def test_url_not_found():
"""
Given:
- an URL
When:
- running url command and validate whether the url is malicious
Then:
- return command results with context indicate that no results were found
"""
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
status_code = 200
json_data = {'total_size': 0, 'page': 1, 'page_size': 25, 'more': False}
expected_output = "No results were found for url http://www.malware.com"
url_to_check = {'url': 'http://www.malware.com'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['threatindicator'])
doc_search_client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['document'])
fundamental_client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['fundamental'])
results = url_command(client, url_to_check, DBotScoreReliability.B,
doc_search_client, fundamental_client)
output = results[0].to_context().get('HumanReadable')
assert expected_output in output
def test_url_command():
"""
Given:
- url
When:
- running url command and validate whether the url is malicious
Then:
- return command results containing indicator, dbotscore and associated intelligence alerts, reports
"""
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
status_code = 200
json_data = URL_RES_JSON
intel_json_data = URL_INTEL_JSON
expected_output = {
'URL': [{
'Data': 'http://www.malware.com'
}],
'DBOTSCORE': [{
'Indicator': 'http://www.malware.com',
'Type': 'url',
'Vendor': 'iDefense',
'Score': 2,
'Reliability': 'B - Usually reliable'
}]
}
url_to_check = {'url': 'http://www.malware.com'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
m.get(doc_url, status_code=status_code, json=intel_json_data)
client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['threatindicator'])
doc_search_client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['document'])
fundamental_client = Client(API_URL, 'api_token', True, False,
ENDPOINTS['fundamental'])
results = url_command(client, url_to_check, DBotScoreReliability.B,
doc_search_client, fundamental_client)
context_result = results[0].to_context()
output = results[0].to_context().get('EntryContext', {})
assert output.get('URL(val.Data && val.Data == obj.Data)',
[]) == expected_output.get('URL')
assert output.get(DBOT_KEY, []) == expected_output.get('DBOTSCORE')
assert _is_intelligence_data_present_in_command_result(
context_result, intel_json_data) is True
def test_url_command_when_api_key_not_authorized_for_document_search():
"""
Given:
- a url and api key not authorized for doc search
When:
- running url command and validate whether the url is malicious
Then:
- return command results containing indicator, dbotscore and NO associated intelligence alerts, reports
"""
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
status_code = 200
error_status_code = 403
json_data = URL_RES_JSON
doc_search_exception_response = {'timestamp': '2021-11-12T09:09:27.983Z', 'status': 403,
'error': 'Forbidden', 'message': 'Forbidden', 'path': '/rest/document/v0'}
expected_output = {
'URL': [{'Data': 'http://www.malware.com'}],
'DBOTSCORE': [{'Indicator': 'http://www.malware.com', 'Type': 'url', 'Vendor': 'iDefense',
'Score': 2, 'Reliability': 'B - Usually reliable'}]}
url_to_check = {'url': 'http://www.malware.com'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
m.get(doc_url, status_code=error_status_code, json=doc_search_exception_response)
client = Client(API_URL, 'api_token', True, False, ENDPOINTS['threatindicator'])
doc_search_client = Client(API_URL, 'api_token', True, False, ENDPOINTS['document'])
results = url_command(client, url_to_check, DBotScoreReliability.B, doc_search_client)
context_result = results[0].to_context()
content = context_result['HumanReadable']
output = context_result.get('EntryContext', {})
assert output.get('URL(val.Data && val.Data == obj.Data)', []) == expected_output.get('URL')
assert output.get(DBOT_KEY, []) == expected_output.get('DBOTSCORE')
assert 'Intelligence Alerts' not in content
assert 'Intelligence Reports' not in content