From 70556e5911df16093860a590351a64229d6eda46 Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Wed, 5 Oct 2022 14:50:06 +0200
Subject: [PATCH] new: [test] Check object correlation

---
 tests/testlive_comprehensive_local.py | 28 ++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/tests/testlive_comprehensive_local.py b/tests/testlive_comprehensive_local.py
index 209238d66..e7237e00f 100644
--- a/tests/testlive_comprehensive_local.py
+++ b/tests/testlive_comprehensive_local.py
@@ -16,6 +16,7 @@ logger = logging.getLogger('pymisp')
 
 
 from pymisp import PyMISP, MISPOrganisation, MISPUser, MISPRole, MISPSharingGroup, MISPEvent, MISPLog, MISPSighting, Distribution, ThreatLevel, Analysis, MISPEventReport, MISPServerError
+from pymisp.tools import DomainIPObject
 
 # Load access information for env variables
 url = "http://" + os.environ["HOST"]
@@ -536,9 +537,34 @@ class TestComprehensive(unittest.TestCase):
             for event in (first, second):
                 check_response(self.admin_misp_connector.delete_event(event))
 
+    def test_correlations_object(self):
+        first = create_simple_event()
+        dom_ip_obj = DomainIPObject({'ip': ['10.0.0.1']})
+        first.add_object(dom_ip_obj)
+        first = check_response(self.admin_misp_connector.add_event(first))
+
+        second = create_simple_event()
+        dom_ip_obj = DomainIPObject({'ip': ['10.0.0.1']})
+        second.add_object(dom_ip_obj)
+        second = check_response(self.admin_misp_connector.add_event(second))
+
+        # Reload to get event data with related events
+        first = check_response(self.admin_misp_connector.get_event(first))
+
+        try:
+            self.assertEqual(1, len(first.RelatedEvent), first.RelatedEvent)
+            self.assertEqual(1, len(second.RelatedEvent), second.RelatedEvent)
+        except:
+            raise
+        finally:
+            # Delete events
+            for event in (first, second):
+                check_response(self.admin_misp_connector.delete_event(event))
+
     def test_correlations_noacl(self):
         with MISPSetting(self.admin_misp_connector, {"MISP.correlation_engine": "NoAcl"}):
             self.test_correlations()
+            self.test_correlations_object()
 
     def test_advanced_correlations(self):
         with MISPSetting(self.admin_misp_connector, {"MISP.enable_advanced_correlations": True}):
@@ -898,7 +924,6 @@ class TestComprehensive(unittest.TestCase):
 
         self.admin_misp_connector.delete_event(event)
 
-
     def _search(self, query: dict):
         response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)
         response = self.admin_misp_connector._check_response(response)
@@ -911,5 +936,6 @@ class TestComprehensive(unittest.TestCase):
         check_response(response)
         return response
 
+
 if __name__ == '__main__':
     unittest.main()