CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a9acb3857d89b69e4ca3230c40670368a6dd483
securityonion/salt/sensoroni/files/analyzers/emailrep/emailrep_test.py
Wes Lambert 5a9acb3857 Add EmailRep analyzer and tests
2022-05-03 14:06:32 +00:00

86 lines
4.2 KiB
Python
Raw Blame History

from io import StringIO
import sys
from unittest.mock import patch, MagicMock
from emailrep import emailrep
import unittest
class TestGreynoiseMethods(unittest.TestCase):
def test_main_missing_input(self):
with patch('sys.exit', new=MagicMock()) as sysmock:
with patch('sys.stderr', new=StringIO()) as mock_stderr:
sys.argv = ["cmd"]
emailrep.main()
self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n")
sysmock.assert_called_once_with(2)
def test_main_success(self):
output = {"foo": "bar"}
with patch('sys.stdout', new=StringIO()) as mock_stdout:
with patch('emailrep.emailrep.analyze', new=MagicMock(return_value=output)) as mock:
sys.argv = ["cmd", "input"]
emailrep.main()
expected = '{"foo": "bar"}\n'
self.assertEqual(mock_stdout.getvalue(), expected)
mock.assert_called_once()
def test_checkConfigRequirements_not_present(self):
conf = {"not_a_file_path": "blahblah"}
with self.assertRaises(SystemExit) as cm:
emailrep.checkConfigRequirements(conf)
self.assertEqual(cm.exception.code, 126)
def test_sendReq(self):
with patch('requests.request', new=MagicMock(return_value=MagicMock())) as mock:
meta = {}
conf = {"base_url": "https://myurl/", "api_key": "abcd1234"}
email = "test@abc.com"
response = emailrep.sendReq(conf=conf, meta=meta, email=email)
mock.assert_called_once_with("GET", headers={"Key": "abcd1234"}, url="https://myurl/test@abc.com")
self.assertIsNotNone(response)
def test_prepareResults_invalidEmail(self):
raw = {"status": "fail", "reason": "invalid email"}
results = emailrep.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "Invalid email address.")
self.assertEqual(results["status"], "caution")
def test_prepareResults_not_suspicious(self):
raw = {"email": "notsus@domain.com", "reputation": "high", "suspicious": False, "references": 21, "details": {"blacklisted": False, "malicious_activity": False, "profiles": ["twitter"]}}
results = emailrep.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "harmless")
self.assertEqual(results["status"], "ok")
def test_prepareResults_suspicious(self):
raw = {"email": "sus@domain.com", "reputation": "none", "suspicious": True, "references": 0, "details": {"blacklisted": False, "malicious_activity": False, "profiles": []}}
results = emailrep.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "suspicious")
self.assertEqual(results["status"], "caution")
def test_prepareResults_exceeded_limit(self):
raw = {"status": "fail", "reason": "exceeded daily limit. please wait 24 hrs or visit emailrep.io/key for an api key."}
results = emailrep.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "Exceeded daily request limit.")
self.assertEqual(results["status"], "caution")
def test_prepareResults_error(self):
raw = {}
results = emailrep.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "internal_failure")
self.assertEqual(results["status"], "caution")
def test_analyze(self):
output = {"email": "sus@domain.com", "reputation": "none", "suspicious": True, "references": 0, "details": {"blacklisted": False, "malicious_activity": False, "profiles": []}}
artifactInput = '{"value":"sus@domain.com","artifactType":"email"}'
conf = {"base_url": "myurl/", "api_key": "abcd1234"}
with patch('emailrep.emailrep.sendReq', new=MagicMock(return_value=output)) as mock:
results = emailrep.analyze(conf, artifactInput)
self.assertEqual(results["summary"], "suspicious")
mock.assert_called_once()
Reference in New Issue View Git Blame Copy Permalink