def test_fetch_indicators_command(mocker):
"""
Tests, The work of fetch indicators command.
"""
import csv
from SecurityIntelligenceServicesFeed import fetch_indicators_command, datetime, timezone
expected_response = [{'value': '007blog.icu',
'type': 'Domain',
'rawJSON': OrderedDict([('value', '007blog.icu'),
('Timestamp', '1590810346'),
('type', 'Domain')]),
'fields': {'service': 'Passive Total', 'tags': ['s3', 's4'],
'firstseenbysource': datetime.fromtimestamp(1590810346,
timezone.utc).isoformat()}}]
mocker.patch('SecurityIntelligenceServicesFeed.Client.request_list_objects',
return_value=[{'Key': 'key1.gz', 'LastModified': datetime.now(timezone.utc)}])
mocker.patch('SecurityIntelligenceServicesFeed.Client.build_iterator',
return_value=[csv.DictReader(f=['007blog.icu\t1590810346'], fieldnames=['value', 'Timestamp'],
delimiter='\t')])
assert next(fetch_indicators_command(client=CLIENT, feed_types=['domain'],
first_fetch_interval='1 day', tags=['s3', 's4'])) == expected_response
# When no latest key found.
mocker.patch('SecurityIntelligenceServicesFeed.Client.request_list_objects', return_value=[])
mocker.patch('SecurityIntelligenceServicesFeed.get_last_key_from_integration_context_dict',
return_value='key1')
mocker.patch('SecurityIntelligenceServicesFeed.Client.build_iterator',
return_value=[csv.DictReader(f=['007blog.icu\t1590810346'], fieldnames=['value', 'Timestamp'],
delimiter='\t')])
assert next(fetch_indicators_command(client=CLIENT, feed_types=['domain'],
first_fetch_interval='0 day', limit='1',
tags=['s3', 's4'])) == expected_response
def test_get_indicators_command(mocker):
"""
Tests, The work of get indicators command.
"""
import csv
from SecurityIntelligenceServicesFeed import get_indicators_command, datetime, timezone
humanreadable = '### Total indicators fetched: 1\n'
humanreadable += '### Indicators from Security Intelligence Services feed\n'
humanreadable += '|Value|Type|\n'
humanreadable += '|---|---|\n'
humanreadable += '| 007blog.icu | Domain |\n'
expected_resp = {'Type': 1,
'ContentsFormat': 'json',
'Contents': [{'value': '007blog.icu',
'type': 'Domain',
'rawJSON': OrderedDict(
[('value', '007blog.icu'),
('Timestamp', '1590810346'),
('type', 'Domain')]),
'fields':
{'service': 'Passive Total',
'firstseenbysource': datetime.fromtimestamp(1590810346,
timezone.utc).isoformat()}}],
'HumanReadable': humanreadable,
'EntryContext': {},
'IndicatorTimeline': [],
'IgnoreAutoExtract': False,
'Note': False}
mocker.patch('SecurityIntelligenceServicesFeed.Client.request_list_objects',
return_value=[{'Key': 'key1.gz', 'LastModified': datetime.now(timezone.utc)}])
mocker.patch('SecurityIntelligenceServicesFeed.Client.build_iterator',
return_value=[csv.DictReader(f=['007blog.icu\t1590810346'], fieldnames=['value', 'Timestamp'],
delimiter='\t',
quoting=csv.QUOTE_NONE)])
args = {
'feed_type': 'Domain',
'limit': 1
}
resp = get_indicators_command(CLIENT, args)
assert resp.to_context() == expected_resp
# No records
mocker.patch('SecurityIntelligenceServicesFeed.Client.build_iterator',
return_value=csv.DictReader(f='', fieldnames=['value', 'Timestamp'], delimiter='\t'))
resp = get_indicators_command(CLIENT, args)
assert resp == MESSAGES['NO_INDICATORS_FOUND']
