def test_fields_minimum(self):
"""
Ensure minimum required fields.
"""
data = self.core()
rpt = CbReport(**data)
rpt.validate()
def test_fields_all(self):
"""
Ensure all required fields.
"""
data = self.core()
data['description'] = "The Decription"
data['tags'] = ["md5"]
rpt = CbReport(**data)
rpt.validate()
def test_fields_with_ipv4(self):
"""
Ensure ipv4 ioc can be added.
"""
iocs = {'ipv4': ["12.34.56.78"]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["ipv4"]
rpt = CbReport(**data)
rpt.validate()
def test_fields_with_malformed_ipv4(self):
"""
Ensure invalid ipv4 is caught.
"""
iocs = {'ipv4': ["Bogus"]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Malformed IPv4 addr" in "{0}".format(err.exception.args[0])
def test_fields_with_short_sha256(self):
"""
Ensure short sha256 is caught.
"""
iocs = {'sha256': ["11111111112222222222"]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Invalid sha256 length" in "{0}".format(err.exception.args[0])
def test_fields_with_long_md5(self):
"""
Ensure long md5 is caught.
"""
iocs = {'md5': ["1111111111222222222233333333334444444444"]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Invalid md5 length" in "{0}".format(err.exception.args[0])
def test_fields_with_query_bogus_query(self):
"""
Ensure query with missing query is caught.
"""
iocs = {'query': [{'index_type': "events", 'search_query': "BOGUS"}]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["query"]
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Query IOC for report RepId1 missing q= on query" in "{0}".format(
err.exception.args[0])
def test_fields_with_query_missing_index_type(self):
"""
Ensure query with missing index type is caught.
"""
iocs = {'query': [{'search_query': "cb.q.commandline=foo.txt"}]}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["query"]
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Query IOC section for report 'RepId1' missing index_type" in "{0}".format(
err.exception.args[0])
def test_fields_all_required_only(self):
"""
Ensure all required fields.
"""
data = self.core()
data['description'] = "The Decription"
data['tags'] = ["md5"]
rpt = CbReport(**data)
rpt.validate()
with self.assertRaises(CbInvalidReport) as err:
rpt.validate(pedantic=True)
assert "Report contains non-required key 'description'" in "{0}".format(
err.exception.args[0])
def test_fields_with_sha256(self):
"""
Ensure sha256 ioc can be added.
"""
iocs = {
'sha256': [
"0000000000111111111122222222223333333333444444444455555555556666"
]
}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["sha256"]
rpt = CbReport(**data)
rpt.validate()
def test_fields_with_query(self):
"""
Ensure query ioc can be added.
"""
iocs = {
'query': [{
'index_type': "events",
'search_query': "cb.q.commandline=foo.txt"
}]
}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["query"]
rpt = CbReport(**data)
rpt.validate()
def test_fields_with_query_invalid_index_type(self):
"""
Ensure query with bogus index type is caught.
"""
iocs = {
'query': [{
'index_type': "BOGUS",
'search_query': "cb.q.commandline=foo.txt"
}]
}
data = self.core(iocs=iocs)
data['description'] = "The Decription"
data['tags'] = ["query"]
with self.assertRaises(CbInvalidReport) as err:
rpt = CbReport(**data)
rpt.validate()
assert "Report IOCs section for 'query' contains invalid index_type: BOGUS" in "{0}".format(
err.exception.args[0])
