Esempio n. 1
0
def test_build_iterator_with_version_6_2_0(mocker):
    """
    Given
    - server version 6.2.0

    When
    - Running build_iterator method.

    Then
    - Ensure that the no_update value is True
    - Request is called without headers "If-None-Match" and "If-Modified-Since"
    """
    mocker.patch.object(demisto, 'debug')
    mocker.patch('CommonServerPython.get_demisto_version', return_value={"version": "6.2.0"})

    with requests_mock.Mocker() as m:
        m.get('https://api.github.com/meta', status_code=304)

        client = Client(
            url='https://api.github.com/meta',
            headers={}
        )
        result = client.build_iterator()
        assert result[0]['https://api.github.com/meta']['no_update']
        assert list(result[0]['https://api.github.com/meta']['result']) == []
        assert 'If-None-Match' not in client.headers
        assert 'If-Modified-Since' not in client.headers
Esempio n. 2
0
def test_build_iterator_not_modified_header(mocker):
    """
    Given
    - response with status code 304(Not Modified)

    When
    - Running build_iterator method.

    Then
    - Ensure that the results are empty and No_update value is True.
    """
    mocker.patch.object(demisto, 'debug')
    mocker.patch('CommonServerPython.get_demisto_version', return_value={"version": "6.5.0"})
    with requests_mock.Mocker() as m:
        m.get('https://api.github.com/meta', status_code=304)

        client = Client(
            url='https://api.github.com/meta'
        )
        result = client.build_iterator()
        assert result
        assert result[0]['https://api.github.com/meta']
        assert list(result[0]['https://api.github.com/meta']['result']) == []
        assert result[0]['https://api.github.com/meta']['no_update']
        assert demisto.debug.call_args[0][0] == 'No new indicators fetched, ' \
                                                'createIndicators will be executed with noUpdate=True.'
def test_get_feed_config():
    custom_fields_mapping = {
        "old_field1": "new_field1",
        "old_field2": "new_field2"
    }
    client = Client(url="https://www.spamhaus.org/drop/asndrop.txt",
                    feed_url_to_config="some_stuff",
                    custom_fields_mapping=custom_fields_mapping)
    # Check that if an empty .get_feed_config is called, an empty dict returned
    assert {} == client.get_feed_config()
def test_custom_fields_creator():
    custom_fields_mapping = {
        "old_field1": "new_field1",
        "old_field2": "new_field2"
    }
    client = Client(url="https://www.spamhaus.org/drop/asndrop.txt",
                    feed_url_to_config="some_stuff",
                    custom_fields_mapping=custom_fields_mapping)

    attributes = {'old_field1': "value1", 'old_field2': "value2"}

    custom_fields = client.custom_fields_creator(attributes)

    assert custom_fields.get('new_field1') == "value1"
    assert custom_fields.get('new_field2') == "value2"
    assert "old_field1" not in custom_fields.keys()
    assert "old_filed2" not in custom_fields.keys()
Esempio n. 5
0
def test_get_indicators():
    with open('test_data/asn_ranges.txt') as asn_ranges_txt:
        asn_ranges = asn_ranges_txt.read().encode('utf8')

    with requests_mock.Mocker() as m:
        itype = 'ASN'
        args = {
            'indicator_type': itype,
            'limit': 35
        }
        feed_type = {
            'https://www.spamhaus.org/drop/asndrop.txt': {
                'indicator_type': 'ASN',
                'indicator': {
                    'regex': '^AS[0-9]+'
                },
                'fields': [
                    {
                        'asndrop_country': {
                            'regex': r'^.*;\W([a-zA-Z]+)\W+',
                            'transform': r'\1'
                        }
                    },
                    {
                        'asndrop_org': {
                            'regex': r'^.*\|\W+(.*)',
                            'transform': r'\1'
                        }
                    }
                ]
            }
        }
        m.get('https://www.spamhaus.org/drop/asndrop.txt', content=asn_ranges)
        client = Client(
            url="https://www.spamhaus.org/drop/asndrop.txt",
            source_name='spamhaus',
            ignore_regex='^;.*',
            feed_url_to_config=feed_type
        )
        args['indicator_type'] = 'ASN'
        _, _, raw_json = get_indicators_command(client, args)
        for ind_json in raw_json:
            ind_val = ind_json.get('value')
            ind_type = ind_json.get('type')
            ind_rawjson = ind_json.get('rawJSON')
            assert ind_val
            assert ind_type == itype
            assert ind_rawjson['value'] == ind_val
            assert ind_rawjson['type'] == ind_type
Esempio n. 6
0
def test_get_indicators_json_params():
    with open('test_data/asn_ranges.txt') as asn_ranges_txt:
        asn_ranges = asn_ranges_txt.read().encode('utf8')

    with requests_mock.Mocker() as m:
        itype = 'ASN'
        args = {
            'indicator_type': itype,
            'limit': 35
        }
        indicator_json = '''
        {
            "regex": "^AS[0-9]+"
        }
        '''
        fields_json = r'''
        {
            "asndrop_country": {
                    "regex":"^.*;\\W([a-zA-Z]+)\\W+",
                    "transform":"\\1"
                },
            "asndrop_org": {
                  "regex":"^.*\\|\\W+(.*)",
                  "transform":"\\1"
               }
        }
        '''

        m.get('https://www.spamhaus.org/drop/asndrop.txt', content=asn_ranges)
        client = Client(
            url="https://www.spamhaus.org/drop/asndrop.txt",
            source_name='spamhaus',
            ignore_regex='^;.*',
            indicator=indicator_json,
            fields=fields_json,
            indicator_type='ASN'
        )
        args['indicator_type'] = 'ASN'
        _, _, raw_json = get_indicators_command(client, args)
        for ind_json in raw_json:
            ind_val = ind_json.get('value')
            ind_type = ind_json.get('type')
            ind_rawjson = ind_json.get('rawJSON')
            assert ind_val
            assert ind_type == itype
            assert ind_rawjson['value'] == ind_val
            assert ind_rawjson['type'] == ind_type
def test_get_indicators_without_relations():
    """
    Given:
    - feed url config including relations values
    When:
    - Fetching indicators
    - create_relationships param is set to False
    Then:
    - Validate the returned list of indicators dont return relationships.
    """

    feed_url_to_config = {
        'https://www.spamhaus.org/drop/asndrop.txt': {
            "indicator_type":
            'IP',
            "indicator": {
                "regex": r"^.+,\"?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"?",
                "transform": "\\1"
            },
            'relationship_name':
            'indicator-of',
            'relationship_entity_b_type':
            'STIX Malware',
            "fields": [{
                'firstseenbysource': {
                    "regex": r"^(\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})",
                    "transform": "\\1"
                },
                "port": {
                    "regex": r"^.+,.+,(\d{1,5}),",
                    "transform": "\\1"
                },
                "updatedate": {
                    "regex": r"^.+,.+,.+,(\d{4}-\d{2}-\d{2})",
                    "transform": "\\1"
                },
                "malwarefamily": {
                    "regex": r"^.+,.+,.+,.+,(.+)",
                    "transform": "\\1"
                },
                "relationship_entity_b": {
                    "regex": r"^.+,.+,.+,.+,\"(.+)\"",
                    "transform": "\\1"
                }
            }],
        }
    }
    expected_res = [{
        'value': '127.0.0.1',
        'type': 'IP',
        'rawJSON': {
            'malwarefamily': '"Test"',
            'relationship_entity_b': 'Test',
            'value': '127.0.0.1',
            'type': 'IP',
            'tags': []
        },
        'fields': {
            'tags': []
        }
    }]

    asn_ranges = '"2021-01-17 07:44:49","127.0.0.1","3889","online","2021-04-22","Test"'
    with requests_mock.Mocker() as m:
        m.get('https://www.spamhaus.org/drop/asndrop.txt',
              content=asn_ranges.encode('utf-8'))
        client = Client(url="https://www.spamhaus.org/drop/asndrop.txt",
                        source_name='spamhaus',
                        ignore_regex='^;.*',
                        feed_url_to_config=feed_url_to_config,
                        indicator_type='ASN')
        indicators = fetch_indicators_command(client,
                                              feed_tags=[],
                                              tlp_color=[],
                                              itype='IP',
                                              auto_detect=False,
                                              create_relationships=False)

        assert indicators == expected_res