def test_argToList(): expected = ['a', 'b', 'c'] test1 = ['a', 'b', 'c'] test2 = 'a,b,c' test3 = '["a","b","c"]' test4 = 'a;b;c' results = [argToList(test1), argToList(test2), argToList(test2, ','), argToList(test3), argToList(test4, ';')] for result in results: assert expected == result, 'argToList test failed, {} is not equal to {}'.format(str(result), str(expected))
def test_pentera_operation_to_incident(): full_action_report = argToList(MOCK_PARSED_FULL_ACTION_REPORT) custom_fields_output = 'penteraoperationdetails' context_key = 'PenteraIncidents' entries = pentera_operation_to_incident(full_action_report, custom_fields_output, context_key) assert entries[0] == '### Map Pentera Operation to Incident'
def test_url_command_success(mocker, requests_mock): """ Given: - A valid testing url (https://vt_is_awesome.com/uts) When: - Running the !url command Then: - Validate the command results are valid and contains metric data """ from VirusTotalV3 import url_command, ScoreCalculator, Client import CommonServerPython # Setup Mocks mocker.patch.object(demisto, 'args', return_value={ 'url': 'https://vt_is_awesome.com/uts', 'extended_data': 'false' }) mocker.patch.object(demisto, 'params', return_value=DEFAULT_PARAMS) mocker.patch.object(CommonServerPython, 'is_demisto_version_ge', return_value=True) # Assign arguments testing_url = 'https://vt_is_awesome.com/uts' params = demisto.params() mocked_score_calculator = ScoreCalculator(params=params) url_relationships = (','.join(argToList( params.get('url_relationships')))).replace('* ', '').replace(" ", "_") client = Client(params=params) # Load assertions and mocked request data mock_response = util_load_json('test_data/url.json') expected_results = util_load_json('test_data/url_results.json') requests_mock.get( f'https://www.virustotal.com/api/v3/urls/{encode_url_to_base64(testing_url)}' f'?relationships={url_relationships}', json=mock_response) # Run command and collect result array results = url_command(client=client, score_calculator=mocked_score_calculator, args=demisto.args(), relationships=url_relationships) assert results[1].execution_metrics == [{ 'APICallsCount': 1, 'Type': 'Successful' }] assert results[0].execution_metrics is None assert results[0].outputs == expected_results
def test_multiple_cve(cve_id_arg, response_data, expected, requests_mock): """ Given: a multiple or single CVE to fetch. When: cve_command is being called. Then: return a List of commandResults - each item representing a CVE. """ cves = argToList(cve_id_arg.get('cve_id')) for test_file, cve in zip(response_data, cves): test_path_data = os.path.join(os.getcwd(), 'test_data', test_file) with open(test_path_data) as js: response = json.load(js) url_for_mock = os.path.join('https://cve.circl.lu/api/cve', cve) requests_mock.get(url_for_mock, json=response) client = Client(base_url=BASE_URL) command_results = cve_command(client, cve_id_arg) assert len(command_results) == expected
def test_get_indicators_command_by_risk_rules(mocker, indicator_type, risk_rules, build_iterator_answer, value, type): """ Given: - Recorded Future Feed client initialized with a 'ConnectApi' service, and a: 1. URL indicator type, and a valid risk rule. 2. URL indicator type, and a comma separated list of two valid risk rules. 3. IP indicator type, and a comma separated list of three valid risk rules. - Mock response of the fetched indicators When: - Running the 'get_indicators_command' Then: - Verify the raw response and the human readable output of the command are correct, and include fetched indicators of all the defined risk rules. """ client = Client(indicator_type=indicator_type, api_token='123', risk_rule=risk_rules, services=['ConnectApi']) args = {'indicator_type': indicator_type, 'limit': 1} mocker.patch('FeedRecordedFuture.Client.build_iterator') mocker.patch('FeedRecordedFuture.Client.get_batches_from_file', return_value=build_iterator_answer) hr, _, entry_results = get_indicators_command(client, args) risk_rules_list = argToList(risk_rules) for rule in risk_rules_list: assert f'Indicators from RecordedFuture Feed for {rule} risk rule' in hr, \ f"human readable output doesn't contain indicators from risk rule {rule}" for entry in entry_results: assert entry.get('Value', '') == value assert entry.get('Type', '') == type