def test_root_analysis_serialization():
root = RootAnalysis(
tool="test",
tool_instance="test",
alert_type="test",
desc="test",
event_time=datetime.datetime.now(),
name="test",
analysis_mode="test",
queue="test",
instructions="test",
)
amt = AnalysisModuleType("test", "")
observable = root.add_observable("test", "test")
analysis = observable.add_analysis(type=amt, details={"test": "test"})
root.add_detection_point("test")
new_root = RootAnalysis.from_dict(root.to_dict())
assert root == new_root
assert root.tool == new_root.tool
assert root.tool_instance == new_root.tool
assert root.alert_type == new_root.alert_type
assert root.description == new_root.description
assert root.event_time == new_root.event_time
assert root.name == new_root.name
assert root.analysis_mode == new_root.analysis_mode
assert root.queue == new_root.queue
assert root.instructions == new_root.instructions
assert root.detections == new_root.detections
# the observable property for the root should always be None
assert root.observable is None
assert len(root.observables) == 1
new_root = RootAnalysis.from_json(root.to_json())
assert root == new_root
assert root.tool == new_root.tool
assert root.tool_instance == new_root.tool
assert root.alert_type == new_root.alert_type
assert root.description == new_root.description
assert root.event_time == new_root.event_time
assert root.name == new_root.name
assert root.analysis_mode == new_root.analysis_mode
assert root.queue == new_root.queue
assert root.instructions == new_root.instructions
# the observable property for the root should always be None
assert root.observable is None
assert len(root.observables) == 1
def test_analysis_eq():
amt_1 = AnalysisModuleType("test1", "")
amt_2 = AnalysisModuleType("test2", "")
root = RootAnalysis()
observable_1 = root.add_observable("test", "test")
analysis_1 = observable_1.add_analysis(type=amt_1)
analysis_2 = observable_1.add_analysis(type=amt_2)
observable_2 = root.add_observable("test2", "test")
analysis_3 = observable_2.add_analysis(type=amt_1)
# different amt
assert analysis_1 != analysis_2
# different observable
assert analysis_1 != analysis_3
# wrong object type
assert analysis_1 != object()
root_1 = RootAnalysis.from_dict(root.to_dict())
root_2 = RootAnalysis.from_dict(root.to_dict())
# same amt and observable
assert root_1.get_observable(observable_1).get_analysis(
amt_1) == root_2.get_observable(observable_1).get_analysis(amt_1)
