ThreatFox and EchoTrail

2025-12-06 17:22:49 +01:00 · 2023-12-15 02:47:54 -05:00
parent c59a6516fc
commit b59896bb47
4 changed files with 15 additions and 15 deletions
--- a/salt/sensoroni/files/analyzers/echotrail/echotrail.py
+++ b/salt/sensoroni/files/analyzers/echotrail/echotrail.py
@@ -5,10 +5,10 @@ import requests
 import helpers
 import argparse

+
 # for test usage:
 # python3 echotrail.py '{"artifactType":"hash", "value":"438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7"}'
 # You will need to provide an API key in the .yaml file.
-
 def checkConfigRequirements(conf):
    if not conf['api_key']:
        sys.exit(126)
@@ -64,4 +64,4 @@ def main():


 if __name__ == '__main__':
-    main()
+    main()
--- a/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py
+++ b/salt/sensoroni/files/analyzers/echotrail/echotrail_test.py
@@ -3,7 +3,6 @@ import sys
 from unittest.mock import patch, MagicMock
 import unittest
 import echotrail
-import helpers


 class TestEchoTrailMethods(unittest.TestCase):
@@ -15,24 +14,26 @@ class TestEchoTrailMethods(unittest.TestCase):
                expected = '{"test": "val"}\n'
                self.assertEqual(mock_cmd.getvalue(), expected)
                mock.assert_called_once()
-                
+
    def test_main_missing_input(self):
        with patch('sys.exit', new=MagicMock()) as sysmock:
            with patch('sys.stderr', new=StringIO()) as mock_stderr:
                sys.argv = ["cmd"]
                echotrail.main()
                self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n")
+                sysmock.assert_called_once()

    def test_checkConfigRequirements(self):
-        conf = {'base_url': 'https://www.randurl.xyz/', 'api_key':''}
+        conf = {'base_url': 'https://www.randurl.xyz/', 'api_key': ''}
        with self.assertRaises(SystemExit) as cm:
            echotrail.checkConfigRequirements(conf)
        self.assertEqual(cm.exception.code, 126)

    def test_sendReq(self):
        with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock:
-            response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key':'randkey'}, observ_value='example_data')
+            response = echotrail.sendReq(conf={'base_url': 'https://www.randurl.xyz/', 'api_key': 'randkey'}, observ_value='example_data')
            self.assertIsNotNone(response)
+            mock.assert_called_once()

    def test_prepareResults_noinput(self):
        raw = {}
@@ -59,3 +60,5 @@ class TestEchoTrailMethods(unittest.TestCase):
            with patch('echotrail.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
                results = echotrail.analyze(conf, input)
                self.assertEqual(results["summary"], "inconclusive")
+                mock2.assert_called_once()
+                mock.assert_called_once()
--- a/salt/sensoroni/files/analyzers/threatfox/threatfox.py
+++ b/salt/sensoroni/files/analyzers/threatfox/threatfox.py
@@ -71,4 +71,4 @@ def main():


 if __name__ == '__main__':
-    main()
+    main()
--- a/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py
+++ b/salt/sensoroni/files/analyzers/threatfox/threatfox_test.py
@@ -50,23 +50,20 @@ class TestThreatfoxMethods(unittest.TestCase):
        result = threatfox.buildReq('domain', 'https://google.com')
        self.assertEqual(
            result, {'query': 'search_ioc', 'search_term': 'https://google.com'})
-    
+
    def test_buildReqFalse(self):
        result = threatfox.buildReq('hash', '2151c4b970eff0071948dbbc19066aa4')
        self.assertNotEqual(result, {})
-    

-    # simulate API response and makes sure sendReq gives a response
-    # we are just checking if sendReq gives back anything
+    # simulate API response and makes sure sendReq gives a response, we are just checking if sendReq gives back anything
    def test_sendReq(self):
        with patch('requests.post', new=MagicMock(return_value=MagicMock())) as mock:
            response = threatfox.sendReq(
                {'baseUrl': 'https://www.randurl.xyz'}, 'example_data')
            self.assertIsNotNone(response)
+            mock.assert_called_once()

-    # result stores the output of the prepareResults method
-    # comparing result with expected output
-
+    # result stores the output of the prepareResults method, comparing result with expected output
    def test_prepareResults_noinput(self):
        # no/improper given input
        raw = {}
@@ -113,9 +110,9 @@ class TestThreatfoxMethods(unittest.TestCase):
        input = '{"artifactType":"hash", "value":"1234"}'
        prepareResultOutput = {'response': '',
                               'summary': 'no result', 'status': ''}
-
        with patch('threatfox.sendReq', new=MagicMock(return_value=sendReqOutput)) as mock:
            with patch('threatfox.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
                results = threatfox.analyze(input)
                self.assertEqual(results["summary"], "no result")
                mock.assert_called_once()
+                mock2.assert_called_once()