def test_root_get_observable():
amt = AnalysisModuleType("test", "")
root = RootAnalysis()
observable = root.add_observable("test", "test")
# get by uuid
assert root.get_observable(observable.uuid) == observable
# get by identity
assert root.get_observable(observable) == observable
# get by new object
assert root.get_observable(RootAnalysis().add_observable(
"test", "test")) == observable
# get invalid object
assert root.get_observable("") is None
assert root.get_observable(RootAnalysis().add_observable("test",
"blah")) is None
def test_observable_serialization():
root = RootAnalysis()
o_time = utc_now()
target = root.add_observable("test", "other")
o1 = root.add_observable(
"test",
"test",
time=o_time,
context="text context",
directives=["directive1", "directive2"],
limited_analysis=["limit1", "limit2"],
excluded_analysis=["excluded1", "excluded2"],
requested_analysis=["requested1", "requested2"],
)
o1.add_relationship("test", target)
root = RootAnalysis.from_dict(root.to_model().dict())
o2 = root.get_observable(o1)
# should be two separate instances
assert id(o1) != id(o2)
assert o1.type == o2.type
assert o1.value == o2.value
assert o1.time == o2.time
assert o1.context == o2.context
assert o1.directives == o2.directives
assert o1.limited_analysis == o2.limited_analysis
assert o1.excluded_analysis == o2.excluded_analysis
assert o1.requested_analysis == o2.requested_analysis
assert o1.relationships == o2.relationships
def test_apply_diff_merge_redirection():
# test redirection created
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
modified_observable.redirection = modified_root.add_observable(
"target", "target")
target_root = RootAnalysis()
target_observable = target_root.add_observable("test", "test")
assert target_observable.redirection is None
target_observable.apply_diff_merge(original_observable,
modified_observable)
assert target_root.get_observable(modified_observable.redirection)
assert target_observable.redirection == target_root.get_observable(
modified_observable.redirection)
# test redirection modified
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
original_observable.redirection = original_root.add_observable(
"target", "target")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
modified_observable.redirection = modified_root.add_observable(
"other", "other")
target_root = RootAnalysis()
target_observable = target_root.add_observable("test", "test")
assert target_observable.redirection is None
target_observable.apply_diff_merge(original_observable,
modified_observable)
assert target_root.get_observable(modified_observable.redirection)
assert target_observable.redirection == target_root.get_observable(
modified_observable.redirection)
def test_apply_diff_merge_links():
# does not exist before but exists after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
link_target = modified_root.add_observable("target", "target")
modified_observable.add_link(link_target)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.links
observable.apply_diff_merge(original_observable, modified_observable)
linked_observable = target_root.get_observable(link_target)
assert linked_observable
assert observable.links[0] == linked_observable
# exists before but not after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
link_target = original_root.add_observable("target", "target")
original_observable.add_link(link_target)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.links
observable.apply_diff_merge(original_observable, modified_observable)
# should still not exist
assert not observable.links
# exists before and after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
link_target = original_root.add_observable("target", "target")
original_observable.add_link(link_target)
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.links
observable.apply_diff_merge(original_observable, modified_observable)
# should still not exist
assert not observable.links
def test_apply_diff_merge_relationships():
# does not exist before but exists after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
target_observable = modified_root.add_observable("target", "target")
modified_observable.add_relationship("downloaded_from", target_observable)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.relationships
observable.apply_diff_merge(original_observable, modified_observable)
target_observable = target_root.get_observable(target_observable)
assert observable.relationships["downloaded_from"] == [target_observable]
# exists before but not after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
target_observable = original_root.add_observable("target", "target")
original_observable.add_relationship("downloaded_from", target_observable)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.relationships
observable.apply_diff_merge(original_observable, modified_observable)
# should still not exist
assert not observable.relationships
# exists before and after
original_root = RootAnalysis()
original_observable = original_root.add_observable("test", "test")
target_observable = original_root.add_observable("target", "target")
original_observable.add_relationship("downloaded_from", target_observable)
modified_root = copy.deepcopy(original_root)
modified_observable = modified_root.get_observable(original_observable)
target_root = RootAnalysis()
observable = target_root.add_observable("test", "test")
assert not observable.relationships
observable.apply_diff_merge(original_observable, modified_observable)
# should still not exist
assert not observable.relationships
