def test_any_reports_present_yes(config):
"""Does _any_reports_present return True correctly?"""
state_manager = StateManager(config)
state_manager.add_report_item(6, ENGINE_NAME, {'keyval': 1})
sut = AnalysisUtility(None)
sut.config = config
assert sut._any_reports_present(state_manager)
def test_restart_command(cbapi_mock, config):
"""Test data flow through the components in the _restart_command method"""
sut = AnalysisUtility(None)
sut.config = config
sut.cbapi = cbapi_mock.api
hash = METADATA_VALID["sha256"]
cbapi_mock.mock_request(
"POST", f"/ubs/v1/orgs/test/file/_download", {
"found": [{
"sha256": hash,
"url": "DUMMY_URL"
}],
"not_found": [],
"error": []
})
cbapi_mock.mock_request("GET", f"/ubs/v1/orgs/test/sha256/{hash}/metadata",
METADATA_VALID)
cbapi_mock.mock_request(
"PUT",
f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)
components = sut._init_components()
components["engine_manager"].engine.mock_engine_output(hash, IOCS_2)
components["state_manager"].set_checkpoint(hash, ENGINE_NAME, "INGESTED")
sut._restart_command(components)
assert cbapi_mock._last_request_data is not None
assert ENGINE_NAME in cbapi_mock._last_request_data["title"]
assert cbapi_mock._last_request_data[
"description"] == "Automated report generated by Binary Analysis SDK"
assert cbapi_mock._last_request_data["severity"] == IOCS_2[0]["severity"]
assert cbapi_mock._last_request_data["iocs_v2"] == minus_severity(IOCS_2)
assert METADATA_VALID["sha256"] in components[
"state_manager"].get_previous_hashes(ENGINE_NAME)
def test_analyze_command_without_feed(cbapi_mock, config3):
"""Test reports are not sent when a feed id is not present"""
sut = AnalysisUtility(None)
sut.config = config3
sut.cbapi = cbapi_mock.api
hash = METADATA_VALID["sha256"]
cbapi_mock.mock_request(
"POST", f"/ubs/v1/orgs/test/file/_download", {
"found": [{
"sha256": hash,
"url": "DUMMY_URL"
}],
"not_found": [],
"error": []
})
cbapi_mock.mock_request("GET", f"/ubs/v1/orgs/test/sha256/{hash}/metadata",
METADATA_VALID)
components = sut._init_components()
components["engine_manager"].engine.mock_engine_output(hash, IOCS_2)
args = Namespace()
args.file = None
args.list = json.dumps([hash])
sut._analyze_command(args, components)
assert cbapi_mock._last_request_data == {
'expiration_seconds':
3600,
'sha256':
['0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc']
} or cbapi_mock._last_request_data is None
assert METADATA_VALID["sha256"] in components[
"state_manager"].get_previous_hashes(ENGINE_NAME)
def test_restart_command_with_unsent_report_item(cbcloud_api_mock, config):
"""Test that an unsent report item is sent as a process of running the restart command."""
sut = AnalysisUtility(None)
sut.config = config
sut.cbc_api = cbcloud_api_mock.api
cbcloud_api_mock.mock_request(
"PUT",
f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)
components = sut._init_components()
components["state_manager"].add_report_item(IOCS_2[0]["severity"],
ENGINE_NAME,
minus_severity(IOCS_2)[0])
components["state_manager"].set_checkpoint(METADATA_VALID["sha256"],
ENGINE_NAME, "DONE")
sut._restart_command(components)
assert cbcloud_api_mock._last_request_data is not None
assert ENGINE_NAME in cbcloud_api_mock._last_request_data["title"]
assert cbcloud_api_mock._last_request_data[
"description"] == "Automated report generated by Binary Analysis SDK"
assert cbcloud_api_mock._last_request_data["severity"] == IOCS_2[0][
"severity"]
assert cbcloud_api_mock._last_request_data["iocs_v2"] == minus_severity(
IOCS_2)
def test_process_metadata(cbcloud_api_mock, config):
"""Test data flow through the components in the _process_metadata method"""
sut = AnalysisUtility(None)
sut.config = config
sut.cbc_api = cbcloud_api_mock.api
cbcloud_api_mock.mock_request(
"PUT",
f"/threathunter/feedmgr/v2/orgs/test/feeds/{FEED_ID}/reports/.*", None)
components = sut._init_components()
components["engine_manager"].engine.mock_engine_output(
METADATA_VALID["sha256"], IOCS_2)
sut._process_metadata(components, [METADATA_VALID])
assert cbcloud_api_mock._last_request_data is not None
assert ENGINE_NAME in cbcloud_api_mock._last_request_data["title"]
assert cbcloud_api_mock._last_request_data[
"description"] == "Automated report generated by Binary Analysis SDK"
assert cbcloud_api_mock._last_request_data["severity"] == IOCS_2[0][
"severity"]
assert cbcloud_api_mock._last_request_data["iocs_v2"] == minus_severity(
IOCS_2)
assert METADATA_VALID["sha256"] in components[
"state_manager"].get_previous_hashes(ENGINE_NAME)
def test_restart_command_with_nothing_to_do(cbapi_mock, config2):
"""Test data flow through the components in the _restart_command when there are no hashes that are incomplete"""
sut = AnalysisUtility(None)
sut.config = config2
sut.cbapi = cbapi_mock.api
hash = METADATA_VALID["sha256"]
components = sut._init_components()
my_timestamp = datetime.now() - timedelta(0, 300)
components["state_manager"].set_checkpoint(hash, ENGINE_NAME, "DONE",
my_timestamp)
sut._restart_command(components)
assert cbapi_mock._last_request_data is None
assert components["state_manager"]._persistor.db[hash][
"checkpoint_time"] == my_timestamp
def test_analyze_command_with_not_found(cbapi_mock, config):
"""Test data flow through the components in the _analyze_command method for when a hash is not found"""
sut = AnalysisUtility(None)
sut.config = config
sut.cbapi = cbapi_mock.api
hash = METADATA_VALID["sha256"]
cbapi_mock.mock_request("POST", f"/ubs/v1/orgs/test/file/_download", {
"found": [],
"not_found": [hash],
"error": []
})
components = sut._init_components()
args = Namespace()
args.file = None
args.list = json.dumps([hash])
sut._analyze_command(args, components)
assert cbapi_mock._last_request_data is not None
ensure_not_report(cbapi_mock._last_request_data)
assert METADATA_VALID["sha256"] not in components[
"state_manager"].get_previous_hashes(ENGINE_NAME)
def test_any_reports_present_no(config):
"""Does _any_reports_present return False correctly?"""
state_manager = StateManager(config)
sut = AnalysisUtility(None)
sut.config = config
assert not sut._any_reports_present(state_manager)
