def test_file_category_choices_returns_valid_attributes():
choices = FileCategory.choices()
valid_set = {
"Audio",
"Document",
"Executable",
"Image",
"Pdf",
"Presentation",
"Script",
"SourceCode",
"Spreadsheet",
"Video",
"VirtualDiskImage",
"Archive",
}
assert set(choices) == valid_set
def test_file_category_choices_returns_valid_attributes():
choices = FileCategory.choices()
valid_set = {
"AUDIO",
"DOCUMENT",
"EXECUTABLE",
"IMAGE",
"PDF",
"PRESENTATION",
"SCRIPT",
"SOURCE_CODE",
"SPREADSHEET",
"VIDEO",
"VIRTUAL_DISK_IMAGE",
"ARCHIVE",
}
assert set(choices) == valid_set
callback=searchopt.is_in_filter(f.FileName),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help="Limits events to file events where the file has one of these names.",
)
file_path_option = click.option(
"--file-path",
multiple=True,
callback=searchopt.is_in_filter(f.FilePath),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help=
"Limits events to file events where the file is located at one of these paths. Applies to endpoint file events only.",
)
file_category_option = click.option(
"--file-category",
multiple=True,
type=click.Choice(list(FileCategory.choices())),
callback=searchopt.is_in_filter(f.FileCategory),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help=
"Limits events to file events where the file can be classified by one of these categories.",
)
process_owner_option = click.option(
"--process-owner",
multiple=True,
callback=searchopt.is_in_filter(f.ProcessOwner),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help=
"Limits exposure events by process owner, as reported by the device’s operating system. "
"Applies only to `Printed` and `Browser or app read` events.",
)
tab_url_option = click.option(
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help="Limits events to file events where the file has one of these names.",
)
file_path_option = click.option(
"--file-path",
multiple=True,
callback=searchopt.is_in_filter(f.FilePath),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help=
"Limits events to file events where the file is located at one of these paths. Applies to endpoint file events only.",
)
file_category_option = click.option(
"--file-category",
multiple=True,
type=MapChoice(
choices=list(FileCategory.choices()),
extras_map={
"AUDIO": FileCategory.AUDIO,
"DOCUMENT": FileCategory.DOCUMENT,
"EXECUTABLE": FileCategory.EXECUTABLE,
"IMAGE": FileCategory.IMAGE,
"PDF": FileCategory.PDF,
"PRESENTATION": FileCategory.PRESENTATION,
"SCRIPT": FileCategory.SCRIPT,
"SOURCE_CODE": FileCategory.SOURCE_CODE,
"SPREADSHEET": FileCategory.SPREADSHEET,
"VIDEO": FileCategory.VIDEO,
"VIRTUAL_DISK_IMAGE": FileCategory.VIRTUAL_DISK_IMAGE,
"ARCHIVE": FileCategory.ZIP,
"ZIP": FileCategory.ZIP,
"Zip": FileCategory.ZIP,
def test_file_category_not_in_str_gives_correct_json_representation():
items = [FileCategory.EXECUTABLE, FileCategory.IMAGE, FileCategory.PDF]
_filter = FileCategory.not_in(items)
expected = NOT_IN.format("fileCategory", *items)
assert str(_filter) == expected
def test_file_category_not_eq_str_gives_correct_json_representation():
_filter = FileCategory.not_eq(FileCategory.DOCUMENT)
expected = IS_NOT.format("fileCategory", "Document")
assert str(_filter) == expected
def test_file_category_eq_str_gives_correct_json_representation():
_filter = FileCategory.eq(FileCategory.AUDIO)
expected = IS.format("fileCategory", "Audio")
assert str(_filter) == expected
def test_file_category_not_in_str_gives_correct_json_representation():
items = ["category1", "category2", "category3"]
_filter = FileCategory.not_in(items)
expected = NOT_IN.format("fileCategory", *items)
assert str(_filter) == expected
