Beispiel #1
0
def test_restart_command_with_unsent_report_item(cbcloud_api_mock, config):
    """Test that an unsent report item is sent as a process of running the restart command."""
    sut = AnalysisUtility(None)
    sut.config = config
    sut.cbc_api = cbcloud_api_mock.api
    cbcloud_api_mock.mock_request(
        "PUT",
        f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)

    components = sut._init_components()
    components["state_manager"].add_report_item(IOCS_2[0]["severity"],
                                                ENGINE_NAME,
                                                minus_severity(IOCS_2)[0])
    components["state_manager"].set_checkpoint(METADATA_VALID["sha256"],
                                               ENGINE_NAME, "DONE")

    sut._restart_command(components)
    assert cbcloud_api_mock._last_request_data is not None
    assert ENGINE_NAME in cbcloud_api_mock._last_request_data["title"]
    assert cbcloud_api_mock._last_request_data[
        "description"] == "Automated report generated by Binary Analysis SDK"
    assert cbcloud_api_mock._last_request_data["severity"] == IOCS_2[0][
        "severity"]
    assert cbcloud_api_mock._last_request_data["iocs_v2"] == minus_severity(
        IOCS_2)
Beispiel #2
0
def test_analyze_command_without_feed(cbcloud_api_mock, config3):
    """Test reports are not sent when a feed id is not present"""
    sut = AnalysisUtility(None)
    sut.config = config3
    sut.cbc_api = cbcloud_api_mock.api
    hash = METADATA_VALID["sha256"]
    cbcloud_api_mock.mock_request(
        "POST", "/ubs/v1/orgs/test/file/_download", {
            "found": [{
                "sha256": hash,
                "url": "DUMMY_URL"
            }],
            "not_found": [],
            "error": []
        })
    cbcloud_api_mock.mock_request("GET",
                                  f"/ubs/v1/orgs/test/sha256/{hash}/metadata",
                                  METADATA_VALID)

    components = sut._init_components()
    components["engine_manager"].engine.mock_engine_output(hash, IOCS_2)

    args = Namespace()
    args.file = None
    args.list = json.dumps([hash])
    sut._analyze_command(args, components)

    assert cbcloud_api_mock._last_request_data == {
        'expiration_seconds':
        3600,
        'sha256':
        ['0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc']
    } or cbcloud_api_mock._last_request_data is None
    assert METADATA_VALID["sha256"] in components[
        "state_manager"].get_previous_hashes(ENGINE_NAME)
Beispiel #3
0
def test_process_metadata(cbcloud_api_mock, config):
    """Test data flow through the components in the _process_metadata method"""
    sut = AnalysisUtility(None)
    sut.config = config
    sut.cbc_api = cbcloud_api_mock.api
    cbcloud_api_mock.mock_request(
        "PUT",
        f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)

    components = sut._init_components()
    components["engine_manager"].engine.mock_engine_output(
        METADATA_VALID["sha256"], IOCS_2)

    sut._process_metadata(components, [METADATA_VALID])

    assert cbcloud_api_mock._last_request_data is not None
    assert ENGINE_NAME in cbcloud_api_mock._last_request_data["title"]
    assert cbcloud_api_mock._last_request_data[
        "description"] == "Automated report generated by Binary Analysis SDK"
    assert cbcloud_api_mock._last_request_data["severity"] == IOCS_2[0][
        "severity"]
    assert cbcloud_api_mock._last_request_data["iocs_v2"] == minus_severity(
        IOCS_2)
    assert METADATA_VALID["sha256"] in components[
        "state_manager"].get_previous_hashes(ENGINE_NAME)
Beispiel #4
0
def test_restart_command_with_nothing_to_do(cbcloud_api_mock, config2):
    """Test data flow through the components in the _restart_command when there are no hashes that are incomplete"""
    sut = AnalysisUtility(None)
    sut.config = config2
    sut.cbc_api = cbcloud_api_mock.api
    hash = METADATA_VALID["sha256"]

    components = sut._init_components()
    my_timestamp = datetime.now() - timedelta(0, 300)
    components["state_manager"].set_checkpoint(hash, ENGINE_NAME, "DONE",
                                               my_timestamp)

    sut._restart_command(components)

    assert cbcloud_api_mock._last_request_data is None
    assert components["state_manager"]._persistor.db[hash][
        "checkpoint_time"] == my_timestamp
Beispiel #5
0
def test_analyze_command(cbcloud_api_mock, config):
    """Test data flow through the components in the _analyze_command method"""
    sut = AnalysisUtility(None)
    sut.config = config
    sut.cbc_api = cbcloud_api_mock.api
    hash = METADATA_VALID["sha256"]
    cbcloud_api_mock.mock_request(
        "POST", "/ubs/v1/orgs/test/file/_download", {
            "found": [{
                "sha256": hash,
                "url": "DUMMY_URL"
            }],
            "not_found": [],
            "error": []
        })
    cbcloud_api_mock.mock_request("GET",
                                  f"/ubs/v1/orgs/test/sha256/{hash}/metadata",
                                  METADATA_VALID)
    cbcloud_api_mock.mock_request(
        "PUT",
        f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)

    components = sut._init_components()
    components["engine_manager"].engine.mock_engine_output(hash, IOCS_2)

    args = Namespace()
    args.file = None
    args.list = json.dumps([hash])
    sut._analyze_command(args, components)

    assert cbcloud_api_mock._last_request_data is not None
    assert ENGINE_NAME in cbcloud_api_mock._last_request_data["title"]
    assert cbcloud_api_mock._last_request_data[
        "description"] == "Automated report generated by Binary Analysis SDK"
    assert cbcloud_api_mock._last_request_data["severity"] == IOCS_2[0][
        "severity"]
    assert cbcloud_api_mock._last_request_data["iocs_v2"] == minus_severity(
        IOCS_2)
    assert METADATA_VALID["sha256"] in components[
        "state_manager"].get_previous_hashes(ENGINE_NAME)
Beispiel #6
0
def test_analyze_command_with_not_found(cbcloud_api_mock, config):
    """Test data flow through the components in the _analyze_command method for when a hash is not found"""
    sut = AnalysisUtility(None)
    sut.config = config
    sut.cbc_api = cbcloud_api_mock.api
    hash = METADATA_VALID["sha256"]
    cbcloud_api_mock.mock_request("POST", "/ubs/v1/orgs/test/file/_download", {
        "found": [],
        "not_found": [hash],
        "error": []
    })

    components = sut._init_components()

    args = Namespace()
    args.file = None
    args.list = json.dumps([hash])
    sut._analyze_command(args, components)

    assert cbcloud_api_mock._last_request_data is not None
    ensure_not_report(cbcloud_api_mock._last_request_data)
    assert METADATA_VALID["sha256"] not in components[
        "state_manager"].get_previous_hashes(ENGINE_NAME)