synapse 2.155.0__py311-none-any.whl → 2.156.0__py311-none-any.whl

synapse/tests/test_lib_stormtypes.py

@@ -4064,6 +4064,15 @@ class StormTypesTest(s_test.SynTest):
             self.nn(iden)
             self.true(visi.allowed(('view', 'read'), gateiden=iden))
 
+            await visi.addRule((True, ('view', 'add')))
+
+            msgs = await core.stormlist('$lib.view.get().fork()', opts={'user': visi.iden})
+            self.stormHasNoWarnErr(msgs)
+
+            await visi.addRule((False, ('view', 'fork')), gateiden=core.view.iden)
+            msgs = await core.stormlist('$lib.view.get().fork()', opts={'user': visi.iden})
+            self.stormIsInErr('must have permission view.fork', msgs)
+
     async def test_storm_view_deporder(self):
 
         async with self.getTestCore() as core:
@@ -4470,6 +4479,7 @@ class StormTypesTest(s_test.SynTest):
 
     async def test_storm_lib_cron_notime(self):
         # test cron APIs that don't require time stepping
+
         async with self.getTestCore() as core:
 
             cdef = await core.callStorm('return($lib.cron.add(query="{[graph:node=*]}", hourly=30).pack())')
@@ -4499,13 +4509,11 @@ class StormTypesTest(s_test.SynTest):
             self.eq('mydoc', cdef.get('doc'))
             self.eq('myname', cdef.get('name'))
 
-            async with core.getLocalProxy() as proxy:
+            cdef = await core.callStorm('$cron=$lib.cron.get($iden) return ( $cron.set(name, lolz) )', opts=opts)
+            self.eq('lolz', cdef.get('name'))
 
-                cdef = await proxy.editCronJob(iden0, 'name', 'lolz')
-                self.eq('lolz', cdef.get('name'))
-
-                cdef = await proxy.editCronJob(iden0, 'doc', 'zoinks')
-                self.eq('zoinks', cdef.get('doc'))
+            cdef = await core.callStorm('$cron=$lib.cron.get($iden) return ( $cron.set(doc, zoinks) )', opts=opts)
+            self.eq('zoinks', cdef.get('doc'))
 
     async def test_storm_lib_cron(self):
 
@@ -4592,8 +4600,6 @@ class StormTypesTest(s_test.SynTest):
                 self.stormIsInErr("Unexpected token '}' at line 1, column 10", mesgs)
 
                 ##################
-                oldsplicespos = (await alist(prox.splices(None, 1000)))[-1][0][0]
-                nextoffs = (oldsplicespos + 1, 0, 0)
                 layr = core.getLayer()
                 nextlayroffs = await layr.getEditOffs() + 1
 
@@ -5919,6 +5925,7 @@ class StormTypesTest(s_test.SynTest):
 
     async def test_stormtypes_layer_counts(self):
         async with self.getTestCore() as core:
+
             self.eq(0, await core.callStorm('return($lib.layer.get().getTagCount(foo.bar))'))
             await core.nodes('[ inet:ipv4=1.2.3.4 inet:ipv4=5.6.7.8 :asn=20 inet:asn=20 +#foo.bar ]')
             self.eq(0, await core.callStorm('return($lib.layer.get().getPropCount(ps:person))'))
@@ -5937,6 +5944,111 @@ class StormTypesTest(s_test.SynTest):
             with self.raises(s_exc.NoSuchProp):
                 await core.callStorm("return($lib.layer.get().getPropCount('.newp'))")
 
+            await core.nodes('.created | delnode --force')
+
+            await core.addTagProp('score', ('int', {}), {})
+
+            q = '''[
+                inet:ipv4=1
+                inet:ipv4=2
+                inet:ipv4=3
+                :asn=4
+
+                (ou:org=*
+                 ou:org=*
+                 :names=(foo, bar))
+
+                .seen=2020
+                .univarray=(1, 2)
+                +#foo:score=2
+
+                test:arrayform=(1,2,3)
+                test:arrayform=(2,3,4)
+            ]'''
+            await core.nodes(q)
+
+            q = 'return($lib.layer.get().getPropCount(inet:ipv4:asn, valu=1))'
+            self.eq(0, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(inet:ipv4:loc, valu=1))'
+            self.eq(0, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(inet:ipv4:asn, valu=4))'
+            self.eq(3, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(inet:ipv4.seen, valu=2020))'
+            self.eq(3, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(".seen", valu=2020))'
+            self.eq(5, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(".test:univ", valu=1))'
+            self.eq(0, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(inet:ipv4, valu=1))'
+            self.eq(1, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(ou:org:names, valu=(foo, bar)))'
+            self.eq(2, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropCount(".univarray", valu=(1, 2)))'
+            self.eq(5, await core.callStorm(q))
+
+            with self.raises(s_exc.NoSuchProp):
+                q = 'return($lib.layer.get().getPropCount(newp, valu=1))'
+                await core.callStorm(q)
+
+            q = 'return($lib.layer.get().getPropArrayCount(ou:org:names))'
+            self.eq(4, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(ou:org:names, valu=foo))'
+            self.eq(2, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(".univarray"))'
+            self.eq(10, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(".univarray", valu=2))'
+            self.eq(5, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(test:arrayform))'
+            self.eq(6, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(test:arrayform, valu=2))'
+            self.eq(2, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(ou:org:subs))'
+            self.eq(0, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getPropArrayCount(ou:org:subs, valu=*))'
+            self.eq(0, await core.callStorm(q))
+
+            with self.raises(s_exc.NoSuchProp):
+                q = 'return($lib.layer.get().getPropArrayCount(newp, valu=1))'
+                await core.callStorm(q)
+
+            with self.raises(s_exc.BadTypeValu):
+                q = 'return($lib.layer.get().getPropArrayCount(inet:ipv4, valu=1))'
+                await core.callStorm(q)
+
+            q = 'return($lib.layer.get().getTagPropCount(foo, score))'
+            self.eq(5, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getTagPropCount(foo, score, valu=2))'
+            self.eq(5, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getTagPropCount(foo, score, form=ou:org, valu=2))'
+            self.eq(2, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getTagPropCount(bar, score))'
+            self.eq(0, await core.callStorm(q))
+
+            q = 'return($lib.layer.get().getTagPropCount(bar, score, valu=2))'
+            self.eq(0, await core.callStorm(q))
+
+            with self.raises(s_exc.NoSuchTagProp):
+                q = 'return($lib.layer.get().getTagPropCount(foo, newp, valu=2))'
+                await core.callStorm(q)
+
     async def test_lib_stormtypes_cmdopts(self):
         pdef = {
             'name': 'foo',
@@ -6764,3 +6876,114 @@ words\tword\twrd'''
             '''
             msgs = await core.stormlist(q, opts={'readonly': True, 'vars': {'iden': user}})
             self.stormIsInErr(mesg, msgs)
+
+    async def test_storm_view_counts(self):
+
+        async with self.getTestCore() as core:
+
+            await core.addTagProp('score', ('int', {}), {})
+
+            view2 = await core.view.fork()
+            forkopts = {'view': view2['iden']}
+
+            q = '''[
+                inet:ipv4=1
+                inet:ipv4=2
+                inet:ipv4=3
+                :asn=4
+
+                (ou:org=*
+                 ou:org=*
+                 :names=(foo, bar))
+
+                .seen=2020
+                .univarray=(1, 2)
+                +#foo:score=2
+
+                test:arrayform=(1,2,3)
+                test:arrayform=(2,3,4)
+            ]'''
+            await core.nodes(q)
+
+            q = '''[
+                inet:ipv4=4
+                inet:ipv4=5
+                inet:ipv4=6
+                :asn=4
+
+                (ou:org=*
+                 ou:org=*
+                 :names=(foo, bar))
+
+                .seen=2020
+                .univarray=(1, 2)
+                +#foo:score=2
+
+                test:arrayform=(3,4,5)
+                test:arrayform=(4,5,6)
+            ]'''
+            await core.nodes(q, opts=forkopts)
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4:asn))'
+            self.eq(6, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4:asn, valu=1))'
+            self.eq(0, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4:loc, valu=1))'
+            self.eq(0, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4:asn, valu=4))'
+            self.eq(6, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4.seen, valu=2020))'
+            self.eq(6, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(".seen", valu=2020))'
+            self.eq(10, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(inet:ipv4, valu=1))'
+            self.eq(1, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(ou:org:names, valu=(foo, bar)))'
+            self.eq(4, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropCount(".univarray", valu=(1, 2)))'
+            self.eq(10, await core.callStorm(q, opts=forkopts))
+
+            with self.raises(s_exc.NoSuchProp):
+                q = 'return($lib.view.get().getPropCount(newp, valu=1))'
+                await core.callStorm(q, opts=forkopts)
+
+            q = 'return($lib.view.get().getPropArrayCount(ou:org:names))'
+            self.eq(8, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropArrayCount(ou:org:names, valu=foo))'
+            self.eq(4, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropArrayCount(".univarray", valu=2))'
+            self.eq(10, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getPropArrayCount(test:arrayform, valu=3))'
+            self.eq(3, await core.callStorm(q, opts=forkopts))
+
+            with self.raises(s_exc.NoSuchProp):
+                q = 'return($lib.view.get().getPropArrayCount(newp, valu=1))'
+                await core.callStorm(q, opts=forkopts)
+
+            with self.raises(s_exc.BadTypeValu):
+                q = 'return($lib.view.get().getPropArrayCount(inet:ipv4, valu=1))'
+                await core.callStorm(q, opts=forkopts)
+
+            q = 'return($lib.view.get().getTagPropCount(foo, score))'
+            self.eq(10, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getTagPropCount(foo, score, valu=2))'
+            self.eq(10, await core.callStorm(q, opts=forkopts))
+
+            q = 'return($lib.view.get().getTagPropCount(foo, score, form=ou:org, valu=2))'
+            self.eq(4, await core.callStorm(q, opts=forkopts))
+
+            with self.raises(s_exc.NoSuchTagProp):
+                q = 'return($lib.view.get().getTagPropCount(foo, newp, valu=2))'
+                await core.callStorm(q, opts=forkopts)

synapse/tests/test_lib_view.py

@@ -147,8 +147,8 @@ class ViewTest(s_t_utils.SynTest):
             # Add a node back
             await self.agenlen(1, view2.eval('[ test:int=12 ]'))
 
-            # Add a bunch of nodes to require chunking of splices when merging
-            for i in range(1000):
+            # Add a bunch of test nodes to the view.
+            for i in range(20):
                 await self.agenlen(1, view2.eval('[test:int=$val]', opts={'vars': {'val': i + 1000}}))
 
             # Add prop that will only exist in the child
@@ -217,7 +217,7 @@ class ViewTest(s_t_utils.SynTest):
             await view2.wipeLayer()
 
             # The parent counts includes all the nodes that were merged
-            self.eq(1005, (await core.view.getFormCounts()).get('test:int'))
+            self.eq(25, (await core.view.getFormCounts()).get('test:int'))
 
             # A node added to the child is now present in the parent
             nodes = await core.nodes('test:int=12')
@@ -247,13 +247,15 @@ class ViewTest(s_t_utils.SynTest):
             self.len(2, await core.nodes('test:int -(refs)> *'))
 
             # The child count includes all the nodes in the view
-            self.eq(1005, (await view2.getFormCounts()).get('test:int'))
+            self.eq(25, (await view2.getFormCounts()).get('test:int'))
 
             # The child can see nodes that got merged
             nodes = await view2.nodes('test:int=12')
             self.len(1, nodes)
             nodes = await view2.nodes('test:int=1000')
             self.len(1, nodes)
+            nodes = await view2.nodes('test:int=1019')
+            self.len(1, nodes)
 
             await core.delView(view2.iden)
             await core.view.addLayer(layriden)
@@ -411,15 +413,6 @@ class ViewTest(s_t_utils.SynTest):
             self.eq(2, count['node:edits'])
             self.eq(0, count['node:add'])
 
-            mesgs = await core.stormlist('[test:str=foo2 :hehe=bar]', opts={'editformat': 'splices'})
-            count = collections.Counter(m[0] for m in mesgs)
-            self.eq(1, count['init'])
-            self.eq(1, count['node:add'])
-            self.eq(2, count['prop:set'])  # .created and .hehe
-            self.eq(0, count['node:edits'])
-            self.eq(1, count['node'])
-            self.eq(1, count['fini'])
-
             mesgs = await core.stormlist('[test:str=foo3 :hehe=bar]', opts={'editformat': 'count'})
             count = collections.Counter(m[0] for m in mesgs)
             self.eq(1, count['init'])

synapse/tests/test_model_base.py

@@ -243,7 +243,7 @@ class BaseTest(s_t_utils.SynTest):
                 r2 = await snap.addNode('edge:refs', (cnode.ndef, ('test:int', 1234)))
 
                 # Gather up all the nodes in the cluster
-                nodes = await snap.eval(f'graph:cluster={guid} -+> edge:refs -+> * | uniq').list()
+                nodes = await core.nodes(f'graph:cluster={guid} -+> edge:refs -+> * | uniq')
                 self.len(5, nodes)
 
     async def test_model_base_rules(self):

synapse/tests/test_model_inet.py

@@ -953,6 +953,12 @@ class InetModelTest(s_t_utils.SynTest):
             with self.raises(s_exc.BadTypeValu):
                 await core.nodes('[inet:ipv4=foo-bar-duck.com]')
 
+            with self.raises(s_exc.BadTypeValu):
+                await core.nodes('[inet:ipv4=3.87/nice/index.php]')
+
+            with self.raises(s_exc.BadTypeValu):
+                await core.nodes('[inet:ipv4=3.87/33]')
+
             with self.raises(s_exc.BadTypeValu):
                 await core.nodes('[test:str="foo"] [inet:ipv4=$node.value()]')
 
@@ -2778,3 +2784,12 @@ class InetModelTest(s_t_utils.SynTest):
             self.eq(nodes[0].get('client'), 'tcp://1.2.3.4')
             self.eq(nodes[0].get('client:ipv4'), 0x01020304)
             self.eq(nodes[0].get('client:ipv6'), '::1')
+
+    async def test_model_inet_onset_depth(self):
+
+        async with self.getTestCore() as core:
+            fqdn = '.'.join(['x' for x in range(150)]) + '.foo.com'
+            q = f'[ inet:fqdn="{fqdn}"]'
+            nodes = await core.nodes(q)
+            self.len(1, nodes)
+            self.eq(nodes[0].get('zone'), 'foo.com')

synapse/tests/test_model_infotech.py

@@ -164,6 +164,34 @@ class InfotechModelTest(s_t_utils.SynTest):
             self.eq(nodes[0].get('addresses'), ('T0100', 'T0200'))
             self.eq(nodes[0].get('matrix'), 'enterprise')
 
+            nodes = await core.nodes('''[
+                it:mitre:attack:campaign=C0001
+                    :created = 20231101
+                    :desc = "Much campaign, many sophisticated."
+                    :groups = (G0100,)
+                    :matrices = (enterprise,ics)
+                    :name = "much campaign"
+                    :names = ('much campaign', 'many sophisticated')
+                    :software = (S0100,)
+                    :techniques = (T0200,T0100)
+                    :updated = 20231102
+                    :url = https://attack.mitre.org/campaigns/C0001
+                    :period = (20151201, 20160101)
+            ]''')
+            self.len(1, nodes)
+            self.eq(nodes[0].ndef, ('it:mitre:attack:campaign', 'C0001'))
+            self.eq(nodes[0].props.get('name'), 'much campaign')
+            self.eq(nodes[0].props.get('names'), ('many sophisticated', 'much campaign'))
+            self.eq(nodes[0].props.get('desc'), 'Much campaign, many sophisticated.')
+            self.eq(nodes[0].props.get('url'), 'https://attack.mitre.org/campaigns/C0001')
+            self.eq(nodes[0].props.get('matrices'), ('enterprise', 'ics'))
+            self.eq(nodes[0].props.get('groups'), ('G0100',))
+            self.eq(nodes[0].props.get('software'), ('S0100',))
+            self.eq(nodes[0].props.get('techniques'), ('T0100', 'T0200'))
+            self.eq(nodes[0].props.get('created'), 1698796800000)
+            self.eq(nodes[0].props.get('updated'), 1698883200000)
+            self.eq(nodes[0].props.get('period'), (1448928000000, 1451606400000))
+
             nodes = await core.nodes('''[
                 it:exec:thread=*
                     :proc=*
@@ -296,6 +324,8 @@ class InfotechModelTest(s_t_utils.SynTest):
                     :target:host={[ it:host=* :name=visihost ]}
                     :target:fqdn=vertex.link
                     :target:url=https://vertex.link
+                    :target:ipv4=1.2.3.4
+                    :target:ipv6='::1'
                     :multi:scan={[ it:av:scan:result=*
                         :scanner:name="visi total"
                         :multi:count=10
@@ -310,6 +340,8 @@ class InfotechModelTest(s_t_utils.SynTest):
             self.eq('visi scan', nodes[0].get('scanner:name'))
             self.eq('vertex.link', nodes[0].get('target:fqdn'))
             self.eq('https://vertex.link', nodes[0].get('target:url'))
+            self.eq(0x01020304, nodes[0].get('target:ipv4'))
+            self.eq('::1', nodes[0].get('target:ipv6'))
             self.eq('omgwtfbbq', nodes[0].get('signame'))
 
             self.len(1, await core.nodes('it:av:scan:result:scanner:name="visi scan" -> it:host'))
@@ -484,6 +516,34 @@ class InfotechModelTest(s_t_utils.SynTest):
             self.eq(7260000, nodes[1].get('duration'))
             self.eq('02:01:00.000', nodes[1].repr('duration'))
 
+            # Sample SIDs from here:
+            # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab
+            sids = [
+                'S-1-0-0', 'S-1-1-0', 'S-1-2-0', 'S-1-2-1', 'S-1-3', 'S-1-3-0',
+                'S-1-3-1', 'S-1-3-2', 'S-1-3-3', 'S-1-3-4', 'S-1-5', 'S-1-5-1',
+                'S-1-5-2', 'S-1-5-3', 'S-1-5-4', 'S-1-5-6', 'S-1-5-7', 'S-1-5-8',
+                'S-1-5-9', 'S-1-5-10', 'S-1-5-11', 'S-1-5-12', 'S-1-5-13', 'S-1-5-14',
+                'S-1-5-15', 'S-1-5-17', 'S-1-5-18', 'S-1-5-19', 'S-1-5-20',
+                'S-1-5-21-0-0-0-496', 'S-1-5-21-0-0-0-497', 'S-1-5-32-544',
+                'S-1-5-32-545', 'S-1-5-32-546', 'S-1-5-32-547', 'S-1-5-32-548',
+                'S-1-5-32-549', 'S-1-5-32-550', 'S-1-5-32-551', 'S-1-5-32-552',
+                'S-1-5-32-554', 'S-1-5-32-555', 'S-1-5-32-556', 'S-1-5-32-557',
+                'S-1-5-32-558', 'S-1-5-32-559', 'S-1-5-32-560', 'S-1-5-32-561',
+                'S-1-5-32-562', 'S-1-5-32-568', 'S-1-5-32-569', 'S-1-5-32-573',
+                'S-1-5-32-574', 'S-1-5-32-575', 'S-1-5-32-576', 'S-1-5-32-577',
+                'S-1-5-32-578', 'S-1-5-32-579', 'S-1-5-32-580', 'S-1-5-32-582',
+                'S-1-5-33', 'S-1-5-64-10', 'S-1-5-64-14', 'S-1-5-64-21', 'S-1-5-65-1',
+                'S-1-5-80', 'S-1-5-80-0', 'S-1-5-83-0', 'S-1-5-84-0-0-0-0-0',
+                'S-1-5-90-0', 'S-1-5-113', 'S-1-5-114', 'S-1-5-1000', 'S-1-15-2-1',
+                'S-1-16-0', 'S-1-16-4096', 'S-1-16-8192', 'S-1-16-8448', 'S-1-16-12288',
+                'S-1-16-16384', 'S-1-16-20480', 'S-1-16-28672', 'S-1-18-1', 'S-1-18-2',
+                'S-1-18-3', 'S-1-18-4', 'S-1-18-5', 'S-1-18-6',
+            ]
+
+            opts = {'vars': {'sids': sids}}
+            nodes = await core.nodes('for $sid in $sids {[ it:account=* :windows:sid=$sid ]}', opts=opts)
+            self.len(88, nodes)
+
             nodes = await core.nodes('inet:email=visi@vertex.link -> ps:contact -> it:account -> it:logon +:time>=2021 -> it:host')
             self.len(1, nodes)
             self.eq('it:host', nodes[0].ndef[0])

synapse/tests/test_model_orgs.py

@@ -68,6 +68,10 @@ class OuModelTest(s_t_utils.SynTest):
 
                 timeline = s_common.guid()
 
+                nodes = await core.nodes('[ it:mitre:attack:campaign=C0011 ]')
+                self.len(1, nodes)
+                attack = nodes[0].ndef
+
                 props = {
                     'org': org0,
                     'goal': goal,
@@ -85,6 +89,7 @@ class OuModelTest(s_t_utils.SynTest):
                     'reporter': '*',
                     'reporter:name': 'vertex',
                     'timeline': timeline,
+                    'mitre:attack:campaign': 'C0011',
                 }
                 node = await snap.addNode('ou:campaign', camp, props=props)
                 self.eq(node.get('tag'), 'cno.camp.31337')
@@ -101,10 +106,15 @@ class OuModelTest(s_t_utils.SynTest):
                 self.eq(node.get('camptype'), 'get.pizza.')
                 self.eq(node.get('techniques'), tuple(sorted(teqs)))
                 self.eq(node.get('timeline'), timeline)
+                self.eq(node.get('mitre:attack:campaign'), 'C0011')
 
                 self.nn(node.get('reporter'))
                 self.eq(node.get('reporter:name'), 'vertex')
 
+                nodes = await core.nodes(f'ou:campaign={camp} -> it:mitre:attack:campaign')
+                self.len(1, nodes)
+                self.eq(nodes[0].ndef, attack)
+
             # type norming first
             # ou:name
             t = core.model.type('ou:name')

synapse/tests/test_model_person.py

@@ -67,8 +67,6 @@ class PsModelTest(s_t_utils.SynTest):
                 self.eq(node.get('name:given'), 'эммануэль')
                 self.eq(node.get('nicks'), ['beeper88', 'w1ntermut3'])
                 self.eq(node.get('names'), ['bob ross'])
-                # self.eq(node.get('img'), '')  # fixme file:bytes
-                # self.eq(node.get('guidname'), '')  # fixme guid aliases
 
                 node = await snap.addNode('ps:person:has', (person0, ('test:str', 'sewer map')))
                 self.eq(node.ndef[1], (person0, ('test:str', 'sewer map')))
@@ -94,7 +92,6 @@ class PsModelTest(s_t_utils.SynTest):
                     'place': place,
                     'place:name': 'The Shire',
                     'orgname': 'Stark Industries, INC',
-                    # 'img': '',  # fixme file:bytes
                     'user': 'ironman',
                     'web:acct': ('twitter.com', 'ironman'),
                     'web:group': ('twitter.com', 'avengers'),

synapse/tests/test_model_risk.py

@@ -157,6 +157,8 @@ class RiskModelTest(s_t_utils.SynTest):
                     :timeline:vendor:fixed=2020-01-14
                     :timeline:published=2020-01-14
 
+                    :id=" Vtx-000-1234 "
+
                     :cve=cve-2013-0000
                     :cve:desc="Woot Woot"
                     :cve:references=(http://vertex.link,)
@@ -208,6 +210,8 @@ class RiskModelTest(s_t_utils.SynTest):
             self.eq(node.get('timeline:vendor:fixed'), 1578960000000)
             self.eq(node.get('timeline:published'), 1578960000000)
 
+            self.eq(node.get('id'), 'Vtx-000-1234')
+
             self.eq(node.get('cve'), 'cve-2013-0000')
             self.eq(node.get('cve:desc'), 'Woot Woot')
             self.eq(node.get('cve:references'), ('http://vertex.link',))
@@ -471,6 +475,22 @@ class RiskModelTest(s_t_utils.SynTest):
             self.len(1, await core.nodes('risk:extortion -> risk:compromise :target -> ps:contact +:orgname=acme'))
             self.len(1, await core.nodes('risk:extortion :reporter -> ou:org +:name=vertex'))
 
+            nodes = await core.nodes('''[
+                risk:technique:masquerade=*
+                    :node=(inet:fqdn, microsoft-verify.com)
+                    :target=(inet:fqdn, microsoft.com)
+                    :technique={[ ou:technique=* :name=masq ]}
+                    :period=(2021, 2022)
+            ]''')
+            self.len(1, nodes)
+            self.eq(('inet:fqdn', 'microsoft.com'), nodes[0].get('target'))
+            self.eq(('inet:fqdn', 'microsoft-verify.com'), nodes[0].get('node'))
+            self.eq((1609459200000, 1640995200000), nodes[0].get('period'))
+            self.nn(nodes[0].get('technique'))
+            self.len(1, await core.nodes('risk:technique:masquerade -> ou:technique'))
+            self.len(1, await core.nodes('risk:technique:masquerade :node -> * +inet:fqdn=microsoft-verify.com'))
+            self.len(1, await core.nodes('risk:technique:masquerade :target -> * +inet:fqdn=microsoft.com'))
+
     async def test_model_risk_mitigation(self):
         async with self.getTestCore() as core:
             nodes = await core.nodes('''[

synapse/tests/test_model_syn.py

@@ -65,13 +65,6 @@ class SynModelTest(s_t_utils.SynTest):
                 node = await snap.getNodeByNdef(('syn:tag', 'foo'))
                 self.nn(node)
 
-            # We can safely do a pivot in from a syn:tag node
-            # which will attempt a syn:splice lift which will
-            # yield no nodes.
-            self.len(0, await core.nodes('syn:tag=foo.bar.baz <- *'))
-            nodes = await core.nodes('syn:tag=foo.bar.baz [ :doc:url="http://vertex.link" ]')
-            self.eq('http://vertex.link', nodes[0].get('doc:url'))
-
     async def test_syn_model_runts(self):
 
         async def addExtModelConfigs(cortex):
@@ -292,11 +285,6 @@ class SynModelTest(s_t_utils.SynTest):
             q = core.nodes('test:str [ +(newp)> { syn:form } ]')
             await self.asyncraises(s_exc.IsRuntForm, q)
 
-            # Syn:splice uses a null lift handler
-            self.len(1, await core.nodes('[test:str=test]'))
-            self.len(0, await core.nodes('syn:splice'))
-            self.len(0, await core.nodes('syn:splice:tag'))
-
         # Ensure that the model runts are re-populated after a model load has occurred.
         with self.getTestDir() as dirn:
 
@@ -518,29 +506,27 @@ class SynModelTest(s_t_utils.SynTest):
 
         async with self.getTestCore() as core:
 
-            visi = await core.auth.addUser('visi')
-            await visi.addRule((True, ('cron', 'add')))
+            visi = await core.addUser('visi')
 
-            async with core.getLocalProxy(user='visi') as proxy:
-                cdef = {'storm': 'inet:ipv4', 'reqs': {'hour': 2}}
-                adef = await proxy.addCronJob(cdef)
-                iden = adef.get('iden')
+            cdef = {'storm': 'inet:ipv4', 'reqs': {'hour': 2}, 'creator': visi.get('iden')}
+            adef = await core.addCronJob(cdef)
+            iden = adef.get('iden')
 
-                nodes = await core.nodes('syn:cron')
-                self.len(1, nodes)
-                self.eq(nodes[0].ndef, ('syn:cron', iden))
-                self.eq(nodes[0].get('doc'), '')
-                self.eq(nodes[0].get('name'), '')
-                self.eq(nodes[0].get('storm'), 'inet:ipv4')
+            nodes = await core.nodes('syn:cron')
+            self.len(1, nodes)
+            self.eq(nodes[0].ndef, ('syn:cron', iden))
+            self.eq(nodes[0].get('doc'), '')
+            self.eq(nodes[0].get('name'), '')
+            self.eq(nodes[0].get('storm'), 'inet:ipv4')
 
-                nodes = await core.nodes(f'syn:cron={iden} [ :doc=hehe :name=haha ]')
-                self.len(1, nodes)
-                self.eq(nodes[0].ndef, ('syn:cron', iden))
-                self.eq(nodes[0].get('doc'), 'hehe')
-                self.eq(nodes[0].get('name'), 'haha')
+            nodes = await core.nodes(f'syn:cron={iden} [ :doc=hehe :name=haha ]')
+            self.len(1, nodes)
+            self.eq(nodes[0].ndef, ('syn:cron', iden))
+            self.eq(nodes[0].get('doc'), 'hehe')
+            self.eq(nodes[0].get('name'), 'haha')
 
-                nodes = await core.nodes(f'syn:cron={iden}')
-                self.len(1, nodes)
-                self.eq(nodes[0].ndef, ('syn:cron', iden))
-                self.eq(nodes[0].get('doc'), 'hehe')
-                self.eq(nodes[0].get('name'), 'haha')
+            nodes = await core.nodes(f'syn:cron={iden}')
+            self.len(1, nodes)
+            self.eq(nodes[0].ndef, ('syn:cron', iden))
+            self.eq(nodes[0].get('doc'), 'hehe')
+            self.eq(nodes[0].get('name'), 'haha')

synapse/tests/test_tools_csvtool.py

@@ -68,9 +68,10 @@ class CsvToolTest(s_t_utils.SynTest):
             argv = ['--csv-header', '--debug', '--cortex', url, '--logfile', logpath, stormpath, csvpath]
             outp = self.getTestOutp()
 
-            await s_csvtool.main(argv, outp=outp)
+            self.eq(0, await s_csvtool.main(argv, outp=outp))
             outp.expect('oh hai')
             outp.expect('2 nodes')
+            outp.expect('node:edits')  # node edits are present in debug output
 
             with mock.patch('synapse.telepath.Proxy._getSynVers', self._getOldSynVers):
                 outp = self.getTestOutp()