def test_invalid_time_format(tmpdir):
# invalid raises value error.
data = {"alert": [{"occurred": "2018/03/31 13:40:01 +0000", "foo": []}]}
f = make_tmp_file(data=data, tmpdir=tmpdir)
with pytest.raises(ValueError):
assert 1522503601 == FireEyeAXReport(f).base_timestamp
def test_get_metadata(tmpdir):
f = make_tmp_file(
data={
"alert": [
{
"explanation": {"malwareDetected": {"malware": [{"name": "Stuxnet"}]}},
"src": {},
"alertUrl": "https://foo",
"action": "notified",
"occurred": "2018-03-31 13:40:01 +0000",
"dst": {},
"id": 1234,
"name": "MALWARE_OBJECT",
"severity": "MAJR",
"product": "MAS",
}
],
"appliance": "my_appliance",
},
tmpdir=tmpdir,
)
assert FireEyeAXReport(f).metadata() == {
"hostname": "my_appliance",
"analyzed_on": "2018-03-31 13:40:01 +0000",
"severity": "MAJR",
"alert": "Stuxnet",
"alert_url": "https://foo",
}
def datasource(tmpdir) -> FireEyeAXReport:
return FireEyeAXReport(make_default_file(tmpdir))
def test_no_events(data, tmpdir):
f = make_tmp_file(data=data, tmpdir=tmpdir)
assert len(list(FireEyeAXReport(f).events())) == 0
def test_no_data(tmpdir):
f = make_tmp_file(data={"test": "fest"}, tmpdir=tmpdir)
FireEyeAXReport(f)
def test_multiple_time_formats(data, tmpdir):
f = make_tmp_file(data=data, tmpdir=tmpdir)
assert isinstance(FireEyeAXReport(f).base_timestamp, int)