def test_create_fact_type():
mock = get_mock_data("data/post_v1_factType_threatActorAlias_201.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
mock_data = mock["json"]["data"]
threat_actor_id = mock_data["relevantObjectBindings"][0][
"destinationObjectType"]["id"]
c = act.api.Act("http://localhost:8080", 1)
fact_type = c.fact_type(
name="threatActorAlias",
validator=".+",
relevant_object_bindings=[
act.api.fact.RelevantObjectBindings(
act.api.obj.Object(id=threat_actor_id),
act.api.obj.Object(id=threat_actor_id),
True,
)
],
).add()
assert fact_type.name == "threatActorAlias"
assert re.search(UUID_MATCH, fact_type.id)
def test_get_object_by_type_value():
mock = get_mock_data("data/post_v1_object_facts_200.json")
responses.add(
responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.Act("http://localhost:8080", 1)
obj = c.object(type="ipv4", value="127.0.0.1")
facts = obj.facts()
assert not facts.complete
assert len(facts) == facts.size
# We should have at least one fact
assert len(facts) > 1
# All facts should be of type Fact
assert all([isinstance(fact, act.fact.Fact) for fact in facts])
# All facts should have an UUID
assert all([re.search(RE_UUID_MATCH, fact.id) for fact in facts])
def test_object_search():
mock = get_mock_data("data/post_v1_object_search_200.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
objects = c.object_search(fact_type=["seenIn"],
fact_value=["report"],
limit=1)
assert not objects.complete
assert objects.size == 1
assert objects.count > 1
obj = objects[0]
# Objects should not have "object_type", since that property is stored in
# "type"
with pytest.raises(AttributeError):
# pylint: disable=pointless-statement
obj.object_type
# Objects should not have "object_value", since that property is stored in
# "value"
with pytest.raises(AttributeError):
# pylint: disable=pointless-statement
obj.object_value
# All facts should have an UUID
assert all([re.search(UUID_MATCH, obj.id) for obj in objects])
def test_fact_acl():
mock = get_mock_data("data/get_v1_fact_uuid_access_200.json")
responses.add(responses.GET,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
uuid = re.search(UUID, mock["url"]).group("uuid")
acl = c.fact(id=uuid).get_acl()
assert acl == []
def test_get_fact_types():
mock = get_mock_data("data/get_v1_factType_200.json")
responses.add(responses.GET,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
fact_types = c.get_fact_types()
assert fact_types.size == len(fact_types)
def test_create_origin():
mock_add = get_mock_data("data/post_v1_origin_myorigin_201.json")
responses.add(responses.POST,
mock_add["url"],
json=mock_add["json"],
status=mock_add["status_code"])
mock_get = get_mock_data("data/get_v1_origin_200.json")
responses.add(responses.GET,
mock_get["url"],
json=mock_get["json"],
status=mock_get["status_code"])
c = act.api.Act("http://localhost:8888", 1)
o = c.origin("my-origin", trust=0.8, description="My origin")
origin = o.add()
assert origin.name == "my-origin"
assert re.search(RE_UUID_MATCH, origin.id)
def test_create_object_type():
mock = get_mock_data("data/post_v1_objectType_threatActor_201.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
object_type = c.object_type(name="threatActor", validator=".+").add()
assert object_type.name == "threatActor"
assert re.search(UUID_MATCH, object_type.id)
def test_fact_add_comment():
mock = get_mock_data("data/post_v1_fact_uuid_comments_201.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
# Get comments
uuid = re.search(UUID, mock["url"]).group("uuid")
c.fact(id=uuid).add_comment("Test comment")
def test_add_fact():
mock = get_mock_data("data/post_v1_fact_127.0.0.1_201.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
f = (c.fact("seenIn",
"report").source("ipv4",
"127.0.0.1").destination("report", "xyz"))
assert f.type.name == "seenIn"
assert f.value == "report"
# We do not have id or timestamp yet
assert f.id is None
assert f.timestamp is None
assert f.source_object is not None
assert f.destination_object is not None
assert f.bidirectional_binding is not None
# Add fact
f.add()
fact_repr = repr(f)
repr_f = eval(fact_repr)
assert f == repr_f
assert f.value == repr_f.value
assert f.type.name == repr_f.type.name
assert f.source_object == repr_f.source_object
assert f.source_object.value == repr_f.source_object.value
assert f.destination_object.type == repr_f.destination_object.type
assert f.destination_object.value == repr_f.destination_object.value
assert str(f) == str(repr_f)
assert (
str(f) ==
"(ipv4/127.0.0.1) -[seenIn/report]-> (report/87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7)"
)
# id, timestamp and organization should now be fetched from API
assert re.search(UUID_MATCH, f.id)
assert re.search(TIMESTAMP_MATCH, f.timestamp)
assert re.search(UUID_MATCH, f.organization.id)
def test_get_origins():
mock = get_mock_data("data/get_v1_origin_200.json")
responses.add(responses.GET,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8888", 1)
origins = c.get_origins(limit=0)
# We should have a ipv4 object type
assert "my-origin" in [origin.name for origin in origins]
# All origins should have a valid uuid
assert all([re.search(RE_UUID_MATCH, origin.id) for origin in origins])
def test_fact_get_comments():
mock = get_mock_data("data/get_v1_fact_uuid_comments_200.json")
responses.add(responses.GET,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.Act("http://localhost:8080", 1)
# Get comments
uuid = re.search(RE_UUID, mock["url"]).group("uuid")
comments = c.fact(id=uuid).get_comments()
assert comments # Should be non empty
assert comments[0].comment == "Test comment"
assert re.search(RE_TIMESTAMP, comments[0].timestamp)
assert all([isinstance(comment, act.base.Comment) for comment in comments])
def test_get_object_by_uuid():
mock = get_mock_data("data/post_v1_object_uuid_facts_200.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
uuid = re.search(UUID, mock["url"]).group("uuid")
c = act.api.Act("http://localhost:8080", 1)
obj = c.object(id=uuid)
facts = obj.facts()
assert all([re.search(UUID_MATCH, fact.id) for fact in facts])
def test_get_object_search():
mock = get_mock_data("data/post_v1_object_traverse_200.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
obj = c.object(type="ipv4", value="127.0.0.1")
path = obj.traverse('g.bothE("seenIn").bothV().path().unfold()')
# Should contain both objects and facts
assert any([isinstance(elem, act.api.obj.Object) for elem in path])
assert any([isinstance(elem, act.api.fact.Fact) for elem in path])
def test_get_object_types():
mock = get_mock_data("data/get_v1_objectType_200.json")
responses.add(responses.GET,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
object_types = c.get_object_types()
# We should have a ipv4 object type
assert "ipv4" in [object_t.name for object_t in object_types]
# All object types should have a valid uuid
assert all(
[re.search(UUID_MATCH, object_t.id) for object_t in object_types])
def test_fact_search():
mock = get_mock_data("data/post_v1_fact_search_200.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
facts = c.fact_search(fact_type=["seenIn"], fact_value=["report"], limit=1)
assert not facts.complete
assert facts.size == 1
assert facts.count > 1
# All facts should have an UUID
assert all([re.search(UUID_MATCH, fact.id) for fact in facts])
def test_add_meta_fact():
mock = get_mock_data("data/post_v1_fact_uuid_meta_201.json")
responses.add(responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8080", 1)
uuid = re.search(UUID, mock["url"]).group("uuid")
f = c.fact(id=uuid)
value = mock["params"]["json"]["value"]
meta = f.meta("observationTime", value).add()
assert meta.type.name == "observationTime"
assert meta.value == value
def test_add_fact_validation_error():
""" Test adding fact that fails on validation """
mock = get_mock_data("data/post_v1_fact_127.0.0.x_412.json")
responses.add(
responses.POST,
mock["url"],
json=mock["json"],
status=mock["status_code"])
c = act.api.Act("http://localhost:8888", 1)
f = c.fact("mentions", "report") \
.source("report", "xyz") \
.destination("ipv4", "127.0.0.x")
# Add fact -> should fail on ipv4 validation
with pytest.raises(act.api.base.ValidationError):
f.add()
try:
f.add()
except act.api.base.ValidationError as err:
assert(str(err) == "Object did not pass validation against ObjectType. " +
"(objectValue=127.0.0.x)")
