def test_21_simple(self): """ Scenario: Test 21 envelope extract Given: - Envelope with 19 STIX2 objects - out of them 17 are iocs When: - extract_indicators_from_envelope_and_parse is called Then: - Extract and parse the indicators from the envelope """ expected = CORTEX_17_IOCS_19_OBJS mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, tlp_color='GREEN', objects_to_fetch=[]) actual = mock_client.load_stix_objects_from_envelope( {"indicator": STIX_ENVELOPE_17_IOCS_19_OBJS}, -1) assert len(actual) == 17 assert expected == actual
def test_auth_key(self): """ Scenario: Intialize server with the default option with an auth key Given: - no version is provided to init_server - client is set with `auth_key` and `auth_header` Then: - initialize with v20.Server with _conn.headers set with the auth_header """ mock_auth_header_key = 'mock_auth' mock_username = f'{HEADER_USERNAME}{mock_auth_header_key}' mock_password = '******' mock_client = Taxii2FeedClient( url='', username=mock_username, password=mock_password, collection_to_fetch='', proxies=[], verify=False ) mock_client.init_server() assert isinstance(mock_client.server, v20.Server) assert mock_auth_header_key in mock_client.server._conn.session.headers[0] assert mock_client.server._conn.session.headers[0].get(mock_auth_header_key) == mock_password
def test_21_complex_skipped(self): """ Scenario: Test 21 envelope complex extract with skip Given: - Envelope with 19 STIX2 objects - 14 normal iocs, 3 are complex indicators (x2 iocs), and 2 aren't indicators - skip is True When: - extract_indicators_from_envelope_and_parse is called Then: - Extract and parse the indicators from the envelope with the complex iocs """ expected = CORTEX_COMPLEX_14_IOCS_19_OBJS mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, skip_complex_mode=True, objects_to_fetch=[]) actual = mock_client.load_stix_objects_from_envelope( {"indicator": STIX_ENVELOPE_20_IOCS_19_OBJS}, -1) assert len(actual) == 14 assert actual == expected
def test_21_empty(self): """ Scenario: Test 21 envelope extract Given: - Envelope with 0 STIX2 objects When: - extract_indicators_from_envelope_and_parse is called Then: - Extract and parse the indicators from the envelope """ expected = [] mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, objects_to_fetch=[]) actual = mock_client.load_stix_objects_from_envelope( {"indicator": STIX_ENVELOPE_NO_IOCS}, -1) assert len(actual) == 0 assert expected == actual
def test_21_complex_not_skipped(self): """ Scenario: Test 21 envelope complex extract without skip Given: - Envelope with 19 STIX2 objects - 14 normal iocs, 3 are complex indicators (x2 iocs), and 2 aren't indicators - skip is False When: - extract_indicators_from_envelope_and_parse is called Then: - Extract and parse the indicators from the envelope with the complex iocs """ expected = CORTEX_COMPLEX_20_IOCS_19_OBJS mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False) envelope = STIX_ENVELOPE_20_IOCS_19_OBJS actual = mock_client.extract_indicators_from_envelope_and_parse( envelope) assert len(actual) == 20 assert actual == expected
def test_load_stix_objects_from_envelope_v20(self): """ Scenario: Test loading of STIX objects from envelope for v2.0 Given: - Envelope with indicators, arranged by object type. When: - parse_generator_type_envelope is called (skipping condition from load_stix_objects_from_envelope). Then: - Load and parse objects from the envelope according to their object type and ignore extension-definition objects. """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, objects_to_fetch=[]) objects_envelopes = envelopes_v20 mock_client.id_to_object = id_to_object parse_stix_2_objects = { "indicator": mock_client.parse_indicator, "attack-pattern": mock_client.parse_attack_pattern, "malware": mock_client.parse_malware, "report": mock_client.parse_report, "course-of-action": mock_client.parse_course_of_action, "campaign": mock_client.parse_campaign, "intrusion-set": mock_client.parse_intrusion_set, "tool": mock_client.parse_tool, "threat-actor": mock_client.parse_threat_actor, "infrastructure": mock_client.parse_infrastructure } result = mock_client.parse_generator_type_envelope(objects_envelopes, parse_stix_2_objects) assert mock_client.id_to_object == id_to_object assert result == parsed_objects
def test_update_last_modified_indicator_date(self, last_modifies_client, last_modifies_param, expected_modified_result): """ Scenario: Test updating the last_fetched_indicator__modified field of the client. Given: - A : An empty indicator_modified_str parameter. - B : A client with empty last_fetched_indicator__modified field. - C : A client with a value in last_fetched_indicator__modified and a valid indicator_modified_str parameter. When: - Calling the last_modified_indicator_date function with given parameter. Then: Make sure the right value is updated in the client's last_fetched_indicator__modified field. - A : last_fetched_indicator__modified field remains empty - B : last_fetched_indicator__modified field remains empty - C : last_fetched_indicator__modified receives new value """ mock_client = Taxii2FeedClient( url='', collection_to_fetch='', proxies=[], verify=False, objects_to_fetch=[], ) mock_client.last_fetched_indicator__modified = last_modifies_client mock_client.update_last_modified_indicator_date(last_modifies_param) assert mock_client.last_fetched_indicator__modified == expected_modified_result
def test_load_stix_objects_from_envelope_v21(self): """ Scenario: Test loading of STIX objects from envelope for v2.1 Given: - Envelope with indicators, arranged by object type. When: - load_stix_objects_from_envelope is called Then: - Load and parse objects from the envelope according to their object type and ignore extension-definition objects. """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, objects_to_fetch=[]) objects_envelopes = envelopes_v21 mock_client.id_to_object = id_to_object result = mock_client.load_stix_objects_from_envelope( objects_envelopes, -1) assert mock_client.id_to_object == id_to_object assert result == parsed_objects
def test_v21(self): """ Scenario: Intialize server with v21 Given: - v21 version is provided to init_server Then: - initalize with v21.Server """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False) mock_client.init_server(TAXII_VER_2_1) assert isinstance(mock_client.server, v21.Server)
def test_default_v20(self): """ Scenario: Intialize server with the default option Given: - no version is provided to init_server Then: - initalize with v20.Server """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False) mock_client.init_server() assert isinstance(mock_client.server, v20.Server)
def test_load_stix_objects_from_envelope(self): mock_client = Taxii2FeedClient(url='', collection_to_fetch='', proxies=[], verify=False, objects_to_fetch=[]) objects_envelopes = envelopes mock_client.id_to_object = id_to_object result = mock_client.load_stix_objects_from_envelope( objects_envelopes, -1) assert mock_client.id_to_object == id_to_object assert result == parsed_objects
def test_no_collection_to_fetch(self): """ Scenario: Fail to build iterator when there is no collection to fetch from Given: - Collection to fetch is empty When: - Calling build_iterators Then: - Ensure exception is raised with proper error message """ mock_client = Taxii2FeedClient(url='', collection_to_fetch=None, proxies=[], verify=False) with pytest.raises(DemistoException, match='Could not find a collection to fetch from.'): mock_client.build_iterator()
def test_no_collections_available(self): """ Scenario: Fail to initialize when there is no collection available Given: - collection name is provided via __init__ (title: default) - NO collection is available When - Initializing collection to fetch Then: - Ensure exception is raised with proper error message """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='default', proxies=[], verify=False) with pytest.raises(DemistoException, match="No collection is available for this user"): mock_client.init_collection_to_fetch('not_found')
def test_limit_0_v21(self, mocker): """ Scenario: Call build iterator when limit is 0 and the collection is v21.Collection Given: - Limit is 0 - Collection to fetch is of type v21.Collection When - Initializing collection to fetch Then: - Ensure 0 iocs are returned """ mock_client = Taxii2FeedClient(url='', collection_to_fetch=None, proxies=[], verify=False) mocker.patch.object(mock_client, "collection_to_fetch", spec=v21.Collection) iocs = mock_client.build_iterator(limit=0) assert iocs == []
class TestInitCollectionsToFetch: """ Scenario: Initialize collections to fetch """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='default', proxies=[], verify=False) default_id = 1 nondefault_id = 2 mock_client.collections = [MockCollection(nondefault_id, 'not_default'), MockCollection(default_id, 'default')] def test_default_collection(self): """ Scenario: Initialize with collection name provided in class __init__ Given - collection name is provided via __init__ (title: default) - collection is available When - Initializing collection to fetch Then - Ensure initialized collection to fetch with collection provided in __init__ """ self.mock_client.init_collection_to_fetch() assert self.mock_client.collection_to_fetch.id == self.default_id def test_non_default_collection(self): """ Scenario: Initialize with collection name provided via argument Given: - collection name is provided via argument (title: non_default) - collection is available When - Initializing collection to fetch Then - Ensure initialized collection to fetch with collection provided in argument """ self.mock_client.init_collection_to_fetch('not_default') assert self.mock_client.collection_to_fetch.id == self.nondefault_id def test_collection_not_found(self): """ Scenario: Fail to initialize with a collection that is not available Given: - collection name is provided via argument (title: not_found) - collection is NOT available When - Initializing collection to fetch Then: - Ensure exception is raised with proper error message """ with pytest.raises(DemistoException, match="Could not find the provided Collection name"): self.mock_client.init_collection_to_fetch('not_found') def test_no_collections_available(self): """ Scenario: Fail to initialize when there is no collection available Given: - collection name is provided via __init__ (title: default) - NO collection is available When - Initializing collection to fetch Then: - Ensure exception is raised with proper error message """ mock_client = Taxii2FeedClient(url='', collection_to_fetch='default', proxies=[], verify=False) with pytest.raises(DemistoException, match="No collection is available for this user"): mock_client.init_collection_to_fetch('not_found')