def test_process_example_extensions_empty(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.Process(extensions={}) assert excinfo.value.cls == stix2.Process assert excinfo.value.prop_name == 'extensions' assert 'non-empty dictionary' in excinfo.value.reason
def test_process_example_empty_with_extensions(): with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo: stix2.Process(extensions={"windows-process-ext": {}}) assert excinfo.value.cls == stix2.WindowsProcessExt properties_of_extension = list(stix2.WindowsProcessExt._properties.keys()) assert excinfo.value.properties == sorted(properties_of_extension)
def test_process_example(): p = stix2.Process(_valid_refs={"0": "file"}, pid=1221, name="gedit-bin", created="2016-01-20T14:11:25.55Z", arguments=["--new-window"], binary_ref="0") assert p.name == "gedit-bin" assert p.arguments == ["--new-window"]
def test_process_example_empty_error(): with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo: stix2.Process() assert excinfo.value.cls == stix2.Process properties_of_process = list(stix2.Process._properties.keys()) properties_of_process.remove("type") assert excinfo.value.properties == sorted(properties_of_process) msg = "At least one of the ({1}) properties for {0} must be populated." msg = msg.format(stix2.Process.__name__, ", ".join(sorted(properties_of_process))) assert str(excinfo.value) == msg
def test_process_example_with_WindowsServiceExt(): p = stix2.Process( extensions={ "windows-service-ext": { "service_name": "sirvizio", "display_name": "Sirvizio", "start_type": "SERVICE_AUTO_START", "service_type": "SERVICE_WIN32_OWN_PROCESS", "service_status": "SERVICE_RUNNING" } }) assert p.extensions["windows-service-ext"].service_name == "sirvizio" assert p.extensions[ "windows-service-ext"].service_type == "SERVICE_WIN32_OWN_PROCESS"
def test_process_example_with_WindowsProcessExt_Object(): p = stix2.Process( extensions={ "windows-process-ext": stix2.WindowsProcessExt( aslr_enabled=True, dep_enabled=True, priority="HIGH_PRIORITY_CLASS", owner_sid="S-1-5-21-186985262-1144665072-74031268-1309" ) # noqa }) assert p.extensions["windows-process-ext"].dep_enabled assert p.extensions[ "windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"
def test_process_example_windows_process_ext(): proc = stix2.Process(pid=314, name="foobar.exe", extensions={ "windows-process-ext": { "aslr_enabled": True, "dep_enabled": True, "priority": "HIGH_PRIORITY_CLASS", "owner_sid": "S-1-5-21-186985262-1144665072-74031268-1309" } }) assert proc.extensions["windows-process-ext"].aslr_enabled assert proc.extensions["windows-process-ext"].dep_enabled assert proc.extensions[ "windows-process-ext"].priority == "HIGH_PRIORITY_CLASS" assert proc.extensions[ "windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"
def test_process_example_with_WindowsProcessServiceExt(): p = stix2.Process( extensions={ "windows-service-ext": { "service_name": "sirvizio", "display_name": "Sirvizio", "start_type": "SERVICE_AUTO_START", "service_type": "SERVICE_WIN32_OWN_PROCESS", "service_status": "SERVICE_RUNNING" }, "windows-process-ext": { "aslr_enabled": True, "dep_enabled": True, "priority": "HIGH_PRIORITY_CLASS", "owner_sid": "S-1-5-21-186985262-1144665072-74031268-1309" } }) assert p.extensions["windows-service-ext"].service_name == "sirvizio" assert p.extensions[ "windows-service-ext"].service_type == "SERVICE_WIN32_OWN_PROCESS" assert p.extensions["windows-process-ext"].dep_enabled assert p.extensions[ "windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"