malwarebazaar

salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py

@@ -7,6 +7,7 @@ import sys
 # usage is as follows:
 # python3 malwarebazaar.py '{"artifactType":"x", "value":"y"}'
 
+
 def buildReq(observ_type, observ_value):
     # determine correct query type to send based off of observable type
     unique_types = {'gimphash': 1, 'telfhash': 1, 'tlsh': 1}
@@ -27,7 +28,6 @@ def sendReq(meta, query):
 def isInJson(data, target_string, maxdepth):
     # searches a JSON object for an occurance of a string
     # recursively.
-    
     # depth limiter (arbitrary value of 1000)
     if maxdepth > 1000:
         return False

salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar_test.py

@@ -4,6 +4,7 @@ from unittest.mock import patch, MagicMock
 import malwarebazaar
 import unittest
 
+
 class TestMalwarebazaarMethods(unittest.TestCase):
     def test_main_missing_input(self):
         with patch('sys.stdout', new=StringIO()) as mock_cmd:
@@ -20,13 +21,14 @@ class TestMalwarebazaarMethods(unittest.TestCase):
                 expected = '{"test": "val"}\n'
                 self.assertEqual(mock_cmd.getvalue(), expected)
                 mock.assert_called_once()
+
     def test_analyze(self):
         """simulated sendReq and prepareResults with 2 mock objects and variables sendReqOutput and prepareResultOutput,
             input created for analyze method call and then we compared results['summary'] with 'no result' """
-        sendReqOutput = {'threat': 'no_result',"query_status":"ok",'data':[{'sha256_hash':'notavalidhash'}]}
-        input = '{"artifactType":"hash", "value":"1234"}'
-        input2 ='{"artifactType":"tlsh", "value":"1234"}'
-        input3='{"artifactType":"gimphash", "value":"1234"}'
+        sendReqOutput = {'threat': 'no_result', "query_status": "ok", 'data': [{'sha256_hash': 'notavalidhash'}]}
+        input = '{"artifactType": "hash", "value": "1234"}'
+        input2 = '{"artifactType": "tlsh", "value": "1234"}'
+        input3 = '{"artifactType": "gimphash", "value": "1234"}'
         prepareResultOutput = {'response': '',
                                'summary': 'no result', 'status': 'info'}
 
@@ -34,14 +36,14 @@ class TestMalwarebazaarMethods(unittest.TestCase):
             with patch('malwarebazaar.prepareResults', new=MagicMock(return_value=prepareResultOutput)) as mock2:
                 results = malwarebazaar.analyze(input)
                 results2 = malwarebazaar.analyze(input2)
-                results3 =malwarebazaar.analyze(input3)
-                self.assertEqual(results["summary"],prepareResultOutput['summary'])
+                results3 = malwarebazaar.analyze(input3)
+                self.assertEqual(results["summary"], prepareResultOutput['summary'])
                 self.assertEqual(results2["summary"], prepareResultOutput['summary'])
                 self.assertEqual(results3["summary"], prepareResultOutput['summary'])
                 self.assertEqual(results["status"], "info")
                 self.assertEqual(results2["status"], "info")
                 self.assertEqual(results3["status"], "info")
-
+                mock2.assert_called()
                 mock.assert_called()
 
     def test_prepareResults_illegal_search_term(self):
@@ -60,6 +62,7 @@ class TestMalwarebazaarMethods(unittest.TestCase):
         result = malwarebazaar.buildReq('hash', '')
         self.assertEqual(
             result, {'query': 'get_info', 'hash': ''})
+
     def test_buildReqtlshhash(self):
         result = malwarebazaar.buildReq('tlsh', '')
         self.assertEqual(