search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.37k stars 162 forks source link

Filtering test cases based on tag name #238

Closed vinisimoes closed 1 year ago

vinisimoes commented 1 year ago

Describe the bug When trying to query test cases based on tags using the gql library in Python, I get the following error:

gql.transport.exceptions.TransportQueryError: {'message': "Validation error (WrongType@[testcases]) : argument 'filter' with value 'ObjectValue{objectFields=[ObjectField{name='tags', value=ObjectValue{objectFields=[ObjectField{name='name', value=ObjectValue{objectFields=[ObjectField{name='eq', value=VariableReference{name='tag'}}]}}]}}]}' contains a field not in 'TestCaseFilter': 'tags'", 'locations': [{'line': 2, 'column': 22}], 'extensions': {'classification': 'ValidationError'}}

To Reproduce The code I am trying to run is the following function:

from gql import Client
from gql.transport.requests import RequestsHTTPTransport

_transport = RequestsHTTPTransport(
    url=_vectr_base_url, verify=False, retries=3,
    headers={"Authorization": "VEC1 " + _vectr_api_key + ":" + _vectr_secret_key}
)
client = Client(transport=_transport, fetch_schema_from_transport=False)

def get_test_case(tag):
    query = gql( """
        query($db: String!, $tag: String!) {
            testcases(db: $db, filter: { tags: { name: { eq: $tag } } }) {
                nodes {
                    id,
                    name,
                    tags {
                        name
                    }
                }
            }
        }
    """
    )
    input = { "db": vectr_db, "tag": tag }
    response = client.execute(query, input)
    return response

Expected behavior I am folowing the schema description on this link, in which there is a TestCaseFilter with a tags option.

I expect the above code to return the test cases that have an association with a given tag name.

thebleucheese commented 1 year ago

@vinisimoes

If you have access to the server, check to see that your VECTR version is up to date. The tags filter was added recently and you could get an error like you're receiving if attempting to run that query against an older version.

The following query is confirmed working with the added tag 'test' to sample data on a recent VECTR instance:


{
  testcases(
    db: "DEMO_PURPLE_CE"
    filter: { tags: { name: {contains: "test"}}}
    first: 2
    orderBy: { direction: ASC, field: NAME }
  ) {
    nodes {
      id
      name
      method
      description
      templateId
      mitreId
      activityLogged
      alertSeverity
      outcomes
      outcome {id, name, path}
      outcomeNotes
      status
    }
    pageInfo {
      endCursor
      hasNextPage
    }
  }
}
`