예제 #1
0
 def test_paged_reference_query(self):
     query = {"type": "Acquisition"}
     api = RawApiClient()
     references = api.get_references(query, limit=10)
     for r in references:
         self.assertIsInstance(r, Reference)
         self.assertEqual(r.type, "Acquisition")
예제 #2
0
    def test_get_entity(self):
        api = RawApiClient()
        entity = api.get_entity("B_FAG")
        self.assertIsInstance(entity, Entity)
        self.assertEqual(entity['name'], "United States")

        entity = api.get_entity("INVALID_ID")
        self.assertEqual(entity, None)
예제 #3
0
 def test_paged_entity_query(self):
     query = {
         "type": "AttackVector",
     }
     api = RawApiClient()
     entities = api.get_entities(query, limit=100)
     for e in entities:
         self.assertIsInstance(e, Entity)
         self.assertEqual(e.type, "AttackVector")
예제 #4
0
 def test_get_entity_with_term_query(self):
     api = RawApiClient()
     res = api.query({
         "from": "entity",
         "where": {
             "type": "Airport"
         },
         "limit": 1
     })
     self.assertIsInstance(res, rfapi.query.JSONQueryResponse)
예제 #5
0
 def test_paging_aggregate_query_fails(self):
     with self.assertRaises(rfapi.error.InvalidRFQError):
         client = RawApiClient()
         query = {
             "instance": {
                 "type": "Acquisition",
             },
             "output": {
                 "count": {
                     "axis": ["publication_year"],
                     "values": ["instances"]
                 }
             }
         }
         next(client.paged_query(query))
예제 #6
0
 def test_entity_query_csv(self):
     query = {
         "entity": {
             "type": "AttackVector",
         },
         "output": {
             "format": "csv"
         }
     }
     api = RawApiClient()
     resp = api.paged_query(query, limit=30, batch_size=10)
     head = next(resp)
     self.assertIsInstance(head, list)
     for a in resp:
         self.assertIsInstance(a, dict)
예제 #7
0
 def test_enrichment_query_csv(self):
     query = {
         "cluster": {
             "data_group": "IpAddress",
         },
         "output": {
             "format": "csv/splunk",
             "inline_entities": False
         }
     }
     api = RawApiClient()
     resp = api.paged_query(query, limit=30, batch_size=10)
     head = next(resp)
     self.assertIsInstance(head, list)
     for a in resp:
         self.assertIsInstance(a, dict)
예제 #8
0
 def test_page_xml(self):
     client = RawApiClient()
     query = {
         "cluster": {
             "data_group": "IpAddress"
         },
         "output": {
             "format": "xml/stix"
         }
     }
     limit = 30
     responses = [
         resp
         for resp in client.paged_query(query, batch_size=10, limit=limit)
     ]
     total_count = responses[0].total_count
     n_results = sum(map(lambda r: r.returned_count, responses))
     self.assertEqual(n_results, min(limit, total_count))
예제 #9
0
    def test_app_id(self):
        rfapi_python = 'rfapi-python/%s' % __version__

        api = RawApiClient(app_name='UnitTest')
        self.assertEqual(
            api._app_id,
            'UnitTest (%s) %s' % (platform.platform(), rfapi_python))

        api = RawApiClient(app_name='UnitTest', app_version='42')
        self.assertEqual(
            api._app_id,
            'UnitTest/42 (%s) %s' % (platform.platform(), rfapi_python))

        api = RawApiClient(app_name='UnitTest',
                           app_version='42',
                           platform='SIEM_42')
        self.assertEqual(
            api._app_id, 'UnitTest/42 (%s) %s (%s)' %
            (platform.platform(), rfapi_python, 'SIEM_42'))

        api = RawApiClient()
        self.assertEqual(api._app_id, rfapi_python)
예제 #10
0
 def test_invalid_token(self):
     with self._assertRaisesRegex(rfapi.error.AuthenticationError,
                                  "Authentication failed"):
         client = RawApiClient(auth='nosuchtoken')
         client.get_status()
예제 #11
0
 def test_metadata_query(self):
     api = RawApiClient()
     metadata = api.get_metadata()
     self.assertIsInstance(metadata, list)
예제 #12
0
 def test_status_query(self):
     api = RawApiClient()
     status = api.get_status(False)
     self.assertIsInstance(status, dict)
예제 #13
0
 def test_with_https_proxy(self):
     proxies = {"https": "http://proxy.example.com:3128"}
     self.assertIsNotNone(RawApiClient('dummy', proxies=proxies))
예제 #14
0
 def test_with_token(self):
     self.assertIsNotNone(RawApiClient('dummy'))
예제 #15
0
 def test_invalid_query(self):
     with self._assertRaisesRegex(rfapi.error.HttpError, "No such query"):
         client = RawApiClient()
         client.query({"apa": "bepa"})
예제 #16
0
 def test_events_query(self):
     query = {"type": "CyberAttack"}
     api = RawApiClient()
     events = api.get_events(query, limit=10)
     for e in events:
         self.assertIsInstance(e, Event)
예제 #17
0
 def test_missing_token(self):
     with self.assertRaises(rfapi.error.MissingAuthError):
         client = RawApiClient(auth=None)
         client.get_status()