def test_argToList():
expected = ['a', 'b', 'c']
test1 = ['a', 'b', 'c']
test2 = 'a,b,c'
test3 = '["a","b","c"]'
test4 = 'a;b;c'
results = [argToList(test1), argToList(test2), argToList(test2, ','), argToList(test3), argToList(test4, ';')]
for result in results:
assert expected == result, 'argToList test failed, {} is not equal to {}'.format(str(result), str(expected))
def test_pentera_operation_to_incident():
full_action_report = argToList(MOCK_PARSED_FULL_ACTION_REPORT)
custom_fields_output = 'penteraoperationdetails'
context_key = 'PenteraIncidents'
entries = pentera_operation_to_incident(full_action_report, custom_fields_output, context_key)
assert entries[0] == '### Map Pentera Operation to Incident'
def test_url_command_success(mocker, requests_mock):
"""
Given:
- A valid testing url (https://vt_is_awesome.com/uts)
When:
- Running the !url command
Then:
- Validate the command results are valid and contains metric data
"""
from VirusTotalV3 import url_command, ScoreCalculator, Client
import CommonServerPython
# Setup Mocks
mocker.patch.object(demisto,
'args',
return_value={
'url': 'https://vt_is_awesome.com/uts',
'extended_data': 'false'
})
mocker.patch.object(demisto, 'params', return_value=DEFAULT_PARAMS)
mocker.patch.object(CommonServerPython,
'is_demisto_version_ge',
return_value=True)
# Assign arguments
testing_url = 'https://vt_is_awesome.com/uts'
params = demisto.params()
mocked_score_calculator = ScoreCalculator(params=params)
url_relationships = (','.join(argToList(
params.get('url_relationships')))).replace('* ', '').replace(" ", "_")
client = Client(params=params)
# Load assertions and mocked request data
mock_response = util_load_json('test_data/url.json')
expected_results = util_load_json('test_data/url_results.json')
requests_mock.get(
f'https://www.virustotal.com/api/v3/urls/{encode_url_to_base64(testing_url)}'
f'?relationships={url_relationships}',
json=mock_response)
# Run command and collect result array
results = url_command(client=client,
score_calculator=mocked_score_calculator,
args=demisto.args(),
relationships=url_relationships)
assert results[1].execution_metrics == [{
'APICallsCount': 1,
'Type': 'Successful'
}]
assert results[0].execution_metrics is None
assert results[0].outputs == expected_results
def test_multiple_cve(cve_id_arg, response_data, expected, requests_mock):
"""
Given:
a multiple or single CVE to fetch.
When:
cve_command is being called.
Then:
return a List of commandResults - each item representing a CVE.
"""
cves = argToList(cve_id_arg.get('cve_id'))
for test_file, cve in zip(response_data, cves):
test_path_data = os.path.join(os.getcwd(), 'test_data', test_file)
with open(test_path_data) as js:
response = json.load(js)
url_for_mock = os.path.join('https://cve.circl.lu/api/cve', cve)
requests_mock.get(url_for_mock, json=response)
client = Client(base_url=BASE_URL)
command_results = cve_command(client, cve_id_arg)
assert len(command_results) == expected
def test_get_indicators_command_by_risk_rules(mocker, indicator_type,
risk_rules,
build_iterator_answer, value,
type):
"""
Given:
- Recorded Future Feed client initialized with a 'ConnectApi' service, and a:
1. URL indicator type, and a valid risk rule.
2. URL indicator type, and a comma separated list of two valid risk rules.
3. IP indicator type, and a comma separated list of three valid risk rules.
- Mock response of the fetched indicators
When:
- Running the 'get_indicators_command'
Then:
- Verify the raw response and the human readable output of the command are correct, and include fetched indicators
of all the defined risk rules.
"""
client = Client(indicator_type=indicator_type,
api_token='123',
risk_rule=risk_rules,
services=['ConnectApi'])
args = {'indicator_type': indicator_type, 'limit': 1}
mocker.patch('FeedRecordedFuture.Client.build_iterator')
mocker.patch('FeedRecordedFuture.Client.get_batches_from_file',
return_value=build_iterator_answer)
hr, _, entry_results = get_indicators_command(client, args)
risk_rules_list = argToList(risk_rules)
for rule in risk_rules_list:
assert f'Indicators from RecordedFuture Feed for {rule} risk rule' in hr, \
f"human readable output doesn't contain indicators from risk rule {rule}"
for entry in entry_results:
assert entry.get('Value', '') == value
assert entry.get('Type', '') == type
