def test_root_analysis_serialization(): root = RootAnalysis( tool="test", tool_instance="test", alert_type="test", desc="test", event_time=datetime.datetime.now(), name="test", analysis_mode="test", queue="test", instructions="test", ) amt = AnalysisModuleType("test", "") observable = root.add_observable("test", "test") analysis = observable.add_analysis(type=amt, details={"test": "test"}) root.add_detection_point("test") new_root = RootAnalysis.from_dict(root.to_dict()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions assert root.detections == new_root.detections # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1 new_root = RootAnalysis.from_json(root.to_json()) assert root == new_root assert root.tool == new_root.tool assert root.tool_instance == new_root.tool assert root.alert_type == new_root.alert_type assert root.description == new_root.description assert root.event_time == new_root.event_time assert root.name == new_root.name assert root.analysis_mode == new_root.analysis_mode assert root.queue == new_root.queue assert root.instructions == new_root.instructions # the observable property for the root should always be None assert root.observable is None assert len(root.observables) == 1
def test_analysis_eq(): amt_1 = AnalysisModuleType("test1", "") amt_2 = AnalysisModuleType("test2", "") root = RootAnalysis() observable_1 = root.add_observable("test", "test") analysis_1 = observable_1.add_analysis(type=amt_1) analysis_2 = observable_1.add_analysis(type=amt_2) observable_2 = root.add_observable("test2", "test") analysis_3 = observable_2.add_analysis(type=amt_1) # different amt assert analysis_1 != analysis_2 # different observable assert analysis_1 != analysis_3 # wrong object type assert analysis_1 != object() root_1 = RootAnalysis.from_dict(root.to_dict()) root_2 = RootAnalysis.from_dict(root.to_dict()) # same amt and observable assert root_1.get_observable(observable_1).get_analysis( amt_1) == root_2.get_observable(observable_1).get_analysis(amt_1)