2018-01-03 14:36:10 +01:00
|
|
|
#!/usr/bin/env python
|
2024-01-17 13:34:56 +01:00
|
|
|
|
|
|
|
from __future__ import annotations
|
2018-01-03 14:36:10 +01:00
|
|
|
|
|
|
|
import unittest
|
|
|
|
import json
|
|
|
|
from io import BytesIO
|
2019-11-15 13:33:06 +01:00
|
|
|
import glob
|
2020-01-28 14:25:10 +01:00
|
|
|
import hashlib
|
|
|
|
from datetime import date, datetime
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2022-12-01 10:09:39 +01:00
|
|
|
from pymisp import (MISPAttribute, MISPEvent, MISPGalaxy, MISPObject, MISPOrganisation,
|
|
|
|
MISPSighting, MISPTag)
|
2018-01-12 00:35:57 +01:00
|
|
|
from pymisp.exceptions import InvalidMISPObject
|
2020-05-26 15:37:24 +02:00
|
|
|
from pymisp.tools import GitVulnFinderObject
|
2018-01-03 14:36:10 +01:00
|
|
|
|
|
|
|
|
|
|
|
class TestMISPEvent(unittest.TestCase):
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def setUp(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.maxDiff = None
|
|
|
|
self.mispevent = MISPEvent()
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def init_event(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.info = 'This is a test'
|
|
|
|
self.mispevent.distribution = 1
|
|
|
|
self.mispevent.threat_level_id = 1
|
|
|
|
self.mispevent.analysis = 1
|
|
|
|
self.mispevent.set_date("2017-12-31") # test the set date method
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_simple(self) -> None:
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/simple.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.init_event()
|
|
|
|
self.mispevent.publish()
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_loadfile(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/event.json')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_loadfile_validate(self) -> None:
|
2021-06-28 18:21:09 +02:00
|
|
|
misp_event = MISPEvent()
|
|
|
|
misp_event.load_file('tests/mispevent_testfiles/event.json', validate=True)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_loadfile_validate_strict(self) -> None:
|
2021-06-28 18:21:09 +02:00
|
|
|
misp_event = MISPEvent(strict_validation=True)
|
|
|
|
misp_event.load_file('tests/mispevent_testfiles/event.json', validate=True)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_tag(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.init_event()
|
|
|
|
self.mispevent.add_tag('bar')
|
|
|
|
self.mispevent.add_tag(name='baz')
|
|
|
|
new_tag = MISPTag()
|
|
|
|
new_tag.from_dict(name='foo')
|
|
|
|
self.mispevent.add_tag(new_tag)
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event_tags.json') as f:
|
2018-01-05 19:17:25 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-05 19:17:25 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_galaxy(self) -> None:
|
2022-12-01 10:09:39 +01:00
|
|
|
self.init_event()
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/galaxy.json') as f:
|
2022-12-01 10:09:39 +01:00
|
|
|
galaxy = json.load(f)
|
|
|
|
misp_galaxy = MISPGalaxy()
|
|
|
|
misp_galaxy.from_dict(**galaxy)
|
|
|
|
self.mispevent.add_galaxy(misp_galaxy)
|
|
|
|
self.assertEqual(self.mispevent.galaxies[0].to_json(sort_keys=True, indent=2), json.dumps(galaxy, sort_keys=True, indent=2))
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_attribute(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.init_event()
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.add_attribute('filename', 'bar.exe') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.add_attribute_tag('osint', 'bar.exe') # type: ignore[assignment]
|
2018-01-03 14:36:10 +01:00
|
|
|
attr_tags = self.mispevent.get_attribute_tag('bar.exe')
|
|
|
|
self.assertEqual(self.mispevent.attributes[0].tags[0].name, 'osint')
|
|
|
|
self.assertEqual(attr_tags[0].name, 'osint')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/attribute.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
# Fake setting an attribute ID for testing
|
|
|
|
self.mispevent.attributes[0].id = 42
|
2024-01-30 13:27:59 +01:00
|
|
|
self.mispevent.delete_attribute('42')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/attribute_del.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_attribute_galaxy(self) -> None:
|
2022-12-01 10:09:39 +01:00
|
|
|
self.init_event()
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/galaxy.json') as f:
|
2022-12-01 10:09:39 +01:00
|
|
|
galaxy = json.load(f)
|
|
|
|
misp_galaxy = MISPGalaxy()
|
|
|
|
misp_galaxy.from_dict(**galaxy)
|
|
|
|
attribute = MISPAttribute()
|
|
|
|
attribute.from_dict(**{'type': 'github-username', 'value': 'adulau'})
|
|
|
|
attribute.add_galaxy(misp_galaxy)
|
|
|
|
self.mispevent.add_attribute(**attribute)
|
|
|
|
self.assertEqual(
|
|
|
|
self.mispevent.attributes[0].galaxies[0].to_json(sort_keys=True, indent=2),
|
|
|
|
json.dumps(galaxy, sort_keys=True, indent=2)
|
|
|
|
)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_to_dict_json_format(self) -> None:
|
2021-06-29 12:38:52 +02:00
|
|
|
misp_event = MISPEvent()
|
|
|
|
av_signature_object = MISPObject("av-signature")
|
|
|
|
av_signature_object.add_attribute("signature", "EICAR")
|
|
|
|
av_signature_object.add_attribute("software", "ClamAv")
|
|
|
|
misp_event.add_object(av_signature_object)
|
|
|
|
|
|
|
|
self.assertEqual(json.loads(misp_event.to_json()), misp_event.to_dict(json_format=True))
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_object_tag(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.add_object(name='file', strict=True)
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.objects[0].add_attribute('filename', value='') # type: ignore[assignment]
|
2019-08-28 14:45:59 +02:00
|
|
|
self.assertEqual(a, None)
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('filename', value=None) # type: ignore[assignment]
|
2019-08-28 14:45:59 +02:00
|
|
|
self.assertEqual(a, None)
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('filename', value='bar', Tag=[{'name': 'blah'}]) # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
self.assertEqual(self.mispevent.objects[0].attributes[0].tags[0].name, 'blah')
|
|
|
|
self.assertTrue(self.mispevent.objects[0].has_attributes_by_relation(['filename']))
|
|
|
|
self.assertEqual(len(self.mispevent.objects[0].get_attributes_by_relation('filename')), 1)
|
|
|
|
self.mispevent.add_object(name='url', strict=True)
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[1].add_attribute('url', value='https://www.circl.lu') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
|
|
|
self.mispevent.objects[1].uuid = 'b'
|
2019-12-11 23:38:41 +01:00
|
|
|
reference = self.mispevent.objects[0].add_reference(self.mispevent.objects[1], 'baz', comment='foo')
|
|
|
|
del reference.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
self.assertEqual(self.mispevent.objects[0].references[0].relationship_type, 'baz')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event_obj_attr_tag.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
|
|
|
@unittest.skip("Not supported on MISP: https://github.com/MISP/MISP/issues/2638 - https://github.com/MISP/PyMISP/issues/168")
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_object_level_tag(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.add_object(name='file', strict=True)
|
|
|
|
self.mispevent.objects[0].add_attribute('filename', value='bar')
|
2024-02-01 14:40:12 +01:00
|
|
|
self.mispevent.objects[0].add_tag('osint') # type: ignore[attr-defined]
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event_obj_tag.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_object_galaxy(self) -> None:
|
2022-12-01 10:09:39 +01:00
|
|
|
self.init_event()
|
|
|
|
misp_object = MISPObject('github-user')
|
|
|
|
misp_object.add_attribute('username', 'adulau')
|
|
|
|
misp_object.add_attribute('repository', 'cve-search')
|
|
|
|
self.mispevent.add_object(misp_object)
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/galaxy.json') as f:
|
2022-12-01 10:09:39 +01:00
|
|
|
galaxy = json.load(f)
|
|
|
|
misp_galaxy = MISPGalaxy()
|
|
|
|
misp_galaxy.from_dict(**galaxy)
|
|
|
|
self.mispevent.objects[0].attributes[0].add_galaxy(misp_galaxy)
|
|
|
|
self.assertEqual(
|
|
|
|
self.mispevent.objects[0].attributes[0].galaxies[0].to_json(sort_keys=True, indent=2),
|
|
|
|
json.dumps(galaxy, sort_keys=True, indent=2)
|
|
|
|
)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_malware(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
|
|
|
|
pseudofile = BytesIO(f.read())
|
|
|
|
self.init_event()
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.add_attribute('malware-sample', 'bar.exe', data=pseudofile) # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
attribute = self.mispevent.attributes[0]
|
|
|
|
self.assertEqual(attribute.malware_binary, pseudofile)
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/malware.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_existing_malware(self) -> None:
|
2018-01-04 17:12:15 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/malware_exist.json')
|
|
|
|
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
|
|
|
|
pseudofile = BytesIO(f.read())
|
2024-02-01 14:40:12 +01:00
|
|
|
self.assertTrue(self.mispevent.objects[0].get_attributes_by_relation('malware-sample')[0].malware_binary)
|
|
|
|
if _mb := self.mispevent.objects[0].get_attributes_by_relation('malware-sample')[0].malware_binary:
|
|
|
|
self.assertEqual(_mb.read(), pseudofile.read())
|
2018-01-04 17:12:15 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_sighting(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
sighting = MISPSighting()
|
|
|
|
sighting.from_dict(value='1', type='bar', timestamp=11111111)
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/sighting.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(sighting.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_existing_event(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/existing_event.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
|
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_shadow_attributes_existing(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/shadow.json')
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/shadow.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2019-04-11 23:13:15 +02:00
|
|
|
@unittest.skip("Not supported on MISP.")
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_shadow_attributes(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.init_event()
|
2018-05-03 21:36:40 +02:00
|
|
|
p = self.mispevent.add_proposal(type='filename', value='baz.jpg')
|
|
|
|
del p.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.add_attribute('filename', 'bar.exe') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
|
|
|
p = self.mispevent.attributes[0].add_proposal(type='filename', value='bar.pdf')
|
|
|
|
del p.uuid
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/proposals.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_default_attributes(self) -> None:
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.add_object(name='file', strict=True)
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.objects[0].add_attribute('filename', value='bar', Tag=[{'name': 'blah'}]) # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('pattern-in-file', value='baz') # type: ignore[assignment]
|
2019-10-18 14:44:54 +02:00
|
|
|
self.assertEqual(a.category, 'Artifacts dropped')
|
|
|
|
del a.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.add_object(name='file', strict=False, default_attributes_parameters=self.mispevent.objects[0].attributes[0])
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[1].add_attribute('filename', value='baz') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-03 14:36:10 +01:00
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
|
|
|
self.mispevent.objects[1].uuid = 'b'
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/event_obj_def_param.json') as f:
|
2018-01-03 14:36:10 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-03 14:36:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_obj_default_values(self) -> None:
|
2018-01-05 11:34:08 +01:00
|
|
|
self.init_event()
|
|
|
|
self.mispevent.add_object(name='whois', strict=True)
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.objects[0].add_attribute('registrar', value='registar.example.com') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('domain', value='domain.example.com') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('nameserver', value='ns1.example.com') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('nameserver', value='ns2.example.com', disable_correlation=False, to_ids=True, category='External analysis') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-05 11:34:08 +01:00
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/def_param.json') as f:
|
2018-01-05 11:34:08 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-05 11:34:08 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_obj_references_export(self) -> None:
|
2020-07-01 13:20:49 +02:00
|
|
|
self.init_event()
|
|
|
|
obj1 = MISPObject(name="file")
|
|
|
|
obj2 = MISPObject(name="url", standalone=False)
|
|
|
|
obj1.add_reference(obj2, "downloads")
|
|
|
|
obj2.add_reference(obj1, "downloaded-by")
|
|
|
|
self.assertFalse("ObjectReference" in obj1.jsonable())
|
|
|
|
self.assertTrue("ObjectReference" in obj2.jsonable())
|
|
|
|
self.mispevent.add_object(obj1)
|
|
|
|
obj2.standalone = True
|
|
|
|
self.assertTrue("ObjectReference" in obj1.jsonable())
|
|
|
|
self.assertFalse("ObjectReference" in obj2.jsonable())
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_not_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.mispevent.info = 'blah'
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_tag_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.add_tag('foo')
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_attribute_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.mispevent.attributes[0].value = 'blah'
|
|
|
|
self.assertTrue(self.mispevent.attributes[0].edited)
|
|
|
|
self.assertFalse(self.mispevent.attributes[1].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_attribute_tag_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.attributes[0].tags[0].name = 'blah'
|
|
|
|
self.assertTrue(self.mispevent.attributes[0].tags[0].edited)
|
|
|
|
self.assertFalse(self.mispevent.attributes[0].tags[1].edited)
|
|
|
|
self.assertTrue(self.mispevent.attributes[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_attribute_tag_edited_second(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.attributes[0].add_tag(name='blah')
|
|
|
|
self.assertTrue(self.mispevent.attributes[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_object_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.objects[0].comment = 'blah'
|
|
|
|
self.assertTrue(self.mispevent.objects[0].edited)
|
|
|
|
self.assertFalse(self.mispevent.objects[1].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_object_attribute_edited(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.objects[0].attributes[0].comment = 'blah'
|
|
|
|
self.assertTrue(self.mispevent.objects[0].attributes[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.objects[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_event_object_attribute_edited_tag(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
self.assertFalse(self.mispevent.edited)
|
|
|
|
self.mispevent.objects[0].attributes[0].add_tag('blah')
|
|
|
|
self.assertTrue(self.mispevent.objects[0].attributes[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.objects[0].edited)
|
|
|
|
self.assertTrue(self.mispevent.edited)
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/existing_event_edited.json') as f:
|
2018-01-05 19:17:25 +01:00
|
|
|
ref_json = json.load(f)
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-05 19:17:25 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_obj_by_id(self) -> None:
|
2018-01-05 19:17:25 +01:00
|
|
|
self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
|
|
|
|
misp_obj = self.mispevent.get_object_by_id(1556)
|
|
|
|
self.assertEqual(misp_obj.uuid, '5a3cd604-e11c-4de5-bbbf-c170950d210f')
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_userdefined_object_custom_template(self) -> None:
|
2020-12-01 14:00:43 +01:00
|
|
|
self.init_event()
|
|
|
|
with open('tests/mispevent_testfiles/test_object_template/definition.json') as f:
|
|
|
|
template = json.load(f)
|
|
|
|
self.mispevent.add_object(name='test_object_template', strict=True,
|
|
|
|
misp_objects_template_custom=template)
|
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# Fail on required
|
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
|
|
|
self.assertEqual(e.exception.message, '{\'member3\'} are required.')
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.objects[0].add_attribute('member3', value='foo') # type: ignore[assignment]
|
2020-12-01 14:00:43 +01:00
|
|
|
del a.uuid
|
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# Fail on requiredOneOf
|
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
|
|
|
self.assertEqual(e.exception.message, 'At least one of the following attributes is required: member1, member2')
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('member1', value='bar') # type: ignore[assignment]
|
2020-12-01 14:00:43 +01:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('member1', value='baz') # type: ignore[assignment]
|
2020-12-01 14:00:43 +01:00
|
|
|
del a.uuid
|
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# member1 is not a multiple
|
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
|
|
|
self.assertEqual(e.exception.message, 'Multiple occurrences of member1 is not allowed')
|
|
|
|
|
|
|
|
self.mispevent.objects[0].attributes = self.mispevent.objects[0].attributes[:2]
|
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/misp_custom_obj.json') as f:
|
2020-12-01 14:00:43 +01:00
|
|
|
ref_json = json.load(f)
|
|
|
|
del self.mispevent.uuid
|
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_userdefined_object_custom_dir(self) -> None:
|
2018-01-12 00:35:57 +01:00
|
|
|
self.init_event()
|
|
|
|
self.mispevent.add_object(name='test_object_template', strict=True, misp_objects_path_custom='tests/mispevent_testfiles')
|
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# Fail on required
|
2019-10-09 16:07:40 +02:00
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
2020-12-01 14:00:43 +01:00
|
|
|
self.assertEqual(e.exception.message, '{\'member3\'} are required.')
|
2018-01-12 00:35:57 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
a: MISPAttribute = self.mispevent.objects[0].add_attribute('member3', value='foo') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-12 00:35:57 +01:00
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# Fail on requiredOneOf
|
2019-10-09 16:07:40 +02:00
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
2018-01-12 00:35:57 +01:00
|
|
|
self.assertEqual(e.exception.message, 'At least one of the following attributes is required: member1, member2')
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('member1', value='bar') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2024-02-01 14:40:12 +01:00
|
|
|
a = self.mispevent.objects[0].add_attribute('member1', value='baz') # type: ignore[assignment]
|
2018-05-03 21:36:40 +02:00
|
|
|
del a.uuid
|
2018-01-12 00:35:57 +01:00
|
|
|
with self.assertRaises(InvalidMISPObject) as e:
|
|
|
|
# member1 is not a multiple
|
2019-10-09 16:07:40 +02:00
|
|
|
self.mispevent.to_json(sort_keys=True, indent=2)
|
2018-01-12 00:35:57 +01:00
|
|
|
self.assertEqual(e.exception.message, 'Multiple occurrences of member1 is not allowed')
|
|
|
|
|
2018-01-12 16:15:09 +01:00
|
|
|
self.mispevent.objects[0].attributes = self.mispevent.objects[0].attributes[:2]
|
|
|
|
self.mispevent.objects[0].uuid = 'a'
|
2024-01-17 13:34:56 +01:00
|
|
|
with open('tests/mispevent_testfiles/misp_custom_obj.json') as f:
|
2018-01-12 16:15:09 +01:00
|
|
|
ref_json = json.load(f)
|
2020-02-21 14:12:36 +01:00
|
|
|
del self.mispevent.uuid
|
2019-10-09 16:07:40 +02:00
|
|
|
self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2))
|
2018-01-12 16:15:09 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_first_last_seen(self) -> None:
|
2020-01-28 14:25:10 +01:00
|
|
|
me = MISPEvent()
|
|
|
|
me.info = 'Test First and Last Seen'
|
2024-02-01 14:40:12 +01:00
|
|
|
me.date = '2020.01.12' # type: ignore[assignment]
|
2020-01-28 14:25:10 +01:00
|
|
|
self.assertEqual(me.date.day, 12)
|
|
|
|
me.add_attribute('ip-dst', '8.8.8.8', first_seen='06-21-1998', last_seen=1580213607.469571)
|
|
|
|
self.assertEqual(me.attributes[0].first_seen.year, 1998)
|
|
|
|
self.assertEqual(me.attributes[0].last_seen.year, 2020)
|
|
|
|
now = datetime.now().astimezone()
|
|
|
|
me.attributes[0].last_seen = now
|
2020-01-29 11:19:10 +01:00
|
|
|
today = date.today()
|
2024-02-01 14:40:12 +01:00
|
|
|
me.attributes[0].first_seen = today # type: ignore[assignment]
|
2020-01-28 14:25:10 +01:00
|
|
|
self.assertEqual(me.attributes[0].first_seen.year, today.year)
|
|
|
|
self.assertEqual(me.attributes[0].last_seen, now)
|
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_feed(self) -> None:
|
2020-01-28 14:25:10 +01:00
|
|
|
me = MISPEvent()
|
|
|
|
me.info = 'Test feed'
|
|
|
|
org = MISPOrganisation()
|
|
|
|
org.name = 'TestOrg'
|
|
|
|
org.uuid = '123478'
|
|
|
|
me.Orgc = org
|
|
|
|
me.add_attribute('ip-dst', '8.8.8.8')
|
2020-01-28 14:41:28 +01:00
|
|
|
obj = me.add_object(name='file')
|
|
|
|
obj.add_attributes('filename', *['foo.exe', 'bar.exe'])
|
2020-01-28 14:25:10 +01:00
|
|
|
h = hashlib.new('md5')
|
|
|
|
h.update(b'8.8.8.8')
|
|
|
|
hash_attr_val = h.hexdigest()
|
|
|
|
feed = me.to_feed(with_meta=True)
|
|
|
|
self.assertEqual(feed['Event']['_hashes'][0], hash_attr_val)
|
|
|
|
self.assertEqual(feed['Event']['_manifest'][me.uuid]['info'], 'Test feed')
|
2020-01-28 14:41:28 +01:00
|
|
|
self.assertEqual(len(feed['Event']['Object'][0]['Attribute']), 2)
|
2020-01-28 14:25:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_object_templates(self) -> None:
|
2019-11-15 13:33:06 +01:00
|
|
|
me = MISPEvent()
|
|
|
|
for template in glob.glob(str(me.misp_objects_path / '*' / 'definition.json')):
|
|
|
|
with open(template) as f:
|
|
|
|
t_json = json.load(f)
|
|
|
|
if 'requiredOneOf' in t_json:
|
|
|
|
obj_relations = set(t_json['attributes'].keys())
|
|
|
|
subset = set(t_json['requiredOneOf']).issubset(obj_relations)
|
|
|
|
self.assertTrue(subset, f'{t_json["name"]}')
|
|
|
|
if 'required' in t_json:
|
|
|
|
obj_relations = set(t_json['attributes'].keys())
|
|
|
|
subset = set(t_json['required']).issubset(obj_relations)
|
|
|
|
self.assertTrue(subset, f'{t_json["name"]}')
|
|
|
|
for obj_relation, entry in t_json['attributes'].items():
|
2020-11-24 12:22:17 +01:00
|
|
|
self.assertTrue(entry['misp-attribute'] in me.describe_types['types'], f'Missing type: {entry["misp-attribute"]}')
|
2019-11-15 13:33:06 +01:00
|
|
|
if 'categories' in entry:
|
|
|
|
subset = set(entry['categories']).issubset(me.describe_types['categories'])
|
|
|
|
self.assertTrue(subset, f'{t_json["name"]} - {obj_relation}')
|
2020-01-28 14:25:10 +01:00
|
|
|
|
2024-02-01 14:40:12 +01:00
|
|
|
def test_git_vuln_finder(self) -> None:
|
2020-05-26 15:37:24 +02:00
|
|
|
with open('tests/git-vuln-finder-quagga.json') as f:
|
|
|
|
dump = json.load(f)
|
|
|
|
|
|
|
|
for vuln in dump.values():
|
|
|
|
author = vuln['author']
|
|
|
|
vuln_finder = GitVulnFinderObject(vuln)
|
|
|
|
self.assertEqual(vuln_finder.get_attributes_by_relation('author')[0].value, author)
|
|
|
|
|
2018-01-03 14:36:10 +01:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
unittest.main()
|