apache · bleepbop · Oct 13, 2021 · Oct 4, 2021 · Oct 4, 2021 · Oct 4, 2021
diff --git a/tests/api/v2/handlers/test_health_api.py b/tests/api/v2/handlers/test_health_api.py
@@ -8,20 +8,7 @@
 def expected_caldera_info():
     return {
         'application': 'CALDERA',
-        'plugins': [
-            {
-                'address': '/plugin/sandcat/gui',
-                'description': 'A custom multi-platform RAT',
-                'enabled': True,
-                'name': 'sandcat'
-            },
-            {
-                'address': 'plugin/ssl/gui',
-                'description': 'Run an SSL proxy in front of the server',
-                'enabled': False,
-                'name': 'ssl'
-            }
-        ],
+        'plugins': [],
         'version': app.get_version()
     }
 

diff --git a/tests/api/v2/handlers/test_plugins_api.py b/tests/api/v2/handlers/test_plugins_api.py
@@ -0,0 +1,44 @@
+import pytest
+
+from http import HTTPStatus
+
+from app.objects.c_plugin import Plugin
+from app.utility.base_service import BaseService
+
+
+@pytest.fixture
+def test_plugin(loop, api_v2_client):
+    plugin = Plugin(name="test_plugin", enabled=True, description="a test plugin", address="test_address")
+    loop.run_until_complete(BaseService.get_service('data_svc').store(plugin))
+    return plugin
+
+
+@pytest.fixture
+def expected_test_plugin_dump(test_plugin):
+    return test_plugin.display_schema.dump(test_plugin)
+
+
+class TestPluginsApi:
+    async def test_get_plugins(self, api_v2_client, api_cookies, test_plugin, expected_test_plugin_dump):
+        resp = await api_v2_client.get('/api/v2/plugins', cookies=api_cookies)
+        plugins_list = await resp.json()
+        assert len(plugins_list) == 1
+        plugin_dict = plugins_list[0]
+        assert plugin_dict == expected_test_plugin_dump
+
+    async def test_unauthorized_get_plugins(self, api_v2_client, test_plugin):
+        resp = await api_v2_client.get('/api/v2/plugins')
+        assert resp.status == HTTPStatus.UNAUTHORIZED
+
+    async def test_get_plugin_by_id(self, api_v2_client, api_cookies, test_plugin, expected_test_plugin_dump):
+        resp = await api_v2_client.get(f'/api/v2/plugins/{test_plugin.name}', cookies=api_cookies)
+        plugin_dict = await resp.json()
+        assert plugin_dict == expected_test_plugin_dump
+
+    async def test_unauthorized_get_plugin_by_id(self, api_v2_client, test_plugin):
+        resp = await api_v2_client.get(f'/api/v2/plugins/{test_plugin.name}')
+        assert resp.status == HTTPStatus.UNAUTHORIZED
+
+    async def test_get_nonexistent_plugin_by_id(self, api_v2_client, api_cookies):
+        resp = await api_v2_client.get('/api/v2/plugins/999', cookies=api_cookies)
+        assert resp.status == HTTPStatus.NOT_FOUND
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -19,6 +19,7 @@
 from app.api.v2.handlers.operation_api import OperationApi
 from app.api.v2.handlers.contact_api import ContactApi
 from app.api.v2.handlers.obfuscator_api import ObfuscatorApi
+from app.api.v2.handlers.plugins_api import PluginApi
 from app.api.v2.handlers.fact_source_api import FactSourceApi
 from app.api.v2.handlers.planner_api import PlannerApi
 from app.api.v2.handlers.health_api import HealthApi
@@ -327,6 +328,7 @@ def make_app(svcs):
         ContactApi(svcs).add_routes(app)
         ObjectiveApi(svcs).add_routes(app)
         ObfuscatorApi(svcs).add_routes(app)
+        PluginApi(svcs).add_routes(app)
         FactSourceApi(svcs).add_routes(app)
         PlannerApi(svcs).add_routes(app)
         HealthApi(svcs).add_routes(app)
@@ -350,7 +352,6 @@ async def initialize():
         os.chdir(str(Path(__file__).parents[1]))
 
         await app_svc.register_contacts()
-        await app_svc.load_plugins(['sandcat', 'ssl'])
         _ = await RestApi(services).enable()
         await auth_svc.apply(app_svc.application, auth_svc.get_config('users'))
         await auth_svc.set_login_handlers(services)