From b59896bb477c511662b73d1ddb5cf329f849b840 Mon Sep 17 00:00:00 2001 From: Jackson Date: Fri, 15 Dec 2023 02:47:54 -0500 Subject: [PATCH] ThreatFox and EchoTrail --- .../files/analyzers/echotrail/echotrail.py | 4 ++-- .../files/analyzers/echotrail/echotrail_test.py | 11 +++++++---- .../files/analyzers/threatfox/threatfox.py | 2 +- .../files/analyzers/threatfox/threatfox_test.py | 13 +++++-------- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/salt/sensoroni/files/analyzers/echotrail/echotrail.py b/salt/sensoroni/files/analyzers/echotrail/echotrail.py index 11d8931be..34c6a51a2 100644 --- a/salt/sensoroni/files/analyzers/echotrail/echotrail.py +++ b/salt/sensoroni/files/analyzers/echotrail/echotrail.py @@ -5,10 +5,10 @@ import requests import helpers import argparse + # for test usage: # python3 echotrail.py '{"artifactType":"hash", "value":"438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7"}' # You will need to provide an API key in the .yaml file. - def checkConfigRequirements(conf): if not conf['api_key']: sys.exit(126) @@ -64,4 +64,4 @@ def main(): if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py b/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py index 53b816cd4..b6873c507 100644 --- a/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py +++ b/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py @@ -3,7 +3,6 @@ import sys from unittest.mock import patch, MagicMock import unittest import echotrail -import helpers class TestEchoTrailMethods(unittest.TestCase): @@ -15,24 +14,26 @@ class TestEchoTrailMethods(unittest.TestCase): expected = '{"test": "val"}\n' self.assertEqual(mock_cmd.getvalue(), expected) mock.assert_called_once() - + def test_main_missing_input(self): with patch('sys.exit', new=MagicMock()) as sysmock: with patch('sys.stderr', new=StringIO()) as mock_stderr: sys.argv = ["cmd"] echotrail.main() self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n") + sysmock.assert_called_once() def test_checkConfigRequirements(self): - conf = {'base_url': 'https://www.randurl.xyz/', 'api_key':''} + conf = {'base_url': 'https://www.randurl.xyz/', 'api_key': ''} with self.assertRaises(SystemExit) as cm: echotrail.checkConfigRequirements(conf) self.assertEqual(cm.exception.code, 126) def test_sendReq(self): with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock: - response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key':'randkey'}, observ_value='example_data') + response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key': 'randkey'}, observ_value='example_data') self.assertIsNotNone(response) + mock.assert_called_once() def test_prepareResults_noinput(self): raw = {} @@ -59,3 +60,5 @@ class TestEchoTrailMethods(unittest.TestCase): with patch('echotrail.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2: results = echotrail.analyze(conf, input) self.assertEqual(results["summary"], "inconclusive") + mock2.assert_called_once() + mock.assert_called_once() diff --git a/salt/sensoroni/files/analyzers/threatfox/threatfox.py b/salt/sensoroni/files/analyzers/threatfox/threatfox.py index a3b674c58..134ad99ec 100644 --- a/salt/sensoroni/files/analyzers/threatfox/threatfox.py +++ b/salt/sensoroni/files/analyzers/threatfox/threatfox.py @@ -71,4 +71,4 @@ def main(): if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py b/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py index af35979c9..4f8cad369 100644 --- a/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py +++ b/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py @@ -50,23 +50,20 @@ class TestThreatfoxMethods(unittest.TestCase): result = threatfox.buildReq('domain', 'https://google.com') self.assertEqual( result, {'query': 'search_ioc', 'search_term': 'https://google.com'}) - + def test_buildReqFalse(self): result = threatfox.buildReq('hash', '2151c4b970eff0071948dbbc19066aa4') self.assertNotEqual(result, {}) - - # simulate API response and makes sure sendReq gives a response - # we are just checking if sendReq gives back anything + # simulate API response and makes sure sendReq gives a response, we are just checking if sendReq gives back anything def test_sendReq(self): with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock: response = threatfox.sendReq( {'baseUrl': 'https://www.randurl.xyz'}, 'example_data') self.assertIsNotNone(response) + mock.assert_called_once() - # result stores the output of the prepareResults method - # comparing result with expected output - + # result stores the output of the prepareResults method, comparing result with expected output def test_prepareResults_noinput(self): # no/improper given input raw = {} @@ -113,9 +110,9 @@ class TestThreatfoxMethods(unittest.TestCase): input = '{"artifactType":"hash", "value":"1234"}' prepareResultOutput = {'response': '', 'summary': 'no result', 'status': ''} - with patch('threatfox.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock: with patch('threatfox.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2: results = threatfox.analyze(input) self.assertEqual(results["summary"], "no result") mock.assert_called_once() + mock2.assert_called_once()