CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-11 19:52:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8045 from Security-Onion-Solutions/fix/mhr_naming

Browse Source 
Fix naming for Malware Hash Registry analyzer
This commit is contained in:
weslambert
2022-05-31 07:52:48 -04:00
committed by GitHub
parent 025677a1e6 7f30a364ee
commit 494ce0756d
12 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
salt/sensoroni/files/analyzers/mhr/__init__.py → salt/sensoroni/files/analyzers/malwarehashregistry/__init__.py
View File

0
salt/sensoroni/files/analyzers/mhr/mhr.json → salt/sensoroni/files/analyzers/malwarehashregistry/malwarehashregistry.json
View File

0
salt/sensoroni/files/analyzers/mhr/mhr.py → salt/sensoroni/files/analyzers/malwarehashregistry/malwarehashregistry.py
View File

28
salt/sensoroni/files/analyzers/mhr/mhr_test.py → salt/sensoroni/files/analyzers/malwarehashregistry/malwarehashregistry_test.py
View File

@@ -1,26 +1,26 @@
from io import StringIO from io import StringIO
import sys import sys
from unittest.mock import patch, MagicMock from unittest.mock import patch, MagicMock
from mhr import mhr from malwarehashregistry import malwarehashregistry
import unittest import unittest
class TestMHRMethods(unittest.TestCase): class TestMalwareHashRegistryMethods(unittest.TestCase):
def test_main_missing_input(self): def test_main_missing_input(self):
with patch('sys.exit', new=MagicMock()) as sysmock: with patch('sys.exit', new=MagicMock()) as sysmock:
with patch('sys.stderr', new=StringIO()) as mock_stderr: with patch('sys.stderr', new=StringIO()) as mock_stderr:
sys.argv = ["cmd"] sys.argv = ["cmd"]
mhr.main() malwarehashregistry.main()
self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] artifact\ncmd: error: the following arguments are required: artifact\n") self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] artifact\ncmd: error: the following arguments are required: artifact\n")
sysmock.assert_called_once_with(2) sysmock.assert_called_once_with(2)
def test_main_success(self): def test_main_success(self):
output = {"foo": "bar"} output = {"foo": "bar"}
with patch('sys.stdout', new=StringIO()) as mock_stdout: with patch('sys.stdout', new=StringIO()) as mock_stdout:
with patch('mhr.mhr.analyze', new=MagicMock(return_value=output)) as mock: with patch('malwarehashregistry.malwarehashregistry.analyze', new=MagicMock(return_value=output)) as mock:
sys.argv = ["cmd", "input"] sys.argv = ["cmd", "input"]
mhr.main() malwarehashregistry.main()
expected = '{"foo": "bar"}\n' expected = '{"foo": "bar"}\n'
self.assertEqual(mock_stdout.getvalue(), expected) self.assertEqual(mock_stdout.getvalue(), expected)
mock.assert_called_once() mock.assert_called_once()
@@ -32,7 +32,7 @@ class TestMHRMethods(unittest.TestCase):
flags = 0 flags = 0
options = {"whoishost": server} options = {"whoishost": server}
with patch('whois.NICClient.whois_lookup', new=MagicMock(return_value=output)) as mock: with patch('whois.NICClient.whois_lookup', new=MagicMock(return_value=output)) as mock:
response = mhr.sendReq(hash) response = malwarehashregistry.sendReq(hash)
mock.assert_called_once_with(options, hash, flags) mock.assert_called_once_with(options, hash, flags)
self.assertIsNotNone(response) self.assertIsNotNone(response)
self.assertEqual(response, {"hash": "84af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "2019-15-07 03:30:33", "av_detection_percentage": 35}) self.assertEqual(response, {"hash": "84af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "2019-15-07 03:30:33", "av_detection_percentage": 35})
@@ -44,42 +44,42 @@ class TestMHRMethods(unittest.TestCase):
flags = 0 flags = 0
options = {"whoishost": server} options = {"whoishost": server}
with patch('whois.NICClient.whois_lookup', new=MagicMock(return_value=output)) as mock: with patch('whois.NICClient.whois_lookup', new=MagicMock(return_value=output)) as mock:
response = mhr.sendReq(hash) response = malwarehashregistry.sendReq(hash)
mock.assert_called_once_with(options, hash, flags) mock.assert_called_once_with(options, hash, flags)
self.assertIsNotNone(response) self.assertIsNotNone(response)
self.assertEqual(response, {"hash": "84af04b8e69682782607a0c5796ca5696b3", "last_seen": "NO_DATA", "av_detection_percentage": 0}) self.assertEqual(response, {"hash": "84af04b8e69682782607a0c5796ca5696b3", "last_seen": "NO_DATA", "av_detection_percentage": 0})
def test_prepareResults_none(self): def test_prepareResults_none(self):
raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "NO_DATA", "av_detection_percentage": 0} raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "NO_DATA", "av_detection_percentage": 0}
results = mhr.prepareResults(raw) results = malwarehashregistry.prepareResults(raw)
self.assertEqual(results["response"], raw) self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "no_results") self.assertEqual(results["summary"], "no_results")
self.assertEqual(results["status"], "ok") self.assertEqual(results["status"], "ok")
def test_prepareResults_harmless(self): def test_prepareResults_harmless(self):
raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 0} raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 0}
results = mhr.prepareResults(raw) results = malwarehashregistry.prepareResults(raw)
self.assertEqual(results["response"], raw) self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "harmless") self.assertEqual(results["summary"], "harmless")
self.assertEqual(results["status"], "ok") self.assertEqual(results["status"], "ok")
def test_prepareResults_sus(self): def test_prepareResults_sus(self):
raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 1} raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 1}
results = mhr.prepareResults(raw) results = malwarehashregistry.prepareResults(raw)
self.assertEqual(results["response"], raw) self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "suspicious") self.assertEqual(results["summary"], "suspicious")
self.assertEqual(results["status"], "caution") self.assertEqual(results["status"], "caution")
def test_prepareResults_mal(self): def test_prepareResults_mal(self):
raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 51} raw = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "123456", "av_detection_percentage": 51}
results = mhr.prepareResults(raw) results = malwarehashregistry.prepareResults(raw)
self.assertEqual(results["response"], raw) self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "malicious") self.assertEqual(results["summary"], "malicious")
self.assertEqual(results["status"], "threat") self.assertEqual(results["status"], "threat")
def test_prepareResults_error(self): def test_prepareResults_error(self):
raw = {} raw = {}
results = mhr.prepareResults(raw) results = malwarehashregistry.prepareResults(raw)
self.assertEqual(results["response"], raw) self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "internal_failure") self.assertEqual(results["summary"], "internal_failure")
self.assertEqual(results["status"], "caution") self.assertEqual(results["status"], "caution")
@@ -87,7 +87,7 @@ class TestMHRMethods(unittest.TestCase):
def test_analyze(self): def test_analyze(self):
output = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "NO_DATA", "av_detection_percentage": 0} output = {"hash": "14af04b8e69682782607a0c5796ca56999eda6b3", "last_seen": "NO_DATA", "av_detection_percentage": 0}
artifactInput = '{"value": "14af04b8e69682782607a0c5796ca56999eda6b3", "artifactType": "hash"}' artifactInput = '{"value": "14af04b8e69682782607a0c5796ca56999eda6b3", "artifactType": "hash"}'
with patch('mhr.mhr.sendReq', new=MagicMock(return_value=output)) as mock: with patch('malwarehashregistry.malwarehashregistry.sendReq', new=MagicMock(return_value=output)) as mock:
results = mhr.analyze(artifactInput) results = malwarehashregistry.analyze(artifactInput)
self.assertEqual(results["summary"], "no_results") self.assertEqual(results["summary"], "no_results")
mock.assert_called_once() mock.assert_called_once()

0
salt/sensoroni/files/analyzers/mhr/requirements.txt → salt/sensoroni/files/analyzers/malwarehashregistry/requirements.txt
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/certifi-2021.10.8-py2.py3-none-any.whl → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/certifi-2021.10.8-py2.py3-none-any.whl
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/charset_normalizer-2.0.12-py3-none-any.whl → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/charset_normalizer-2.0.12-py3-none-any.whl
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/future-0.18.2.tar.gz → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/future-0.18.2.tar.gz
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/idna-3.3-py3-none-any.whl → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/idna-3.3-py3-none-any.whl
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/python-whois-0.7.3.tar.gz → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/python-whois-0.7.3.tar.gz
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/requests-2.27.1-py2.py3-none-any.whl → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/requests-2.27.1-py2.py3-none-any.whl
View File

0
salt/sensoroni/files/analyzers/mhr/source-packages/urllib3-1.26.9-py2.py3-none-any.whl → salt/sensoroni/files/analyzers/malwarehashregistry/source-packages/urllib3-1.26.9-py2.py3-none-any.whl
View File