def test_domain_whois(self):
record_type = RecordType.WR
record_source = RecordSource.WIS
record = {}
record['info_date'] = datetime.datetime.utcnow()
record['info'] = OrderedDict({'domain_name': self.indicator,
'status': 200,
'registrar': "test",
'updated_date': record['info_date'],
'expiration_date': datetime.datetime.utcnow() + datetime.timedelta(hours=-24),
'nameservers': "test",
'contacts': "test"})
save_record(record_type, record_source, record)
# Retrieve records (return value is a ValuesQuerySet).
domain_whois_records = IndicatorRecord.objects.whois_records(self.indicator)
# Validate that each field is included in the record.
# We must loop even though there is only one record because Django gives us a QuerySet.
for record in domain_whois_records:
self.assertTrue("domain_name" in record['info'])
self.assertTrue("status" in record['info'])
self.assertTrue("registrar" in record['info'])
self.assertTrue("updated_date" in record['info'])
self.assertTrue("expiration_date" in record['info'])
self.assertTrue("nameservers" in record['info'])
self.assertTrue("contacts" in record['info'])
self.assertTrue("info_date" in record)
def test_ip_thc(self):
record_type = RecordType.TR
record_source = RecordSource.THR
info = {"info": "test", "ip": self.ip_indicator}
save_record(record_type, record_source, info)
# Retrieve records (return value is a dict).
ip_thc_records = IndicatorRecord.objects.recent_tc(self.ip_indicator)
# Validate that each field is included in the record.
self.assertTrue("info_date" in ip_thc_records)
self.assertTrue("info" in ip_thc_records)
def test_certificate_cen_contents(self):
record_type = RecordType.CE
record_source = RecordSource.CEN
info = {"info": "test", "indicator": self.indicator}
save_record(record_type, record_source, info)
# Retrieve records (return value is a dict.).
certificate_cen_records = IndicatorRecord.objects.recent_cert(
self.indicator)
# Validate that each field is included in the record.
self.assertTrue("info_date" in certificate_cen_records)
self.assertTrue("info" in certificate_cen_records)
def test_make_indicator_search_records(self):
record_type = RecordType.SR
record_source = RecordSource.GSE
info = OrderedDict({"indicator": self.indicator, "results": "test"})
save_record(record_type, record_source, info)
# Retrieve records (return value is QuerySet).
google_records = IndicatorRecord.objects.get_search_records(
self.indicator)
for record in google_records:
self.assertTrue("info" in record)
self.assertTrue("info_date" in record)
self.assertTrue("results" in record['info'])
self.assertTrue("indicator" in record['info'])
def test_ip_whois(self):
record_type = RecordType.WR
record_source = RecordSource.WIS
info = OrderedDict({
'query': self.ip_indicator,
'asn_cidr': 'test',
'asn': 'test',
'asn_registry': 'test',
'asn_country_code': 'test',
'asn_date': 'test',
'referral': 'test',
'nets': 'test'
})
json = save_record(record_type, record_source, info)
# Retrieve records (return value is a QuerySet).]
ip_whois_records = IndicatorRecord.objects.whois_records(
self.ip_indicator)
# Validate that each field is included in the record.
# We must loop even though there is only one record because Django gives us a QuerySet.
for record in ip_whois_records:
self.assertTrue("query" in record['info'])
self.assertTrue("asn" in record['info'])
self.assertTrue("asn_registry" in record['info'])
self.assertTrue("asn_country_code" in record['info'])
self.assertTrue("asn_date" in record['info'])
self.assertTrue("referral" in record['info'])
def test_safebrowsing_retreival(self):
record_type = RecordType.SB
record_source = RecordSource.GSB
info = {"indicator": self.indicator, "statusCode": 204, "body": "OK"}
save_record(record_type, record_source, info)
safebrowsing_records = IndicatorRecord.objects.safebrowsing_record(
self.indicator)
# Validate that each field is included in the record.
# We must loop even though there is only one record because Django gives us a QuerySet.
for record in safebrowsing_records:
self.assertTrue("SB" in record.record_type)
self.assertTrue("GSB" in record.info_source)
# self.assertTrue("info_date" in record)
self.assertTrue("statusCode" in record.info)
self.assertTrue("indicator" in record.info)
self.assertTrue("body" in record.info)
def test_save_record(self):
record_type = RecordType.SB
record_source = RecordSource.GSB
info = "foo"
record = save_record(record_type, record_source, info)
self.assertEqual(record.record_type, record_type.name)
self.assertEqual(record.info_source, record_source.name)
self.assertEqual(info, record.info)
self.assertTrue(hasattr(record, 'info_date'))
def test_save_record(self):
record_type = RecordType.SB
record_source = RecordSource.GSB
info = "foo"
record = save_record(record_type, record_source, info)
self.assertEqual(record.record_type, record_type.name)
self.assertEqual(record.info_source, record_source.name)
self.assertEqual(info, record.info)
self.assertTrue(hasattr(record, 'info_date'))
def test_passive_hosts(self):
record_type = RecordType.HR
record_source = RecordSource.REX
info = OrderedDict({"geo_location": "test",
"https_cert": "test",
"ip": self.ip_indicator,
"domain": "test"})
save_record(record_type, record_source, info)
# Retrieve records (return value is a QuerySet).
ip_hosts_records = IndicatorRecord.objects.host_records(self.ip_indicator)
# Validate that each field is included in the record.
# We must loop even though there is only one record because Django gives us a QuerySet.
for record in ip_hosts_records:
self.assertTrue("HR" in record.record_type)
self.assertTrue("REX" in record.info_source)
self.assertTrue("geo_location" in record.info)
self.assertTrue("domain" in record.info)
self.assertTrue("ip" in record.info)
def test_malware_record_contents(self):
record_type = RecordType.MR
record_source = RecordSource.VTO
info = {"indicator": self.indicator,
"link": "val",
"md5": "val",
"sha1": "val"}
save_record(record_type, record_source, info)
# Retrieve records (return value is a QuerySet).
malware_vto_records = IndicatorRecord.objects.malware_records(self.indicator)
# Validate that each field is included in the record.
# We must loop even though there is only one record because Django gives us a QuerySet.
for record in malware_vto_records:
self.assertTrue("MR" in record.record_type)
self.assertTrue("VTO" in record.info_source)
self.assertTrue("md5" in record.info)
self.assertTrue("sha1" in record.info)
self.assertTrue("indicator" in record.info)
self.assertTrue("link" in record.info)
