-reply@openbas.io openbas.default-reply-to=contact@openbas.io -spring.mail.host=smtp.gmail.com -spring.mail.port=587 -spring.mail.username= -spring.mail.password= +openbas.default-mailer=no-reply@openbas.io +spring.mail.host=ssl0.ovh.net +spring.mail.port=465 +spring.mail.username=openex-dev@filigran.cloud +spring.mail.password=UBT0qxk4zxt!xaw9bzc spring.mail.properties.mail.smtp.ssl.trust=* spring.mail.properties.mail.smtp.ssl.enable=true spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=true +spring.mail.properties.mail.smtp.starttls.enable=false # IMAP Configuration openbas.mail.imap.enabled=false openbas.mail.imap.host=imap.mail.com @@ -65,37 +57,26 @@ openbas.mail.imap.ssl.trust=* openbas.mail.imap.ssl.enable=true openbas.mail.imap.auth=true openbas.mail.imap.starttls.enable=true - # OVH SMS config ovh.sms.enable=false - # Mastodon config mastodon.enable=false - # Airbus LADE config lade.enable=false - # Injector Http config http.enable=false - # Injector Caldera config injector.caldera.enable=false - # XLS Import openbas.xls.import.mail.enable=true openbas.xls.import.sms.enable=true - ############# # COLLECTORS # ############# - # Collectors - ## Collector user collector.users.enable=false - ## Collector MITRE ATT&CK collector.mitre-attack.enable=false - ## Collector Caldera collector.caldera.enable=false From 3b4caccb1d7b941dcc1042981f01248e5b42ef4f Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:14:06 +0200 Subject: [PATCH 09/17] Revert "test" This reverts commit ce72c593dd501d86cf6431dd9b4b0f3b7f5e5f52. --- .../java/io/openbas/rest/InjectApiTest.java | 137 ++++++++---------- .../utils/fixtures/ExerciseFixture.java | 8 + .../src/test/resources/application.properties | 31 +++- 3 files changed, 91 insertions(+), 85 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index f3170f9eaa..f66f6a73d3 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -8,7 +8,10 @@ import io.openbas.database.model.InjectorContract; import io.openbas.database.model.*; import io.openbas.database.repository.*; -import io.openbas.injectors.email.EmailExecutor; +import io.openbas.execution.ExecutableInject; +import io.openbas.execution.ExecutionContext; +import io.openbas.execution.ExecutionContextService; +import io.openbas.execution.Executor; import io.openbas.rest.exercise.service.ExerciseService; import io.openbas.rest.inject.form.DirectInjectInput; import io.openbas.rest.inject.form.InjectInput; @@ -17,19 +20,26 @@ import io.openbas.utils.mockUser.WithMockObserverUser; import io.openbas.utils.mockUser.WithMockPlannerUser; import jakarta.annotation.Resource; -import jakarta.servlet.ServletException; +import jakarta.annotation.Resources; +import jakarta.mail.internet.MimeMessage; import org.junit.jupiter.api.*; +import org.mockito.ArgumentCaptor; +import org.mockito.InjectMocks; +import org.mockito.Mock; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; +import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.util.ResourceUtils; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.time.Instant; +import java.util.Collections; import java.util.List; import static io.openbas.config.SessionHelper.currentUser; @@ -40,8 +50,12 @@ import static io.openbas.rest.scenario.ScenarioApi.SCENARIO_URI; import static io.openbas.utils.JsonUtils.asJsonString; import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; +import static io.openbas.utils.fixtures.TeamFixture.getTeam; +import static io.openbas.utils.fixtures.UserFixture.getSavedUser; +import static io.openbas.utils.fixtures.UserFixture.getUser; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; +import static org.mockito.Mockito.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -58,6 +72,8 @@ class InjectApiTest extends IntegrationTest { @Autowired private MockMvc mvc; + @SpyBean + private JavaMailSender javaMailSender; @Autowired private ScenarioService scenarioService; @Autowired @@ -65,6 +81,10 @@ class InjectApiTest extends IntegrationTest { @Autowired private ExerciseRepository exerciseRepository; @Autowired + private ExecutionContextService executionContextService; + @SpyBean + private Executor executor; + @Autowired private ScenarioRepository scenarioRepository; @Autowired private InjectRepository injectRepository; @@ -80,11 +100,15 @@ class InjectApiTest extends IntegrationTest { private InjectorContractRepository injectorContractRepository; @Autowired private UserRepository userRepository; + @Autowired + private ExerciseTeamUserRepository exerciseTeamUserRepository; @Resource private ObjectMapper objectMapper; @BeforeAll void beforeAll() { + reset(mockJavaMailSender); + Scenario scenario = new Scenario(); scenario.setName("Scenario name"); scenario.setFrom("test@test.com"); @@ -353,18 +377,35 @@ void executeEmailInjectForExerciseTest() throws Exception { // -- PREPARE -- InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); Inject inject = getInjectForEmailContract(injectorContract); - User user = userRepository.findById(currentUser().getId()).orElseThrow(); - DirectInjectInput input = new DirectInjectInput(); - input.setTitle(inject.getTitle()); - input.setDescription(inject.getDescription()); - input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); - input.setUserIds(List.of(user.getId())); + inject.setUser(userRepository.findById(currentUser().getId()).orElseThrow()); + inject.setExercise(EXERCISE); ObjectNode content = objectMapper.createObjectNode(); content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); - input.setContent(content); + inject.setContent(content); + User user = userRepository.save(getUser()); + Team team = teamRepository.save(getTeam(user)); + inject.setTeams(List.of(team)); + ExerciseTeamUser exerciseTeamUser = new ExerciseTeamUser(); + exerciseTeamUser.setExercise(EXERCISE); + exerciseTeamUser.setTeam(team); + exerciseTeamUser.setUser(user); + exerciseTeamUserRepository.save(exerciseTeamUser); + Inject savedInject = this.injectRepository.save(inject); + List userInjectContexts = Collections.singletonList( + executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); + ExecutableInject injection = new ExecutableInject( + true, true, savedInject, List.of(), savedInject.getAssets(), + savedInject.getAssetGroups(), userInjectContexts + ); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(savedInject.getTitle()); + input.setDescription(savedInject.getDescription()); + input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(savedInject.getUser().getId())); + input.setContent(savedInject.getContent()); MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); @@ -384,83 +425,21 @@ void executeEmailInjectForExerciseTest() throws Exception { .andReturn() .getResponse() .getContentAsString(); - // -- ASSERT -- assertNotNull(response); assertEquals("SUCCESS", JsonPath.read(response, "$.status_name")); + ArgumentCaptor executableInjectCaptor = ArgumentCaptor.forClass(ExecutableInject.class); + verify(executor).execute(executableInjectCaptor.capture()); + verify(mockJavaMailSender, times(1)).send((MimeMessage) any()); - //-- THEN --- - userRepository.delete(user); - - } - - @DisplayName("Execute an email inject for exercise with no team") - @Test - @WithMockPlannerUser - void executeEmailInjectForExerciseWithNoTeam() throws Exception { - // -- PREPARE -- - InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); - Inject inject = getInjectForEmailContract(injectorContract); - User user = userRepository.findById(currentUser().getId()).orElseThrow(); - DirectInjectInput input = new DirectInjectInput(); - input.setTitle(inject.getTitle()); - input.setDescription(inject.getDescription()); - input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); - ObjectNode content = objectMapper.createObjectNode(); - content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); - content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); - content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); - input.setContent(content); - - MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", - objectMapper.writeValueAsString(input).getBytes()); - - // -- EXECUTE -- - String response = mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") - .file(inputJson)) - .andExpect(status().is2xxSuccessful()) - .andReturn() - .getResponse() - .getContentAsString(); - - // -- ASSERT -- - assertNotNull(response); - assertEquals("ERROR", JsonPath.read(response, "$.status_name")); - assertEquals("Email needs at least one user", JsonPath.read(response, "$.status_traces[0].execution_message")); - - //-- THEN --- - userRepository.delete(user); - } - - @DisplayName("Execute an email inject for exercise with no content") - @Test - @WithMockPlannerUser - void executeEmailInjectForExerciseWithNoContentTest() throws Exception { - // -- PREPARE -- - InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); - Inject inject = getInjectForEmailContract(injectorContract); - User user = userRepository.findById(currentUser().getId()).orElseThrow(); - DirectInjectInput input = new DirectInjectInput(); - input.setTitle(inject.getTitle()); - input.setDescription(inject.getDescription()); - input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); - input.setUserIds(List.of(user.getId())); - - MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", - objectMapper.writeValueAsString(input).getBytes()); - - //-- ASSERT - Exception exception = assertThrows(ServletException.class, - () -> mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") - .file(inputJson))); - - String expectedMessage = "Inject is empty"; - String actualMessage = exception.getMessage(); - - assertTrue(actualMessage.contains(expectedMessage)); + ExecutableInject capturedInjection = executableInjectCaptor.getValue(); + assertEquals(injection.getExercise(), capturedInjection.getExercise()); //-- THEN --- + injectRepository.delete(savedInject); + teamRepository.delete(team); userRepository.delete(user); + exerciseTeamUserRepository.delete(exerciseTeamUser); } // -- BULK DELETE -- diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java index 3cd7de50af..651d4bb2e7 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/ExerciseFixture.java @@ -46,4 +46,12 @@ public static Exercise createDefaultIncidentResponseExercise() { return exercise; } + /* + _ create exercise with team containing a user with email (user enabled) + _ create exercise with team containing a user with email (user not enabled) + _ create exercise without team + _ create exercise with team without user + _ create email + */ + } diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties index 3f2b3b8548..e7d127e550 100644 --- a/openbas-api/src/test/resources/application.properties +++ b/openbas-api/src/test/resources/application.properties @@ -3,17 +3,21 @@ info.app.name=OpenBAS # suppress inspection "SpringBootApplicationProperties" info.app.version=Testing + # OpenBAS configuration openbas.base-url=http://localhost:8080 openbas.admin.email=admin@openbas.io openbas.admin.password=admin openbas.admin.token=0d17ce9a-f3a8-4c6d-9721-c98dc3dc023f + # Server configuration server.servlet.context-path=/ + # rabbit mq openbas.rabbitmq.management-insecure=true openbas.rabbitmq.trust-store-password= openbas.rabbitmq.trust.store= + # Authenticators ## Local openbas.auth-local-enable=false @@ -21,29 +25,33 @@ openbas.auth-local-enable=false openbas.auth-openid-enable=false ## Kerberos openbas.auth-kerberos-enable=false + spring.datasource.url=jdbc:postgresql://localhost:5433/openbas spring.datasource.username=openbas spring.datasource.password=openbas + # Minio Properties minio.endpoint=localhost minio.port=10000 minio.bucket=openbas minio.access-key=minioadmin minio.access-secret=minioadmin + ############# # INJECTORS # ############# + # Mail config (Always available) -openbas.default-reply-to=contact@openbas.io openbas.default-mailer=no-reply@openbas.io -spring.mail.host=ssl0.ovh.net -spring.mail.port=465 -spring.mail.username=openex-dev@filigran.cloud -spring.mail.password=UBT0qxk4zxt!xaw9bzc +openbas.default-reply-to=contact@openbas.io +spring.mail.host=smtp.gmail.com +spring.mail.port=587 +spring.mail.username= +spring.mail.password= spring.mail.properties.mail.smtp.ssl.trust=* spring.mail.properties.mail.smtp.ssl.enable=true spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=false +spring.mail.properties.mail.smtp.starttls.enable=true # IMAP Configuration openbas.mail.imap.enabled=false openbas.mail.imap.host=imap.mail.com @@ -57,26 +65,37 @@ openbas.mail.imap.ssl.trust=* openbas.mail.imap.ssl.enable=true openbas.mail.imap.auth=true openbas.mail.imap.starttls.enable=true + # OVH SMS config ovh.sms.enable=false + # Mastodon config mastodon.enable=false + # Airbus LADE config lade.enable=false + # Injector Http config http.enable=false + # Injector Caldera config injector.caldera.enable=false + # XLS Import openbas.xls.import.mail.enable=true openbas.xls.import.sms.enable=true + ############# # COLLECTORS # ############# + # Collectors + ## Collector user collector.users.enable=false + ## Collector MITRE ATT&CK collector.mitre-attack.enable=false + ## Collector Caldera collector.caldera.enable=false From 7bab225ba5eb9cd305647ad035c9c873093f1e90 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:27:25 +0200 Subject: [PATCH 10/17] test --- .../java/io/openbas/rest/InjectApiTest.java | 137 ++++++++++-------- .../openbas/utils/fixtures/InjectFixture.java | 18 --- 2 files changed, 78 insertions(+), 77 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index f66f6a73d3..63202b97cb 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -8,10 +8,6 @@ import io.openbas.database.model.InjectorContract; import io.openbas.database.model.*; import io.openbas.database.repository.*; -import io.openbas.execution.ExecutableInject; -import io.openbas.execution.ExecutionContext; -import io.openbas.execution.ExecutionContextService; -import io.openbas.execution.Executor; import io.openbas.rest.exercise.service.ExerciseService; import io.openbas.rest.inject.form.DirectInjectInput; import io.openbas.rest.inject.form.InjectInput; @@ -20,26 +16,18 @@ import io.openbas.utils.mockUser.WithMockObserverUser; import io.openbas.utils.mockUser.WithMockPlannerUser; import jakarta.annotation.Resource; -import jakarta.annotation.Resources; -import jakarta.mail.internet.MimeMessage; +import jakarta.servlet.ServletException; import org.junit.jupiter.api.*; -import org.mockito.ArgumentCaptor; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; -import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.util.ResourceUtils; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.time.Instant; -import java.util.Collections; import java.util.List; import static io.openbas.config.SessionHelper.currentUser; @@ -50,12 +38,8 @@ import static io.openbas.rest.scenario.ScenarioApi.SCENARIO_URI; import static io.openbas.utils.JsonUtils.asJsonString; import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; -import static io.openbas.utils.fixtures.TeamFixture.getTeam; -import static io.openbas.utils.fixtures.UserFixture.getSavedUser; -import static io.openbas.utils.fixtures.UserFixture.getUser; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; -import static org.mockito.Mockito.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -72,8 +56,6 @@ class InjectApiTest extends IntegrationTest { @Autowired private MockMvc mvc; - @SpyBean - private JavaMailSender javaMailSender; @Autowired private ScenarioService scenarioService; @Autowired @@ -81,10 +63,6 @@ class InjectApiTest extends IntegrationTest { @Autowired private ExerciseRepository exerciseRepository; @Autowired - private ExecutionContextService executionContextService; - @SpyBean - private Executor executor; - @Autowired private ScenarioRepository scenarioRepository; @Autowired private InjectRepository injectRepository; @@ -100,15 +78,11 @@ class InjectApiTest extends IntegrationTest { private InjectorContractRepository injectorContractRepository; @Autowired private UserRepository userRepository; - @Autowired - private ExerciseTeamUserRepository exerciseTeamUserRepository; @Resource private ObjectMapper objectMapper; @BeforeAll void beforeAll() { - reset(mockJavaMailSender); - Scenario scenario = new Scenario(); scenario.setName("Scenario name"); scenario.setFrom("test@test.com"); @@ -377,35 +351,18 @@ void executeEmailInjectForExerciseTest() throws Exception { // -- PREPARE -- InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); Inject inject = getInjectForEmailContract(injectorContract); - inject.setUser(userRepository.findById(currentUser().getId()).orElseThrow()); - inject.setExercise(EXERCISE); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(user.getId())); ObjectNode content = objectMapper.createObjectNode(); content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); - inject.setContent(content); - User user = userRepository.save(getUser()); - Team team = teamRepository.save(getTeam(user)); - inject.setTeams(List.of(team)); - ExerciseTeamUser exerciseTeamUser = new ExerciseTeamUser(); - exerciseTeamUser.setExercise(EXERCISE); - exerciseTeamUser.setTeam(team); - exerciseTeamUser.setUser(user); - exerciseTeamUserRepository.save(exerciseTeamUser); - Inject savedInject = this.injectRepository.save(inject); - List userInjectContexts = Collections.singletonList( - executionContextService.executionContext(getSavedUser(), savedInject, "Direct execution")); - ExecutableInject injection = new ExecutableInject( - true, true, savedInject, List.of(), savedInject.getAssets(), - savedInject.getAssetGroups(), userInjectContexts - ); + input.setContent(content); - DirectInjectInput input = new DirectInjectInput(); - input.setTitle(savedInject.getTitle()); - input.setDescription(savedInject.getDescription()); - input.setInjectorContract(savedInject.getInjectorContract().orElseThrow().getId()); - input.setUserIds(List.of(savedInject.getUser().getId())); - input.setContent(savedInject.getContent()); MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); @@ -425,21 +382,83 @@ void executeEmailInjectForExerciseTest() throws Exception { .andReturn() .getResponse() .getContentAsString(); + // -- ASSERT -- assertNotNull(response); assertEquals("SUCCESS", JsonPath.read(response, "$.status_name")); - ArgumentCaptor executableInjectCaptor = ArgumentCaptor.forClass(ExecutableInject.class); - verify(executor).execute(executableInjectCaptor.capture()); - verify(mockJavaMailSender, times(1)).send((MimeMessage) any()); - ExecutableInject capturedInjection = executableInjectCaptor.getValue(); - assertEquals(injection.getExercise(), capturedInjection.getExercise()); + //-- THEN --- + userRepository.delete(user); + + } + + @DisplayName("Execute an email inject for exercise with no team") + @Test + @WithMockPlannerUser + void executeEmailInjectForExerciseWithNoTeam() throws Exception { + // -- PREPARE -- + InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); + Inject inject = getInjectForEmailContract(injectorContract); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + ObjectNode content = objectMapper.createObjectNode(); + content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); + content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); + input.setContent(content); + + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", + objectMapper.writeValueAsString(input).getBytes()); + + // -- EXECUTE -- + String response = mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + .file(inputJson)) + .andExpect(status().is2xxSuccessful()) + .andReturn() + .getResponse() + .getContentAsString(); + + // -- ASSERT -- + assertNotNull(response); + assertEquals("ERROR", JsonPath.read(response, "$.status_name")); + assertEquals("Email needs at least one user", JsonPath.read(response, "$.status_traces[0].execution_message")); + + //-- THEN --- + userRepository.delete(user); + } + + @DisplayName("Execute an email inject for exercise with no content") + @Test + @WithMockPlannerUser + void executeEmailInjectForExerciseWithNoContentTest() throws Exception { + // -- PREPARE -- + InjectorContract injectorContract = this.injectorContractRepository.findById(EMAIL_DEFAULT).orElseThrow(); + Inject inject = getInjectForEmailContract(injectorContract); + User user = userRepository.findById(currentUser().getId()).orElseThrow(); + DirectInjectInput input = new DirectInjectInput(); + input.setTitle(inject.getTitle()); + input.setDescription(inject.getDescription()); + input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); + input.setUserIds(List.of(user.getId())); + + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", + objectMapper.writeValueAsString(input).getBytes()); + + //-- ASSERT + Exception exception = assertThrows(ServletException.class, + () -> mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") + .file(inputJson))); + + String expectedMessage = "Inject is empty"; + String actualMessage = exception.getMessage(); + + assertTrue(actualMessage.contains(expectedMessage)); //-- THEN --- - injectRepository.delete(savedInject); - teamRepository.delete(team); userRepository.delete(user); - exerciseTeamUserRepository.delete(exerciseTeamUser); } // -- BULK DELETE -- diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java index 2f77ad1691..83672d66b6 100644 --- a/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java +++ b/openbas-api/src/test/java/io/openbas/utils/fixtures/InjectFixture.java @@ -3,19 +3,9 @@ import io.openbas.database.model.Inject; import io.openbas.database.model.InjectorContract; -import static io.openbas.injectors.email.EmailContract.TYPE; - public class InjectFixture { public static final String INJECT_EMAIL_NAME = "Test email inject"; - public static final String INJECT_SMS_NAME = "Test sms inject"; - - /* - public static final String OVH_DEFAULT = "e9e902bc-b03d-4223-89e1-fca093ac79dd"; - public static final String MASTODON_DEFAULT = "aeab9ed6-ae98-4b48-b8cc-2e91ac54f2f9"; - openbas_implant: 49229430-b5b5-431f-ba5b-f36f599b0144 - caldera: 7736918d-6a3f-46c7-b303-cbf5dc476c84 - */ public static Inject getInjectForEmailContract(InjectorContract injectorContract) { Inject inject = new Inject(); @@ -26,12 +16,4 @@ public static Inject getInjectForEmailContract(InjectorContract injectorContract return inject; } - public static Inject getInjectForSmsContract(InjectorContract injectorContract) { - Inject inject = new Inject(); - inject.setTitle(INJECT_SMS_NAME); - inject.setInjectorContract(injectorContract); - inject.setEnabled(true); - inject.setDependsDuration(0L); - return inject; - } } From 38b57906f3a454af016cec756e679062187d389e Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:33:18 +0200 Subject: [PATCH 11/17] test --- .../src/test/resources/application.properties | 31 ++++--------------- 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties index e7d127e550..3f2b3b8548 100644 --- a/openbas-api/src/test/resources/application.properties +++ b/openbas-api/src/test/resources/application.properties @@ -3,21 +3,17 @@ info.app.name=OpenBAS # suppress inspection "SpringBootApplicationProperties" info.app.version=Testing - # OpenBAS configuration openbas.base-url=http://localhost:8080 openbas.admin.email=admin@openbas.io openbas.admin.password=admin openbas.admin.token=0d17ce9a-f3a8-4c6d-9721-c98dc3dc023f - # Server configuration server.servlet.context-path=/ - # rabbit mq openbas.rabbitmq.management-insecure=true openbas.rabbitmq.trust-store-password= openbas.rabbitmq.trust.store= - # Authenticators ## Local openbas.auth-local-enable=false @@ -25,33 +21,29 @@ openbas.auth-local-enable=false openbas.auth-openid-enable=false ## Kerberos openbas.auth-kerberos-enable=false - spring.datasource.url=jdbc:postgresql://localhost:5433/openbas spring.datasource.username=openbas spring.datasource.password=openbas - # Minio Properties minio.endpoint=localhost minio.port=10000 minio.bucket=openbas minio.access-key=minioadmin minio.access-secret=minioadmin - ############# # INJECTORS # ############# - # Mail config (Always available) -openbas.default-mailer=no-reply@openbas.io openbas.default-reply-to=contact@openbas.io -spring.mail.host=smtp.gmail.com -spring.mail.port=587 -spring.mail.username= -spring.mail.password= +openbas.default-mailer=no-reply@openbas.io +spring.mail.host=ssl0.ovh.net +spring.mail.port=465 +spring.mail.username=openex-dev@filigran.cloud +spring.mail.password=UBT0qxk4zxt!xaw9bzc spring.mail.properties.mail.smtp.ssl.trust=* spring.mail.properties.mail.smtp.ssl.enable=true spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=true +spring.mail.properties.mail.smtp.starttls.enable=false # IMAP Configuration openbas.mail.imap.enabled=false openbas.mail.imap.host=imap.mail.com @@ -65,37 +57,26 @@ openbas.mail.imap.ssl.trust=* openbas.mail.imap.ssl.enable=true openbas.mail.imap.auth=true openbas.mail.imap.starttls.enable=true - # OVH SMS config ovh.sms.enable=false - # Mastodon config mastodon.enable=false - # Airbus LADE config lade.enable=false - # Injector Http config http.enable=false - # Injector Caldera config injector.caldera.enable=false - # XLS Import openbas.xls.import.mail.enable=true openbas.xls.import.sms.enable=true - ############# # COLLECTORS # ############# - # Collectors - ## Collector user collector.users.enable=false - ## Collector MITRE ATT&CK collector.mitre-attack.enable=false - ## Collector Caldera collector.caldera.enable=false From da48d26091bab7c9ca67cc09df677ff9bc4a05e3 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:54:28 +0200 Subject: [PATCH 12/17] test --- openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 63202b97cb..47f131243c 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -444,6 +444,11 @@ void executeEmailInjectForExerciseWithNoContentTest() throws Exception { input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); input.setUserIds(List.of(user.getId())); + ObjectNode content = objectMapper.createObjectNode(); + content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); + content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); + content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); + MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); From 140e10864f8a3809003dbe98e7e8adf2d97477fe Mon Sep 17 00:00:00 2001 From: Johanah LEKEU <49673066+johanah29@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:38:23 +0200 Subject: [PATCH 13/17] test --- .../src/test/resources/application.properties | 82 ------------------- 1 file changed, 82 deletions(-) delete mode 100644 openbas-api/src/test/resources/application.properties diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties deleted file mode 100644 index 3f2b3b8548..0000000000 --- a/openbas-api/src/test/resources/application.properties +++ /dev/null @@ -1,82 +0,0 @@ -# Global configuration -# suppress inspection "SpringBootApplicationProperties" -info.app.name=OpenBAS -# suppress inspection "SpringBootApplicationProperties" -info.app.version=Testing -# OpenBAS configuration -openbas.base-url=http://localhost:8080 -openbas.admin.email=admin@openbas.io -openbas.admin.password=admin -openbas.admin.token=0d17ce9a-f3a8-4c6d-9721-c98dc3dc023f -# Server configuration -server.servlet.context-path=/ -# rabbit mq -openbas.rabbitmq.management-insecure=true -openbas.rabbitmq.trust-store-password= -openbas.rabbitmq.trust.store= -# Authenticators -## Local -openbas.auth-local-enable=false -## Oauth -openbas.auth-openid-enable=false -## Kerberos -openbas.auth-kerberos-enable=false -spring.datasource.url=jdbc:postgresql://localhost:5433/openbas -spring.datasource.username=openbas -spring.datasource.password=openbas -# Minio Properties -minio.endpoint=localhost -minio.port=10000 -minio.bucket=openbas -minio.access-key=minioadmin -minio.access-secret=minioadmin -############# -# INJECTORS # -############# -# Mail config (Always available) -openbas.default-reply-to=contact@openbas.io -openbas.default-mailer=no-reply@openbas.io -spring.mail.host=ssl0.ovh.net -spring.mail.port=465 -spring.mail.username=openex-dev@filigran.cloud -spring.mail.password=UBT0qxk4zxt!xaw9bzc -spring.mail.properties.mail.smtp.ssl.trust=* -spring.mail.properties.mail.smtp.ssl.enable=true -spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=false -# IMAP Configuration -openbas.mail.imap.enabled=false -openbas.mail.imap.host=imap.mail.com -openbas.mail.imap.username= -openbas.mail.imap.password=< -openbas.mail.imap.port=993 -openbas.mail.imap.inbox=INBOX -openbas.mail.imap.sent=Sent -# Extra IMAP configuration -openbas.mail.imap.ssl.trust=* -openbas.mail.imap.ssl.enable=true -openbas.mail.imap.auth=true -openbas.mail.imap.starttls.enable=true -# OVH SMS config -ovh.sms.enable=false -# Mastodon config -mastodon.enable=false -# Airbus LADE config -lade.enable=false -# Injector Http config -http.enable=false -# Injector Caldera config -injector.caldera.enable=false -# XLS Import -openbas.xls.import.mail.enable=true -openbas.xls.import.sms.enable=true -############# -# COLLECTORS # -############# -# Collectors -## Collector user -collector.users.enable=false -## Collector MITRE ATT&CK -collector.mitre-attack.enable=false -## Collector Caldera -collector.caldera.enable=false From 167d0df35f292504b37fe993fce732f0211c4eed Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 10:58:33 +0200 Subject: [PATCH 14/17] test --- openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 47f131243c..63202b97cb 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -444,11 +444,6 @@ void executeEmailInjectForExerciseWithNoContentTest() throws Exception { input.setInjectorContract(inject.getInjectorContract().orElseThrow().getId()); input.setUserIds(List.of(user.getId())); - ObjectNode content = objectMapper.createObjectNode(); - content.set("subject", objectMapper.convertValue("Subject", JsonNode.class)); - content.set("body", objectMapper.convertValue("Test body", JsonNode.class)); - content.set("expectationType", objectMapper.convertValue("none", JsonNode.class)); - MockMultipartFile inputJson = new MockMultipartFile("input", null, "application/json", objectMapper.writeValueAsString(input).getBytes()); From 11a9f9df39fd18f7307cdb66991c92dd962323aa Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 11:32:16 +0200 Subject: [PATCH 15/17] test --- .../src/test/resources/application.properties | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 openbas-api/src/test/resources/application.properties diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties new file mode 100644 index 0000000000..342ac534b6 --- /dev/null +++ b/openbas-api/src/test/resources/application.properties @@ -0,0 +1,82 @@ +# Global configuration +# suppress inspection "SpringBootApplicationProperties" +info.app.name=OpenBAS +# suppress inspection "SpringBootApplicationProperties" +info.app.version=Testing +# OpenBAS configuration +openbas.base-url=http://localhost:8080 +openbas.admin.email=admin@openbas.io +openbas.admin.password=admin +openbas.admin.token=0d17ce9a-f3a8-4c6d-9721-c98dc3dc023f +# Server configuration +server.servlet.context-path=/ +# rabbit mq +openbas.rabbitmq.management-insecure=true +openbas.rabbitmq.trust-store-password= +openbas.rabbitmq.trust.store= +# Authenticators +## Local +openbas.auth-local-enable=false +## Oauth +openbas.auth-openid-enable=false +## Kerberos +openbas.auth-kerberos-enable=false +spring.datasource.url=jdbc:postgresql://localhost:5433/openbas +spring.datasource.username=openbas +spring.datasource.password=openbas +# Minio Properties +minio.endpoint=localhost +minio.port=10000 +minio.bucket=openbas +minio.access-key=minioadmin +minio.access-secret=minioadmin +############# +# INJECTORS # +############# +# Mail config (Always available) +openbas.default-mailer=no-reply@openbas.io +openbas.default-reply-to=contact@openbas.io +spring.mail.host=smtp.gmail.com +spring.mail.port=587 +spring.mail.username= +spring.mail.password= +spring.mail.properties.mail.smtp.ssl.trust=* +spring.mail.properties.mail.smtp.ssl.enable=true +spring.mail.properties.mail.smtp.auth=true +spring.mail.properties.mail.smtp.starttls.enable=true +# IMAP Configuration +openbas.mail.imap.enabled=false +openbas.mail.imap.host=imap.mail.com +openbas.mail.imap.username= +openbas.mail.imap.password=< +openbas.mail.imap.port=993 +openbas.mail.imap.inbox=INBOX +openbas.mail.imap.sent=Sent +# Extra IMAP configuration +openbas.mail.imap.ssl.trust=* +openbas.mail.imap.ssl.enable=true +openbas.mail.imap.auth=true +openbas.mail.imap.starttls.enable=true +# OVH SMS config +ovh.sms.enable=false +# Mastodon config +mastodon.enable=false +# Airbus LADE config +lade.enable=false +# Injector Http config +http.enable=false +# Injector Caldera config +injector.caldera.enable=false +# XLS Import +openbas.xls.import.mail.enable=true +openbas.xls.import.sms.enable=true +############# +# COLLECTORS # +############# +# Collectors +## Collector user +collector.users.enable=false +## Collector MITRE ATT&CK +collector.mitre-attack.enable=false +## Collector Caldera +collector.caldera.enable=false From 02676866c02cbfc8627f07130fc4f84910005f35 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 11:57:07 +0200 Subject: [PATCH 16/17] test --- openbas-api/src/test/resources/application.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openbas-api/src/test/resources/application.properties b/openbas-api/src/test/resources/application.properties index 342ac534b6..ed8360db68 100644 --- a/openbas-api/src/test/resources/application.properties +++ b/openbas-api/src/test/resources/application.properties @@ -34,16 +34,16 @@ minio.access-secret=minioadmin # INJECTORS # ############# # Mail config (Always available) -openbas.default-mailer=no-reply@openbas.io openbas.default-reply-to=contact@openbas.io -spring.mail.host=smtp.gmail.com -spring.mail.port=587 +openbas.default-mailer=no-reply@openbas.io +spring.mail.host=ssl0.ovh.net +spring.mail.port=465 spring.mail.username= spring.mail.password= spring.mail.properties.mail.smtp.ssl.trust=* spring.mail.properties.mail.smtp.ssl.enable=true spring.mail.properties.mail.smtp.auth=true -spring.mail.properties.mail.smtp.starttls.enable=true +spring.mail.properties.mail.smtp.starttls.enable=false # IMAP Configuration openbas.mail.imap.enabled=false openbas.mail.imap.host=imap.mail.com From a533a9a01439b738e11d4a3526598e60af572222 Mon Sep 17 00:00:00 2001 From: Johanah LEKEU Date: Wed, 23 Oct 2024 17:22:27 +0200 Subject: [PATCH 17/17] Mock Java mail sender --- .../test/java/io/openbas/rest/InjectApiTest.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java index 63202b97cb..7896f79a17 100644 --- a/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java +++ b/openbas-api/src/test/java/io/openbas/rest/InjectApiTest.java @@ -16,10 +16,17 @@ import io.openbas.utils.mockUser.WithMockObserverUser; import io.openbas.utils.mockUser.WithMockPlannerUser; import jakarta.annotation.Resource; +import jakarta.mail.internet.MimeMessage; import jakarta.servlet.ServletException; import org.junit.jupiter.api.*; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.ArgumentMatchers; +import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.http.MediaType; +import org.springframework.mail.SimpleMailMessage; +import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockMultipartFile; import org.springframework.test.web.servlet.MockMvc; import org.springframework.util.ResourceUtils; @@ -40,11 +47,13 @@ import static io.openbas.utils.fixtures.InjectFixture.getInjectForEmailContract; import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS; +import static org.mockito.Mockito.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @TestMethodOrder(MethodOrderer.OrderAnnotation.class) @TestInstance(PER_CLASS) +@ExtendWith(MockitoExtension.class) class InjectApiTest extends IntegrationTest { static Exercise EXERCISE; @@ -80,6 +89,8 @@ class InjectApiTest extends IntegrationTest { private UserRepository userRepository; @Resource private ObjectMapper objectMapper; + @MockBean + private JavaMailSender javaMailSender; @BeforeAll void beforeAll() { @@ -374,6 +385,11 @@ void executeEmailInjectForExerciseTest() throws Exception { "application/xlsx", in.readAllBytes()); + // Mock the behavior of JavaMailSender + doNothing().when(javaMailSender).send(ArgumentMatchers.any(SimpleMailMessage.class)); + MimeMessage mimeMessage = mock(MimeMessage.class); + when(javaMailSender.createMimeMessage()).thenReturn(mimeMessage); + // -- EXECUTE -- String response = mvc.perform(multipart(EXERCISE_URI + "/" + EXERCISE.getId() + "/inject") .file(inputJson)