2024-12-18 18:17:00 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
2024-12-20 15:38:25 +01:00
|
|
|
from __future__ import annotations
|
|
|
|
|
2024-12-18 18:17:00 +01:00
|
|
|
import unittest
|
|
|
|
from pymisp import (MISPAttribute, MISPEvent, MISPEventReport, MISPNote,
|
|
|
|
MISPObject, MISPOpinion)
|
|
|
|
from uuid import uuid4
|
|
|
|
|
|
|
|
|
|
|
|
class TestAnalystData(unittest.TestCase):
|
|
|
|
def setUp(self) -> None:
|
|
|
|
self.note_dict = {
|
|
|
|
"uuid": uuid4(),
|
|
|
|
"note": "note3"
|
|
|
|
}
|
|
|
|
self.opinion_dict = {
|
|
|
|
"uuid": uuid4(),
|
|
|
|
"opinion": 75,
|
|
|
|
"comment": "Agree"
|
|
|
|
}
|
|
|
|
|
|
|
|
def test_analyst_data_on_attribute(self) -> None:
|
|
|
|
attribute = MISPAttribute()
|
|
|
|
attribute.from_dict(type='filename', value='foo.exe')
|
|
|
|
self._attach_analyst_data(attribute)
|
|
|
|
|
|
|
|
def test_analyst_data_on_attribute_alternative(self) -> None:
|
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'Test on Attribute'
|
|
|
|
event.add_attribute('domain', 'foo.bar')
|
|
|
|
self._attach_analyst_data(event.attributes[0])
|
|
|
|
|
|
|
|
def test_analyst_data_on_event(self) -> None:
|
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'Test Event'
|
|
|
|
self._attach_analyst_data(event)
|
|
|
|
|
|
|
|
def test_analyst_data_on_event_report(self) -> None:
|
|
|
|
event_report = MISPEventReport()
|
|
|
|
event_report.from_dict(name='Test Report', content='This is a report')
|
|
|
|
self._attach_analyst_data(event_report)
|
|
|
|
|
|
|
|
def test_analyst_data_on_event_report_alternative(self) -> None:
|
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'Test on Event Report'
|
|
|
|
event.add_event_report('Test Report', 'This is a report')
|
|
|
|
self._attach_analyst_data(event.event_reports[0])
|
|
|
|
|
|
|
|
def test_analyst_data_on_object(self) -> None:
|
|
|
|
misp_object = MISPObject('file')
|
|
|
|
misp_object.add_attribute('filename', 'foo.exe')
|
|
|
|
self._attach_analyst_data(misp_object)
|
|
|
|
|
|
|
|
def test_analyst_data_on_object_alternative(self) -> None:
|
|
|
|
event = MISPEvent()
|
|
|
|
event.info = 'Test on Object'
|
|
|
|
misp_object = MISPObject('file')
|
|
|
|
misp_object.add_attribute('filename', 'foo.exe')
|
|
|
|
event.add_object(misp_object)
|
|
|
|
self._attach_analyst_data(event.objects[0])
|
|
|
|
|
|
|
|
def test_analyst_data_on_object_attribute(self) -> None:
|
|
|
|
misp_object = MISPObject('file')
|
|
|
|
object_attribute = misp_object.add_attribute('filename', 'foo.exe')
|
|
|
|
self._attach_analyst_data(object_attribute)
|
|
|
|
|
|
|
|
def test_analyst_data_object_object_attribute_alternative(self) -> None:
|
|
|
|
misp_object = MISPObject('file')
|
|
|
|
misp_object.add_attribute('filename', 'foo.exe')
|
|
|
|
self._attach_analyst_data(misp_object.attributes[0])
|
2024-12-20 15:38:25 +01:00
|
|
|
|
2024-12-18 18:28:37 +01:00
|
|
|
def _attach_analyst_data(
|
|
|
|
self, container: MISPAttribute | MISPEvent | MISPEventReport | MISPObject) -> None:
|
2024-12-18 18:17:00 +01:00
|
|
|
object_type = container._analyst_data_object_type
|
|
|
|
note1 = container.add_note(note='note1')
|
|
|
|
opinion1 = note1.add_opinion(opinion=25, comment='Disagree')
|
|
|
|
opinion2 = container.add_opinion(opinion=50, comment='Neutral')
|
|
|
|
note2 = opinion2.add_note(note='note2')
|
|
|
|
|
|
|
|
dict_note = MISPNote()
|
|
|
|
dict_note.from_dict(
|
|
|
|
object_type=object_type, object_uuid=container.uuid, **self.note_dict
|
|
|
|
)
|
|
|
|
note3 = container.add_note(**dict_note)
|
|
|
|
dict_opinion = MISPOpinion()
|
|
|
|
dict_opinion.from_dict(
|
|
|
|
object_type='Note', object_uuid=note3.uuid, **self.opinion_dict
|
|
|
|
)
|
|
|
|
container.add_opinion(**dict_opinion)
|
|
|
|
|
|
|
|
self.assertEqual(len(container.notes), 3)
|
|
|
|
self.assertEqual(len(container.opinions), 3)
|
|
|
|
|
|
|
|
misp_note1, misp_note2, misp_note3 = container.notes
|
|
|
|
misp_opinion1, misp_opinion2, misp_opinion3 = container.opinions
|
|
|
|
|
|
|
|
self.assertEqual(misp_note1.object_type, object_type)
|
|
|
|
self.assertEqual(misp_note1.object_uuid, container.uuid)
|
|
|
|
self.assertEqual(misp_note1.note, 'note1')
|
2024-12-20 15:38:25 +01:00
|
|
|
|
2024-12-18 18:17:00 +01:00
|
|
|
self.assertEqual(misp_note2.object_type, 'Opinion')
|
|
|
|
self.assertEqual(misp_note2.object_uuid, opinion2.uuid)
|
|
|
|
self.assertEqual(misp_note2.note, 'note2')
|
|
|
|
|
|
|
|
self.assertEqual(misp_note3.object_type, object_type)
|
|
|
|
self.assertEqual(misp_note3.object_uuid, container.uuid)
|
|
|
|
self.assertEqual(misp_note3.note, 'note3')
|
|
|
|
|
|
|
|
self.assertEqual(misp_opinion1.object_type, 'Note')
|
|
|
|
self.assertEqual(misp_opinion1.object_uuid, note1.uuid)
|
|
|
|
self.assertEqual(misp_opinion1.opinion, 25)
|
|
|
|
self.assertEqual(misp_opinion1.comment, 'Disagree')
|
|
|
|
|
|
|
|
self.assertEqual(misp_opinion2.object_type, object_type)
|
|
|
|
self.assertEqual(misp_opinion2.object_uuid, container.uuid)
|
|
|
|
self.assertEqual(misp_opinion2.opinion, 50)
|
|
|
|
self.assertEqual(misp_opinion2.comment, 'Neutral')
|
2024-12-20 15:38:25 +01:00
|
|
|
|
2024-12-18 18:17:00 +01:00
|
|
|
self.assertEqual(misp_opinion3.object_type, 'Note')
|
|
|
|
self.assertEqual(misp_opinion3.object_uuid, note3.uuid)
|
|
|
|
self.assertEqual(misp_opinion3.opinion, 75)
|
|
|
|
self.assertEqual(misp_opinion3.comment, 'Agree')
|