def test_retrieve_invalid_sample(self): """Test can retrieve added sample, should return True.""" SampleFileHelpers.create_sample_mimikatz() _md5 = md5() _md5.update(b'not a valid hash') digest = _md5.hexdigest() with self.assertRaises(ValidationError) as exception: SampleItem.retrieve_sample(digest) self.assertEqual(str(exception.exception.detail[0]), 'Identifier not known')
def test_no_related_url_items(self): """Test if related URL returns N/A on empty list.""" sample = SampleFileHelpers.create_sample_mimikatz() item = SampleItem.get_related_alert_items_as_url(sample.md5) self.assertEqual(item, 'N/A')
def test_related_url_items(self): """Test if related URL items are obtained properly, must return True.""" sample = SampleFileHelpers.create_sample_mimikatz() # __str__ of MimiAlertItem will retrieve machinename # this has to be tested anyway alerts = [ str(MimiAlertHelpers.create_alert_item(sample.md5)), str(MimiAlertHelpers.create_alert_item(sample.md5)) ] # items is converted to a string, split it back to a list items = SampleItem.get_related_alert_items_as_url( sample.md5).split(', ') # make sure the order is the same sorted_items = [] if alerts[0] in items[0]: sorted_items.append((alerts[0], items[0])) sorted_items.append((alerts[1], items[1])) else: sorted_items.append((alerts[0], items[1])) sorted_items.append((alerts[1], items[0])) for alert, item in sorted_items: url = reverse('admin:alert_api_mimialertitem_changelist') ref = '<a href="{}?machinename={}">{}</a>'.format( url, alert, alert) self.assertEqual(item, ref)
def test_delete_sample_removes_file(self): """Test deleting a SampleItem removes the file.""" sample = SampleFileHelpers.create_sample_mimikatz() path = sample.sample.path sample.delete() self.assertFalse(access(path, F_OK))
def test_post_delete_sample_file(self): """Test if sample is deleted after object removal, should return False.""" sample = SampleFileHelpers.create_sample_mimikatz() path = sample.sample.path sample.delete() self.assertFalse(access(path, R_OK))
def test_related_url_item(self): """Test if related URL items are obtained properly, must return True.""" sample = SampleFileHelpers.create_sample_mimikatz() alert = MimiAlertHelpers.create_alert_item(sample.md5) item = SampleItem.get_related_alert_items_as_url(sample.md5) # __str__ of MimiAlertItem will retrieve machinename # this has to be tested anyway mn = str(alert) url = reverse('admin:alert_api_mimialertitem_changelist') ref = '<a href="{}?machinename={}">{}</a>'.format(url, mn, mn) self.assertEqual(item, ref)
def test_post_sample_file(self): """Test POST mimikatz sample file, should return True.""" md5, sha1 = SampleFileHelpers.download_latest_mimikatz() url = reverse('incoming-sample', args={md5}) with open('/tmp/x64/mimikatz.exe', 'rb') as fd: response = self.client.post( url, fd.read(), content_type='application/octet-stream') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertTrue(SampleItem.objects.filter(md5=md5).exists()) item = SampleItem.objects.get() item.delete()
def test_delete_sample_removes_file(self): """Test delete SampleFile removes object from disk. Should return False.""" md5, sha1 = SampleFileHelpers.download_latest_mimikatz() url = reverse('incoming-sample', args={md5}) with open('/tmp/x64/mimikatz.exe', 'rb') as fd: self.client.post(url, fd.read(), content_type='application/octet-stream') self.assertTrue(SampleItem.objects.filter(md5=md5).exists()) item = SampleItem.objects.get() path = item.sample.path self.assertTrue(access(path, R_OK)) item.delete() self.assertFalse(access(path, R_OK))