def test_update_nonexistent_node_fields(client, key, value):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
# Make sure you cannot update it to use a nonexistent node field value
update = client.patch(create.headers["Content-Location"],
json={
key: value,
"version": version
})
assert update.status_code == status.HTTP_404_NOT_FOUND
def test_update_nonexistent_performed_analysis_uuids(client):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
assert create.status_code == status.HTTP_201_CREATED
# Make sure you cannot update it to use a nonexistent analysis UUID
update = client.patch(create.headers["Content-Location"],
json={
"performed_analysis_uuids": [str(uuid.uuid4())],
"version": version
})
assert update.status_code == status.HTTP_404_NOT_FOUND
def test_update_performed_analysis_uuids(client):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["performed_analysis_uuids"] == []
# Create a child analysis
child_analysis_uuid = str(uuid.uuid4())
analysis_create = client.post("/api/analysis/",
json={"uuid": child_analysis_uuid})
# Read the analysis back to get its current version
get_analysis = client.get(analysis_create.headers["Content-Location"])
initial_version = get_analysis.json()["version"]
# Update the performed analyses
update = client.patch(create.headers["Content-Location"],
json={
"performed_analysis_uuids":
[child_analysis_uuid],
"version": version
})
assert update.status_code == status.HTTP_204_NO_CONTENT
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["performed_analysis_uuids"] == [child_analysis_uuid]
assert get.json()["version"] != version
# Read the analysis back. By updating the observable instance and setting its performed_analysis_uuids, you should
# be able to read the analysis back and see the observable instance listed as its parent_observable_uuid even
# though it was not explicitly added.
get_analysis = client.get(analysis_create.headers["Content-Location"])
assert get_analysis.json()["parent_observable_uuid"] == get.json()["uuid"]
# Additionally, adding the observable instance as the parent should trigger the analysis to have a new version.
assert get_analysis.json()["version"] != initial_version
def test_update_valid_node_threats(client, values):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["directives"] == []
# Create a threat type
client.post("/api/node/threat/type/", json={"value": "test_type"})
# Create the threats. Need to only create unique values, otherwise the database will return a 409
# conflict exception and will roll back the test's database session (causing the test to fail).
for value in list(set(values)):
client.post("/api/node/threat/",
json={
"types": ["test_type"],
"value": value
})
# Update the node
update = client.patch(create.headers["Content-Location"],
json={
"threats": values,
"version": version
})
assert update.status_code == status.HTTP_204_NO_CONTENT
# Read it back
get = client.get(create.headers["Content-Location"])
assert len(get.json()["threats"]) == len(list(set(values)))
assert get.json()["version"] != version
def test_update_redirection_uuid(client):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["redirection_uuid"] is None
# Create a second observable instance to use for redirection
redirection_uuid = str(uuid.uuid4())
create2_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"uuid": redirection_uuid,
"value": "test",
"version": version,
}
client.post("/api/observable/instance/", json=create2_json)
# Update the redirection UUID
update = client.patch(create.headers["Content-Location"],
json={
"redirection_uuid": redirection_uuid,
"version": version
})
assert update.status_code == status.HTTP_204_NO_CONTENT
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["redirection_uuid"] == redirection_uuid
assert get.json()["version"] != version
def test_create_valid_parent_observable_uuid(client):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
observable_uuid = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"uuid": observable_uuid,
"value": "test",
}
observable_create = client.post("/api/observable/instance/", json=create_json)
assert observable_create.status_code == status.HTTP_201_CREATED
# Read the observable instance back to get its current version
get_observable = client.get(observable_create.headers["Content-Location"])
initial_version = get_observable.json()["version"]
# Use the observable instance as the parent for a new analysis
child_analysis_uuid = str(uuid.uuid4())
create = client.post("/api/analysis/", json={
"parent_observable_uuid": observable_uuid,
"uuid": child_analysis_uuid,
})
assert create.status_code == status.HTTP_201_CREATED
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["parent_observable_uuid"] == observable_uuid
# Read the observable instance back. By creating the analysis and setting its parent_observable_uuid,
# you should be able to read that observable instance back and see the analysis listed in its
# performed_analysis_uuids list even though it was not explictly added.
get_observable = client.get(observable_create.headers["Content-Location"])
assert get_observable.json()["performed_analysis_uuids"] == [child_analysis_uuid]
# Additionally, adding the child analysis to the observable instance should trigger the observable instance
# to get a new version.
assert get_observable.json()["version"] != initial_version
def test_update_valid_node_threat_actor(client, value):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create = client.post("/api/observable/instance/", json=create_json)
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()["threat_actor"] is None
# Create the threat actor
if value:
client.post("/api/node/threat_actor/", json={"value": value})
# Update the node
update = client.patch(create.headers["Content-Location"],
json={
"threat_actor": value,
"version": version
})
assert update.status_code == status.HTTP_204_NO_CONTENT
# Read it back
get = client.get(create.headers["Content-Location"])
if value:
assert get.json()["threat_actor"]["value"] == value
else:
assert get.json()["threat_actor"] is None
assert get.json()["version"] != version
def test_update_invalid_version(client):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
}
create = client.post("/api/observable/instance/", json=create_json)
# Make sure you cannot update it using an invalid version
update = client.patch(create.headers["Content-Location"],
json={"version": str(uuid.uuid4())})
assert update.status_code == status.HTTP_409_CONFLICT
def test_update(client, key, initial_value, updated_value):
# Create an alert
alert_uuid, analysis_uuid = create_alert(client=client)
# Create an observable type
client.post("/api/observable/type/", json={"value": "test_type"})
# Create an observable instance
version = str(uuid.uuid4())
create_json = {
"alert_uuid": alert_uuid,
"parent_analysis_uuid": analysis_uuid,
"type": "test_type",
"value": "test",
"version": version,
}
create_json[key] = initial_value
create = client.post("/api/observable/instance/", json=create_json)
# Read it back
get = client.get(create.headers["Content-Location"])
assert get.json()[key] == initial_value
# Update it
update = client.patch(create.headers["Content-Location"],
json={
"version": version,
key: updated_value
})
assert update.status_code == status.HTTP_204_NO_CONTENT
# Read it back
get = client.get(create.headers["Content-Location"])
# If the test is for time, make sure that the retrieved value matches the proper UTC timestamp
if key == "time":
assert get.json()[key] == "2022-01-01T00:00:00+00:00"
else:
assert get.json()[key] == updated_value
assert get.json()["version"] != version
