def test_legacy_submit(self):
alert = ace_api.Alert(description='Test Alert')
alert.add_observable(F_IPV4,
'1.2.3.4',
local_time(),
directives=[DIRECTIVE_NO_SCAN])
alert.add_tag('test')
temp_path = os.path.join(saq.TEMP_DIR, 'test.txt')
with open(temp_path, 'w') as fp:
fp.write('test')
alert.add_attachment_link(temp_path, 'dest/test.txt')
uuid = alert.submit(
f'https://{saq.API_PREFIX}',
ssl_verification=saq.CONFIG['SSL']['ca_chain_path'])
self.assertTrue(validate_uuid(uuid))
root = RootAnalysis(storage_dir=storage_dir_from_uuid(uuid))
root.load()
self.assertEquals(root.description, 'Test Alert')
ipv4_observable = root.find_observable(lambda o: o.type == F_IPV4)
self.assertIsNotNone(ipv4_observable)
self.assertEquals(ipv4_observable.value, '1.2.3.4')
self.assertTrue(ipv4_observable.has_directive(DIRECTIVE_NO_SCAN))
file_observable = root.find_observable(lambda o: o.type == F_FILE)
self.assertIsNotNone(file_observable)
self.assertEquals(file_observable.value, 'dest/test.txt')
with open(os.path.join(root.storage_dir, file_observable.value),
'r') as fp:
self.assertEquals(fp.read(), 'test')
def test_legacy_failed_submit(self):
self.stop_api_server()
alert = ace_api.Alert(description='Test Alert')
alert.add_observable(F_IPV4,
'1.2.3.4',
local_time(),
directives=[DIRECTIVE_NO_SCAN])
alert.add_tag('test')
temp_path = os.path.join(saq.TEMP_DIR, 'test.txt')
with open(temp_path, 'w') as fp:
fp.write('test')
alert.add_attachment_link(temp_path, 'dest/test.txt')
with self.assertRaises(Exception):
alert.submit(f'https://{saq.API_PREFIX}',
ssl_verification=saq.CONFIG['SSL']['ca_chain_path'])
self.assertEquals(log_count('unable to submit '), 1)
# the .saq_alerts directory should have a single subdirectory
dir_list = os.listdir('.saq_alerts')
self.assertEquals(len(dir_list), 1)
# load the alert
target_path = os.path.join('.saq_alerts', dir_list[0], 'alert')
with open(target_path, 'rb') as fp:
new_alert = pickle.load(fp)
self.assertEquals(new_alert.submit_kwargs, alert.submit_kwargs)