Skip to content

Commit 7d553c4

Browse files
Chronicle Teamcopybara-github
Chronicle Team
authored and
copybara-github
committed
Add sample code for VerifyRule.
PiperOrigin-RevId: 382111530
1 parent 6f2f73b commit 7d553c4

2 files changed

Lines changed: 128 additions & 0 deletions

File tree

detect/v2/verify_rule.py

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
#!/usr/bin/env python3
2+
3+
# Copyright 2021 Google LLC
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
#
17+
"""Executable and reusable sample for verifying a detection rule."""
18+
19+
import argparse
20+
import json
21+
from typing import Any, Mapping
22+
23+
from google.auth.transport import requests
24+
25+
from common import chronicle_auth
26+
27+
CHRONICLE_API_BASE_URL = "https://backstory.googleapis.com"
28+
29+
30+
def verify_rule(http_session: requests.AuthorizedSession,
31+
rule_content: str) -> Mapping[str, Any]:
32+
"""Validates that a detection rule is a valid YL2 rule.
33+
34+
Args:
35+
http_session: Authorized session for HTTP requests.
36+
rule_content: Content of the detection rule.
37+
38+
Returns:
39+
A compilation error if there is one.
40+
41+
Raises:
42+
requests.exceptions.HTTPError: HTTP request resulted in an error
43+
(response.status_code >= 400).
44+
"""
45+
url = f"{CHRONICLE_API_BASE_URL}/v2/detect/rules:verifyRule"
46+
body = {"rule_text": rule_content}
47+
48+
response = http_session.request("POST", url, json=body)
49+
# Expected server response:
50+
# {
51+
# "compilationError": "<error_message>", <-- IFF compilation failed.
52+
# }
53+
54+
if response.status_code >= 400:
55+
print(response.text)
56+
response.raise_for_status()
57+
return response.json()
58+
59+
60+
if __name__ == "__main__":
61+
parser = argparse.ArgumentParser()
62+
chronicle_auth.add_argument_credentials_file(parser)
63+
parser.add_argument(
64+
"-f",
65+
"--rule_file",
66+
type=argparse.FileType("r"),
67+
required=True,
68+
# File example: python3 verify_rule.py -f <path>
69+
# STDIN example: cat rule.txt | python3 verify_rule.py -f -
70+
help="path of a file with the rule's content, or - for STDIN")
71+
72+
args = parser.parse_args()
73+
session = chronicle_auth.initialize_http_session(args.credentials_file)
74+
resp = verify_rule(session, args.rule_file.read())
75+
print(json.dumps(resp, indent=2))

detect/v2/verify_rule_test.py

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
# Copyright 2021 Google LLC
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
#
15+
"""Unit tests for the "verify_rule" module."""
16+
17+
import unittest
18+
from unittest import mock
19+
20+
from google.auth.transport import requests
21+
22+
from . import verify_rule
23+
24+
25+
class VerifyRuleTest(unittest.TestCase):
26+
27+
@mock.patch.object(requests, "AuthorizedSession", autospec=True)
28+
@mock.patch.object(requests.requests, "Response", autospec=True)
29+
def test_http_error(self, mock_response, mock_session):
30+
mock_session.request.return_value = mock_response
31+
type(mock_response).status_code = mock.PropertyMock(return_value=400)
32+
mock_response.raise_for_status.side_effect = (
33+
requests.requests.exceptions.HTTPError())
34+
35+
with self.assertRaises(requests.requests.exceptions.HTTPError):
36+
verify_rule.verify_rule(mock_session, "new rule content")
37+
38+
@mock.patch.object(requests, "AuthorizedSession", autospec=True)
39+
@mock.patch.object(requests.requests, "Response", autospec=True)
40+
def test_happy_path(self, mock_response, mock_session):
41+
mock_session.request.return_value = mock_response
42+
type(mock_response).status_code = mock.PropertyMock(return_value=200)
43+
expected_resp = {
44+
"compilationError": "generic::invalid_argument compilation error",
45+
}
46+
mock_response.json.return_value = expected_resp
47+
48+
actual_rule = verify_rule.verify_rule(mock_session, "new rule content")
49+
self.assertEqual(actual_rule, expected_resp)
50+
51+
52+
if __name__ == "__main__":
53+
unittest.main()

0 commit comments

Comments
 (0)