def test_malware_creation():
"""Tests the creation of a single malware."""
mal = Malware(name='Gootkit')
assert mal.id is None
mal = mal.save()
assert isinstance(mal, Malware)
assert mal.id is not None
def populate_malware():
m1 = Malware(name='Gootkit').save()
m1.family = ['banker', 'trojan']
m1.save()
m2 = Malware(name='Sofacy').save()
m2.family = ['trojan']
m2.save()
return [m1, m2]
def populate_malware():
malware = []
m1 = Malware(name='Gootkit', labels=['banker']).save()
malware.append(m1)
m2 = Malware(name='Sofacy', labels=['apt']).save()
malware.append(m2)
m3 = Malware(name='Zeus', labels=['trojan']).save()
malware.append(m3)
return malware
def clean_db():
# pylint: disable=protected-access
# We need to access the collections to make sure they are in the cache
Entity._get_collection()
Malware._get_collection()
Observable._get_collection()
Hostname._get_collection()
Tag._get_collection()
Vocabs._get_collection()
db.clear()
def test_update_malware():
"""Tests that a Malware object is succesfully updated."""
kc_phases = [{'kill_chain_name': 'cyber', 'phase_name': 'cyber1'}]
malware = Malware(name='asd',
labels=['label1'],
description='123',
kill_chain_phases=kc_phases)
malware.save()
modified = malware.modified
stix_id = malware.id
updated = malware.update({'name': 'dsa'})
assert updated.name == 'dsa'
assert updated.description == '123'
assert updated.kill_chain_phases == kc_phases
assert malware.modified > modified
assert updated.id == stix_id
def test_malware_import():
"""Tests the importing the result of MTIRE's TAXII information."""
malware = Malware.from_stix_object(MITRE_MALWARE).save()
# pylint: disable=protected-access
assert malware._stix_object is not None
assert isinstance(malware._stix_object, StixMalware)
assert malware.type == 'malware'
assert malware.id == 'malware--79499993-a8d6-45eb-b343-bf58dea5bdde'
assert malware.created_by_ref == 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5'
assert str(malware.created) == '2018-04-18 17:59:24.739000+00:00'
assert str(malware.modified) == '2018-04-18 17:59:24.739000+00:00'
assert malware.name == 'Briba'
assert malware.description == 'Briba is a trojan used by Elderwood to open a backdoor and download files on to compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Briba May 2012)\n\nAliases: Briba'
assert malware.labels == ['malware']
assert malware.external_references == [
{
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/wiki/Software/S0204',
'external_id': 'S0204'
},
{
'source_name': 'Symantec Elderwood Sept 2012',
'description': 'O\'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.',
'url': 'http://www.symantec.com/content/en/us/enterprise/media/security%20response/whitepapers/the-elderwood-project.pdf'
},
{
'source_name': 'Symantec Briba May 2012',
'description': 'Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.',
'url': 'https://www.symantec.com/security%20response/writeup.jsp?docid=2012-051515-2843-99'
}
]
assert malware.object_marking_refs == ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168']
assert malware.get_extended_property('x_mitre_aliases') == ['Briba']
def test_filter_latest_versions():
"""Tests that filtering only returns latest versions."""
malware1 = Malware(name='malware1', labels=['label1']).save()
Malware(name='malware2', labels=['label1']).save()
malware1.update({'name': 'malware11'})
assert Malware.filter({'name':
'malware1'})[0].modified == malware1.modified
assert len(Malware.filter({'name': 'malware'})) == 2
def test_malware_versionning():
"""Tests that a getting a Malware object returns the most recent version."""
malware = Malware(name='asd', labels=['label1'])
malware.save()
stix_id = malware.id
malware.update({'name': 'dsa'})
fetched = Malware.get(stix_id)
assert fetched.id == stix_id
assert fetched.created < fetched.modified
def populate_malware_large():
malware = []
for i in range(100):
malware.append(
Malware(name=f'Malware{i:03}', labels=['trojan']).save())
return malware
def test_malware_creation():
"""Tests the creation of a single Malware object."""
malware = Malware(name='asd', labels=['label1'])
# pylint: disable=protected-access
assert malware._stix_object is not None
assert isinstance(malware._stix_object, StixMalware)
def test_malformed_malware():
"""Tests that a Malware object missing fields cannot be created."""
with pytest.raises(ValidationError):
Malware(name='asd')
def test_save_malware():
"""Tests that a Malware object missing fields cannot be created."""
malware = Malware(name='asd', labels=['label1'])
saved = malware.save()
assert saved is not None
def test_invalid_malware_family():
"""Tests that malware can't be created with invalid families."""
with pytest.raises(ValidationError):
Malware(name="123", family='asd').save()
def test_malware_fetch():
"""Tests creating a Malware object and saving it."""
mal = Malware(name='Gootkit').save()
fetched_mal = Malware.get(mal.id)
assert isinstance(fetched_mal, Malware)
assert fetched_mal.id == mal.id
def test_malware_attributes():
"""Tests that a created Malware has all needed attributes."""
allitems = Malware.list()
for malware in allitems:
assert hasattr(malware, 'family')
assert isinstance(malware.family, list)
def test_malware_delete():
malware = Malware(name='asd', labels=['label1']).save()
malware.update({'name': 'dsa'})
assert len(Malware.list()) == 1
malware.delete(all_versions=True)
assert not Malware.list()
def test_all_versions():
"""Tests that a updating malware results in two versions."""
malware = Malware(name='asd', labels=['label1']).save()
malware.update({'name': 'dsa'})
assert len(malware.all_versions()) == 2