def test_retrieve_invalid_sample(self):
"""Test can retrieve added sample, should return True."""
SampleFileHelpers.create_sample_mimikatz()
_md5 = md5()
_md5.update(b'not a valid hash')
digest = _md5.hexdigest()
with self.assertRaises(ValidationError) as exception:
SampleItem.retrieve_sample(digest)
self.assertEqual(str(exception.exception.detail[0]),
'Identifier not known')
def test_no_related_url_items(self):
"""Test if related URL returns N/A on empty list."""
sample = SampleFileHelpers.create_sample_mimikatz()
item = SampleItem.get_related_alert_items_as_url(sample.md5)
self.assertEqual(item, 'N/A')
def test_related_url_items(self):
"""Test if related URL items are obtained properly, must return True."""
sample = SampleFileHelpers.create_sample_mimikatz()
# __str__ of MimiAlertItem will retrieve machinename
# this has to be tested anyway
alerts = [
str(MimiAlertHelpers.create_alert_item(sample.md5)),
str(MimiAlertHelpers.create_alert_item(sample.md5))
]
# items is converted to a string, split it back to a list
items = SampleItem.get_related_alert_items_as_url(
sample.md5).split(', ')
# make sure the order is the same
sorted_items = []
if alerts[0] in items[0]:
sorted_items.append((alerts[0], items[0]))
sorted_items.append((alerts[1], items[1]))
else:
sorted_items.append((alerts[0], items[1]))
sorted_items.append((alerts[1], items[0]))
for alert, item in sorted_items:
url = reverse('admin:alert_api_mimialertitem_changelist')
ref = '<a href="{}?machinename={}">{}</a>'.format(
url, alert, alert)
self.assertEqual(item, ref)
def test_delete_sample_removes_file(self):
"""Test deleting a SampleItem removes the file."""
sample = SampleFileHelpers.create_sample_mimikatz()
path = sample.sample.path
sample.delete()
self.assertFalse(access(path, F_OK))
def test_post_delete_sample_file(self):
"""Test if sample is deleted after object removal, should return
False."""
sample = SampleFileHelpers.create_sample_mimikatz()
path = sample.sample.path
sample.delete()
self.assertFalse(access(path, R_OK))
def test_related_url_item(self):
"""Test if related URL items are obtained properly, must return True."""
sample = SampleFileHelpers.create_sample_mimikatz()
alert = MimiAlertHelpers.create_alert_item(sample.md5)
item = SampleItem.get_related_alert_items_as_url(sample.md5)
# __str__ of MimiAlertItem will retrieve machinename
# this has to be tested anyway
mn = str(alert)
url = reverse('admin:alert_api_mimialertitem_changelist')
ref = '<a href="{}?machinename={}">{}</a>'.format(url, mn, mn)
self.assertEqual(item, ref)
def test_post_sample_file(self):
"""Test POST mimikatz sample file, should return True."""
md5, sha1 = SampleFileHelpers.download_latest_mimikatz()
url = reverse('incoming-sample', args={md5})
with open('/tmp/x64/mimikatz.exe', 'rb') as fd:
response = self.client.post(
url, fd.read(), content_type='application/octet-stream')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertTrue(SampleItem.objects.filter(md5=md5).exists())
item = SampleItem.objects.get()
item.delete()
def test_delete_sample_removes_file(self):
"""Test delete SampleFile removes object from disk. Should return
False."""
md5, sha1 = SampleFileHelpers.download_latest_mimikatz()
url = reverse('incoming-sample', args={md5})
with open('/tmp/x64/mimikatz.exe', 'rb') as fd:
self.client.post(url,
fd.read(),
content_type='application/octet-stream')
self.assertTrue(SampleItem.objects.filter(md5=md5).exists())
item = SampleItem.objects.get()
path = item.sample.path
self.assertTrue(access(path, R_OK))
item.delete()
self.assertFalse(access(path, R_OK))