malwarebazaar

2025-12-07 01:32:47 +01:00 · 2023-12-15 03:00:43 -05:00
parent b59896bb47
commit d41daa37f1
2 changed files with 27 additions and 24 deletions
--- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
+++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
@@ -7,6 +7,7 @@ import sys
 # usage is as follows:
 # python3 malwarebazaar.py '{"artifactType":"x", "value":"y"}'

+
 def buildReq(observ_type, observ_value):
    # determine correct query type to send based off of observable type
    unique_types = {'gimphash': 1, 'telfhash': 1, 'tlsh': 1}
@@ -27,7 +28,6 @@ def sendReq(meta, query):
 def isInJson(data, target_string, maxdepth):
    # searches a JSON object for an occurance of a string
    # recursively.
-    
    # depth limiter (arbitrary value of 1000)
    if maxdepth > 1000:
        return False
--- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py
+++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py
@@ -4,6 +4,7 @@ from unittest.mock import patch, MagicMock
 import malwarebazaar
 import unittest

+
 class TestMalwarebazaarMethods(unittest.TestCase):
    def test_main_missing_input(self):
        with patch('sys.stdout', new=StringIO()) as mock_cmd:
@@ -20,6 +21,7 @@ class TestMalwarebazaarMethods(unittest.TestCase):
                expected = '{"test": "val"}\n'
                self.assertEqual(mock_cmd.getvalue(), expected)
                mock.assert_called_once()
+
    def test_analyze(self):
        """simulated sendReq and prepareResults with 2 mock objects and variables sendReqOutput and prepareResultOutput,
            input created for analyze method call and then we compared results['summary'] with 'no result' """
@@ -41,7 +43,7 @@ class TestMalwarebazaarMethods(unittest.TestCase):
                self.assertEqual(results["status"], "info")
                self.assertEqual(results2["status"], "info")
                self.assertEqual(results3["status"], "info")
-
+                mock2.assert_called()
                mock.assert_called()

    def test_prepareResults_illegal_search_term(self):
@@ -60,6 +62,7 @@ class TestMalwarebazaarMethods(unittest.TestCase):
        result = malwarebazaar.buildReq('hash', '')
        self.assertEqual(
            result, {'query': 'get_info', 'hash': ''})
+
    def test_buildReqtlshhash(self):
        result = malwarebazaar.buildReq('tlsh', '')
        self.assertEqual(