4
0

log_arguments_test.go 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. package executor
  2. import (
  3. "testing"
  4. "github.com/stretchr/testify/assert"
  5. "github.com/stretchr/testify/require"
  6. auth "github.com/OliveTin/OliveTin/internal/auth"
  7. config "github.com/OliveTin/OliveTin/internal/config"
  8. )
  9. func TestArgumentTypeStorableInLog(t *testing.T) {
  10. assert.True(t, argumentTypeStorableInLog("ascii"))
  11. assert.True(t, argumentTypeStorableInLog("shell_safe_identifier"))
  12. assert.False(t, argumentTypeStorableInLog("password"))
  13. assert.False(t, argumentTypeStorableInLog("very_dangerous_raw_string"))
  14. }
  15. func TestStorableArgumentsFromRequestExcludesSensitiveAndSystemArgs(t *testing.T) {
  16. req := newExecRequest()
  17. req.Binding.Action.Arguments = []config.ActionArgument{
  18. {Name: "host", Type: "ascii_identifier"},
  19. {Name: "secret", Type: "password"},
  20. {Name: "payload", Type: "very_dangerous_raw_string"},
  21. }
  22. req.Arguments = map[string]string{
  23. "host": "example.com",
  24. "secret": "hunter2",
  25. "payload": "rm -rf /",
  26. "ot_executionTrackingId": "track-123",
  27. "ot_username": "alice",
  28. "extra_undefined": "drop-me",
  29. }
  30. args := storableArgumentsFromRequest(req)
  31. require.Len(t, args, 1)
  32. assert.Equal(t, "example.com", args["host"])
  33. assert.NotContains(t, args, "secret")
  34. assert.NotContains(t, args, "payload")
  35. assert.NotContains(t, args, "ot_executionTrackingId")
  36. assert.NotContains(t, args, "ot_username")
  37. assert.NotContains(t, args, "extra_undefined")
  38. }
  39. func TestStorableArgumentsFromRequestReturnsNilWhenEmpty(t *testing.T) {
  40. req := newExecRequest()
  41. req.Binding.Action.Arguments = []config.ActionArgument{
  42. {Name: "secret", Type: "password"},
  43. }
  44. req.Arguments = map[string]string{
  45. "secret": "hunter2",
  46. }
  47. assert.Nil(t, storableArgumentsFromRequest(req))
  48. }
  49. func TestStorableArgumentsFromRequestStoresMangledCheckboxValue(t *testing.T) {
  50. req := newExecRequest()
  51. req.Binding.Action.Arguments = []config.ActionArgument{
  52. {
  53. Name: "mode",
  54. Type: "checkbox",
  55. Choices: []config.ActionArgumentChoice{
  56. {Title: "Enabled", Value: "1"},
  57. {Title: "Disabled", Value: "0"},
  58. },
  59. },
  60. }
  61. req.Arguments = map[string]string{
  62. "mode": "Enabled",
  63. }
  64. mangleInvalidArgumentValues(req)
  65. args := storableArgumentsFromRequest(req)
  66. require.Len(t, args, 1)
  67. assert.Equal(t, "1", args["mode"])
  68. }
  69. func TestCopyStorableArgumentsToLogEntry(t *testing.T) {
  70. req := newExecRequest()
  71. req.logEntry = &InternalLogEntry{}
  72. req.Binding.Action.Arguments = []config.ActionArgument{
  73. {Name: "target", Type: "ascii_identifier"},
  74. }
  75. req.Arguments = map[string]string{
  76. "target": "server-a",
  77. }
  78. copyStorableArgumentsToLogEntry(req)
  79. require.NotNil(t, req.logEntry.Arguments)
  80. assert.Equal(t, "server-a", req.logEntry.Arguments["target"])
  81. }
  82. func TestExecRequestStoresArgumentsOnLogEntry(t *testing.T) {
  83. e, cfg := testingExecutor()
  84. e.RebuildActionMap()
  85. binding := e.FindBindingWithNoEntity(cfg.Actions[0])
  86. require.NotNil(t, binding)
  87. req := ExecutionRequest{
  88. Binding: binding,
  89. Cfg: cfg,
  90. AuthenticatedUser: auth.UserGuest(cfg),
  91. Arguments: map[string]string{
  92. "person": "yourself",
  93. },
  94. }
  95. wg, trackingID := e.ExecRequest(&req)
  96. wg.Wait()
  97. logEntry, ok := e.GetLog(trackingID)
  98. require.True(t, ok)
  99. require.NotNil(t, logEntry.Arguments)
  100. assert.Equal(t, "yourself", logEntry.Arguments["person"])
  101. }
  102. func TestRestartArgumentsIncompleteDetectsNonStorableArguments(t *testing.T) {
  103. action := &config.Action{
  104. Arguments: []config.ActionArgument{
  105. {Name: "host", Type: "ascii_identifier"},
  106. {Name: "pass", Type: "password"},
  107. },
  108. }
  109. assert.True(t, RestartArgumentsIncomplete(action, nil, map[string]string{
  110. "host": "db-1",
  111. }))
  112. }
  113. func TestRestartArgumentsIncompleteDetectsMissingRequiredStoredArguments(t *testing.T) {
  114. action := &config.Action{
  115. Arguments: []config.ActionArgument{
  116. {Name: "host", Type: "ascii_identifier"},
  117. },
  118. }
  119. assert.True(t, RestartArgumentsIncomplete(action, nil, map[string]string{}))
  120. assert.False(t, RestartArgumentsIncomplete(action, nil, map[string]string{
  121. "host": "db-1",
  122. }))
  123. }
  124. func TestRestartArgumentsIncompleteAllowsOptionalArgumentsWithDefaults(t *testing.T) {
  125. action := &config.Action{
  126. Arguments: []config.ActionArgument{
  127. {Name: "host", Type: "ascii_identifier", Default: "example.com"},
  128. },
  129. }
  130. assert.False(t, RestartArgumentsIncomplete(action, nil, map[string]string{}))
  131. }