CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

ThreatFox and EchoTrail

Browse Source
This commit is contained in:
Jackson
2023-12-15 02:47:54 -05:00
parent c59a6516fc
commit b59896bb47
4 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/sensoroni/files/analyzers/echotrail/echotrail.py
View File

@@ -5,10 +5,10 @@ import requests
import helpers import helpers
import argparse import argparse
# for test usage: # for test usage:
# python3 echotrail.py '{"artifactType":"hash", "value":"438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7"}' # python3 echotrail.py '{"artifactType":"hash", "value":"438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7"}'
# You will need to provide an API key in the .yaml file. # You will need to provide an API key in the .yaml file.
def checkConfigRequirements(conf): def checkConfigRequirements(conf):
if not conf['api_key']: if not conf['api_key']:
sys.exit(126) sys.exit(126)

9
salt/sensoroni/files/analyzers/echotrail/echotrail_test.py
View File

@@ -3,7 +3,6 @@ import sys
from unittest.mock import patch, MagicMock from unittest.mock import patch, MagicMock
import unittest import unittest
import echotrail import echotrail
import helpers
class TestEchoTrailMethods(unittest.TestCase): class TestEchoTrailMethods(unittest.TestCase):
@@ -22,17 +21,19 @@ class TestEchoTrailMethods(unittest.TestCase):
sys.argv = ["cmd"] sys.argv = ["cmd"]
echotrail.main() echotrail.main()
self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n") self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n")
sysmock.assert_called_once()
def test_checkConfigRequirements(self): def test_checkConfigRequirements(self):
conf = {'base_url': 'https://www.randurl.xyz/', 'api_key':''} conf = {'base_url': 'https://www.randurl.xyz/', 'api_key': ''}
with self.assertRaises(SystemExit) as cm: with self.assertRaises(SystemExit) as cm:
echotrail.checkConfigRequirements(conf) echotrail.checkConfigRequirements(conf)
self.assertEqual(cm.exception.code, 126) self.assertEqual(cm.exception.code, 126)
def test_sendReq(self): def test_sendReq(self):
with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock: with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock:
response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key':'randkey'}, observ_value='example_data') response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key': 'randkey'}, observ_value='example_data')
self.assertIsNotNone(response) self.assertIsNotNone(response)
mock.assert_called_once()
def test_prepareResults_noinput(self): def test_prepareResults_noinput(self):
raw = {} raw = {}
@@ -59,3 +60,5 @@ class TestEchoTrailMethods(unittest.TestCase):
with patch('echotrail.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2: with patch('echotrail.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
results = echotrail.analyze(conf, input) results = echotrail.analyze(conf, input)
self.assertEqual(results["summary"], "inconclusive") self.assertEqual(results["summary"], "inconclusive")
mock2.assert_called_once()
mock.assert_called_once()

11
salt/sensoroni/files/analyzers/threatfox/threatfox_test.py
View File

@@ -55,18 +55,15 @@ class TestThreatfoxMethods(unittest.TestCase):
result = threatfox.buildReq('hash', '2151c4b970eff0071948dbbc19066aa4') result = threatfox.buildReq('hash', '2151c4b970eff0071948dbbc19066aa4')
self.assertNotEqual(result, {}) self.assertNotEqual(result, {})
# simulate API response and makes sure sendReq gives a response, we are just checking if sendReq gives back anything
# simulate API response and makes sure sendReq gives a response
# we are just checking if sendReq gives back anything
def test_sendReq(self): def test_sendReq(self):
with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock: with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock:
response = threatfox.sendReq( response = threatfox.sendReq(
{'baseUrl': 'https://www.randurl.xyz'}, 'example_data') {'baseUrl': 'https://www.randurl.xyz'}, 'example_data')
self.assertIsNotNone(response) self.assertIsNotNone(response)
mock.assert_called_once()
# result stores the output of the prepareResults method # result stores the output of the prepareResults method, comparing result with expected output
# comparing result with expected output
def test_prepareResults_noinput(self): def test_prepareResults_noinput(self):
# no/improper given input # no/improper given input
raw = {} raw = {}
@@ -113,9 +110,9 @@ class TestThreatfoxMethods(unittest.TestCase):
input = '{"artifactType":"hash", "value":"1234"}' input = '{"artifactType":"hash", "value":"1234"}'
prepareResultOutput = {'response': '', prepareResultOutput = {'response': '',
'summary': 'no result', 'status': ''} 'summary': 'no result', 'status': ''}
with patch('threatfox.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock: with patch('threatfox.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock:
with patch('threatfox.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2: with patch('threatfox.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
results = threatfox.analyze(input) results = threatfox.analyze(input)
self.assertEqual(results["summary"], "no result") self.assertEqual(results["summary"], "no result")
mock.assert_called_once() mock.assert_called_once()
mock2.assert_called_once()