def test_misp_domain_ipaddr():
r = MISP()
r.misp = mock.MagicMock()
r.misp.add_domains_ips.return_value = None
r.misp.add_ipdst.return_value = None
r.domain_ipaddr({
"network": {
"domains": [
{
"domain": "foobar",
"ip": "1.2.3.4",
},
{
# TODO Now that we have global whitelisting, this
# custom-made support for the MISP reporting module should
# probably be removed.
"domain": "time.windows.com",
"ip": "1.2.3.4",
},
],
"hosts": [
"2.3.4.5",
"3.4.5.6",
],
},
}, "event")
r.misp.add_domains_ips.assert_called_once_with(
"event", {
"foobar": "1.2.3.4",
},
)
r.misp.add_ipdst.assert_called_once_with(
"event", ["2.3.4.5", "3.4.5.6"],
)
def test_misp_domain_ipaddr():
r = MISP()
r.misp = mock.MagicMock()
r.misp.add_domains_ips.return_value = None
r.misp.add_ipdst.return_value = None
r.domain_ipaddr({
"network": {
"domains": [
{
"domain": "foobar",
"ip": "1.2.3.4",
},
{
# TODO Now that we have global whitelisting, this
# custom-made support for the MISP reporting module should
# probably be removed.
"domain": "time.windows.com",
"ip": "1.2.3.4",
},
],
"hosts": [
"2.3.4.5",
"3.4.5.6",
],
},
}, "event")
r.misp.add_domains_ips.assert_called_once_with(
"event", {
"foobar": "1.2.3.4",
},
)
r.misp.add_ipdst.assert_called_once_with(
"event", ["2.3.4.5", "3.4.5.6"],
)
def test_misp_domain_ipaddr():
set_cwd(tempfile.mkdtemp())
r = MISP()
r.misp = mock.MagicMock()
r.misp.add_domains_ips.return_value = None
r.misp.add_ipdst.return_value = None
r.domain_ipaddr({
"network": {
"domains": [
{
"domain": "foobar",
"ip": "1.2.3.4",
},
{
"domain": "time.windows.com",
"ip": "1.2.3.4",
},
{
"domain": "www.msftncsi.com",
"ip": "95.101.2.42"
}
],
"hosts": [
"2.3.4.5",
"3.4.5.6",
"8.8.8.8"
],
},
}, "event")
r.misp.add_domains_ips.assert_called_once_with(
"event", {
"foobar": "1.2.3.4",
},
)
r.misp.add_ipdst.assert_called_once_with(
"event", ["2.3.4.5", "3.4.5.6"],
)