Example #1
0
def test_EventCreator_create_duplicate():
    #  Setup tables for this event
    client = boto3.client('dynamodb')
    client.put_item(TableName=os.environ['SOCLESS_DEDUP_TABLE'],
                    Item=dict_to_item(
                        {
                            "dedup_hash": DEDUP_HASH_FOR_MOCK_EVENT,
                            "current_investigation_id": MOCK_INVESTIGATION_ID
                        },
                        convert_root=False))
    client.put_item(TableName=os.environ['SOCLESS_EVENTS_TABLE'],
                    Item=dict_to_item(
                        {
                            "id": MOCK_INVESTIGATION_ID,
                            'investigation_id': "already_running_id",
                            'status_': 'open'
                        },
                        convert_root=False))

    edited_event = deepcopy(MOCK_EVENT)
    edited_event['dedup_keys'] = ['username']

    event = EventCreator(edited_event)
    created_event = event.create()
    assert created_event['is_duplicate'] == True
Example #2
0
def test_deduplicate_is_duplicate_no_investigation_id():
    #  Setup dedup_hash for this event (without investigation id)
    client = boto3.client('dynamodb')
    client.put_item(TableName=os.environ['SOCLESS_DEDUP_TABLE'],
                    Item=dict_to_item(
                        {"dedup_hash": DEDUP_HASH_FOR_MOCK_EVENT},
                        convert_root=False))

    # investigation_id NOT saved in dedup table, not duplicate
    event = EventCreator(MOCK_EVENT)
    event.deduplicate()
    assert event.status_ == 'open'
    assert event.is_duplicate == False
Example #3
0
def test_EventCreator_create():
    event = EventCreator(MOCK_EVENT)

    created_event = event.create()

    #check dedup table
    dedup_table = boto3.resource('dynamodb').Table(
        os.environ['SOCLESS_DEDUP_TABLE'])
    dedup_mapping = dedup_table.get_item(
        Key={'dedup_hash': DEDUP_HASH_FOR_MOCK_EVENT})['Item']

    assert dedup_mapping['current_investigation_id'] == created_event[
        'investigation_id']
    assert event.details == created_event['details']
    assert event.created_at == created_event['created_at']
Example #4
0
def test_EventCreator_dedup_hash_fails_when_dedup_keys_do_not_match_any_details(
):
    edited_mock_event = deepcopy(MOCK_EVENT)
    edited_mock_event['dedup_keys'] = ['invalid_key']

    event = EventCreator(edited_mock_event)
    with pytest.raises(KeyError):
        event.dedup_hash
Example #5
0
def test_EventCreator_init_happy():
    event_details = EventCreator(MOCK_EVENT)

    assert event_details.event_type == MOCK_EVENT['event_type']
    assert event_details.details == MOCK_EVENT['details']
    assert event_details.data_types == {}
    assert event_details.dedup_keys == MOCK_EVENT['dedup_keys']
    assert event_details.event_meta == {}
    assert event_details.playbook == MOCK_EVENT['playbook']
Example #6
0
def test_deduplicate_is_duplicate_status_closed():
    #  Setup tables for this event
    client = boto3.client('dynamodb')
    client.put_item(TableName=os.environ['SOCLESS_DEDUP_TABLE'],
                    Item=dict_to_item(
                        {
                            "dedup_hash": DEDUP_HASH_FOR_MOCK_EVENT,
                            "current_investigation_id": MOCK_INVESTIGATION_ID
                        },
                        convert_root=False))
    client.put_item(TableName=os.environ['SOCLESS_EVENTS_TABLE'],
                    Item=dict_to_item(
                        {
                            "id": MOCK_INVESTIGATION_ID,
                            'investigation_id': "already_running_id",
                            'status_': 'closed'
                        },
                        convert_root=False))

    event = EventCreator(MOCK_EVENT)
    event.deduplicate()
    assert event.is_duplicate == False
    assert event.status_ == 'open'
Example #7
0
def test_EventCreator_init_fails_on_invalid_date_format():
    edited_event_data = deepcopy(MOCK_EVENT)
    edited_event_data['created_at'] = 'bad_date'

    with pytest.raises(Exception):
        event_details = EventCreator(edited_event_data)
Example #8
0
def test_deduplicate_is_unique():
    event = EventCreator(MOCK_EVENT)
    event.deduplicate()
    assert event.status_ == 'open'
    assert event.is_duplicate == False
Example #9
0
def test_deduplicate_unique():
    event = EventCreator(MOCK_EVENT)
    event.deduplicate()
    pass
Example #10
0
def test_EventCreator_dedup_hash_is_correct():
    event = EventCreator(MOCK_EVENT)
    assert event.dedup_hash == DEDUP_HASH_FOR_MOCK_EVENT
Example #11
0
def test_EventCreator_init_fails_when_dedup_keys_not_a_list():
    edited_event_data = deepcopy(MOCK_EVENT)
    edited_event_data['dedup_keys'] = "key_to_dedupe"

    with pytest.raises(Exception):
        event_details = EventCreator(edited_event_data)
Example #12
0
def test_EventCreator_init_fails_on_invalid_playbook():
    edited_event_data = deepcopy(MOCK_EVENT)
    edited_event_data['playbook'] = 1234

    with pytest.raises(Exception):
        event_details = EventCreator(edited_event_data)
Example #13
0
def test_EventCreator_init_fails_on_invalid_event_meta():
    edited_event_data = deepcopy(MOCK_EVENT)
    edited_event_data['event_meta'] = ''

    with pytest.raises(Exception):
        event_details = EventCreator(edited_event_data)
Example #14
0
def test_EventCreator_init_fails_when_details_is_not_dict():
    edited_event_data = deepcopy(MOCK_EVENT)
    edited_event_data['details'] = []

    with pytest.raises(Exception):
        event_details = EventCreator(edited_event_data)