def test_check_hashes(self, capsys):
instance = misp.MISP()
instance.command_line = [
'--url', url, '-k', apikey, '-v', 'create_event', '-i',
'Viper test event - check hashes'
]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Session opened on MISP event.*", out)
event_id = re.findall(r".*Session opened on MISP event (.*)\..*",
out)[0]
instance.command_line = [
'--url', url, '-k', apikey, '-v', 'add', 'sha1',
'afeee8b4acff87bc469a6f0364a81ae5d60a2add'
]
instance.run()
out, err = capsys.readouterr()
assert re.search(rf".*Session on MISP event {event_id} refreshed.*",
out)
__config__.virustotal.virustotal_key = vt_key
instance.command_line = [
'--url', url, '-k', apikey, 'check_hashes', '-p'
]
instance.run()
out, err = capsys.readouterr()
# print(out, err)
assert re.search(r".*Sample available in VT.*", out)
def test_run_short_help(self, capsys):
instance = misp.MISP()
instance.set_commandline(["-h"])
instance.run()
out, err = capsys.readouterr()
assert re.search(r"^usage:.*", out)
def test_tag_details(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'tag', '-d', 'circl']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Denial of Service | denial-of-service.*", out)
def test_tag_list(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'tag', '--list']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*CIRCL Taxonomy.*", out)
def test_run_invalid_option(self, capsys):
instance = misp.MISP()
instance.set_commandline(["invalid"])
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*argument subname: invalid choice: 'invalid'.*",
out)
def test_galaxies_list(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'galaxies', '--list']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*microsoft-activity-group.*", out)
def test_galaxies_list_cluster(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'galaxies', '-d', 'rat']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*BlackNix.*", out)
def test_galaxies_search(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'galaxies', '--search', 'foo']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Foozer.*", out)
def test_tag_search(self, capsys):
instance = misp.MISP()
instance.command_line = ['--off', 'tag', '-s', 'ciRcl']
instance.run()
out, err = capsys.readouterr()
assert re.search(
r".*circl:incident-classification=\"system-compromise\".*", out)
def test_galaxies_list_cluster_value(self, capsys):
instance = misp.MISP()
instance.command_line = [
'--off', 'galaxies', '-d', 'rat', '-v', 'BlackNix'
]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*leakforums.net.*", out)
def test_create_event(self, capsys):
instance = misp.MISP()
instance.command_line = [
'--url', url, '-k', apikey, '-v', 'create_event', '-i',
'Viper test event'
]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Session opened on MISP event.*", out)
event_id = re.findall(r".*Session opened on MISP event (.*)\..*",
out)[0]
instance.command_line = [
'--url', url, '-k', apikey, '-v', 'add', 'ip-dst', '8.8.8.8'
]
instance.run()
out, err = capsys.readouterr()
assert re.search(rf".*Session on MISP event {event_id} refreshed.*",
out)
instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*ip-dst | 8.8.8.8.*", out)
__sessions__.new(os.path.join(FIXTURE_DIR, 'chromeinstall-8u31.exe'))
instance.command_line = ['add_hashes']
instance.run()
instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
instance.run()
out, err = capsys.readouterr()
assert re.search(rf".*Session on MISP event {event_id} refreshed.*",
out)
def test_args_exception(self):
instance = misp.MISP()
with pytest.raises(ArgumentErrorCallback) as excinfo:
instance.parser.parse_args(["-h"])
excinfo.match(r".*Upload and query IOCs to/from a MISP instance*")
def test_init(self):
instance = misp.MISP()
assert isinstance(instance, misp.MISP)
assert isinstance(instance, Module)
