def test_phishtank_urls():
indicators = set()
tags = set()
from csirtg_fm.clients.http import Client
cli = Client(rule, 'urls')
cli.cache = decode(cli.cache)
cli.cache = 'test/phishtank/feed.json'
parser_name = get_type(cli.cache)
assert parser_name == 'json'
for i in s.process(rule, 'urls', parser_name, cli):
if not i:
continue
assert parse_timestamp(i.reported_at).year > 1980
assert parse_timestamp(i.last_at).year > 1980
assert parse_timestamp(i.first_at).year > 1980
indicators.add(i.indicator)
tags.add(i.tags[0])
assert 'http://charlesleonardconstruction.com/irs/confim/index.html' in \
indicators
def test_malwaredomains_urlshorteners():
indicators = set()
tags = set()
from csirtg_fm.clients.http import Client
cli = Client(rule, 'registrars')
decode(cli.cache)
cli.cache = 'test/malwaredomains/bulk_registrars.txt'
parser_name = get_type(cli.cache)
assert parser_name == 'pattern'
for i in s.process(rule, 'registrars', parser_name, cli, limit=250):
if not i:
continue
assert parse_timestamp(i.reported_at).year > 1980
# assert parse_timestamp(i.last_at).year > 1980
# assert parse_timestamp(i.first_at).year > 1980
indicators.add(i.indicator)
tags.add(i.tags[0])
assert 'registrar' in tags
assert 'us.pn' in indicators
def test_malwaredomains_malware():
indicators = set()
tags = set()
from csirtg_fm.clients.http import Client
cli = Client(rule, 'malware')
decode(cli.cache)
cli.cache = 'test/malwaredomains/domains.txt'
parser_name = get_type(cli.cache)
assert parser_name == 'tsv'
for i in s.process(rule, 'malware', parser_name, cli, limit=250):
if not i:
continue
assert parse_timestamp(i.reported_at).year > 1980
# assert parse_timestamp(i.last_at).year > 1980
# assert parse_timestamp(i.first_at).year > 1980
indicators.add(i.indicator)
tags.add(i.tags[0])
assert 'exploit' in tags
assert '002it.com' in indicators