def test_root_analysis_get_observables_by_type(): amt = AnalysisModuleType("test", "") root = RootAnalysis() observable_1 = root.add_observable("test", "test_1") observable_2 = root.add_observable("test", "test_2") observable_3 = root.add_observable("test_3", "test_3") analysis = observable_3.add_analysis(type=amt) observable_4 = analysis.add_observable("test_4", "test_4") assert root.get_observables_by_type("test") == [observable_1, observable_2] assert root.get_observables_by_type("test_3") == [observable_3] assert root.get_observables_by_type("test_4") == [observable_4] assert root.get_observables_by_type("unknown") == [] assert root.get_observable_by_type("test") in [observable_1, observable_2] assert root.get_observable_by_type("test_3") == observable_3 assert root.get_observable_by_type("test_4") == observable_4 assert root.get_observable_by_type("unknown") is None
async def update_root_analysis(self, root: RootAnalysis) -> bool: assert isinstance(root, RootAnalysis) if root.uuid is None: raise ValueError( f"uuid property of {root} is None in update_root_analysis") get_logger().debug(f"updating root {root} with version {root.version}") if not await self.i_update_root_analysis(root): return False # make sure storage content is tracked to their roots for observable in root.get_observables_by_type("file"): await self.track_content_root(observable.value, root) await self.fire_event(EVENT_ANALYSIS_ROOT_MODIFIED, root) return True
async def track_root_analysis(self, root: RootAnalysis) -> bool: """Inserts or updates the root analysis. Returns True if either operation is successfull.""" assert isinstance(root, RootAnalysis) if root.uuid is None: raise ValueError( f"uuid property of {root} is None in track_root_analysis") get_logger().debug(f"tracking root {root}") if not await self.i_track_root_analysis(root): return await self.update_root_analysis(root) # make sure storage content is tracked to their roots for observable in root.get_observables_by_type("file"): await self.track_content_root(observable.value, root) await self.fire_event(EVENT_ANALYSIS_ROOT_NEW, root) return True