def test_phishtank_urls(): indicators = set() tags = set() from csirtg_fm.clients.http import Client cli = Client(rule, 'urls') cli.cache = decode(cli.cache) cli.cache = 'test/phishtank/feed.json' parser_name = get_type(cli.cache) assert parser_name == 'json' for i in s.process(rule, 'urls', parser_name, cli): if not i: continue assert parse_timestamp(i.reported_at).year > 1980 assert parse_timestamp(i.last_at).year > 1980 assert parse_timestamp(i.first_at).year > 1980 indicators.add(i.indicator) tags.add(i.tags[0]) assert 'http://charlesleonardconstruction.com/irs/confim/index.html' in \ indicators
def test_malwaredomains_urlshorteners(): indicators = set() tags = set() from csirtg_fm.clients.http import Client cli = Client(rule, 'registrars') cli._cache_decode() cli.cache = 'test/malwaredomains/bulk_registrars.txt' parser_name = get_type(cli.cache) assert parser_name == 'pattern' for i in s.process(rule, 'registrars', parser_name, cli, limit=250): if not i: continue assert parse_timestamp(i.reported_at).year > 1980 # assert parse_timestamp(i.last_at).year > 1980 # assert parse_timestamp(i.first_at).year > 1980 indicators.add(i.indicator) tags.add(i.tags[0]) assert 'registrar' in tags assert 'us.pn' in indicators
def test_malwaredomains_botnet(): indicators = set() tags = set() from csirtg_fm.clients.http import Client cli = Client(rule, 'botnet') cli._cache_decode() cli.cache = 'test/malwaredomains/domains.txt' parser_name = get_type(cli.cache) assert parser_name == 'tsv' for i in s.process(rule, 'botnet', parser_name, cli, limit=250): if not i: continue assert parse_timestamp(i.reported_at).year > 1980 # assert parse_timestamp(i.last_at).year > 1980 # assert parse_timestamp(i.first_at).year > 1980 indicators.add(i.indicator) tags.add(i.tags[0]) assert 'botnet' in tags assert 'attack_page' not in tags assert '9virgins.com' in indicators