예제 #1
0
def test_update_regex():
    """Tests that a Regex object is succesfully updated."""
    regex = Regex(name='Zeus C2',
                  labels=['malicious-activity'],
                  description='This is how C2 URLs for Zeus usually end.',
                  pattern=r'gate\.php$',
                  valid_from='2016-01-01T00:00:00Z',
                  valid_until='2017-01-01T00:00:00Z',
                  kill_chain_phases=[{
                      'kill_chain_name': 'lockheed-martin-cyber-kill-chain',
                      'phase_name': 'reconnaissance'
                  }])
    regex.save()
    stix_id = regex.id
    updated = regex.update({'name': 'Zeus Gate URLs'})
    assert updated.id == stix_id
    assert updated.name == 'Zeus Gate URLs'
    assert updated.labels == ['malicious-activity']
    assert updated.description == 'This is how C2 URLs for Zeus usually end.'
    assert updated.kill_chain_phases == [{
        'kill_chain_name': 'lockheed-martin-cyber-kill-chain',
        'phase_name': 'reconnaissance'
    }]
    assert updated.pattern == r'gate\.php$'
    assert str(updated.valid_from) == '2016-01-01 00:00:00+00:00'
    assert str(updated.valid_until) == '2017-01-01 00:00:00+00:00'
예제 #2
0
def test_yara_rule_attributes():
    """Tests that a created YaraRule has all needed attributes."""
    regex_type = type(re.compile(''))
    for rule in Regex.list():
        assert isinstance(rule.pattern, str)
        assert hasattr(rule, 'compiled_regex')
        assert isinstance(rule.compiled_regex, regex_type)
예제 #3
0
def test_regex_get_or_create(populate_regex):
    """Tests the creation of a single regex."""
    test_pattern = populate_regex[0].pattern
    regex = Regex.get_or_create(name='random', pattern=test_pattern)
    assert isinstance(regex, Regex)
    assert regex.id is not None
    assert regex.pattern == test_pattern
예제 #4
0
def test_invalid_regex():
    """Tests that an invalid regular expression is not accepted."""
    with pytest.raises(ValidationError) as error:
        Regex(name='Zeus C2',
              labels=['malicious-activity'],
              description='This is how C2 URLs for Zeus usually end.',
              pattern=r'gate\.php$)',
              valid_from='2016-01-01T00:00:00Z',
              valid_until='2017-01-01T00:00:00Z')
    assert 'is not a valid regular expression' in str(error.value)
예제 #5
0
def test_regex_creation():
    """Tests the creation of a single Regex object."""
    regex = Regex(name='Zeus C2',
                  labels=['malicious-activity'],
                  description='This is how C2 URLs for Zeus usually end.',
                  pattern=r'gate\.php$',
                  valid_from='2016-01-01T00:00:00Z',
                  valid_until='2017-01-01T00:00:00Z')
    # pylint: disable=protected-access
    assert regex._stix_object is not None
    assert isinstance(regex._stix_object, StixRegex)
예제 #6
0
def test_invalid_regex_object():
    """Tests that an invalid Regex object cannot be created."""
    with pytest.raises(ValidationError) as error:
        Regex(
            name='Zeus C2',
            labels=['malicious-activity'],
            description='This is how C2 URLs for Zeus usually end.',
            pattern=r'gate\.php$)',
            # valid_from='2016-01-01T00:00:00Z',
            # valid_until='2017-01-01T00:00:00Z'
        )
    assert 'No values for required properties' in str(error.value)
    assert 'valid_from' in str(error.value)
예제 #7
0
def populate_regex():
    r1 = Regex(name='Zeus C2',
               labels=['malicious-activity'],
               description='This is how C2 URLs for Zeus usually end.',
               pattern=r'gate\.php$',
               valid_from='2016-01-01T00:00:00Z',
               valid_until='2017-01-01T00:00:00Z',
               kill_chain_phases=[{
                   'kill_chain_name': 'lockheed-martin-cyber-kill-chain',
                   'phase_name': 'reconnaissance'
               }]).save()

    r2 = Regex(name='AppData',
               labels=['persistence'],
               description='AppData directory',
               pattern=r'Roaming\\AppData\\\w+$',
               valid_from='2016-01-01T00:00:00Z',
               valid_until='2017-01-01T00:00:00Z',
               kill_chain_phases=[{
                   'kill_chain_name': 'lockheed-martin-cyber-kill-chain',
                   'phase_name': 'reconnaissance'
               }]).save()

    return [r1, r2]
예제 #8
0
def test_invalid_yara_rule():
    """Tests that regex can't be created with invalid names or patterns."""
    with pytest.raises(ValidationError):
        Regex(name="FailRule", pattern=123).save()
    with pytest.raises(ValidationError):
        Regex(name="FailRule", pattern='asd[3-2]').save()
예제 #9
0
def test_get_regex(populate_regex):
    """Tests that a YaraRule fetched from the DB has the correct type."""
    name = populate_regex[0].name
    yr = Regex.filter({'name': name})[0]
    assert isinstance(yr, Regex)
예제 #10
0
def populate_regex():
    r = Regex(name='AppData', pattern=r'AppData\\Roaming\\\w+').save()
    return [r]