def test_create_pulse_with_indicators(self):
"""
Test: pulse with list of indicators
"""
charset = string.ascii_letters
validated_indicator_list = []
indicator_list = [
{'indicator': generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.DOMAIN},
{'indicator': generate_rand_string(3, charset=charset) + "." + generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.HOSTNAME},
{'indicator': "69.73.130.198", 'type': IndicatorTypes.IPv4},
{'indicator': "2a00:1450:4001:800::1017", 'type': IndicatorTypes.IPv6},
{'indicator': "spearphish@" + generate_rand_string(10) + ".com", 'type': IndicatorTypes.EMAIL},
{'indicator': "14c04f88dc97aef3e9b516ef208a2bf5", 'type': IndicatorTypes.FILE_HASH_MD5},
{'indicator': "48e04cb52f1077b5f5aab75baff6c27b0ee4ade1", 'type': IndicatorTypes.FILE_HASH_SHA1},
{'indicator': "7522bc3e366c19ab63381bacd0f03eb09980ecb915ada08ae76d8c3e538600de", 'type': IndicatorTypes.FILE_HASH_SHA256},
{'indicator': "a060fe925aa888053010d1e195ef823a", 'type': IndicatorTypes.FILE_HASH_IMPHASH},
{'indicator': "\sonas\share\samples\14\c0\4f\88\14c04f88dc97aef3e9b516ef208a2bf5", 'type': IndicatorTypes.FILE_PATH},
]
name = "Pyclient-indicators-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
for indicator in indicator_list:
validated_indicator = self.otx.validate_indicator(indicator.get('type'), indicator.get('indicator', ''))
self.assertTrue('success' in validated_indicator.get('status', ''))
validated_indicator_list.append(validated_indicator)
# print("test_create_pulse_with_indicators: finished validating indicators.\nsubmitting pulse: {}".format({"name": name, "indicators": validated_indicator_list}))
response = self.otx.create_pulse(name=name, public=False, indicators=validated_indicator_list)
self.assertTrue(response.get('name', '') == name)
self.assertTrue(len(response.get('indicators', [])) == len(validated_indicator_list))
return
def test_more_params(self):
response = self.otx.create_pulse(
name="Pyclient-params-unittests-" +
generate_rand_string(8, charset=string.hexdigits).lower(),
indicators=[
{
'indicator': generate_rand_string(10) + ".com",
'type': IndicatorTypes.DOMAIN.name,
'description': 'evil domain (unittests)'
},
],
industries=["Industry1", "Industry2"],
targeted_countries=["Afghanistan", "Anguilla"],
malware_families=["Backdoor:Linux/Netbus", "Backdoor:Linux/Cyrax"],
attack_ids=["T1000", "T1486"],
adversary="APT 1",
)
check_fields = [
'industries', 'targeted_countries', 'malware_families',
'attack_ids', 'adversary', 'group_ids'
]
self.assertEqual(
{k: response[k]
for k in check_fields}, {
u'adversary':
u'APT 1',
u'attack_ids': [u'T1000', u'T1486'],
u'group_ids': [],
u'industries': [u'Industry1', u'Industry2'],
u'malware_families':
[u'Backdoor:Linux/Netbus', u'Backdoor:Linux/Cyrax'],
u'targeted_countries': [u'Afghanistan', u'Anguilla'],
})
def test_create_pulse_with_indicators(self):
"""
Test: pulse with list of indicators
"""
charset = string.ascii_letters
validated_indicator_list = []
indicator_list = [
{'indicator': generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.DOMAIN},
{'indicator': generate_rand_string(3, charset=charset) + "." + generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.HOSTNAME},
{'indicator': "69.73.130.198", 'type': IndicatorTypes.IPv4},
{'indicator': "2a00:1450:4001:800::1017", 'type': IndicatorTypes.IPv6},
{'indicator': "spearphish@" + generate_rand_string(10) + ".com", 'type': IndicatorTypes.EMAIL},
{'indicator': "14c04f88dc97aef3e9b516ef208a2bf5", 'type': IndicatorTypes.FILE_HASH_MD5},
{'indicator': "48e04cb52f1077b5f5aab75baff6c27b0ee4ade1", 'type': IndicatorTypes.FILE_HASH_SHA1},
{'indicator': "7522bc3e366c19ab63381bacd0f03eb09980ecb915ada08ae76d8c3e538600de", 'type': IndicatorTypes.FILE_HASH_SHA256},
{'indicator': "a060fe925aa888053010d1e195ef823a", 'type': IndicatorTypes.FILE_HASH_IMPHASH},
{'indicator': "\sonas\share\samples\14\c0\4f\88\14c04f88dc97aef3e9b516ef208a2bf5", 'type': IndicatorTypes.FILE_PATH},
]
name = "Pyclient-indicators-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
for indicator in indicator_list:
validated_indicator = self.otx.validate_indicator(indicator.get('type'), indicator.get('indicator', ''))
self.assertTrue('success' in validated_indicator.get('status', ''))
validated_indicator_list.append(validated_indicator)
print("test_create_pulse_with_indicators: finished validating indicators.\nsubmitting pulse: {}".format({"name": name, "indicators": validated_indicator_list}))
response = self.otx.create_pulse(name=name, public=False, indicators=validated_indicator_list)
self.assertTrue(response.get('name', '') == name)
self.assertTrue(len(response.get('indicators', [])) == len(validated_indicator_list))
return
def test_create_pulse_tlp(self):
"""
Test: pulse with each TLP.
"""
charset = string.ascii_letters
indicator_list = [{
'indicator':
generate_rand_string(10, charset=charset) + ".com",
'type':
IndicatorTypes.DOMAIN.name,
'description':
'evil domain (unittests)'
}, {
'indicator':
generate_rand_string(3, charset=charset) + "." +
generate_rand_string(10, charset=charset) + ".com",
'type':
IndicatorTypes.HOSTNAME.name,
'description':
'evil hostname (unittests)'
}]
name = "Pyclient-tlp-unittests-" + generate_rand_string(
8, charset=string.hexdigits).lower()
tlps = ['red', 'amber', 'green', 'white']
for tlp in tlps:
# print("test_create_pulse_tlp: submitting pulse: {}".format({"name": name, "tlp": tlp}))
response = self.otx.create_pulse(name=name,
public=False,
tlp=tlp,
indicators=indicator_list)
self.assertTrue(response.get('name', '') == name)
self.assertTrue(response.get('TLP', '') == tlp)
self.assertFalse(response.get('public'))
def test_create_pulse_groups(self):
"""
Test: pulse with different sets of group ids
Test user needs to be a member of the groups used in this test: 64, 51 and 2931
Additionall we will use the test groups 1 and 2, that it is NOT a member of
"""
charset = string.ascii_letters
indicator_list = [{
'indicator':
generate_rand_string(10, charset=charset) + ".com",
'type':
IndicatorTypes.DOMAIN.name,
'description':
'evil domain (unittests)'
}, {
'indicator':
generate_rand_string(3, charset=charset) + "." +
generate_rand_string(10, charset=charset) + ".com",
'type':
IndicatorTypes.HOSTNAME.name,
'description':
'evil hostname (unittests)'
}]
for groups, expected in [
([], []),
(None, []),
([1, 51], 'error'), # Not a member of group 1
([64, 51], 'error'), # we're in both groups but can't post to 64
([1], 'error'),
([51], [51]),
([51, 2931], [51, 2931]),
]:
name = "Pyclient-tlp-unittests-" + generate_rand_string(
8, charset=string.hexdigits).lower()
if expected == 'error':
with self.assertRaises(BadRequest):
self.otx2.create_pulse(name=name,
indicators=indicator_list,
group_ids=groups)
else:
response = self.otx2.create_pulse(name=name,
indicators=indicator_list,
group_ids=groups)
self.assertEqual(response.get('name', ''), name)
self.assertEqual(response.get('group_ids'), expected)
def test_validate_invalid_domain(self):
indicator = generate_rand_string(8,
charset=string.ascii_letters).lower()
indicator_type = IndicatorTypes.DOMAIN
# print("test_validate_invalid_domain submitting indicator: " + indicator)
with self.assertRaises(BadRequest):
self.otx.validate_indicator(indicator_type=indicator_type,
indicator=indicator)
def test_validate_valid_domain(self):
indicator = generate_rand_string(8, charset=string.ascii_letters).lower() + ".com"
indicator_type = IndicatorTypes.DOMAIN
# print("test_validate_valid_domain submitting (valid-ish) indicator: " + indicator)
response = self.otx.validate_indicator(indicator_type=indicator_type, indicator=indicator)
# print("test_validate_valid_domain response: {}".format(response))
self.assertIsNotNone(response)
self.assertTrue('success' in response.get('status', ''))
def test_create_pulse_name_too_short(self):
"""
Test: pulse without name should raise value error
"""
body = {'name': generate_rand_string(2)}
print("test_create_pulse_name_too_short submitting pulse: {}\nExpecting BadRequest.".format(body))
with self.assertRaises(BadRequest):
self.otx.create_pulse(**body)
def test_validate_valid_domain(self):
indicator = generate_rand_string(8, charset=string.ascii_letters).lower() + ".com"
indicator_type = IndicatorTypes.DOMAIN
print("test_validate_valid_domain submitting (valid-ish) indicator: " + indicator)
response = self.otx.validate_indicator(indicator_type=indicator_type, indicator=indicator)
print ("test_validate_valid_domain response: {}".format(response))
self.assertIsNotNone(response)
self.assertTrue('success' in response.get('status', ''))
def test_create_pulse_name_too_short(self):
"""
Test: pulse without name should raise value error
"""
body = {'name': generate_rand_string(2)}
# print("test_create_pulse_name_too_short submitting pulse: {}\nExpecting BadRequest.".format(body))
with self.assertRaises(BadRequest):
self.otx.create_pulse(**body)
def test_create_pulse_simple(self):
name = "Pyclient-simple-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
# print("test_create_pulse_simple submitting pulse: " + name)
response = self.otx.create_pulse(name=name,
public=False,
indicators=[],
tags=[],
references=[])
self.assertIsNotNone(response)
def test_create_pulse_invalid_key(self):
name = "Pyclient-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
print("test_create_pulse_simple submitting pulse: " + name)
with self.assertRaises(InvalidAPIKey):
self.otx.create_pulse(name=name,
public=False,
indicators=[],
tags=[],
references=[])
def test_create_pulse_tlp(self):
"""
Test: pulse with each TLP.
"""
charset = string.ascii_letters
indicator_list = [
{'indicator': generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.DOMAIN.name, 'description': 'evil domain (unittests)'},
{'indicator': generate_rand_string(3, charset=charset) + "." + generate_rand_string(10, charset=charset) + ".com", 'type': IndicatorTypes.HOSTNAME.name, 'description': 'evil hostname (unittests)'}
]
name = "Pyclient-tlp-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
tlps = ['red', 'amber', 'green', 'white']
for tlp in tlps:
print("test_create_pulse_tlp: submitting pulse: {}".format({"name": name, "tlp": tlp}))
response = self.otx.create_pulse(name=name, public=False, tlp=tlp, indicators=indicator_list)
self.assertTrue(response.get('name', '') == name)
self.assertTrue(response.get('TLP', '') == tlp)
self.assertTrue(response.get('public') == False)
return
def test_create_pulse_invalid_key(self):
name = "Pyclient-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
# print("test_create_pulse_simple submitting pulse: " + name)
with self.assertRaises(InvalidAPIKey):
self.otx.create_pulse(name=name,
public=False,
indicators=[],
tags=[],
references=[])
def test_create_pulse_simple(self):
name = "Pyclient-simple-unittests-" + generate_rand_string(8, charset=string.hexdigits).lower()
print("test_create_pulse_simple submitting pulse: " + name)
response = self.otx.create_pulse(name=name,
public=False,
indicators=[],
tags=[],
references=[])
self.assertIsNotNone(response)
def test_create_pulse_tlp_mismatch(self):
"""
Test: pulse without name should raise value error
"""
name = generate_rand_string(10)
tlps = ['red', 'amber']
for tlp in tlps:
print("test_create_pulse_tlp_mismatch submitting pulse: {} (tlp: {})".format(name, tlp))
with self.assertRaises(BadRequest):
self.otx.create_pulse(name=name, TLP=tlp, public=True)
def test_create_pulse_tlp_mismatch(self):
"""
Test: pulse without name should raise value error
"""
name = generate_rand_string(10)
tlps = ['red', 'amber']
for tlp in tlps:
# print("test_create_pulse_tlp_mismatch submitting pulse: {} (tlp: {})".format(name, tlp))
with self.assertRaises(BadRequest):
self.otx.create_pulse(name=name, TLP=tlp, public=True)
def setUp(self, **kwargs):
super(TestSubscriptionsInvalidKey,
self).setUp(api_key=generate_rand_string(length=64))
def setUp(self, **kwargs):
super(TestSubscriptionsInvalidKey, self).setUp(**{'api_key': generate_rand_string(length=64)})
def test_validate_invalid_domain(self):
indicator = generate_rand_string(8, charset=string.ascii_letters).lower()
indicator_type = IndicatorTypes.DOMAIN
print("test_validate_invalid_domain submitting indicator: " + indicator)
with self.assertRaises(BadRequest):
self.otx.validate_indicator(indicator_type=indicator_type, indicator=indicator)