def test_root_all_detection_points(): amt = AnalysisModuleType("test", "") root = RootAnalysis() observable = root.add_observable("test", "test") analysis = observable.add_analysis(type=amt) observable_2 = analysis.add_observable("test", "test2") root.add_detection_point("test") assert root.all_detection_points == [DetectionPoint("test")] observable.add_detection_point("test") assert root.all_detection_points == [ DetectionPoint("test"), DetectionPoint("test") ] analysis.add_detection_point("test") assert root.all_detection_points == [ DetectionPoint("test"), DetectionPoint("test"), DetectionPoint("test") ] observable_2.add_detection_point("test") assert root.all_detection_points == [ DetectionPoint("test"), DetectionPoint("test"), DetectionPoint("test"), DetectionPoint("test"), ]
def test_root_analysis_serialization(): root = RootAnalysis( tool="test", tool_instance="test", alert_type="test", desc="test", event_time=datetime.datetime.now(), name="test", analysis_mode="test", queue="test", instructions="test", ) amt = AnalysisModuleType("test", "") observable = root.add_observable("test", "test") analysis = observable.add_analysis(type=amt, details={"test": "test"}) root.add_detection_point("test") new_root = RootAnalysis.from_dict(root.to_dict()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions assert root.detections == new_root.detections # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1 new_root = RootAnalysis.from_json(root.to_json()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1