-
Notifications
You must be signed in to change notification settings - Fork 280
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add: [tests] Testing Analyst Data in different scenarios
- Testing different ways to attach analyst data - Testing that no matter what object type the analyst data is attached to, the `object_type` & `object_uuid` are correct, and the parent container does contain every analyst data object in flat lists with no nesting
- Loading branch information
Showing
1 changed file
with
122 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| #!/usr/bin/env python | ||
|
|
||
| import unittest | ||
| from pymisp import (MISPAttribute, MISPEvent, MISPEventReport, MISPNote, | ||
| MISPObject, MISPOpinion) | ||
| from uuid import uuid4 | ||
|
|
||
|
|
||
| class TestAnalystData(unittest.TestCase): | ||
| def setUp(self) -> None: | ||
| self.note_dict = { | ||
| "uuid": uuid4(), | ||
| "note": "note3" | ||
| } | ||
| self.opinion_dict = { | ||
| "uuid": uuid4(), | ||
| "opinion": 75, | ||
| "comment": "Agree" | ||
| } | ||
|
|
||
| def test_analyst_data_on_attribute(self) -> None: | ||
| attribute = MISPAttribute() | ||
| attribute.from_dict(type='filename', value='foo.exe') | ||
| self._attach_analyst_data(attribute) | ||
|
|
||
| def test_analyst_data_on_attribute_alternative(self) -> None: | ||
| event = MISPEvent() | ||
| event.info = 'Test on Attribute' | ||
| event.add_attribute('domain', 'foo.bar') | ||
| self._attach_analyst_data(event.attributes[0]) | ||
|
|
||
| def test_analyst_data_on_event(self) -> None: | ||
| event = MISPEvent() | ||
| event.info = 'Test Event' | ||
| self._attach_analyst_data(event) | ||
|
|
||
| def test_analyst_data_on_event_report(self) -> None: | ||
| event_report = MISPEventReport() | ||
| event_report.from_dict(name='Test Report', content='This is a report') | ||
| self._attach_analyst_data(event_report) | ||
|
|
||
| def test_analyst_data_on_event_report_alternative(self) -> None: | ||
| event = MISPEvent() | ||
| event.info = 'Test on Event Report' | ||
| event.add_event_report('Test Report', 'This is a report') | ||
| self._attach_analyst_data(event.event_reports[0]) | ||
|
|
||
| def test_analyst_data_on_object(self) -> None: | ||
| misp_object = MISPObject('file') | ||
| misp_object.add_attribute('filename', 'foo.exe') | ||
| self._attach_analyst_data(misp_object) | ||
|
|
||
| def test_analyst_data_on_object_alternative(self) -> None: | ||
| event = MISPEvent() | ||
| event.info = 'Test on Object' | ||
| misp_object = MISPObject('file') | ||
| misp_object.add_attribute('filename', 'foo.exe') | ||
| event.add_object(misp_object) | ||
| self._attach_analyst_data(event.objects[0]) | ||
|
|
||
| def test_analyst_data_on_object_attribute(self) -> None: | ||
| misp_object = MISPObject('file') | ||
| object_attribute = misp_object.add_attribute('filename', 'foo.exe') | ||
| self._attach_analyst_data(object_attribute) | ||
|
|
||
| def test_analyst_data_object_object_attribute_alternative(self) -> None: | ||
| misp_object = MISPObject('file') | ||
| misp_object.add_attribute('filename', 'foo.exe') | ||
| self._attach_analyst_data(misp_object.attributes[0]) | ||
|
|
||
| def _attach_analyst_data( | ||
| self, container: MISPAttribute | MISPEvent | MISPEventReport | MISPObject) -> None: | ||
| object_type = container._analyst_data_object_type | ||
| note1 = container.add_note(note='note1') | ||
| opinion1 = note1.add_opinion(opinion=25, comment='Disagree') | ||
| opinion2 = container.add_opinion(opinion=50, comment='Neutral') | ||
| note2 = opinion2.add_note(note='note2') | ||
|
|
||
| dict_note = MISPNote() | ||
| dict_note.from_dict( | ||
| object_type=object_type, object_uuid=container.uuid, **self.note_dict | ||
| ) | ||
| note3 = container.add_note(**dict_note) | ||
| dict_opinion = MISPOpinion() | ||
| dict_opinion.from_dict( | ||
| object_type='Note', object_uuid=note3.uuid, **self.opinion_dict | ||
| ) | ||
| container.add_opinion(**dict_opinion) | ||
|
|
||
| self.assertEqual(len(container.notes), 3) | ||
| self.assertEqual(len(container.opinions), 3) | ||
|
|
||
| misp_note1, misp_note2, misp_note3 = container.notes | ||
| misp_opinion1, misp_opinion2, misp_opinion3 = container.opinions | ||
|
|
||
| self.assertEqual(misp_note1.object_type, object_type) | ||
| self.assertEqual(misp_note1.object_uuid, container.uuid) | ||
| self.assertEqual(misp_note1.note, 'note1') | ||
|
|
||
| self.assertEqual(misp_note2.object_type, 'Opinion') | ||
| self.assertEqual(misp_note2.object_uuid, opinion2.uuid) | ||
| self.assertEqual(misp_note2.note, 'note2') | ||
|
|
||
| self.assertEqual(misp_note3.object_type, object_type) | ||
| self.assertEqual(misp_note3.object_uuid, container.uuid) | ||
| self.assertEqual(misp_note3.note, 'note3') | ||
|
|
||
| self.assertEqual(misp_opinion1.object_type, 'Note') | ||
| self.assertEqual(misp_opinion1.object_uuid, note1.uuid) | ||
| self.assertEqual(misp_opinion1.opinion, 25) | ||
| self.assertEqual(misp_opinion1.comment, 'Disagree') | ||
|
|
||
| self.assertEqual(misp_opinion2.object_type, object_type) | ||
| self.assertEqual(misp_opinion2.object_uuid, container.uuid) | ||
| self.assertEqual(misp_opinion2.opinion, 50) | ||
| self.assertEqual(misp_opinion2.comment, 'Neutral') | ||
|
|
||
| self.assertEqual(misp_opinion3.object_type, 'Note') | ||
| self.assertEqual(misp_opinion3.object_uuid, note3.uuid) | ||
| self.assertEqual(misp_opinion3.opinion, 75) | ||
| self.assertEqual(misp_opinion3.comment, 'Agree') | ||
|
|