CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

malwarebazaar

Browse Source
This commit is contained in:
Jackson
2023-12-15 03:00:43 -05:00
parent b59896bb47
commit d41daa37f1
2 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py
View File

@@ -4,6 +4,7 @@ from unittest.mock import patch, MagicMock
import malwarebazaar
import unittest
class TestMalwarebazaarMethods(unittest.TestCase):
def test_main_missing_input(self):
with patch('sys.stdout', new=StringIO()) as mock_cmd:
@@ -13,20 +14,21 @@ class TestMalwarebazaarMethods(unittest.TestCase):
'ERROR: Input is not in proper JSON format\n')
def test_main_success(self):
with patch('sys.stdout', new=StringIO()) as mock_cmd:
with patch('malwarebazaar.analyze', new=MagicMock(return_value={'test': 'val'})) as mock:
sys.argv = ["cmd", "input"]
malwarebazaar.main()
expected = '{"test": "val"}\n'
self.assertEqual(mock_cmd.getvalue(), expected)
mock.assert_called_once()
with patch('sys.stdout', new=StringIO()) as mock_cmd:
with patch('malwarebazaar.analyze', new=MagicMock(return_value={'test': 'val'})) as mock:
sys.argv = ["cmd", "input"]
malwarebazaar.main()
expected = '{"test": "val"}\n'
self.assertEqual(mock_cmd.getvalue(), expected)
mock.assert_called_once()
def test_analyze(self):
"""simulated sendReq and prepareResults with 2 mock objects and variables sendReqOutput and prepareResultOutput,
input created for analyze method call and then we compared results['summary'] with 'no result' """
sendReqOutput = {'threat': 'no_result',"query_status":"ok",'data':[{'sha256_hash':'notavalidhash'}]}
input = '{"artifactType":"hash", "value":"1234"}'
input2 ='{"artifactType":"tlsh", "value":"1234"}'
input3='{"artifactType":"gimphash", "value":"1234"}'
sendReqOutput = {'threat': 'no_result', "query_status": "ok", 'data': [{'sha256_hash': 'notavalidhash'}]}
input = '{"artifactType": "hash", "value": "1234"}'
input2 = '{"artifactType": "tlsh", "value": "1234"}'
input3 = '{"artifactType": "gimphash", "value": "1234"}'
prepareResultOutput = {'response': '',
'summary': 'no result', 'status': 'info'}
@@ -34,33 +36,34 @@ class TestMalwarebazaarMethods(unittest.TestCase):
with patch('malwarebazaar.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
results = malwarebazaar.analyze(input)
results2 = malwarebazaar.analyze(input2)
results3 =malwarebazaar.analyze(input3)
self.assertEqual(results["summary"],prepareResultOutput['summary'])
results3 = malwarebazaar.analyze(input3)
self.assertEqual(results["summary"], prepareResultOutput['summary'])
self.assertEqual(results2["summary"], prepareResultOutput['summary'])
self.assertEqual(results3["summary"], prepareResultOutput['summary'])
self.assertEqual(results["status"], "info")
self.assertEqual(results2["status"], "info")
self.assertEqual(results3["status"], "info")
mock2.assert_called()
mock.assert_called()
def test_prepareResults_illegal_search_term(self):
# illegal search term
raw = {'query_status': 'illegal_search_term'}
expected = {'response': raw, 'status': 'info', 'summary': 'no result'}
results = malwarebazaar.prepareResults(raw)
self.assertEqual(results, expected)
# illegal search term
raw = {'query_status': 'illegal_search_term'}
expected = {'response': raw, 'status': 'info', 'summary': 'no result'}
results = malwarebazaar.prepareResults(raw)
self.assertEqual(results, expected)
def test_buildReqGimqhash(self):
result = malwarebazaar.buildReq('gimphash', '')
self.assertEqual(
result, {'query': 'get_gimphash', 'gimphash': ''})
def test_buildReqHash(self):
result = malwarebazaar.buildReq('hash', '')
self.assertEqual(
result, {'query': 'get_info', 'hash': ''})
def test_buildReqtlshhash(self):
result = malwarebazaar.buildReq('tlsh', '')
self.assertEqual(
result, {'query': 'get_tlsh', 'tlsh': ''})
result, {'query': 'get_tlsh', 'tlsh': ''})