def test_root_analysis_serialization():
root = RootAnalysis(
tool="test",
tool_instance="test",
alert_type="test",
desc="test",
event_time=datetime.datetime.now(),
name="test",
analysis_mode="test",
queue="test",
instructions="test",
)
amt = AnalysisModuleType("test", "")
observable = root.add_observable("test", "test")
analysis = observable.add_analysis(type=amt, details={"test": "test"})
root.add_detection_point("test")
new_root = RootAnalysis.from_dict(root.to_dict())
assert root == new_root
assert root.tool == new_root.tool
assert root.tool_instance == new_root.tool
assert root.alert_type == new_root.alert_type
assert root.description == new_root.description
assert root.event_time == new_root.event_time
assert root.name == new_root.name
assert root.analysis_mode == new_root.analysis_mode
assert root.queue == new_root.queue
assert root.instructions == new_root.instructions
assert root.detections == new_root.detections
# the observable property for the root should always be None
assert root.observable is None
assert len(root.observables) == 1
new_root = RootAnalysis.from_json(root.to_json())
assert root == new_root
assert root.tool == new_root.tool
assert root.tool_instance == new_root.tool
assert root.alert_type == new_root.alert_type
assert root.description == new_root.description
assert root.event_time == new_root.event_time
assert root.name == new_root.name
assert root.analysis_mode == new_root.analysis_mode
assert root.queue == new_root.queue
assert root.instructions == new_root.instructions
# the observable property for the root should always be None
assert root.observable is None
assert len(root.observables) == 1
async def i_update_root_analysis(self, root: RootAnalysis) -> bool:
# when we update we also update the version
new_version = str(uuid.uuid4())
async with self.get_db() as db:
result = await db.execute(
update(RootAnalysisTracking).values(
version=new_version, json_data=root.to_json(exclude_analysis_details=True)
)
# so the version has to match for the update to work
.where(and_(RootAnalysisTracking.uuid == root.uuid, RootAnalysisTracking.version == root.version))
)
await db.commit()
if result.rowcount == 0:
# if the version doesn't match then the update fails
return False
root.version = new_version
return True
async def i_track_root_analysis(self, root: RootAnalysis) -> bool:
"""Tracks the given root to the given RootAnalysis uuid."""
version = root.version
if version is None:
version = str(uuid.uuid4())
try:
async with self.get_db() as db:
await db.execute(
insert(RootAnalysisTracking).values(
uuid=root.uuid, version=version, json_data=root.to_json(exclude_analysis_details=True)
)
)
await db.commit()
root.version = version
return True
except sqlalchemy.exc.IntegrityError:
return False
