def test_update_nonexistent_node_fields(client, key, value): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) # Make sure you cannot update it to use a nonexistent node field value update = client.patch(create.headers["Content-Location"], json={ key: value, "version": version }) assert update.status_code == status.HTTP_404_NOT_FOUND
def test_update_nonexistent_performed_analysis_uuids(client): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) assert create.status_code == status.HTTP_201_CREATED # Make sure you cannot update it to use a nonexistent analysis UUID update = client.patch(create.headers["Content-Location"], json={ "performed_analysis_uuids": [str(uuid.uuid4())], "version": version }) assert update.status_code == status.HTTP_404_NOT_FOUND
def test_update_performed_analysis_uuids(client): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["performed_analysis_uuids"] == [] # Create a child analysis child_analysis_uuid = str(uuid.uuid4()) analysis_create = client.post("/api/analysis/", json={"uuid": child_analysis_uuid}) # Read the analysis back to get its current version get_analysis = client.get(analysis_create.headers["Content-Location"]) initial_version = get_analysis.json()["version"] # Update the performed analyses update = client.patch(create.headers["Content-Location"], json={ "performed_analysis_uuids": [child_analysis_uuid], "version": version }) assert update.status_code == status.HTTP_204_NO_CONTENT # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["performed_analysis_uuids"] == [child_analysis_uuid] assert get.json()["version"] != version # Read the analysis back. By updating the observable instance and setting its performed_analysis_uuids, you should # be able to read the analysis back and see the observable instance listed as its parent_observable_uuid even # though it was not explicitly added. get_analysis = client.get(analysis_create.headers["Content-Location"]) assert get_analysis.json()["parent_observable_uuid"] == get.json()["uuid"] # Additionally, adding the observable instance as the parent should trigger the analysis to have a new version. assert get_analysis.json()["version"] != initial_version
def test_update_valid_node_threats(client, values): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["directives"] == [] # Create a threat type client.post("/api/node/threat/type/", json={"value": "test_type"}) # Create the threats. Need to only create unique values, otherwise the database will return a 409 # conflict exception and will roll back the test's database session (causing the test to fail). for value in list(set(values)): client.post("/api/node/threat/", json={ "types": ["test_type"], "value": value }) # Update the node update = client.patch(create.headers["Content-Location"], json={ "threats": values, "version": version }) assert update.status_code == status.HTTP_204_NO_CONTENT # Read it back get = client.get(create.headers["Content-Location"]) assert len(get.json()["threats"]) == len(list(set(values))) assert get.json()["version"] != version
def test_update_redirection_uuid(client): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["redirection_uuid"] is None # Create a second observable instance to use for redirection redirection_uuid = str(uuid.uuid4()) create2_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "uuid": redirection_uuid, "value": "test", "version": version, } client.post("/api/observable/instance/", json=create2_json) # Update the redirection UUID update = client.patch(create.headers["Content-Location"], json={ "redirection_uuid": redirection_uuid, "version": version }) assert update.status_code == status.HTTP_204_NO_CONTENT # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["redirection_uuid"] == redirection_uuid assert get.json()["version"] != version
def test_create_valid_parent_observable_uuid(client): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance observable_uuid = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "uuid": observable_uuid, "value": "test", } observable_create = client.post("/api/observable/instance/", json=create_json) assert observable_create.status_code == status.HTTP_201_CREATED # Read the observable instance back to get its current version get_observable = client.get(observable_create.headers["Content-Location"]) initial_version = get_observable.json()["version"] # Use the observable instance as the parent for a new analysis child_analysis_uuid = str(uuid.uuid4()) create = client.post("/api/analysis/", json={ "parent_observable_uuid": observable_uuid, "uuid": child_analysis_uuid, }) assert create.status_code == status.HTTP_201_CREATED # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["parent_observable_uuid"] == observable_uuid # Read the observable instance back. By creating the analysis and setting its parent_observable_uuid, # you should be able to read that observable instance back and see the analysis listed in its # performed_analysis_uuids list even though it was not explictly added. get_observable = client.get(observable_create.headers["Content-Location"]) assert get_observable.json()["performed_analysis_uuids"] == [child_analysis_uuid] # Additionally, adding the child analysis to the observable instance should trigger the observable instance # to get a new version. assert get_observable.json()["version"] != initial_version
def test_update_valid_node_threat_actor(client, value): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create = client.post("/api/observable/instance/", json=create_json) # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()["threat_actor"] is None # Create the threat actor if value: client.post("/api/node/threat_actor/", json={"value": value}) # Update the node update = client.patch(create.headers["Content-Location"], json={ "threat_actor": value, "version": version }) assert update.status_code == status.HTTP_204_NO_CONTENT # Read it back get = client.get(create.headers["Content-Location"]) if value: assert get.json()["threat_actor"]["value"] == value else: assert get.json()["threat_actor"] is None assert get.json()["version"] != version
def test_update_invalid_version(client): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", } create = client.post("/api/observable/instance/", json=create_json) # Make sure you cannot update it using an invalid version update = client.patch(create.headers["Content-Location"], json={"version": str(uuid.uuid4())}) assert update.status_code == status.HTTP_409_CONFLICT
def test_update(client, key, initial_value, updated_value): # Create an alert alert_uuid, analysis_uuid = create_alert(client=client) # Create an observable type client.post("/api/observable/type/", json={"value": "test_type"}) # Create an observable instance version = str(uuid.uuid4()) create_json = { "alert_uuid": alert_uuid, "parent_analysis_uuid": analysis_uuid, "type": "test_type", "value": "test", "version": version, } create_json[key] = initial_value create = client.post("/api/observable/instance/", json=create_json) # Read it back get = client.get(create.headers["Content-Location"]) assert get.json()[key] == initial_value # Update it update = client.patch(create.headers["Content-Location"], json={ "version": version, key: updated_value }) assert update.status_code == status.HTTP_204_NO_CONTENT # Read it back get = client.get(create.headers["Content-Location"]) # If the test is for time, make sure that the retrieved value matches the proper UTC timestamp if key == "time": assert get.json()[key] == "2022-01-01T00:00:00+00:00" else: assert get.json()[key] == updated_value assert get.json()["version"] != version