def test_file(requests_mock):
"""
Given:
- A hash.
When:
- When running the file command.
Then:
- Validate that the file outputs are created properly
- Validate that the DbotScore outputs are created properly
"""
dbot_score_key = 'DBotScore(val.Indicator && val.Indicator == obj.Indicator &&' \
' val.Vendor == obj.Vendor && val.Type == obj.Type)'
requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}',
json=MOCK_HASH_RESP)
client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False)
outputs = file_command(client,
{'file': MOCK_HASH})[0].to_context()['EntryContext']
file_key = next(filter(lambda k: 'File' in k, outputs.keys()), 'File')
assert outputs[file_key][0].get(
'MD5', '') == MOCK_HASH, 'The indicator value is wrong'
assert outputs[dbot_score_key][0][
'Indicator'] == MOCK_HASH, 'The indicator is not matched'
assert outputs[dbot_score_key][0][
'Type'] == 'file', 'The indicator type should be file'
assert 1 <= outputs[dbot_score_key][0][
'Score'] <= 3, 'Invalid indicator score range'
def test_file__no_family(requests_mock):
"""
Given:
- Hash with results that have family set to None
When:
- Running the file commandd
Then:
- Ensure the Relationships object is empty
"""
requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH_NO_FAMILY}', json=HASH_RESP_NO_FAMILY)
client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False)
outputs = file_command(client, {'file': MOCK_HASH_NO_FAMILY})[0].to_context()
assert not outputs['Relationships']
def test_file(requests_mock):
requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}',
json=MOCK_HASH_RESP)
client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False)
_, outputs, _ = file_command(client, {'file': MOCK_HASH})
file_key = next(filter(lambda k: 'File' in k, outputs.keys()), 'File')
assert outputs[file_key][0].get(
'MD5', '') == MOCK_HASH, 'The indicator value is wrong'
assert outputs[DBOT_SCORE_KEY][0][
'Indicator'] == MOCK_HASH, 'The indicator is not matched'
assert outputs[DBOT_SCORE_KEY][0][
'Type'] == 'file', 'The indicator type should be file'
assert 1 <= outputs[DBOT_SCORE_KEY][0][
'Score'] <= 3, 'Invalid indicator score range'
def test_file_connections(requests_mock):
"""
Given:
- A hash.
When:
- When running the file command.
Then:
- Validate that the relationships are crated correctly
"""
requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}', json=MOCK_HASH_RESP)
client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False)
relations = file_command(client, {'file': MOCK_HASH})[0].relationships[0].to_context()
assert relations.get('Relationship') == 'related-to'
assert relations.get('EntityA') == MOCK_HASH
assert relations.get('EntityAType') == 'File'
assert relations.get('EntityB') == 'badur'
assert relations.get('EntityBType') == 'STIX Malware'
