def test_build_iterator_with_version_6_2_0(mocker): """ Given - server version 6.2.0 When - Running build_iterator method. Then - Ensure that the no_update value is True - Request is called without headers "If-None-Match" and "If-Modified-Since" """ mocker.patch.object(demisto, 'debug') mocker.patch('CommonServerPython.get_demisto_version', return_value={"version": "6.2.0"}) with requests_mock.Mocker() as m: m.get('https://api.github.com/meta', status_code=304) client = Client( url='https://api.github.com/meta', headers={} ) result = client.build_iterator() assert result[0]['https://api.github.com/meta']['no_update'] assert list(result[0]['https://api.github.com/meta']['result']) == [] assert 'If-None-Match' not in client.headers assert 'If-Modified-Since' not in client.headers
def test_build_iterator_not_modified_header(mocker): """ Given - response with status code 304(Not Modified) When - Running build_iterator method. Then - Ensure that the results are empty and No_update value is True. """ mocker.patch.object(demisto, 'debug') mocker.patch('CommonServerPython.get_demisto_version', return_value={"version": "6.5.0"}) with requests_mock.Mocker() as m: m.get('https://api.github.com/meta', status_code=304) client = Client( url='https://api.github.com/meta' ) result = client.build_iterator() assert result assert result[0]['https://api.github.com/meta'] assert list(result[0]['https://api.github.com/meta']['result']) == [] assert result[0]['https://api.github.com/meta']['no_update'] assert demisto.debug.call_args[0][0] == 'No new indicators fetched, ' \ 'createIndicators will be executed with noUpdate=True.'
def test_get_feed_config(): custom_fields_mapping = { "old_field1": "new_field1", "old_field2": "new_field2" } client = Client(url="https://www.spamhaus.org/drop/asndrop.txt", feed_url_to_config="some_stuff", custom_fields_mapping=custom_fields_mapping) # Check that if an empty .get_feed_config is called, an empty dict returned assert {} == client.get_feed_config()
def test_custom_fields_creator(): custom_fields_mapping = { "old_field1": "new_field1", "old_field2": "new_field2" } client = Client(url="https://www.spamhaus.org/drop/asndrop.txt", feed_url_to_config="some_stuff", custom_fields_mapping=custom_fields_mapping) attributes = {'old_field1': "value1", 'old_field2': "value2"} custom_fields = client.custom_fields_creator(attributes) assert custom_fields.get('new_field1') == "value1" assert custom_fields.get('new_field2') == "value2" assert "old_field1" not in custom_fields.keys() assert "old_filed2" not in custom_fields.keys()
def test_get_indicators(): with open('test_data/asn_ranges.txt') as asn_ranges_txt: asn_ranges = asn_ranges_txt.read().encode('utf8') with requests_mock.Mocker() as m: itype = 'ASN' args = { 'indicator_type': itype, 'limit': 35 } feed_type = { 'https://www.spamhaus.org/drop/asndrop.txt': { 'indicator_type': 'ASN', 'indicator': { 'regex': '^AS[0-9]+' }, 'fields': [ { 'asndrop_country': { 'regex': r'^.*;\W([a-zA-Z]+)\W+', 'transform': r'\1' } }, { 'asndrop_org': { 'regex': r'^.*\|\W+(.*)', 'transform': r'\1' } } ] } } m.get('https://www.spamhaus.org/drop/asndrop.txt', content=asn_ranges) client = Client( url="https://www.spamhaus.org/drop/asndrop.txt", source_name='spamhaus', ignore_regex='^;.*', feed_url_to_config=feed_type ) args['indicator_type'] = 'ASN' _, _, raw_json = get_indicators_command(client, args) for ind_json in raw_json: ind_val = ind_json.get('value') ind_type = ind_json.get('type') ind_rawjson = ind_json.get('rawJSON') assert ind_val assert ind_type == itype assert ind_rawjson['value'] == ind_val assert ind_rawjson['type'] == ind_type
def test_get_indicators_json_params(): with open('test_data/asn_ranges.txt') as asn_ranges_txt: asn_ranges = asn_ranges_txt.read().encode('utf8') with requests_mock.Mocker() as m: itype = 'ASN' args = { 'indicator_type': itype, 'limit': 35 } indicator_json = ''' { "regex": "^AS[0-9]+" } ''' fields_json = r''' { "asndrop_country": { "regex":"^.*;\\W([a-zA-Z]+)\\W+", "transform":"\\1" }, "asndrop_org": { "regex":"^.*\\|\\W+(.*)", "transform":"\\1" } } ''' m.get('https://www.spamhaus.org/drop/asndrop.txt', content=asn_ranges) client = Client( url="https://www.spamhaus.org/drop/asndrop.txt", source_name='spamhaus', ignore_regex='^;.*', indicator=indicator_json, fields=fields_json, indicator_type='ASN' ) args['indicator_type'] = 'ASN' _, _, raw_json = get_indicators_command(client, args) for ind_json in raw_json: ind_val = ind_json.get('value') ind_type = ind_json.get('type') ind_rawjson = ind_json.get('rawJSON') assert ind_val assert ind_type == itype assert ind_rawjson['value'] == ind_val assert ind_rawjson['type'] == ind_type
def test_get_indicators_without_relations(): """ Given: - feed url config including relations values When: - Fetching indicators - create_relationships param is set to False Then: - Validate the returned list of indicators dont return relationships. """ feed_url_to_config = { 'https://www.spamhaus.org/drop/asndrop.txt': { "indicator_type": 'IP', "indicator": { "regex": r"^.+,\"?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"?", "transform": "\\1" }, 'relationship_name': 'indicator-of', 'relationship_entity_b_type': 'STIX Malware', "fields": [{ 'firstseenbysource': { "regex": r"^(\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})", "transform": "\\1" }, "port": { "regex": r"^.+,.+,(\d{1,5}),", "transform": "\\1" }, "updatedate": { "regex": r"^.+,.+,.+,(\d{4}-\d{2}-\d{2})", "transform": "\\1" }, "malwarefamily": { "regex": r"^.+,.+,.+,.+,(.+)", "transform": "\\1" }, "relationship_entity_b": { "regex": r"^.+,.+,.+,.+,\"(.+)\"", "transform": "\\1" } }], } } expected_res = [{ 'value': '127.0.0.1', 'type': 'IP', 'rawJSON': { 'malwarefamily': '"Test"', 'relationship_entity_b': 'Test', 'value': '127.0.0.1', 'type': 'IP', 'tags': [] }, 'fields': { 'tags': [] } }] asn_ranges = '"2021-01-17 07:44:49","127.0.0.1","3889","online","2021-04-22","Test"' with requests_mock.Mocker() as m: m.get('https://www.spamhaus.org/drop/asndrop.txt', content=asn_ranges.encode('utf-8')) client = Client(url="https://www.spamhaus.org/drop/asndrop.txt", source_name='spamhaus', ignore_regex='^;.*', feed_url_to_config=feed_url_to_config, indicator_type='ASN') indicators = fetch_indicators_command(client, feed_tags=[], tlp_color=[], itype='IP', auto_detect=False, create_relationships=False) assert indicators == expected_res