synapse 2.190.0__py311-none-any.whl → 2.192.0__py311-none-any.whl

synapse/tests/test_lib_cell.py

@@ -115,8 +115,20 @@ class EchoAuthApi(s_cell.CellApi):
         await self._reqUserAllowed(path)
         return True
 
+    @s_cell.adminapi()
+    async def adminOnly(self):
+        return True
+
+    @s_cell.adminapi(log=True)
+    async def adminOnlyLog(self, arg1, arg2, **kwargs):
+        return arg1, arg2, kwargs
+
 class EchoAuth(s_cell.Cell):
     cellapi = EchoAuthApi
+    # non-default commit / version / verstring
+    COMMIT = 'mycommit'
+    VERSION = (1, 2, 3)
+    VERSTRING = '1.2.3'
 
     async def answer(self):
         return 42
@@ -428,6 +440,16 @@ class CellTest(s_t_utils.SynTest):
                     self.eq(info.get('user').get('name'), 'root')
                     self.eq(info.get('user').get('iden'), root.iden)
 
+                    # @adminApi methods are allowed
+                    self.true(await proxy.adminOnly())
+                    mesg = "Executing [EchoAuthApi.adminOnlyLog] as [root] with args [(1, 2)[{'three': 4}]"
+                    with self.getStructuredAsyncLoggerStream('synapse.lib.cell', mesg) as stream:
+                        self.eq(await proxy.adminOnlyLog(1, 2, three=4), (1, 2, {'three': 4}))
+                        self.true(await stream.wait(timeout=10))
+                    msgs = stream.jsonlines()
+                    self.len(1, msgs)
+                    self.eq('EchoAuthApi.adminOnlyLog', msgs[0].get('wrapped_func'))
+
                 visi = await echo.auth.addUser('visi')
                 await visi.setPasswd('foo')
                 await visi.addRule((True, ('foo', 'bar')))
@@ -454,6 +476,15 @@ class CellTest(s_t_utils.SynTest):
                     with self.raises(s_exc.NoSuchUser):
                         await proxy.getUserInfo('newp')
 
+                    # @adminApi methods are not allowed
+                    with self.raises(s_exc.AuthDeny) as cm:
+                        await proxy.adminOnly()
+                    self.eq(cm.exception.get('mesg'), 'User is not an admin [visi]')
+                    self.eq(cm.exception.get('user'), visi.iden)
+                    self.eq(cm.exception.get('username'), visi.name)
+                    with self.raises(s_exc.AuthDeny) as cm:
+                        await proxy.adminOnlyLog(1, 2, three=4)
+
                     # User cannot get authinfo for other items since they are
                     # not an admin or do not have those roles.
                     await self.asyncraises(s_exc.AuthDeny, proxy.getUserInfo('root'))
@@ -788,6 +819,37 @@ class CellTest(s_t_utils.SynTest):
                 https = netw.get('https')
                 self.eq(https, http_info)
 
+        # Mirrors & ready flags
+        async with self.getTestAha() as aha:  # type: s_aha.AhaCell
+
+            with self.getTestDir() as dirn:
+                cdr0 = s_common.genpath(dirn, 'cell00')
+                cdr1 = s_common.genpath(dirn, 'cell01')
+                cell00 = await aha.enter_context(self.addSvcToAha(aha, '00.cell', EchoAuth,
+                                                                  dirn=cdr0))  # type: EchoAuth
+                # Ensure we have a nexus transaction
+                await cell00.sync()
+                cell01 = await aha.enter_context(self.addSvcToAha(aha, '01.cell', EchoAuth,
+                                                                  dirn=cdr1,
+                                                                  provinfo={'mirror': 'cell'}))  # type: EchoAuth
+
+                self.true(await asyncio.wait_for(cell01.nexsroot.ready.wait(), timeout=12))
+                await cell01.sync()
+
+                cnfo0 = await cell00.getCellInfo()
+                cnfo1 = await cell01.getCellInfo()
+                self.true(cnfo0['cell']['ready'])
+                self.false(cnfo0['cell']['uplink'])
+                self.none(cnfo0['cell']['mirror'])
+                self.eq(cnfo0['cell']['version'], (1, 2, 3))
+
+                self.true(cnfo1['cell']['ready'])
+                self.true(cnfo1['cell']['uplink'])
+                self.eq(cnfo1['cell']['mirror'], 'aha://root@cell...')
+                self.eq(cnfo1['cell']['version'], (1, 2, 3))
+
+                self.eq(cnfo0['cell']['nexsindx'], cnfo1['cell']['nexsindx'])
+
     async def test_cell_dyncall(self):
 
         with self.getTestDir() as dirn:
@@ -3064,10 +3126,7 @@ class CellTest(s_t_utils.SynTest):
                 async with self.getTestCore(conf={'health:sysctl:checks': True}):
                     pass
 
-        stream.seek(0)
-        data = stream.getvalue()
-        raw_mesgs = [m for m in data.split('\n') if m]
-        msgs = [json.loads(m) for m in raw_mesgs]
+        msgs = stream.jsonlines()
 
         self.len(1, msgs)
 

synapse/tests/test_lib_httpapi.py

@@ -1722,10 +1722,8 @@ class HttpApiTest(s_tests.SynTest):
 
     async def test_request_logging(self):
 
-        def get_mesg(stream):
-            data = stream.getvalue()
-            raw_mesgs = [m for m in data.split('\n') if m]
-            msgs = [json.loads(m) for m in raw_mesgs]
+        def get_mesg(stream: s_tests.AsyncStreamEvent) -> dict:
+            msgs = stream.jsonlines()
             self.len(1, msgs)
             return msgs[0]
 
@@ -1746,8 +1744,12 @@ class HttpApiTest(s_tests.SynTest):
 
                 with self.getStructuredAsyncLoggerStream(logname, 'api/v1/auth/adduser') as stream:
 
+                    headers = {
+                        'X-Forwarded-For': '1.2.3.4',
+                        'User-Agent': 'test_request_logging',
+                    }
                     async with sess.post(f'https://root:root@localhost:{port}/api/v1/auth/adduser',
-                                         json=info, headers={'X-Forwarded-For': '1.2.3.4'}) as resp:
+                                         json=info, headers=headers) as resp:
                         item = await resp.json()
                         self.nn(item.get('result').get('iden'))
                         visiiden = item['result']['iden']
@@ -1758,6 +1760,8 @@ class HttpApiTest(s_tests.SynTest):
                 self.eq(mesg.get('uri'), '/api/v1/auth/adduser')
                 self.eq(mesg.get('username'), 'root')
                 self.eq(mesg.get('user'), core.auth.rootuser.iden)
+                self.isin('headers', mesg)
+                self.eq(mesg['headers'].get('user-agent'), 'test_request_logging')
                 self.isin('remoteip', mesg)
                 self.isin('(root)', mesg.get('message'))
                 self.isin('200 POST /api/v1/auth/adduser', mesg.get('message'))
@@ -1765,12 +1769,13 @@ class HttpApiTest(s_tests.SynTest):
 
                 # No auth provided
                 with self.getStructuredAsyncLoggerStream(logname, 'api/v1/active') as stream:
-                    async with sess.get(f'https://root:root@localhost:{port}/api/v1/active') as resp:
+                    async with sess.get(f'https://root:root@localhost:{port}/api/v1/active', skip_auto_headers=['User-Agent']) as resp:
                         self.eq(resp.status, 200)
                         self.true(await stream.wait(6))
 
                 mesg = get_mesg(stream)
                 self.eq(mesg.get('uri'), '/api/v1/active')
+                self.notin('headers', mesg)
                 self.notin('username', mesg)
                 self.notin('user', mesg)
                 self.isin('remoteip', mesg)

synapse/tests/test_lib_lmdbslab.py

@@ -1,5 +1,4 @@
 import os
-import json
 import asyncio
 import pathlib
 import multiprocessing
@@ -15,7 +14,6 @@ import synapse.lib.lmdbslab as s_lmdbslab
 import synapse.lib.thisplat as s_thisplat
 
 import synapse.tests.utils as s_t_utils
-from synapse.tests.utils import alist
 
 def getFileMapCount(filename):
     filename = str(filename)
@@ -360,8 +358,7 @@ class LmdbSlabTest(s_t_utils.SynTest):
                         slab.put(b'\xff\xff\xff\xff' + s_common.guid(i).encode('utf8'), byts, db=foo)
                 self.true(await stream.wait(timeout=1))
 
-            data = stream.getvalue()
-            msgs = [json.loads(m) for m in data.split('\\n') if m]
+            msgs = stream.jsonlines()
             self.gt(len(msgs), 0)
             self.nn(msgs[0].get('delta'))
             self.nn(msgs[0].get('path'))

synapse/tests/test_lib_stormhttp.py

@@ -9,7 +9,7 @@ import synapse.common as s_common
 import synapse.lib.certdir as s_certdir
 import synapse.lib.httpapi as s_httpapi
 import synapse.lib.stormctrl as s_stormctrl
-import synapse.lib.stormhttp as s_stormhttp
+import synapse.lib.stormtypes as s_stormtypes
 
 import synapse.tests.utils as s_test
 
@@ -606,11 +606,39 @@ class StormHttpTest(s_test.SynTest):
             self.false(resp.get('ok'))
             self.ne(-1, resp['mesg'].find('connect to proxy 127.0.0.1:1'))
 
+            msgs = await core.stormlist('$resp=$lib.axon.wget("http://vertex.link", proxy=(null)) $lib.print($resp.mesg)')
+            self.stormIsInWarn('HTTP proxy argument to $lib.null is deprecated', msgs)
+            self.stormIsInPrint('connect to proxy 127.0.0.1:1', msgs)
+
+            await self.asyncraises(s_exc.BadArg, core.nodes('$lib.axon.wget("http://vertex.link", proxy=(1.1))'))
+
+            # todo: setting the synapse version can be removed once proxy=true support is released
+            try:
+                oldv = core.axoninfo['synapse']['version']
+                core.axoninfo['synapse']['version'] = (oldv[0], oldv[1] + 1, oldv[2])
+                resp = await core.callStorm('return($lib.axon.wget("http://vertex.link", proxy=(null)))')
+                self.false(resp.get('ok'))
+                self.ne(-1, resp['mesg'].find('connect to proxy 127.0.0.1:1'))
+            finally:
+                core.axoninfo['synapse']['version'] = oldv
+
+            size, sha256 = await core.axon.put(b'asdf')
+            opts = {'vars': {'sha256': s_common.ehex(sha256)}}
+            resp = await core.callStorm(f'return($lib.axon.wput($sha256, http://vertex.link))', opts=opts)
+            self.false(resp.get('ok'))
+            self.isin('connect to proxy 127.0.0.1:1', resp['mesg'])
+
             q = '$resp=$lib.inet.http.get("http://vertex.link") return(($resp.code, $resp.err))'
             code, (errname, _) = await core.callStorm(q)
             self.eq(code, -1)
             self.eq('ProxyConnectionError', errname)
 
+            msgs = await core.stormlist('$resp=$lib.inet.http.get("http://vertex.link", proxy=(null)) $lib.print($resp.err)')
+            self.stormIsInWarn('HTTP proxy argument to $lib.null is deprecated', msgs)
+            self.stormIsInPrint('connect to proxy 127.0.0.1:1', msgs)
+
+            await self.asyncraises(s_exc.BadArg, core.nodes('$lib.inet.http.get("http://vertex.link", proxy=(1.1))'))
+
         async with self.getTestCore() as core:
 
             visi = await core.auth.addUser('visi')
@@ -654,6 +682,24 @@ class StormHttpTest(s_test.SynTest):
             self.false(resp.get('ok'))
             self.isin('connect to proxy 127.0.0.1:1', resp['mesg'])
 
+            host, port = await core.addHttpsPort(0)
+            opts = {
+                'vars': {
+                    'url': f'https://loop.vertex.link:{port}',
+                    'proxy': 'socks5://user:pass@127.0.0.1:1',
+                }
+            }
+            try:
+                oldv = core.axoninfo['synapse']['version']
+                minver = s_stormtypes.AXON_MINVERS_PROXY
+                core.axoninfo['synapse']['version'] = minver[2], minver[1] - 1, minver[0]
+                q = '$resp=$lib.axon.wget($url, ssl=(false), proxy=$proxy) $lib.print(`code={$resp.code}`)'
+                mesgs = await core.stormlist(q, opts=opts)
+                self.stormIsInPrint('code=404', mesgs)
+                self.stormIsInWarn('Axon version does not support proxy argument', mesgs)
+            finally:
+                core.axoninfo['synapse']['version'] = oldv
+
         async with self.getTestCore(conf=conf) as core:
             # Proxy permission tests in this section
 
@@ -762,10 +808,15 @@ class StormHttpTest(s_test.SynTest):
             ($ok, $valu) = $sock.tx(lololol)
             return($sock.rx())
             '''
-            opts = {'vars': {'port': port, 'proxy': None}}
+            opts = {'vars': {'port': port, 'proxy': True}}
             self.eq((True, ('echo', 'lololol')),
                     await core.callStorm(query, opts=opts))
 
+            opts = {'vars': {'port': port, 'proxy': None}}
+            mesgs = await core.stormlist(query, opts=opts)
+            self.stormIsInWarn('proxy argument to $lib.null is deprecated', mesgs)
+            self.true(mesgs[-2][0] == 'err' and mesgs[-2][1][1]['mesg'] == "(True, ['echo', 'lololol'])")
+
             visi = await core.auth.addUser('visi')
 
             opts = {'user': visi.iden, 'vars': {'port': port, 'proxy': False}}
@@ -903,16 +954,10 @@ class StormHttpTest(s_test.SynTest):
                     core.axoninfo['synapse']['version'] = oldv
 
                 ## version check succeeds
-                # todo: setting the synapse version can be removed once ssl_opts is released
-                try:
-                    oldv = core.axoninfo['synapse']['version']
-                    core.axoninfo['synapse']['version'] = (oldv[0], oldv[1] + 1, oldv[2])
-                    self.eq(200, await core.callStorm(axon_queries['postfile'], opts=opts))
-                    self.eq(200, await core.callStorm(axon_queries['wget'], opts=opts))
-                    self.eq(200, await core.callStorm(axon_queries['wput'], opts=opts))
-                    self.len(1, await core.nodes(axon_queries['urlfile'], opts=opts))
-                finally:
-                    core.axoninfo['synapse']['version'] = oldv
+                self.eq(200, await core.callStorm(axon_queries['postfile'], opts=opts))
+                self.eq(200, await core.callStorm(axon_queries['wget'], opts=opts))
+                self.eq(200, await core.callStorm(axon_queries['wput'], opts=opts))
+                self.len(1, await core.nodes(axon_queries['urlfile'], opts=opts))
 
                 # verify arg precedence
 

synapse/tests/test_lib_stormlib_cortex.py

@@ -304,9 +304,7 @@ $request.reply(206, headers=$headers, body=({"no":"body"}))
                     resp = await sess.get(url)
                     self.eq(resp.status, 200)
                     self.true(await stream.wait(timeout=12))
-                data = stream.getvalue()
-                raw_mesgs = [m for m in data.split('\n') if m]
-                msgs = [json.loads(m) for m in raw_mesgs]
+                msgs = stream.jsonlines()
                 self.eq(msgs[0].get('httpapi'), echoiden)
                 core.stormlog = False
 

synapse/tests/test_lib_stormlib_log.py

@@ -1,5 +1,3 @@
-import json
-
 import synapse.exc as s_exc
 
 import synapse.tests.utils as s_test
@@ -49,10 +47,7 @@ class LogTest(s_test.SynTest):
                 await core.callStorm('$lib.log.debug("struct1 message")')
                 await core.callStorm('$lib.log.debug("struct2 message", extra=({"key": "valu"}))')
                 self.true(await stream.wait(6))
-
-            data = stream.getvalue()
-            raw_mesgs = [m for m in data.split('\n') if m]
-            msgs = [json.loads(m) for m in raw_mesgs]
+            msgs = stream.jsonlines()
             self.len(2, msgs)
             mesg = msgs[0]
             self.eq(mesg.get('logger').get('name'), 'synapse.storm.log')

synapse/tests/test_lib_stormlib_model.py

@@ -704,3 +704,31 @@ class StormlibModelTest(s_test.SynTest):
             self.eq(nodes[0].get('cert'), cert3.ndef[1])
             self.isin('ssl.migration.three', nodes[0].tags)
             self.eq(nodes[0].nodedata, {'foo': None})
+
+    async def test_stormlib_model_migrations_inet_service_message_client(self):
+
+        async with self.getTestCore() as core:
+
+            await core.nodes('''[
+                (inet:service:message=* :client:address=1.2.3.4 :client=2.3.4.5)
+                (inet:service:message=* :client:address=3.4.5.6)
+                (inet:service:message=* :client=4.5.6.7)
+            ]''')
+
+            nodes = await core.nodes('''
+                inet:service:message
+                $lib.model.migration.s.inetServiceMessageClientAddress($node)
+            ''')
+
+            self.len(3, nodes)
+
+            for node in nodes:
+                self.none(node.get('client:address'))
+
+            exp = ['tcp://2.3.4.5', 'tcp://3.4.5.6', 'tcp://4.5.6.7']
+            self.sorteq(exp, [n.get('client') for n in nodes])
+
+            ndata = [n for n in nodes if await n.getData('migration:inet:service:message:client:address')]
+            self.len(1, ndata)
+            self.eq(ndata[0].get('client'), 'tcp://2.3.4.5')
+            self.eq(await ndata[0].getData('migration:inet:service:message:client:address'), 'tcp://1.2.3.4')

synapse/tests/test_lib_stormtypes.py

@@ -4920,8 +4920,7 @@ class StormTypesTest(s_test.SynTest):
                         unixtime += 7 * MINSECS
                         self.eq('m3', await getNextFoo())
                         self.true(await stream.wait(6))
-                    buf = stream.getvalue()
-                    mesg = json.loads(buf.split('\n')[0])
+                    mesg = stream.jsonlines()[0]
                     self.eq(mesg['message'], f'm3 cron {guid}')
                     self.eq(mesg['iden'], guid)
 

synapse/tests/test_lib_trigger.py

@@ -1,5 +1,4 @@
 import os
-import json
 import synapse.exc as s_exc
 import synapse.common as s_common
 
@@ -253,8 +252,8 @@ class TrigTest(s_t_utils.SynTest):
             with self.getStructuredAsyncLoggerStream('synapse.storm.log', 'test trigger') as stream:
                 await core.nodes('[ test:str=logit ]')
                 self.true(await stream.wait(6))
-            buf = stream.getvalue()
-            mesg = json.loads(buf.split('\n')[-2])
+            msgs = stream.jsonlines()
+            mesg = [m for m in msgs if m.get('iden') == tdef.get('iden')][0]
             self.eq(mesg['message'], f'test trigger {tdef.get("iden")}')
             self.eq(mesg['iden'], tdef.get('iden'))
 

synapse/tests/test_model_base.py

@@ -222,13 +222,23 @@ class BaseTest(s_t_utils.SynTest):
 
         async with self.getTestCore() as core:
 
-            nodes = await core.nodes('[meta:source="*" :name="FOO Bar" :type=osint :url="https://foo.bar/index.html"]')
+            nodes = await core.nodes('''
+                [meta:source="*"
+                    :name="FOO Bar"
+                    :type=osint
+                    :url="https://foo.bar/index.html"
+                    :ingest:latest=20241205
+                    :ingest:offset=17
+                ]
+            ''')
             self.len(1, nodes)
             sorc = nodes[0]
 
             self.eq(sorc.get('type'), 'osint')
             self.eq(sorc.get('name'), 'foo bar')
             self.eq(sorc.get('url'), 'https://foo.bar/index.html')
+            self.eq(sorc.get('ingest:offset'), 17)
+            self.eq(sorc.get('ingest:latest'), 1733356800000)
 
             valu = (sorc.ndef[1], ('inet:fqdn', 'woot.com'))
             nodes = await core.nodes('[meta:seen=$valu]', opts={'vars': {'valu': valu}})
@@ -330,7 +340,7 @@ class BaseTest(s_t_utils.SynTest):
                 'tel:mob:telem:ipv6', 'tel:mob:telem:wifi', 'tel:mob:telem:wifi:ssid',
                 'tel:mob:telem:wifi:bssid', 'tel:mob:telem:adid', 'tel:mob:telem:aaid',
                 'tel:mob:telem:idfa', 'tel:mob:telem:name', 'tel:mob:telem:email',
-                'tel:mob:telem:acct', 'tel:mob:telem:app', 'tel:mob:telem:data',
+                'tel:mob:telem:app', 'tel:mob:telem:data',
                 'inet:http:request:response:time', 'inet:http:request:response:code',
                 'inet:http:request:response:reason', 'inet:http:request:response:body',
                 'gov:us:cage:street', 'gov:us:cage:city', 'gov:us:cage:state', 'gov:us:cage:zip',

synapse/tests/test_model_inet.py

@@ -2958,10 +2958,12 @@ class InetModelTest(s_t_utils.SynTest):
                 :platform={ inet:service:platform=(slack,) }
                 :url="https://v.vtx.lk/slack"
                 :name="Synapse users slack"
+                :tenant={[ inet:service:tenant=({"id": "VS-31337"}) ]}
             ]
             '''
             nodes = await core.nodes(q)
             self.len(1, nodes)
+            self.nn(nodes[0].get('tenant'))
             self.eq(nodes[0].ndef, ('inet:service:instance', s_common.guid(('vertex', 'slack'))))
             self.eq(nodes[0].get('id'), 'T2XK1223Y')
             self.eq(nodes[0].get('platform'), platform.ndef[1])
@@ -2976,6 +2978,7 @@ class InetModelTest(s_t_utils.SynTest):
                     :user=blackout
                     :email=blackout@vertex.link
                     :profile={ gen.ps.contact.email vertex.employee blackout@vertex.link }
+                    :tenant={[ inet:service:tenant=({"id": "VS-31337"}) ]}
                 )
 
                 (inet:service:account=(visi, account, vertex, slack)
@@ -2989,6 +2992,8 @@ class InetModelTest(s_t_utils.SynTest):
             accounts = await core.nodes(q)
             self.len(2, accounts)
 
+            self.nn(accounts[0].get('tenant'))
+
             profiles = await core.nodes('ps:contact')
             self.len(2, profiles)
             self.eq(profiles[0].get('email'), 'blackout@vertex.link')
@@ -3068,14 +3073,17 @@ class InetModelTest(s_t_utils.SynTest):
             [ inet:service:session=*
                 :creator=$blckiden
                 :period=(202405160900, 202405161055)
+                :http:session=*
             ]
             '''
             opts = {'vars': {'blckiden': blckacct.ndef[1]}}
             nodes = await core.nodes(q, opts=opts)
             self.len(1, nodes)
+            self.nn(nodes[0].get('http:session'))
             self.eq(nodes[0].get('creator'), blckacct.ndef[1])
             self.eq(nodes[0].get('period'), (1715850000000, 1715856900000))
             blcksess = nodes[0]
+            self.len(1, await core.nodes('inet:service:session -> inet:http:session'))
 
             q = '''
             [ inet:service:login=*
@@ -3407,3 +3415,18 @@ class InetModelTest(s_t_utils.SynTest):
 
             with self.raises(s_exc.BadTypeValu):
                 await core.nodes('[ inet:service:relationship=* :source={[it:dev:str=foo]} ]')
+
+            nodes = await core.nodes('''
+                [ inet:service:subscription=*
+                    :level=vertex.synapse.enterprise
+                    :pay:instrument={[ econ:bank:account=* :contact={[ ps:contact=* :name=visi]} ]}
+                    :subscriber={[ inet:service:tenant=({"id": "VS-31337"}) ]}
+                ]
+            ''')
+            self.len(1, nodes)
+            self.eq('vertex.synapse.enterprise.', nodes[0].get('level'))
+            self.eq('econ:bank:account', nodes[0].get('pay:instrument')[0])
+            self.eq('inet:service:tenant', nodes[0].get('subscriber')[0])
+            self.len(1, await core.nodes('inet:service:subscription -> inet:service:subscription:level:taxonomy'))
+            self.len(1, await core.nodes('inet:service:subscription :pay:instrument -> econ:bank:account'))
+            self.len(1, await core.nodes('inet:service:subscription :subscriber -> inet:service:tenant'))

synapse/tests/test_model_person.py

@@ -278,12 +278,14 @@ class PsModelTest(s_t_utils.SynTest):
                     :source:host=*
                     :source:file=*
                     :source:acct=(twitter.com, invisig0th)
+                    :source:account=(twitter.com, invisig0th)
             ]''')
             self.len(1, nodes)
             self.len(1, await core.nodes('ps:contactlist -> it:host'))
             self.len(1, await core.nodes('ps:contactlist -> file:bytes'))
             self.len(2, await core.nodes('ps:contactlist -> ps:contact'))
             self.len(1, await core.nodes('ps:contactlist -> inet:web:acct'))
+            self.len(1, await core.nodes('ps:contactlist -> inet:service:account'))
 
             nodes = await core.nodes('''[
                 ps:workhist = *

synapse/tests/test_model_risk.py

@@ -379,6 +379,7 @@ class RiskModelTest(s_t_utils.SynTest):
                     :desc=VTX-APT1
                     :tag=cno.threat.apt1
                     :active=(2012,2023)
+                    :activity=high
                     :reporter=*
                     :reporter:name=mandiant
                     :reporter:discovered=202202
@@ -400,6 +401,7 @@ class RiskModelTest(s_t_utils.SynTest):
             self.len(1, nodes)
             self.eq('vtx-apt1', nodes[0].get('name'))
             self.eq('VTX-APT1', nodes[0].get('desc'))
+            self.eq(40, nodes[0].get('activity'))
             self.eq('apt1', nodes[0].get('org:name'))
             self.eq('ua', nodes[0].get('country:code'))
             self.eq('cn.shanghai', nodes[0].get('org:loc'))
@@ -546,11 +548,13 @@ class RiskModelTest(s_t_utils.SynTest):
                     :cause=nature.earthquake
                     :provider={[ ou:org=* :name="desert power" ]}
                     :provider:name="desert power"
+                    :attack={[ risk:attack=* ]}
                     :reporter={ ou:org:name=vertex }
                     :reporter:name=vertex
                 ]
             ''')
             self.len(1, nodes)
+            self.nn(nodes[0].get('attack'))
             self.nn(nodes[0].get('reporter'))
             self.eq('the big one', nodes[0].get('name'))
             self.eq('vertex', nodes[0].get('reporter:name'))
@@ -559,6 +563,7 @@ class RiskModelTest(s_t_utils.SynTest):
             self.eq('nature.earthquake.', nodes[0].get('cause'))
             self.eq((1672531200000, 1704067200000), nodes[0].get('period'))
 
+            self.len(1, await core.nodes('risk:outage -> risk:attack'))
             self.len(1, await core.nodes('risk:outage -> risk:outage:cause:taxonomy'))
             self.len(1, await core.nodes('risk:outage :reporter -> ou:org +:name=vertex'))
             self.len(1, await core.nodes('risk:outage :provider -> ou:org +:name="desert power"'))