PyMISP/tests/test_analyst_data.py

124 lines
4.8 KiB
Python
Raw Permalink Normal View History

#!/usr/bin/env python
2024-12-20 15:38:25 +01:00
from __future__ import annotations
import unittest
from pymisp import (MISPAttribute, MISPEvent, MISPEventReport, MISPNote,
MISPObject, MISPOpinion)
from uuid import uuid4
class TestAnalystData(unittest.TestCase):
def setUp(self) -> None:
self.note_dict = {
"uuid": uuid4(),
"note": "note3"
}
self.opinion_dict = {
"uuid": uuid4(),
"opinion": 75,
"comment": "Agree"
}
def test_analyst_data_on_attribute(self) -> None:
attribute = MISPAttribute()
attribute.from_dict(type='filename', value='foo.exe')
self._attach_analyst_data(attribute)
def test_analyst_data_on_attribute_alternative(self) -> None:
event = MISPEvent()
event.info = 'Test on Attribute'
event.add_attribute('domain', 'foo.bar')
self._attach_analyst_data(event.attributes[0])
def test_analyst_data_on_event(self) -> None:
event = MISPEvent()
event.info = 'Test Event'
self._attach_analyst_data(event)
def test_analyst_data_on_event_report(self) -> None:
event_report = MISPEventReport()
event_report.from_dict(name='Test Report', content='This is a report')
self._attach_analyst_data(event_report)
def test_analyst_data_on_event_report_alternative(self) -> None:
event = MISPEvent()
event.info = 'Test on Event Report'
event.add_event_report('Test Report', 'This is a report')
self._attach_analyst_data(event.event_reports[0])
def test_analyst_data_on_object(self) -> None:
misp_object = MISPObject('file')
misp_object.add_attribute('filename', 'foo.exe')
self._attach_analyst_data(misp_object)
def test_analyst_data_on_object_alternative(self) -> None:
event = MISPEvent()
event.info = 'Test on Object'
misp_object = MISPObject('file')
misp_object.add_attribute('filename', 'foo.exe')
event.add_object(misp_object)
self._attach_analyst_data(event.objects[0])
def test_analyst_data_on_object_attribute(self) -> None:
misp_object = MISPObject('file')
object_attribute = misp_object.add_attribute('filename', 'foo.exe')
self._attach_analyst_data(object_attribute)
def test_analyst_data_object_object_attribute_alternative(self) -> None:
misp_object = MISPObject('file')
misp_object.add_attribute('filename', 'foo.exe')
self._attach_analyst_data(misp_object.attributes[0])
2024-12-20 15:38:25 +01:00
def _attach_analyst_data(
self, container: MISPAttribute | MISPEvent | MISPEventReport | MISPObject) -> None:
object_type = container._analyst_data_object_type
note1 = container.add_note(note='note1')
opinion1 = note1.add_opinion(opinion=25, comment='Disagree')
opinion2 = container.add_opinion(opinion=50, comment='Neutral')
note2 = opinion2.add_note(note='note2')
dict_note = MISPNote()
dict_note.from_dict(
object_type=object_type, object_uuid=container.uuid, **self.note_dict
)
note3 = container.add_note(**dict_note)
dict_opinion = MISPOpinion()
dict_opinion.from_dict(
object_type='Note', object_uuid=note3.uuid, **self.opinion_dict
)
container.add_opinion(**dict_opinion)
self.assertEqual(len(container.notes), 3)
self.assertEqual(len(container.opinions), 3)
misp_note1, misp_note2, misp_note3 = container.notes
misp_opinion1, misp_opinion2, misp_opinion3 = container.opinions
self.assertEqual(misp_note1.object_type, object_type)
self.assertEqual(misp_note1.object_uuid, container.uuid)
self.assertEqual(misp_note1.note, 'note1')
2024-12-20 15:38:25 +01:00
self.assertEqual(misp_note2.object_type, 'Opinion')
self.assertEqual(misp_note2.object_uuid, opinion2.uuid)
self.assertEqual(misp_note2.note, 'note2')
self.assertEqual(misp_note3.object_type, object_type)
self.assertEqual(misp_note3.object_uuid, container.uuid)
self.assertEqual(misp_note3.note, 'note3')
self.assertEqual(misp_opinion1.object_type, 'Note')
self.assertEqual(misp_opinion1.object_uuid, note1.uuid)
self.assertEqual(misp_opinion1.opinion, 25)
self.assertEqual(misp_opinion1.comment, 'Disagree')
self.assertEqual(misp_opinion2.object_type, object_type)
self.assertEqual(misp_opinion2.object_uuid, container.uuid)
self.assertEqual(misp_opinion2.opinion, 50)
self.assertEqual(misp_opinion2.comment, 'Neutral')
2024-12-20 15:38:25 +01:00
self.assertEqual(misp_opinion3.object_type, 'Note')
self.assertEqual(misp_opinion3.object_uuid, note3.uuid)
self.assertEqual(misp_opinion3.opinion, 75)
self.assertEqual(misp_opinion3.comment, 'Agree')