Update tests

2025-12-08 18:22:47 +01:00 · 2023-12-15 20:53:19 +00:00
parent 020472085b
commit 981f3642a0
4 changed files with 172 additions and 16 deletions
--- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py
+++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py
@@ -46,6 +46,30 @@ class TestMalwarebazaarMethods(unittest.TestCase):
                mock2.assert_called()
                mock.assert_called()

+    def test_analyze_result(self):
+        """simulated sendReq and prepareResults with 2 mock objects and variables sendReqOutput and prepareResultOutput,
+            input created for analyze method call and then we compared results['summary'] with 'no result' """
+        sendReqOutput = {'threat': 'threat', "query_status": "notok", 'data': [{'sha256_hash': 'validhash'}]}
+        input = '{"artifactType": "hash", "value": "1234"}'
+        input2 = '{"artifactType": "tlsh", "value": "1234"}'
+        input3 = '{"artifactType": "gimphash", "value": "1234"}'
+        prepareResultOutput = {'response': '',
+                               'summary': 'Bad', 'status': 'threat'}
+
+        with patch('malwarebazaar.malwarebazaar.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock:
+            with patch('malwarebazaar.malwarebazaar.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
+                results = malwarebazaar.analyze(input)
+                results2 = malwarebazaar.analyze(input2)
+                results3 = malwarebazaar.analyze(input3)
+                self.assertEqual(results["summary"], prepareResultOutput['summary'])
+                self.assertEqual(results2["summary"], prepareResultOutput['summary'])
+                self.assertEqual(results3["summary"], prepareResultOutput['summary'])
+                self.assertEqual(results["status"], "threat")
+                self.assertEqual(results2["status"], "threat")
+                self.assertEqual(results3["status"], "threat")
+                mock2.assert_called()
+                mock.assert_called()
+
    def test_prepareResults_illegal_search_term(self):
        # illegal search term
        raw = {'query_status': 'illegal_search_term'}
@@ -53,6 +77,54 @@ class TestMalwarebazaarMethods(unittest.TestCase):
        results = malwarebazaar.prepareResults(raw)
        self.assertEqual(results, expected)

+    def test_prepareResults_empty(self):
+        # raw is empty
+        raw = {}
+        expected = {'response': raw, 'status': 'caution', 'summary': 'internal_failure'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_threat(self):
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'ReversingLabs': {'status': 'MALICIOUS'}}, 'signature': 'abcd1234', 'tags': ['tag1']}]}
+        expected = {'response': raw, 'status': 'threat', 'summary': 'abcd1234'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_caution(self):
+        # raw is empty
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'Triage': {'score': '6'}}, 'signature': 'abcd1234', 'tags': ['tag1']}]}
+        expected = {'response': raw, 'status': 'caution', 'summary': 'abcd1234'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_info(self):
+        # raw is empty
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'Triage': {'score': '3'}}, 'signature': 'abcd1234', 'tags': ['tag1']}]}
+        expected = {'response': raw, 'status': 'info', 'summary': 'abcd1234'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_ok(self):
+        # raw is empty
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'Triage': {'score': '1'}}, 'signature': 'abcd1234', 'tags': ['tag1']}]}
+        expected = {'response': raw, 'status': 'ok', 'summary': 'abcd1234'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_ok_tags(self):
+        # raw is empty
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'Triage': {'score': '1'}}, 'tags': ['tag1']}]}
+        expected = {'response': raw, 'status': 'ok', 'summary': 'tag1'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
+    def test_prepareResults_ok_yomi(self):
+        # raw is empty
+        raw = {'query_status': 'ok', 'data': [{'sha256_hash': 'validhash', 'vendor_intel': {'YOROI_YOMI': {'detection': 'detection1', 'summary': '0.1'}}}]}
+        expected = {'response': raw, 'status': 'ok', 'summary': 'detection1'}
+        results = malwarebazaar.prepareResults(raw)
+        self.assertEqual(results, expected)
+
    def test_buildReqGimqhash(self):
        result = malwarebazaar.buildReq('gimphash', '')
        self.assertEqual(
@@ -67,3 +139,11 @@ class TestMalwarebazaarMethods(unittest.TestCase):
        result = malwarebazaar.buildReq('tlsh', '')
        self.assertEqual(
            result, {'query': 'get_tlsh', 'tlsh': ''})
+
+    # simulate API response and makes sure sendReq gives a response, we are just checking if sendReq gives back anything
+    def test_sendReq(self):
+        with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock:
+            response = malwarebazaar.sendReq(
+                {'baseUrl': 'https://www.randurl.xyz'}, 'example_data')
+            self.assertIsNotNone(response)
+            mock.assert_called_once()