def test_file(requests_mock): """ Given: - A hash. When: - When running the file command. Then: - Validate that the file outputs are created properly - Validate that the DbotScore outputs are created properly """ dbot_score_key = 'DBotScore(val.Indicator && val.Indicator == obj.Indicator &&' \ ' val.Vendor == obj.Vendor && val.Type == obj.Type)' requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}', json=MOCK_HASH_RESP) client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False) outputs = file_command(client, {'file': MOCK_HASH})[0].to_context()['EntryContext'] file_key = next(filter(lambda k: 'File' in k, outputs.keys()), 'File') assert outputs[file_key][0].get( 'MD5', '') == MOCK_HASH, 'The indicator value is wrong' assert outputs[dbot_score_key][0][ 'Indicator'] == MOCK_HASH, 'The indicator is not matched' assert outputs[dbot_score_key][0][ 'Type'] == 'file', 'The indicator type should be file' assert 1 <= outputs[dbot_score_key][0][ 'Score'] <= 3, 'Invalid indicator score range'
def test_file__no_family(requests_mock): """ Given: - Hash with results that have family set to None When: - Running the file commandd Then: - Ensure the Relationships object is empty """ requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH_NO_FAMILY}', json=HASH_RESP_NO_FAMILY) client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False) outputs = file_command(client, {'file': MOCK_HASH_NO_FAMILY})[0].to_context() assert not outputs['Relationships']
def test_file(requests_mock): requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}', json=MOCK_HASH_RESP) client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False) _, outputs, _ = file_command(client, {'file': MOCK_HASH}) file_key = next(filter(lambda k: 'File' in k, outputs.keys()), 'File') assert outputs[file_key][0].get( 'MD5', '') == MOCK_HASH, 'The indicator value is wrong' assert outputs[DBOT_SCORE_KEY][0][ 'Indicator'] == MOCK_HASH, 'The indicator is not matched' assert outputs[DBOT_SCORE_KEY][0][ 'Type'] == 'file', 'The indicator type should be file' assert 1 <= outputs[DBOT_SCORE_KEY][0][ 'Score'] <= 3, 'Invalid indicator score range'
def test_file_connections(requests_mock): """ Given: - A hash. When: - When running the file command. Then: - Validate that the relationships are crated correctly """ requests_mock.get(f'{MOCK_BASE_URL}/malware/{MOCK_HASH}', json=MOCK_HASH_RESP) client = Client(MOCK_BASE_URL, MOCK_API_KEY, MOCK_PASSWORD, True, False) relations = file_command(client, {'file': MOCK_HASH})[0].relationships[0].to_context() assert relations.get('Relationship') == 'related-to' assert relations.get('EntityA') == MOCK_HASH assert relations.get('EntityAType') == 'File' assert relations.get('EntityB') == 'badur' assert relations.get('EntityBType') == 'STIX Malware'