def clean_db():
# pylint: disable=protected-access
# We need to access the collections to make sure they are in the cache
Entity._get_collection()
Indicator._get_collection()
Malware._get_collection()
Observable._get_collection()
Hostname._get_collection()
Tag._get_collection()
Vocabs._get_collection()
Relationship._get_collection()
User._get_collection()
db.clear()
def test_update_indicator():
"""Tests that a Indicator object is succesfully updated."""
indicator = Indicator(
name='Poison Ivy Malware',
labels=['malicious-activity'],
description='This file is part of Poison Ivy',
pattern=
"[ file:hashes.'SHA-256' = '4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877' ]", # pylint: disable=line-too-long
valid_from="2016-01-01T00:00:00Z",
valid_until="2017-01-01T00:00:00Z")
indicator.save()
stix_id = indicator.id
updated = indicator.update({'name': 'Poison Apple Malware'})
assert updated.id == stix_id
assert updated.labels == ['malicious-activity']
assert updated.description == 'This file is part of Poison Ivy'
assert updated.pattern == "[ file:hashes.'SHA-256' = '4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877' ]" # pylint: disable=line-too-long
assert str(updated.valid_from) == "2016-01-01 00:00:00+00:00"
assert str(updated.valid_until) == "2017-01-01 00:00:00+00:00"
def match(self):
"""Matches a series of binary objects against indicators."""
objects = request.get_json()
all_indicators = Indicator.list()
matches = []
for obj in objects:
decoded = decode_object(obj)
for indicator in all_indicators:
match = indicator.match(decoded)
if match:
matches.append(match)
return matches
def test_indicator_creation():
"""Tests the creation of a single Indicator object."""
indicator = Indicator(
name='Poison Ivy Malware',
labels=['malicious-activity'],
description='This file is part of Poison Ivy',
pattern=
"[ file:hashes.'SHA-256' = '4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877' ]", # pylint: disable=line-too-long
valid_from="2016-01-01T00:00:00Z",
valid_until="2017-01-01T00:00:00Z")
# pylint: disable=protected-access
assert indicator._stix_object is not None
assert isinstance(indicator._stix_object, StixIndicator)
def match(self): # pylint: disable=redefined-builtin
"""Matches an object against a set of indicators.
Returns:
A JSON representation of the match,
A 404 (Not Found) HTTP response if no indicators matched the filter.
"""
args = parser.parse(self.matchargs, request)
if 'filter' in args:
indicators = Indicator.filter(args)
else:
indicators = Indicator.list()
if not indicators:
return '', 404
matches = []
for indicator in indicators:
match = indicator.match(args['object'])
if match:
matches.append(match)
return matches, 200
def test_invalid_indicator_name():
"""Tests that an indicator with an invalid name cannot be created."""
with pytest.raises(ValidationError):
Indicator(name=123).save()
def test_indicator_formatting():
"""Tests correct indicator formatting to string."""
ent = Indicator(name='asd').save()
assert str(ent) == "<Indicator('asd')>"