2016-09-29 04:21:39 +00:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2017-03-03 22:43:11 +00:00
|
|
|
"compress/gzip"
|
2016-09-29 04:21:39 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
Push distributed query errors over results websocket (#878)
As of recently, osquery will report when a distributed query fails. We now
expose errors over the results websocket. When a query errored on the host, the
`error` key in the result will be non-null. Note that osquery currently doesn't
provide any details so the error string will always be "failed". I anticipate
that we will fix this and the string is included for future-proofing.
Successful result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 15,
"host": {
... omitted ...
},
"rows": [
{
"hour": "1"
}
],
"error": null
}
}
```
Failed result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 14,
"host": {
... omitted ...
},
"rows": [
],
"error": "failed"
}
}
```
2017-01-11 03:34:32 +00:00
|
|
|
"golang.org/x/net/context"
|
|
|
|
|
2016-09-29 04:21:39 +00:00
|
|
|
"github.com/gorilla/mux"
|
2017-02-01 17:20:50 +00:00
|
|
|
"github.com/kolide/kolide/server/kolide"
|
2016-09-29 04:21:39 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2017-03-03 22:43:11 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2016-09-29 04:21:39 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestDecodeEnrollAgentRequest(t *testing.T) {
|
|
|
|
router := mux.NewRouter()
|
2017-03-03 22:43:11 +00:00
|
|
|
router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
|
2016-09-29 04:21:39 +00:00
|
|
|
r, err := decodeEnrollAgentRequest(context.Background(), request)
|
2017-03-03 22:43:11 +00:00
|
|
|
require.Nil(t, err)
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
params := r.(enrollAgentRequest)
|
|
|
|
assert.Equal(t, "secret", params.EnrollSecret)
|
|
|
|
assert.Equal(t, "uuid", params.HostIdentifier)
|
|
|
|
}).Methods("POST")
|
|
|
|
|
|
|
|
var body bytes.Buffer
|
|
|
|
body.Write([]byte(`{
|
|
|
|
"enroll_secret": "secret",
|
|
|
|
"host_identifier": "uuid"
|
|
|
|
}`))
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
2017-03-03 22:43:11 +00:00
|
|
|
httptest.NewRequest("POST", "/", &body),
|
2016-09-29 04:21:39 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDecodeGetClientConfigRequest(t *testing.T) {
|
|
|
|
router := mux.NewRouter()
|
2017-03-03 22:43:11 +00:00
|
|
|
router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
|
2016-09-29 04:21:39 +00:00
|
|
|
r, err := decodeGetClientConfigRequest(context.Background(), request)
|
2017-03-03 22:43:11 +00:00
|
|
|
require.Nil(t, err)
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
params := r.(getClientConfigRequest)
|
|
|
|
assert.Equal(t, "key", params.NodeKey)
|
|
|
|
}).Methods("POST")
|
|
|
|
|
|
|
|
var body bytes.Buffer
|
|
|
|
body.Write([]byte(`{
|
|
|
|
"node_key": "key"
|
|
|
|
}`))
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
2017-03-03 22:43:11 +00:00
|
|
|
httptest.NewRequest("POST", "/", &body),
|
2016-09-29 04:21:39 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDecodeGetDistributedQueriesRequest(t *testing.T) {
|
|
|
|
router := mux.NewRouter()
|
2017-03-03 22:43:11 +00:00
|
|
|
router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
|
2016-09-29 04:21:39 +00:00
|
|
|
r, err := decodeGetDistributedQueriesRequest(context.Background(), request)
|
2017-03-03 22:43:11 +00:00
|
|
|
require.Nil(t, err)
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
params := r.(getDistributedQueriesRequest)
|
|
|
|
assert.Equal(t, "key", params.NodeKey)
|
|
|
|
}).Methods("POST")
|
|
|
|
|
|
|
|
var body bytes.Buffer
|
|
|
|
body.Write([]byte(`{
|
|
|
|
"node_key": "key"
|
|
|
|
}`))
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
2017-03-03 22:43:11 +00:00
|
|
|
httptest.NewRequest("POST", "/", &body),
|
2016-09-29 04:21:39 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDecodeSubmitDistributedQueryResultsRequest(t *testing.T) {
|
|
|
|
router := mux.NewRouter()
|
2017-03-03 22:43:11 +00:00
|
|
|
router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
|
2016-09-29 04:21:39 +00:00
|
|
|
r, err := decodeSubmitDistributedQueryResultsRequest(context.Background(), request)
|
2017-03-03 22:43:11 +00:00
|
|
|
require.Nil(t, err)
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
params := r.(submitDistributedQueryResultsRequest)
|
|
|
|
assert.Equal(t, "key", params.NodeKey)
|
|
|
|
assert.Equal(t, kolide.OsqueryDistributedQueryResults{
|
|
|
|
"id1": {
|
|
|
|
{"col1": "val1", "col2": "val2"},
|
|
|
|
{"col1": "val3", "col2": "val4"},
|
|
|
|
},
|
|
|
|
"id2": {
|
|
|
|
{"col3": "val5", "col4": "val6"},
|
|
|
|
},
|
2016-10-05 00:17:55 +00:00
|
|
|
"id3": {},
|
2016-09-29 04:21:39 +00:00
|
|
|
}, params.Results)
|
Push distributed query errors over results websocket (#878)
As of recently, osquery will report when a distributed query fails. We now
expose errors over the results websocket. When a query errored on the host, the
`error` key in the result will be non-null. Note that osquery currently doesn't
provide any details so the error string will always be "failed". I anticipate
that we will fix this and the string is included for future-proofing.
Successful result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 15,
"host": {
... omitted ...
},
"rows": [
{
"hour": "1"
}
],
"error": null
}
}
```
Failed result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 14,
"host": {
... omitted ...
},
"rows": [
],
"error": "failed"
}
}
```
2017-01-11 03:34:32 +00:00
|
|
|
assert.Equal(t, map[string]string{"id1": "0", "id3": "1"}, params.Statuses)
|
2016-09-29 04:21:39 +00:00
|
|
|
}).Methods("POST")
|
|
|
|
|
2016-10-05 00:17:55 +00:00
|
|
|
// Note we explicitly test the case that requires using the shim
|
|
|
|
// because of the inconsistent JSON schema
|
2016-09-29 04:21:39 +00:00
|
|
|
var body bytes.Buffer
|
|
|
|
body.Write([]byte(`{
|
|
|
|
"node_key": "key",
|
|
|
|
"queries": {
|
|
|
|
"id1": [
|
|
|
|
{"col1": "val1", "col2": "val2"},
|
|
|
|
{"col1": "val3", "col2": "val4"}
|
|
|
|
],
|
|
|
|
"id2": [
|
|
|
|
{"col3": "val5", "col4": "val6"}
|
2016-10-05 00:17:55 +00:00
|
|
|
],
|
|
|
|
"id3": ""
|
Push distributed query errors over results websocket (#878)
As of recently, osquery will report when a distributed query fails. We now
expose errors over the results websocket. When a query errored on the host, the
`error` key in the result will be non-null. Note that osquery currently doesn't
provide any details so the error string will always be "failed". I anticipate
that we will fix this and the string is included for future-proofing.
Successful result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 15,
"host": {
... omitted ...
},
"rows": [
{
"hour": "1"
}
],
"error": null
}
}
```
Failed result:
```
{
"type": "result",
"data": {
"distributed_query_execution_id": 14,
"host": {
... omitted ...
},
"rows": [
],
"error": "failed"
}
}
```
2017-01-11 03:34:32 +00:00
|
|
|
},
|
|
|
|
"statuses": {"id1": "0", "id3": "1"}
|
2016-09-29 04:21:39 +00:00
|
|
|
}`))
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
2017-03-03 22:43:11 +00:00
|
|
|
httptest.NewRequest("POST", "/", &body),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDecodeSubmitLogsRequest(t *testing.T) {
|
|
|
|
router := mux.NewRouter()
|
|
|
|
router.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
|
|
|
|
r, err := decodeSubmitLogsRequest(context.Background(), request)
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
|
|
|
params := r.(submitLogsRequest)
|
|
|
|
assert.Equal(t, "xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb", params.NodeKey)
|
|
|
|
assert.Equal(t, "status", params.LogType)
|
|
|
|
}).Methods("POST")
|
|
|
|
|
|
|
|
bodyJSON := []byte(`
|
|
|
|
{
|
|
|
|
"node_key":"xOCmmaTJJvGRi8prh4kdjkFMyh7K1bXb",
|
|
|
|
"log_type":"status",
|
|
|
|
"data":[
|
|
|
|
{
|
|
|
|
"severity":"0",
|
|
|
|
"filename":"tls.cpp",
|
|
|
|
"line":"205",
|
|
|
|
"message":"TLS\/HTTPS POST request to URI: https:\/\/dockerhost:8080\/api\/v1\/osquery\/log",
|
|
|
|
"version":"2.3.2",
|
|
|
|
"decorations":{
|
|
|
|
"host_uuid":"EB714C9D-C1F8-A436-B6DA-3F853C5502EA",
|
|
|
|
"hostname":"9bed9dc098d9"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
`)
|
|
|
|
|
|
|
|
body := new(bytes.Buffer)
|
|
|
|
_, err := body.Write(bodyJSON)
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
|
|
|
httptest.NewRequest("POST", "/", body),
|
|
|
|
)
|
|
|
|
|
|
|
|
// Now try gzipped
|
|
|
|
body.Reset()
|
|
|
|
gzWriter := gzip.NewWriter(body)
|
|
|
|
_, err = gzWriter.Write(bodyJSON)
|
|
|
|
require.Nil(t, err)
|
|
|
|
require.Nil(t, gzWriter.Close())
|
|
|
|
|
|
|
|
req := httptest.NewRequest("POST", "/", body)
|
|
|
|
req.Header.Add("Content-Encoding", "gzip")
|
|
|
|
|
|
|
|
router.ServeHTTP(
|
|
|
|
httptest.NewRecorder(),
|
|
|
|
req,
|
2016-09-29 04:21:39 +00:00
|
|
|
)
|
|
|
|
}
|