# encoding: utf-8 require 'spec_helper' require_db 'db_layer' require_db 'grid' require_db 'rest' require_db 'rest/agent' describe 'The scout has to be upgaded' do silence_alerts let!(:operation) { factory_create(:operation) } let!(:target) { factory_create(:target, operation: operation) } let!(:agent) { factory_create(:agent, target: target) } before do agent.version = 3 agent.level = :scout end context "blacklisted software is present" do let!(:evidence) { factory_create(:device_evidence, agent: agent)} it 'should detect unicode software and suggest soldier' do evidence.data = {content: "Architecture: 64-bit\n\nApplication list:\n 360杀毒"} evidence.save expect(agent.blacklisted_software?).to eq(:soldier) end it 'should detect ascii software' do evidence.data = {content: "Architecture: 64-bit\n\nApplication list:\n Outpost Antivirus 1.34"} evidence.save expect { agent.blacklisted_software? }.to raise_error BlacklistError, /prevents the upgrade/i end it 'should detect 32 bit software and suggest soldier' do evidence.data = {content: "Architecture: 32-bit\n\nApplication list:\n Kaspersky Antivirus"} evidence.save expect(agent.blacklisted_software?).to eq(:soldier) end it 'should not detect 64 bit software (if only 32 is in blacklist)' do evidence.data = {content: "Architecture: 64-bit\n\nApplication list:\n Kaspersky Antivirus"} evidence.save expect { agent.blacklisted_software? }.not_to raise_error end it 'should detect * bit software (on device info without bit infos)' do evidence.data = {content: "Application list:\n Online Armor"} evidence.save expect { agent.blacklisted_software? }.to raise_error BlacklistError, /prevents the upgrade/i end end context "blacklisted software is not installed" do let!(:evidence) { factory_create(:device_evidence, agent: agent)} it 'should not detect software that is not in blacklist' do evidence.data = {content: "Application list:\n McAfee Security Suite"} evidence.save expect { agent.blacklisted_software? }.not_to raise_error end end context "blacklisted software cannot be determined" do it 'should raise error if device info cannot be found' do expect { agent.blacklisted_software? }.to raise_error BlacklistError, /Cannot determine installed software/i end end context "analysis software is installed" do let!(:evidence) { factory_create(:device_evidence, agent: agent)} it 'should detect analysis software' do evidence.data = {content: "Application list:\n VMWare Tools"} evidence.save expect { agent.blacklisted_software? }.to raise_error BlacklistError, /malware analysis software/i end end end module RCS module DB describe AgentController do before do # skip check of current user privileges subject.stub :require_auth_level # stub the #ok method and then #not_found methods subject.stub(:ok) { |*args| args.first } subject.stub(:not_found) { |message| message } # stub blacklist_analysis constant Blacklist.__send__(:remove_const, :BLACKLIST_ANALYSIS) Blacklist.const_set(:BLACKLIST_ANALYSIS, %w[foo bar baz]) end let(:agent1) { factory_create(:agent) } let(:agent2) { factory_create(:agent) } context 'When asked for the blacklist' do it 'should return the plaintext blacklist' do expect(subject.blacklist).to match_regex /[0-9]\|[\*]\|[SB]\|[\*3264]\|\w+\n*/ end end context 'When asked to disable the analysis blacklist' do before do subject.instance_variable_set('@params', Hash.new) subject.disable_analysis end it 'should disable checks on all the agents' do expect(Blacklist.analysis_disabled_for?(agent1)).to eq(true) expect(Blacklist.analysis_disabled_for?(agent2)).to eq(true) end end context 'when an agent id is given' do before do subject.instance_variable_set('@params', 'agent' => agent1.id.to_s) subject.disable_analysis end it 'disable only that agent' do expect(Blacklist.analysis_disabled_for?(agent1)).to eq(true) expect(Blacklist.analysis_disabled_for?(agent2)).to eq(false) end end context 'when an agent instance id is given' do before do subject.instance_variable_set('@params', 'agent' => agent2.instance) subject.disable_analysis end it 'disable only that agent' do expect(Blacklist.analysis_disabled_for?(agent1)).to eq(false) expect(Blacklist.analysis_disabled_for?(agent2)).to eq(true) end end context 'when a timeout is given' do before do subject.instance_variable_set('@params', 'timeout' => 1) subject.disable_analysis end it 'disable the blacklist for 1 second' do expect(Blacklist.analysis_disabled_for?(agent1)).to eq(true) sleep(1.2) expect(Blacklist.analysis_disabled_for?(agent1)).to eq(false) end end context 'when a timeout is given along with an agent id' do before do subject.instance_variable_set('@params', 'timeout' => 1, 'agent' => agent1.id.to_s) subject.disable_analysis end it 'disable the blacklist for 1 second only for that program' do expect(Blacklist.analysis_disabled_for?(agent1)).to eq(true) expect(Blacklist.analysis_disabled_for?(agent2)).to eq(false) sleep(1.2) expect(Blacklist.analysis_disabled_for?(agent1)).to eq(false) expect(Blacklist.analysis_disabled_for?(agent2)).to eq(false) end end end end end .