def test_malware_creation(): """Tests the creation of a single malware.""" mal = Malware(name='Gootkit') assert mal.id is None mal = mal.save() assert isinstance(mal, Malware) assert mal.id is not None
def populate_malware(): m1 = Malware(name='Gootkit').save() m1.family = ['banker', 'trojan'] m1.save() m2 = Malware(name='Sofacy').save() m2.family = ['trojan'] m2.save() return [m1, m2]
def populate_malware(): malware = [] m1 = Malware(name='Gootkit', labels=['banker']).save() malware.append(m1) m2 = Malware(name='Sofacy', labels=['apt']).save() malware.append(m2) m3 = Malware(name='Zeus', labels=['trojan']).save() malware.append(m3) return malware
def clean_db(): # pylint: disable=protected-access # We need to access the collections to make sure they are in the cache Entity._get_collection() Malware._get_collection() Observable._get_collection() Hostname._get_collection() Tag._get_collection() Vocabs._get_collection() db.clear()
def test_update_malware(): """Tests that a Malware object is succesfully updated.""" kc_phases = [{'kill_chain_name': 'cyber', 'phase_name': 'cyber1'}] malware = Malware(name='asd', labels=['label1'], description='123', kill_chain_phases=kc_phases) malware.save() modified = malware.modified stix_id = malware.id updated = malware.update({'name': 'dsa'}) assert updated.name == 'dsa' assert updated.description == '123' assert updated.kill_chain_phases == kc_phases assert malware.modified > modified assert updated.id == stix_id
def test_malware_import(): """Tests the importing the result of MTIRE's TAXII information.""" malware = Malware.from_stix_object(MITRE_MALWARE).save() # pylint: disable=protected-access assert malware._stix_object is not None assert isinstance(malware._stix_object, StixMalware) assert malware.type == 'malware' assert malware.id == 'malware--79499993-a8d6-45eb-b343-bf58dea5bdde' assert malware.created_by_ref == 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5' assert str(malware.created) == '2018-04-18 17:59:24.739000+00:00' assert str(malware.modified) == '2018-04-18 17:59:24.739000+00:00' assert malware.name == 'Briba' assert malware.description == 'Briba is a trojan used by Elderwood to open a backdoor and download files on to compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Briba May 2012)\n\nAliases: Briba' assert malware.labels == ['malware'] assert malware.external_references == [ { 'source_name': 'mitre-attack', 'url': 'https://attack.mitre.org/wiki/Software/S0204', 'external_id': 'S0204' }, { 'source_name': 'Symantec Elderwood Sept 2012', 'description': 'O\'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.', 'url': 'http://www.symantec.com/content/en/us/enterprise/media/security%20response/whitepapers/the-elderwood-project.pdf' }, { 'source_name': 'Symantec Briba May 2012', 'description': 'Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.', 'url': 'https://www.symantec.com/security%20response/writeup.jsp?docid=2012-051515-2843-99' } ] assert malware.object_marking_refs == ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'] assert malware.get_extended_property('x_mitre_aliases') == ['Briba']
def test_filter_latest_versions(): """Tests that filtering only returns latest versions.""" malware1 = Malware(name='malware1', labels=['label1']).save() Malware(name='malware2', labels=['label1']).save() malware1.update({'name': 'malware11'}) assert Malware.filter({'name': 'malware1'})[0].modified == malware1.modified assert len(Malware.filter({'name': 'malware'})) == 2
def test_malware_versionning(): """Tests that a getting a Malware object returns the most recent version.""" malware = Malware(name='asd', labels=['label1']) malware.save() stix_id = malware.id malware.update({'name': 'dsa'}) fetched = Malware.get(stix_id) assert fetched.id == stix_id assert fetched.created < fetched.modified
def populate_malware_large(): malware = [] for i in range(100): malware.append( Malware(name=f'Malware{i:03}', labels=['trojan']).save()) return malware
def test_malware_creation(): """Tests the creation of a single Malware object.""" malware = Malware(name='asd', labels=['label1']) # pylint: disable=protected-access assert malware._stix_object is not None assert isinstance(malware._stix_object, StixMalware)
def test_malformed_malware(): """Tests that a Malware object missing fields cannot be created.""" with pytest.raises(ValidationError): Malware(name='asd')
def test_save_malware(): """Tests that a Malware object missing fields cannot be created.""" malware = Malware(name='asd', labels=['label1']) saved = malware.save() assert saved is not None
def test_invalid_malware_family(): """Tests that malware can't be created with invalid families.""" with pytest.raises(ValidationError): Malware(name="123", family='asd').save()
def test_malware_fetch(): """Tests creating a Malware object and saving it.""" mal = Malware(name='Gootkit').save() fetched_mal = Malware.get(mal.id) assert isinstance(fetched_mal, Malware) assert fetched_mal.id == mal.id
def test_malware_attributes(): """Tests that a created Malware has all needed attributes.""" allitems = Malware.list() for malware in allitems: assert hasattr(malware, 'family') assert isinstance(malware.family, list)
def test_malware_delete(): malware = Malware(name='asd', labels=['label1']).save() malware.update({'name': 'dsa'}) assert len(Malware.list()) == 1 malware.delete(all_versions=True) assert not Malware.list()
def test_all_versions(): """Tests that a updating malware results in two versions.""" malware = Malware(name='asd', labels=['label1']).save() malware.update({'name': 'dsa'}) assert len(malware.all_versions()) == 2