From d41daa37f11ff0e057802915f42cdc6f9ba7fad2 Mon Sep 17 00:00:00 2001 From: Jackson Date: Fri, 15 Dec 2023 03:00:43 -0500 Subject: [PATCH] malwarebazaar --- .../analyzers/malwarebazaar/malwarebazaar.py | 6 +-- .../malwarebazaar/malwarebazaar_test.py | 45 ++++++++++--------- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py index 1c2b93d1d..1297898e5 100644 --- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py +++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py @@ -7,6 +7,7 @@ import sys # usage is as follows: # python3 malwarebazaar.py '{"artifactType":"x", "value":"y"}' + def buildReq(observ_type, observ_value): # determine correct query type to send based off of observable type unique_types = {'gimphash': 1, 'telfhash': 1, 'tlsh': 1} @@ -27,11 +28,10 @@ def sendReq(meta, query): def isInJson(data, target_string, maxdepth): # searches a JSON object for an occurance of a string # recursively. - # depth limiter (arbitrary value of 1000) if maxdepth > 1000: return False - + if isinstance(data, dict): for key, value in data.items(): if isinstance(value, (dict, list)): @@ -154,4 +154,4 @@ def main(): if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py index 57211e2d8..44c454358 100644 --- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py +++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py @@ -4,6 +4,7 @@ from unittest.mock import patch, MagicMock import malwarebazaar import unittest + class TestMalwarebazaarMethods(unittest.TestCase): def test_main_missing_input(self): with patch('sys.stdout', new=StringIO()) as mock_cmd: @@ -13,20 +14,21 @@ class TestMalwarebazaarMethods(unittest.TestCase): 'ERROR: Input is not in proper JSON format\n') def test_main_success(self): - with patch('sys.stdout', new=StringIO()) as mock_cmd: - with patch('malwarebazaar.analyze', new=MagicMock(return_value={'test': 'val'})) as mock: - sys.argv = ["cmd", "input"] - malwarebazaar.main() - expected = '{"test": "val"}\n' - self.assertEqual(mock_cmd.getvalue(), expected) - mock.assert_called_once() + with patch('sys.stdout', new=StringIO()) as mock_cmd: + with patch('malwarebazaar.analyze', new=MagicMock(return_value={'test': 'val'})) as mock: + sys.argv = ["cmd", "input"] + malwarebazaar.main() + expected = '{"test": "val"}\n' + self.assertEqual(mock_cmd.getvalue(), expected) + mock.assert_called_once() + def test_analyze(self): """simulated sendReq and prepareResults with 2 mock objects and variables sendReqOutput and prepareResultOutput, input created for analyze method call and then we compared results['summary'] with 'no result' """ - sendReqOutput = {'threat': 'no_result',"query_status":"ok",'data':[{'sha256_hash':'notavalidhash'}]} - input = '{"artifactType":"hash", "value":"1234"}' - input2 ='{"artifactType":"tlsh", "value":"1234"}' - input3='{"artifactType":"gimphash", "value":"1234"}' + sendReqOutput = {'threat': 'no_result', "query_status": "ok", 'data': [{'sha256_hash': 'notavalidhash'}]} + input = '{"artifactType": "hash", "value": "1234"}' + input2 = '{"artifactType": "tlsh", "value": "1234"}' + input3 = '{"artifactType": "gimphash", "value": "1234"}' prepareResultOutput = {'response': '', 'summary': 'no result', 'status': 'info'} @@ -34,33 +36,34 @@ class TestMalwarebazaarMethods(unittest.TestCase): with patch('malwarebazaar.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2: results = malwarebazaar.analyze(input) results2 = malwarebazaar.analyze(input2) - results3 =malwarebazaar.analyze(input3) - self.assertEqual(results["summary"],prepareResultOutput['summary']) + results3 = malwarebazaar.analyze(input3) + self.assertEqual(results["summary"], prepareResultOutput['summary']) self.assertEqual(results2["summary"], prepareResultOutput['summary']) self.assertEqual(results3["summary"], prepareResultOutput['summary']) self.assertEqual(results["status"], "info") self.assertEqual(results2["status"], "info") self.assertEqual(results3["status"], "info") - + mock2.assert_called() mock.assert_called() def test_prepareResults_illegal_search_term(self): - # illegal search term - raw = {'query_status': 'illegal_search_term'} - expected = {'response': raw, 'status': 'info', 'summary': 'no result'} - results = malwarebazaar.prepareResults(raw) - self.assertEqual(results, expected) + # illegal search term + raw = {'query_status': 'illegal_search_term'} + expected = {'response': raw, 'status': 'info', 'summary': 'no result'} + results = malwarebazaar.prepareResults(raw) + self.assertEqual(results, expected) def test_buildReqGimqhash(self): result = malwarebazaar.buildReq('gimphash', '') self.assertEqual( result, {'query': 'get_gimphash', 'gimphash': ''}) - + def test_buildReqHash(self): result = malwarebazaar.buildReq('hash', '') self.assertEqual( result, {'query': 'get_info', 'hash': ''}) + def test_buildReqtlshhash(self): result = malwarebazaar.buildReq('tlsh', '') self.assertEqual( - result, {'query': 'get_tlsh', 'tlsh': ''}) \ No newline at end of file + result, {'query': 'get_tlsh', 'tlsh': ''})