def test_fetch_indicators_command(mocker): """ Given - fetch incidents command - command args - command raw response When - mock the Client's get_stix_objects. Then - run the fetch incidents command using the Client Validate the amount of indicators fetched Validate that the dummy indicator with the relationships list fetched """ def mock_get_stix_objects(test, **kwargs): type_ = kwargs.get('type') client.objects_data[type_] = TYPE_TO_RESPONSE[type_] client = Client(api_key='1234', verify=False) mocker.patch.object(client, 'fetch_stix_objects_from_api', side_effect=mock_get_stix_objects) indicators = fetch_indicators(client, create_relationships=True) assert len(indicators) == 17 assert DUMMY_INDICATOR_WITH_RELATIONSHIP_LIST in indicators
def test_feed_tags_param(mocker): """ Given - fetch incidents command - command args - command raw response When - mock the feed tags param. - mock the Client's get_stix_objects. Then - run the fetch incidents command using the Client Validate The value of the tags field. """ def mock_get_stix_objects(test, **kwargs): type_ = kwargs.get('type') client.objects_data[type_] = TYPE_TO_RESPONSE[type_] client = Client(api_key='1234', verify=False) mocker.patch.object(client, 'fetch_stix_objects_from_api', side_effect=mock_get_stix_objects) indicators = fetch_indicators(client, ['test_tag']) assert set(indicators[0].get('fields').get('tags')) == { 'malicious-activity', 'test_tag' }
def test_fetch_indicators_fails_on_invalid_attack_pattern_structure(mocker): """ Given - Invalid attack pattern indicator structure When - fetching indicators Then - DemistoException is raised. """ def mock_get_stix_objects(test, **kwargs): type_ = kwargs.get('type') client.objects_data[type_] = TYPE_TO_RESPONSE_WIITH_INVALID_ATTACK_PATTERN_DATA[type_] client = Client(api_key='1234', verify=False) mocker.patch.object(client, 'fetch_stix_objects_from_api', side_effect=mock_get_stix_objects) with pytest.raises(DemistoException, match=r"Failed parsing attack indicator"): fetch_indicators(client, create_relationships=True)