Example #1
0
def test_reliability(mocker):
    import AutofocusV2
    import CommonServerPython
    from CommonServerPython import DBotScoreReliability
    mock_data = {
        'indicator': {
            'indicatorValue': '1.1.1.1',
            'indicatorType': 'IPV4_ADDRESS',
            'summaryGenerationTs': 1616340557369,
            'firstSeenTsGlobal': None,
            'lastSeenTsGlobal': None,
            'latestPanVerdicts': {
                'Test': 'test'
            },
            'seenByDataSourceIds': [],
            'wildfireRelatedSampleVerdictCounts': {}
        },
        'tags': [],
    }
    mocker.patch.object(AutofocusV2,
                        'search_indicator',
                        return_value=mock_data)
    mocked_dbot = mocker.patch.object(CommonServerPython.Common, 'DBotScore')
    mocker.patch.object(CommonServerPython.Common, 'IP')
    AutofocusV2.search_ip_command('1.1.1.1', DBotScoreReliability.B)
    assert mocked_dbot.call_args[1].get(
        'reliability') == 'B - Usually reliable'
Example #2
0
def test_connection_error(mocker):
    import AutofocusV2

    RETURN_ERROR_TARGET = 'AutofocusV2.return_error'
    BASE_URL = 'https://autofocus.paloaltonetworks.com/api/v1.0'

    return_error_mock = mocker.patch(RETURN_ERROR_TARGET, side_effect=sys.exit)

    with requests_mock.Mocker() as m:
        m.get(f'{BASE_URL}/tic', exc=requests.exceptions.ConnectionError)

        with pytest.raises(SystemExit):
            AutofocusV2.search_indicator('ip', '8.8.8.8')
        assert 'Error connecting to server. Check your URL/Proxy/Certificate settings' \
               in return_error_mock.call_args[0][0]
Example #3
0
def test_tag_details(mocker):
    """

     Given:
         - The response from calling the command tag_details.
     When:
         - When the user uses 'autofocus-tag-details' for a given tag.
     Then:
         - The fields are being parsed properly in to context.

     """
    import AutofocusV2
    mocker.patch.object(demisto, 'args', return_value={'tag_name': 'Anon015b57.MYNEWTAGNAME'})
    mocker.patch.object(AutofocusV2, 'autofocus_tag_details', return_value=TAGS_DETAILS_RES)
    mocker.patch.object(demisto, 'results')
    AutofocusV2.tag_details_command()
    assert demisto.results.call_args[0][0] == util_load_json('test_data/teg_details_command_outputs.json')
Example #4
0
def test_get_tags_for_generic_context():
    """

     Given:
         - The 'Tags' values returned from the API for a given file.
     When:
         - When the user uses 'file' command.
     Then:
         - Only specific keys should be parsed in to context - 'TagGroups.TagGroupName', 'Aliases', 'PublicTagName',
          'TagName'.

     """
    import AutofocusV2
    assert AutofocusV2.get_tags_for_generic_context(TAGS_FROM_FILE_RES) == TAGS_FOR_GENERIC_CONTEXT_OUTPUT
Example #5
0
def test_get_tags_for_tags_and_malware_family_fields():
    """

     Given:
         - The 'Tags' values returned from the API for a given response.
     When:
         - When the user uses 'file' 'ip' 'domain' or 'url' commands.
     Then:
         - Only specific tags should be parsed in to context.

     """
    import AutofocusV2
    tags = AutofocusV2.get_tags_for_tags_and_malware_family_fields(TAGS_FROM_RESPONSE)
    tags.sort()
    assert tags == ['Bladabindi', 'NJRat', 'NanoCoreRAT', 'RemoteAccessTrojan', 'Unit42.NJRat', 'Unit42.NanoCoreRAT']