Search in sources :

Example 1 with SecurityAuditEventTypes

use of org.graylog.security.SecurityAuditEventTypes in project graylog2-server by Graylog2.

the class AuditCoverageTest method testAuditCoverage.

@Test
public void testAuditCoverage() throws Exception {
    final ConfigurationBuilder configurationBuilder = new ConfigurationBuilder().setUrls(ClasspathHelper.forPackage("org.graylog2")).setScanners(new MethodAnnotationsScanner());
    // TODO: Dynamically discover event types?
    final Set<String> auditEventTypes = ImmutableSet.<String>builder().addAll(new AuditEventTypes().auditEventTypes()).addAll(new PipelineProcessorAuditEventTypes().auditEventTypes()).addAll(new SidecarAuditEventTypes().auditEventTypes()).addAll(new ViewsAuditEventTypes().auditEventTypes()).addAll(new JobSchedulerAuditEventTypes().auditEventTypes()).addAll(new EventsAuditEventTypes().auditEventTypes()).addAll(new SecurityAuditEventTypes().auditEventTypes()).build();
    final Reflections reflections = new Reflections(configurationBuilder);
    final ImmutableSet.Builder<Method> methods = ImmutableSet.builder();
    final ImmutableSet.Builder<Method> missing = ImmutableSet.builder();
    final ImmutableSet.Builder<Method> unregisteredAction = ImmutableSet.builder();
    methods.addAll(reflections.getMethodsAnnotatedWith(POST.class));
    methods.addAll(reflections.getMethodsAnnotatedWith(PUT.class));
    methods.addAll(reflections.getMethodsAnnotatedWith(DELETE.class));
    for (Method method : methods.build()) {
        if (!method.isAnnotationPresent(AuditEvent.class) && !method.isAnnotationPresent(NoAuditEvent.class)) {
            missing.add(method);
        } else {
            if (method.isAnnotationPresent(AuditEvent.class)) {
                final AuditEvent annotation = method.getAnnotation(AuditEvent.class);
                if (!auditEventTypes.contains(annotation.type())) {
                    unregisteredAction.add(method);
                }
            }
        }
    }
    assertThat(missing.build()).describedAs("Check that there are no POST, PUT and DELETE resources which do not have the @AuditEvent annotation").isEmpty();
    assertThat(unregisteredAction.build()).describedAs("Check that there are no @AuditEvent annotations with unregistered event types").isEmpty();
}
Also used : ConfigurationBuilder(org.reflections.util.ConfigurationBuilder) SecurityAuditEventTypes(org.graylog.security.SecurityAuditEventTypes) POST(javax.ws.rs.POST) PipelineProcessorAuditEventTypes(org.graylog.plugins.pipelineprocessor.audit.PipelineProcessorAuditEventTypes) Method(java.lang.reflect.Method) PUT(javax.ws.rs.PUT) DELETE(javax.ws.rs.DELETE) MethodAnnotationsScanner(org.reflections.scanners.MethodAnnotationsScanner) SidecarAuditEventTypes(org.graylog.plugins.sidecar.audit.SidecarAuditEventTypes) ImmutableSet(com.google.common.collect.ImmutableSet) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent) AuditEvent(org.graylog2.audit.jersey.AuditEvent) ViewsAuditEventTypes(org.graylog.plugins.views.audit.ViewsAuditEventTypes) ViewsAuditEventTypes(org.graylog.plugins.views.audit.ViewsAuditEventTypes) SecurityAuditEventTypes(org.graylog.security.SecurityAuditEventTypes) SidecarAuditEventTypes(org.graylog.plugins.sidecar.audit.SidecarAuditEventTypes) PipelineProcessorAuditEventTypes(org.graylog.plugins.pipelineprocessor.audit.PipelineProcessorAuditEventTypes) JobSchedulerAuditEventTypes(org.graylog.scheduler.audit.JobSchedulerAuditEventTypes) EventsAuditEventTypes(org.graylog.events.audit.EventsAuditEventTypes) JobSchedulerAuditEventTypes(org.graylog.scheduler.audit.JobSchedulerAuditEventTypes) EventsAuditEventTypes(org.graylog.events.audit.EventsAuditEventTypes) Reflections(org.reflections.Reflections) Test(org.junit.Test)

Aggregations

ImmutableSet (com.google.common.collect.ImmutableSet)1 Method (java.lang.reflect.Method)1 DELETE (javax.ws.rs.DELETE)1 POST (javax.ws.rs.POST)1 PUT (javax.ws.rs.PUT)1 EventsAuditEventTypes (org.graylog.events.audit.EventsAuditEventTypes)1 PipelineProcessorAuditEventTypes (org.graylog.plugins.pipelineprocessor.audit.PipelineProcessorAuditEventTypes)1 SidecarAuditEventTypes (org.graylog.plugins.sidecar.audit.SidecarAuditEventTypes)1 ViewsAuditEventTypes (org.graylog.plugins.views.audit.ViewsAuditEventTypes)1 JobSchedulerAuditEventTypes (org.graylog.scheduler.audit.JobSchedulerAuditEventTypes)1 SecurityAuditEventTypes (org.graylog.security.SecurityAuditEventTypes)1 AuditEvent (org.graylog2.audit.jersey.AuditEvent)1 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)1 Test (org.junit.Test)1 Reflections (org.reflections.Reflections)1 MethodAnnotationsScanner (org.reflections.scanners.MethodAnnotationsScanner)1 ConfigurationBuilder (org.reflections.util.ConfigurationBuilder)1