CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

ThreatFox and EchoTrail

Browse Source
This commit is contained in:
Jackson
2023-12-15 02:47:54 -05:00
parent c59a6516fc
commit b59896bb47
4 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/sensoroni/files/analyzers/echotrail/echotrail.py
View File

@@ -5,10 +5,10 @@ import requests
import helpers
import argparse
# for test usage:
# python3 echotrail.py '{"artifactType":"hash", "value":"438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7"}'
# You will need to provide an API key in the .yaml file.
def checkConfigRequirements(conf):
if not conf['api_key']:
sys.exit(126)

9
salt/sensoroni/files/analyzers/echotrail/echotrail_test.py
View File

@@ -3,7 +3,6 @@ import sys
from unittest.mock import patch, MagicMock
import unittest
import echotrail
import helpers
class TestEchoTrailMethods(unittest.TestCase):
@@ -22,17 +21,19 @@ class TestEchoTrailMethods(unittest.TestCase):
sys.argv = ["cmd"]
echotrail.main()
self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n")
sysmock.assert_called_once()
def test_checkConfigRequirements(self):
conf = {'base_url': 'https://www.randurl.xyz/', 'api_key':''}
conf = {'base_url': 'https://www.randurl.xyz/', 'api_key': ''}
with self.assertRaises(SystemExit) as cm:
echotrail.checkConfigRequirements(conf)
self.assertEqual(cm.exception.code, 126)
def test_sendReq(self):
with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock:
response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key':'randkey'}, observ_value='example_data')
response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key': 'randkey'}, observ_value='example_data')
self.assertIsNotNone(response)
mock.assert_called_once()
def test_prepareResults_noinput(self):
raw = {}
@@ -59,3 +60,5 @@ class TestEchoTrailMethods(unittest.TestCase):
with patch('echotrail.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
results = echotrail.analyze(conf, input)
self.assertEqual(results["summary"], "inconclusive")
mock2.assert_called_once()
mock.assert_called_once()

11
salt/sensoroni/files/analyzers/threatfox/threatfox_test.py
View File

@@ -55,18 +55,15 @@ class TestThreatfoxMethods(unittest.TestCase):
result = threatfox.buildReq('hash', '2151c4b970eff0071948dbbc19066aa4')
self.assertNotEqual(result, {})
# simulate API response and makes sure sendReq gives a response
# we are just checking if sendReq gives back anything
# simulate API response and makes sure sendReq gives a response, we are just checking if sendReq gives back anything
def test_sendReq(self):
with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock:
response = threatfox.sendReq(
{'baseUrl': 'https://www.randurl.xyz'}, 'example_data')
self.assertIsNotNone(response)
mock.assert_called_once()
# result stores the output of the prepareResults method
# comparing result with expected output
# result stores the output of the prepareResults method, comparing result with expected output
def test_prepareResults_noinput(self):
# no/improper given input
raw = {}
@@ -113,9 +110,9 @@ class TestThreatfoxMethods(unittest.TestCase):
input = '{"artifactType":"hash", "value":"1234"}'
prepareResultOutput = {'response': '',
'summary': 'no result', 'status': ''}
with patch('threatfox.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock:
with patch('threatfox.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
results = threatfox.analyze(input)
self.assertEqual(results["summary"], "no result")
mock.assert_called_once()
mock2.assert_called_once()