forked from sysdiglabs/sysdig-sdk-python
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_secure_apis.sh
More file actions
executable file
·132 lines (108 loc) · 5.28 KB
/
test_secure_apis.sh
File metadata and controls
executable file
·132 lines (108 loc) · 5.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
set -euxo pipefail
SCRIPT=$(readlink -f $0)
SCRIPTDIR=$(dirname $SCRIPT)
export SDC_URL=https://secure-staging.sysdig.com
# we expect this to fail with 405. It only works for on-premise accounts.
set +e
OUT=`$SCRIPTDIR/../examples/set_secure_system_falco_rules.py $PYTHON_SDC_TEST_API_TOKEN $SCRIPTDIR/sample-falco-rules.yaml`
if [[ $? != 1 ]]; then
echo "set_secure_system_falco_rules.py succeeded when it should have failed"
exit 1
fi
set -e
# Get the system falco rules file. Don't validate it, just verify that it can be fetched.
$SCRIPTDIR/../examples/get_secure_system_falco_rules.py $PYTHON_SDC_TEST_API_TOKEN | tee /tmp/falco_rules.yaml
NOW=$(date)
cat <<EOF > /tmp/test_apis_user_rules.yaml
- rule: My Rule as of $NOW
desc: My Description
condition: evt.type=open and fd.name="/tmp/some-file.txt"
output: Impossible file opened
priority: INFO
EOF
$SCRIPTDIR/../examples/set_secure_user_falco_rules.py $PYTHON_SDC_TEST_API_TOKEN /tmp/test_apis_user_rules.yaml
$SCRIPTDIR/../examples/get_secure_user_falco_rules.py $PYTHON_SDC_TEST_API_TOKEN > /tmp/falco_rules.yaml
# Removed comparison. The new endpoint automatically adds a header to the YAML file,
# and this use case is already covered in the custom_rules_spec.py test file.
# diff /tmp/falco_rules.yaml /tmp/test_apis_user_rules.yaml
# Delete all policies and then get them. There should be none.
$SCRIPTDIR/../examples/delete_all_policies.py $PYTHON_SDC_TEST_API_TOKEN
OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"[]"* ]]; then
echo "Unexpected output after deleting all policies"
exit 1
fi
# Create the default set of policies and then fetch them. There should
# be 1, corresponding to the system falco rule.
$SCRIPTDIR/../examples/create_default_policies.py $PYTHON_SDC_TEST_API_TOKEN
OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"Suspicious Filesystem Changes\""* ]]; then
echo "Unexpected output after creating default policies"
exit 1
fi
# Get that policy, change the name, and create a new duplicate policy.
OUT=`$SCRIPTDIR/../examples/get_policy.py $PYTHON_SDC_TEST_API_TOKEN "Suspicious Filesystem Changes"`
MY_POLICY=$OUT
if [[ $OUT != *"\"Suspicious Filesystem Changes\""* ]]; then
echo "Could not fetch policy with name \"Suspicious Filesystem Changes\""
exit 1
fi
NEW_POLICY=`echo $MY_POLICY | sed -e "s/Suspicious Filesystem Changes/Suspicious Filesystem Changes 2/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
OUT=`echo $NEW_POLICY | $SCRIPTDIR/../examples/add_policy.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"Suspicious Filesystem Changes 2\""* ]]; then
echo "Could not create new policy"
exit 1
fi
# Change the description of the new policy and update it.
ID=`echo $OUT | grep -E -o '"id": [^,]+,' | awk '{print $2}' | awk -F, '{print $1}'`
MODIFIED_POLICY=`echo $MY_POLICY | sed -e "s/Suspicious Filesystem Changes/Suspicious Filesystem Changes 2/g" | sed -e "s,Identified suspicious filesystem activity that might change sensitive/important files,My New Description,g" | sed -e "s/\"id\": [0-9]*,/\"id\": $ID,/"`
OUT=`echo $MODIFIED_POLICY | $SCRIPTDIR/../examples/update_policy.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"description\": \"My New Description\""* ]]; then
echo "Could not update policy \"Suspicious Filesystem Changes 2\""
exit 1
fi
# Delete the new policy.
OUT=`$SCRIPTDIR/../examples/delete_policy.py --name "Suspicious Filesystem Changes 2" $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"Suspicious Filesystem Changes 2\""* ]]; then
echo "Could not delete policy \"Suspicious Filesystem Changes 2\""
exit 1
fi
OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT = *"\"Suspicious Filesystem Changes 2\""* ]]; then
echo "After deleting policy Suspicious Filesystem Changes 2, policy was still present?"
exit 1
fi
# Make a copy again, but this time delete by id
NEW_POLICY=`echo $MY_POLICY | sed -e "s/Suspicious Filesystem Changes/Another Copy Of Suspicious Filesystem Changes/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
OUT=`echo $NEW_POLICY | $SCRIPTDIR/../examples/add_policy.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"Another Copy Of Suspicious Filesystem Changes\""* ]]; then
echo "Could not create new policy"
exit 1
fi
ID=`echo $OUT | grep -E -o '"id": [^,]+,' | awk '{print $2}' | awk -F, '{print $1}'`
OUT=`$SCRIPTDIR/../examples/delete_policy.py --id $ID $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT != *"\"Another Copy Of Suspicious Filesystem Changes\""* ]]; then
echo "Could not delete policy \"Another Copy Of Suspicious Filesystem Changes\""
exit 1
fi
OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
if [[ $OUT = *"\"Another Copy Of Write below binary dir\""* ]]; then
echo "After deleting policy Another Copy Of Suspicious Filesystem Changes, policy was still present?"
exit 1
fi
# Trigger some events
FOUND=0
for i in $(seq 10); do
sudo cat /etc/shadow
sleep 10
EVTS=`$SCRIPTDIR/../examples/get_secure_policy_events.py $PYTHON_SDC_TEST_API_TOKEN 60`
if [[ "$EVTS" != "" ]]; then
FOUND=1
break;
fi
done
if [[ $FOUND == 0 ]]; then
echo "Did not find any policy events after 10 attempts..."
exit 1
fi