def test_fields_minimum(self): """ Ensure minimum required fields. """ data = self.core() rpt = CbReport(**data) rpt.validate()
def test_fields_all(self): """ Ensure all required fields. """ data = self.core() data['description'] = "The Decription" data['tags'] = ["md5"] rpt = CbReport(**data) rpt.validate()
def test_fields_with_ipv4(self): """ Ensure ipv4 ioc can be added. """ iocs = {'ipv4': ["12.34.56.78"]} data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["ipv4"] rpt = CbReport(**data) rpt.validate()
def test_fields_with_malformed_ipv4(self): """ Ensure invalid ipv4 is caught. """ iocs = {'ipv4': ["Bogus"]} data = self.core(iocs=iocs) data['description'] = "The Decription" with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Malformed IPv4 addr" in "{0}".format(err.exception.args[0])
def test_fields_with_short_sha256(self): """ Ensure short sha256 is caught. """ iocs = {'sha256': ["11111111112222222222"]} data = self.core(iocs=iocs) data['description'] = "The Decription" with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Invalid sha256 length" in "{0}".format(err.exception.args[0])
def test_fields_with_long_md5(self): """ Ensure long md5 is caught. """ iocs = {'md5': ["1111111111222222222233333333334444444444"]} data = self.core(iocs=iocs) data['description'] = "The Decription" with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Invalid md5 length" in "{0}".format(err.exception.args[0])
def test_fields_with_query_bogus_query(self): """ Ensure query with missing query is caught. """ iocs = {'query': [{'index_type': "events", 'search_query': "BOGUS"}]} data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["query"] with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Query IOC for report RepId1 missing q= on query" in "{0}".format( err.exception.args[0])
def test_fields_with_query_missing_index_type(self): """ Ensure query with missing index type is caught. """ iocs = {'query': [{'search_query': "cb.q.commandline=foo.txt"}]} data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["query"] with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Query IOC section for report 'RepId1' missing index_type" in "{0}".format( err.exception.args[0])
def test_fields_all_required_only(self): """ Ensure all required fields. """ data = self.core() data['description'] = "The Decription" data['tags'] = ["md5"] rpt = CbReport(**data) rpt.validate() with self.assertRaises(CbInvalidReport) as err: rpt.validate(pedantic=True) assert "Report contains non-required key 'description'" in "{0}".format( err.exception.args[0])
def test_fields_with_sha256(self): """ Ensure sha256 ioc can be added. """ iocs = { 'sha256': [ "0000000000111111111122222222223333333333444444444455555555556666" ] } data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["sha256"] rpt = CbReport(**data) rpt.validate()
def test_fields_with_query(self): """ Ensure query ioc can be added. """ iocs = { 'query': [{ 'index_type': "events", 'search_query': "cb.q.commandline=foo.txt" }] } data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["query"] rpt = CbReport(**data) rpt.validate()
def test_fields_with_query_invalid_index_type(self): """ Ensure query with bogus index type is caught. """ iocs = { 'query': [{ 'index_type': "BOGUS", 'search_query': "cb.q.commandline=foo.txt" }] } data = self.core(iocs=iocs) data['description'] = "The Decription" data['tags'] = ["query"] with self.assertRaises(CbInvalidReport) as err: rpt = CbReport(**data) rpt.validate() assert "Report IOCs section for 'query' contains invalid index_type: BOGUS" in "{0}".format( err.exception.args[0])