def test_root_analysis_serialization(): root = RootAnalysis( tool="test", tool_instance="test", alert_type="test", desc="test", event_time=datetime.datetime.now(), name="test", analysis_mode="test", queue="test", instructions="test", ) amt = AnalysisModuleType("test", "") observable = root.add_observable("test", "test") analysis = observable.add_analysis(type=amt, details={"test": "test"}) root.add_detection_point("test") new_root = RootAnalysis.from_dict(root.to_dict()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions assert root.detections == new_root.detections # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1 new_root = RootAnalysis.from_json(root.to_json()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1
async def i_update_root_analysis(self, root: RootAnalysis) -> bool: # when we update we also update the version new_version = str(uuid.uuid4()) async with self.get_db() as db: result = await db.execute( update(RootAnalysisTracking).values( version=new_version, json_data=root.to_json(exclude_analysis_details=True) ) # so the version has to match for the update to work .where(and_(RootAnalysisTracking.uuid == root.uuid, RootAnalysisTracking.version == root.version)) ) await db.commit() if result.rowcount == 0: # if the version doesn't match then the update fails return False root.version = new_version return True
async def i_track_root_analysis(self, root: RootAnalysis) -> bool: """Tracks the given root to the given RootAnalysis uuid.""" version = root.version if version is None: version = str(uuid.uuid4()) try: async with self.get_db() as db: await db.execute( insert(RootAnalysisTracking).values( uuid=root.uuid, version=version, json_data=root.to_json(exclude_analysis_details=True) ) ) await db.commit() root.version = version return True except sqlalchemy.exc.IntegrityError: return False