def test_fetch_indicators_main_command_call_use_cyjax_tlp(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com',
'use_cyjax_tlp': True,
'tlp_color': 'AMBER'
})
last_fetch = datetime(2020, 12, 27, 15, 45)
last_fetch_timestamp = int(last_fetch.timestamp())
mocker.patch.object(
demisto,
'getIntegrationContext',
return_value={INDICATORS_LAST_FETCH_KEY: last_fetch_timestamp})
cyjax_indicator = mocked_indicators
expected_indicators = [convert_cyjax_indicator(cyjax_indicator[1])]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=[cyjax_indicator[1]])
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'createIndicators')
mocker.patch.object(demisto, 'setIntegrationContext')
main()
assert demisto.createIndicators.call_count == 1
assert demisto.setIntegrationContext.call_count == 1
demisto.createIndicators.assert_called_with(expected_indicators)
assert 'GREEN' == expected_indicators[0]['fields']['trafficlightprotocol']
def test_fetch_indicators_main_command_call_no_new_indicators(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com'
})
last_fetch = datetime(2020, 12, 27, 15, 45)
last_fetch_timestamp = int(last_fetch.timestamp())
mocker.patch.object(
demisto,
'getIntegrationContext',
return_value={INDICATORS_LAST_FETCH_KEY: last_fetch_timestamp})
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=[])
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'createIndicators')
mocker.patch.object(demisto, 'setIntegrationContext')
main()
assert demisto.createIndicators.call_count == 0
assert demisto.setIntegrationContext.call_count == 0
demisto.createIndicators.assert_not_called()
demisto.setIntegrationContext.assert_not_called()
def test_test_module_main_command_call_invalid_api_key(mocker):
mocker.patch.object(demisto, 'command', return_value='test-module')
mocker.patch.object(demisto, 'results')
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise',
side_effect=UnauthorizedException())
main()
assert demisto.results.call_count == 1
assert demisto.results.call_args[0][
0] == 'Could not connect to Cyjax API (Unauthorized)'
def test_get_indicators_main_command_call_no_new_indicators(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com'
})
mocker.patch.object(demisto,
'getIntegrationContext',
return_value={
INDICATORS_LAST_FETCH_KEY:
int(datetime(2020, 12, 27, 15, 45).timestamp())
})
cyjax_indicator = mocked_indicators
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
mocker.patch.object(demisto,
'command',
return_value='cyjax-get-indicators')
mocker.patch.object(demisto, 'results')
main()
assert demisto.results.call_count == 1
result = demisto.results.call_args[0][0]
assert isinstance(result, dict)
assert 'Type' in result
assert 'ContentsFormat' in result
assert 'Contents' in result
assert 'ReadableContentsFormat' in result
assert 'HumanReadable' in result
assert 'EntryContext' in result
assert EntryType.NOTE == result.get('Type')
assert EntryFormat.JSON == result.get('ContentsFormat')
assert EntryFormat.MARKDOWN == result.get('ReadableContentsFormat')
assert expected_indicators == result.get('Contents')
def test_test_module_main_command_call(mocker):
ioc_mock = mocker.MagicMock()
ioc_mock.list.return_value = []
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise',
return_value=ioc_mock)
mocker.patch.object(demisto, 'command', return_value='test-module')
mocker.patch.object(demisto, 'results')
main()
assert demisto.results.call_count == 1
assert demisto.results.call_args[0][0] == 'ok'
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise',
side_effect=Exception('Server not responding'))
main()
assert demisto.results.call_count == 2
assert demisto.results.call_args[0][
0] == 'Could not connect to Cyjax API (Server not responding)'
def test_unset_indicators_last_fetch_date_main_command_call(mocker):
mocker.patch.object(demisto,
'getIntegrationContext',
return_value={
INDICATORS_LAST_FETCH_KEY: 1640988032,
'Something': 'Else'
})
assert demisto.getIntegrationContext() == {
INDICATORS_LAST_FETCH_KEY: 1640988032,
'Something': 'Else'
}
mocker.patch.object(demisto,
'command',
return_value='cyjax-unset-indicators-last-fetch-date')
mocker.patch.object(demisto, 'results')
main()
assert demisto.results.call_count == 1
assert demisto.getIntegrationContext() == {'Something': 'Else'}
def test_indicators_sigthing_main_command_call(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com'
})
mocker.patch.object(demisto,
'args',
return_value={
'value': '236.516.247.352',
})
mocked_response = mocked_enrichment
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.enrichment',
return_value=mocked_response)
mocker.patch.object(demisto,
'command',
return_value='cyjax-indicator-sighting')
mocker.patch.object(demisto, 'results')
main()
assert demisto.results.call_count == 1
result = demisto.results.call_args[0][0]
assert isinstance(result, dict)
assert 'Type' in result
assert 'ContentsFormat' in result
assert 'Contents' in result
assert 'ReadableContentsFormat' in result
assert 'HumanReadable' in result
assert 'EntryContext' in result
assert EntryType.NOTE == result.get('Type')
assert EntryFormat.JSON == result.get('ContentsFormat')
assert EntryFormat.MARKDOWN == result.get('ReadableContentsFormat')
expected_sightings = mocked_response.get('sightings')
assert expected_sightings == result.get('Contents')
def test_fetch_indicators_main_command_call(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com',
'use_cyjax_tlp': True
})
last_fetch = datetime(2020, 12, 27, 15, 45)
last_fetch_timestamp = int(last_fetch.timestamp())
mocker.patch.object(
demisto,
'getIntegrationContext',
return_value={INDICATORS_LAST_FETCH_KEY: last_fetch_timestamp})
cyjax_indicator = mocked_indicators
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'createIndicators')
mocker.patch.object(demisto, 'setIntegrationContext')
main()
assert demisto.createIndicators.call_count == 1
assert demisto.setIntegrationContext.call_count == 1
demisto.createIndicators.assert_called_with(expected_indicators)
demisto.setIntegrationContext.assert_called_with(
{'last_fetch': 1640988032})