def test_create_fact_type(): mock = get_mock_data("data/post_v1_factType_threatActorAlias_201.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) mock_data = mock["json"]["data"] threat_actor_id = mock_data["relevantObjectBindings"][0][ "destinationObjectType"]["id"] c = act.api.Act("http://localhost:8080", 1) fact_type = c.fact_type( name="threatActorAlias", validator=".+", relevant_object_bindings=[ act.api.fact.RelevantObjectBindings( act.api.obj.Object(id=threat_actor_id), act.api.obj.Object(id=threat_actor_id), True, ) ], ).add() assert fact_type.name == "threatActorAlias" assert re.search(UUID_MATCH, fact_type.id)
def test_get_object_by_type_value(): mock = get_mock_data("data/post_v1_object_facts_200.json") responses.add( responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.Act("http://localhost:8080", 1) obj = c.object(type="ipv4", value="127.0.0.1") facts = obj.facts() assert not facts.complete assert len(facts) == facts.size # We should have at least one fact assert len(facts) > 1 # All facts should be of type Fact assert all([isinstance(fact, act.fact.Fact) for fact in facts]) # All facts should have an UUID assert all([re.search(RE_UUID_MATCH, fact.id) for fact in facts])
def test_object_search(): mock = get_mock_data("data/post_v1_object_search_200.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) objects = c.object_search(fact_type=["seenIn"], fact_value=["report"], limit=1) assert not objects.complete assert objects.size == 1 assert objects.count > 1 obj = objects[0] # Objects should not have "object_type", since that property is stored in # "type" with pytest.raises(AttributeError): # pylint: disable=pointless-statement obj.object_type # Objects should not have "object_value", since that property is stored in # "value" with pytest.raises(AttributeError): # pylint: disable=pointless-statement obj.object_value # All facts should have an UUID assert all([re.search(UUID_MATCH, obj.id) for obj in objects])
def test_fact_acl(): mock = get_mock_data("data/get_v1_fact_uuid_access_200.json") responses.add(responses.GET, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) uuid = re.search(UUID, mock["url"]).group("uuid") acl = c.fact(id=uuid).get_acl() assert acl == []
def test_get_fact_types(): mock = get_mock_data("data/get_v1_factType_200.json") responses.add(responses.GET, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) fact_types = c.get_fact_types() assert fact_types.size == len(fact_types)
def test_create_origin(): mock_add = get_mock_data("data/post_v1_origin_myorigin_201.json") responses.add(responses.POST, mock_add["url"], json=mock_add["json"], status=mock_add["status_code"]) mock_get = get_mock_data("data/get_v1_origin_200.json") responses.add(responses.GET, mock_get["url"], json=mock_get["json"], status=mock_get["status_code"]) c = act.api.Act("http://localhost:8888", 1) o = c.origin("my-origin", trust=0.8, description="My origin") origin = o.add() assert origin.name == "my-origin" assert re.search(RE_UUID_MATCH, origin.id)
def test_create_object_type(): mock = get_mock_data("data/post_v1_objectType_threatActor_201.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) object_type = c.object_type(name="threatActor", validator=".+").add() assert object_type.name == "threatActor" assert re.search(UUID_MATCH, object_type.id)
def test_fact_add_comment(): mock = get_mock_data("data/post_v1_fact_uuid_comments_201.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) # Get comments uuid = re.search(UUID, mock["url"]).group("uuid") c.fact(id=uuid).add_comment("Test comment")
def test_add_fact(): mock = get_mock_data("data/post_v1_fact_127.0.0.1_201.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) f = (c.fact("seenIn", "report").source("ipv4", "127.0.0.1").destination("report", "xyz")) assert f.type.name == "seenIn" assert f.value == "report" # We do not have id or timestamp yet assert f.id is None assert f.timestamp is None assert f.source_object is not None assert f.destination_object is not None assert f.bidirectional_binding is not None # Add fact f.add() fact_repr = repr(f) repr_f = eval(fact_repr) assert f == repr_f assert f.value == repr_f.value assert f.type.name == repr_f.type.name assert f.source_object == repr_f.source_object assert f.source_object.value == repr_f.source_object.value assert f.destination_object.type == repr_f.destination_object.type assert f.destination_object.value == repr_f.destination_object.value assert str(f) == str(repr_f) assert ( str(f) == "(ipv4/127.0.0.1) -[seenIn/report]-> (report/87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7)" ) # id, timestamp and organization should now be fetched from API assert re.search(UUID_MATCH, f.id) assert re.search(TIMESTAMP_MATCH, f.timestamp) assert re.search(UUID_MATCH, f.organization.id)
def test_get_origins(): mock = get_mock_data("data/get_v1_origin_200.json") responses.add(responses.GET, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8888", 1) origins = c.get_origins(limit=0) # We should have a ipv4 object type assert "my-origin" in [origin.name for origin in origins] # All origins should have a valid uuid assert all([re.search(RE_UUID_MATCH, origin.id) for origin in origins])
def test_fact_get_comments(): mock = get_mock_data("data/get_v1_fact_uuid_comments_200.json") responses.add(responses.GET, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.Act("http://localhost:8080", 1) # Get comments uuid = re.search(RE_UUID, mock["url"]).group("uuid") comments = c.fact(id=uuid).get_comments() assert comments # Should be non empty assert comments[0].comment == "Test comment" assert re.search(RE_TIMESTAMP, comments[0].timestamp) assert all([isinstance(comment, act.base.Comment) for comment in comments])
def test_get_object_by_uuid(): mock = get_mock_data("data/post_v1_object_uuid_facts_200.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) uuid = re.search(UUID, mock["url"]).group("uuid") c = act.api.Act("http://localhost:8080", 1) obj = c.object(id=uuid) facts = obj.facts() assert all([re.search(UUID_MATCH, fact.id) for fact in facts])
def test_get_object_search(): mock = get_mock_data("data/post_v1_object_traverse_200.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) obj = c.object(type="ipv4", value="127.0.0.1") path = obj.traverse('g.bothE("seenIn").bothV().path().unfold()') # Should contain both objects and facts assert any([isinstance(elem, act.api.obj.Object) for elem in path]) assert any([isinstance(elem, act.api.fact.Fact) for elem in path])
def test_get_object_types(): mock = get_mock_data("data/get_v1_objectType_200.json") responses.add(responses.GET, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) object_types = c.get_object_types() # We should have a ipv4 object type assert "ipv4" in [object_t.name for object_t in object_types] # All object types should have a valid uuid assert all( [re.search(UUID_MATCH, object_t.id) for object_t in object_types])
def test_fact_search(): mock = get_mock_data("data/post_v1_fact_search_200.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) facts = c.fact_search(fact_type=["seenIn"], fact_value=["report"], limit=1) assert not facts.complete assert facts.size == 1 assert facts.count > 1 # All facts should have an UUID assert all([re.search(UUID_MATCH, fact.id) for fact in facts])
def test_add_meta_fact(): mock = get_mock_data("data/post_v1_fact_uuid_meta_201.json") responses.add(responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8080", 1) uuid = re.search(UUID, mock["url"]).group("uuid") f = c.fact(id=uuid) value = mock["params"]["json"]["value"] meta = f.meta("observationTime", value).add() assert meta.type.name == "observationTime" assert meta.value == value
def test_add_fact_validation_error(): """ Test adding fact that fails on validation """ mock = get_mock_data("data/post_v1_fact_127.0.0.x_412.json") responses.add( responses.POST, mock["url"], json=mock["json"], status=mock["status_code"]) c = act.api.Act("http://localhost:8888", 1) f = c.fact("mentions", "report") \ .source("report", "xyz") \ .destination("ipv4", "127.0.0.x") # Add fact -> should fail on ipv4 validation with pytest.raises(act.api.base.ValidationError): f.add() try: f.add() except act.api.base.ValidationError as err: assert(str(err) == "Object did not pass validation against ObjectType. " + "(objectValue=127.0.0.x)")