From 1e9258eb4adc354c041d29c0b1227a800d7968fa Mon Sep 17 00:00:00 2001
From: Christian Studer <christian.studer@circl.lu>
Date: Wed, 18 Dec 2024 18:17:00 +0100
Subject: [PATCH] add: [tests] Testing Analyst Data in different scenarios

- Testing different ways to attach analyst data
- Testing that no matter what object type the
  analyst data is attached to, the `object_type`
  & `object_uuid` are correct, and the parent
  container does contain every analyst data object
  in flat lists with no nesting
---
 tests/test_analyst_data.py | 122 +++++++++++++++++++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 tests/test_analyst_data.py

diff --git a/tests/test_analyst_data.py b/tests/test_analyst_data.py
new file mode 100644
index 0000000..4672960
--- /dev/null
+++ b/tests/test_analyst_data.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python
+
+import unittest
+from pymisp import (MISPAttribute, MISPEvent, MISPEventReport, MISPNote,
+                    MISPObject, MISPOpinion)
+from uuid import uuid4
+
+
+class TestAnalystData(unittest.TestCase):
+    def setUp(self) -> None:
+        self.note_dict = {
+            "uuid": uuid4(),
+            "note": "note3"
+        }
+        self.opinion_dict = {
+            "uuid": uuid4(),
+            "opinion": 75,
+            "comment": "Agree"
+        }
+
+    def test_analyst_data_on_attribute(self) -> None:
+        attribute = MISPAttribute()
+        attribute.from_dict(type='filename', value='foo.exe')
+        self._attach_analyst_data(attribute)
+
+    def test_analyst_data_on_attribute_alternative(self) -> None:
+        event = MISPEvent()
+        event.info = 'Test on Attribute'
+        event.add_attribute('domain', 'foo.bar')
+        self._attach_analyst_data(event.attributes[0])
+
+    def test_analyst_data_on_event(self) -> None:
+        event = MISPEvent()
+        event.info = 'Test Event'
+        self._attach_analyst_data(event)
+
+    def test_analyst_data_on_event_report(self) -> None:
+        event_report = MISPEventReport()
+        event_report.from_dict(name='Test Report', content='This is a report')
+        self._attach_analyst_data(event_report)
+
+    def test_analyst_data_on_event_report_alternative(self) -> None:
+        event = MISPEvent()
+        event.info = 'Test on Event Report'
+        event.add_event_report('Test Report', 'This is a report')
+        self._attach_analyst_data(event.event_reports[0])
+
+    def test_analyst_data_on_object(self) -> None:
+        misp_object = MISPObject('file')
+        misp_object.add_attribute('filename', 'foo.exe')
+        self._attach_analyst_data(misp_object)
+
+    def test_analyst_data_on_object_alternative(self) -> None:
+        event = MISPEvent()
+        event.info = 'Test on Object'
+        misp_object = MISPObject('file')
+        misp_object.add_attribute('filename', 'foo.exe')
+        event.add_object(misp_object)
+        self._attach_analyst_data(event.objects[0])
+
+    def test_analyst_data_on_object_attribute(self) -> None:
+        misp_object = MISPObject('file')
+        object_attribute = misp_object.add_attribute('filename', 'foo.exe')
+        self._attach_analyst_data(object_attribute)
+
+    def test_analyst_data_object_object_attribute_alternative(self) -> None:
+        misp_object = MISPObject('file')
+        misp_object.add_attribute('filename', 'foo.exe')
+        self._attach_analyst_data(misp_object.attributes[0])
+        
+    def _attach_analyst_data(
+            self, container: MISPAttribute | MISPEvent | MISPEventReport | MISPObject) -> None:
+        object_type = container._analyst_data_object_type
+        note1 = container.add_note(note='note1')
+        opinion1 = note1.add_opinion(opinion=25, comment='Disagree')
+        opinion2 = container.add_opinion(opinion=50, comment='Neutral')
+        note2 = opinion2.add_note(note='note2')
+
+        dict_note = MISPNote()
+        dict_note.from_dict(
+            object_type=object_type, object_uuid=container.uuid, **self.note_dict
+        )
+        note3 = container.add_note(**dict_note)
+        dict_opinion = MISPOpinion()
+        dict_opinion.from_dict(
+            object_type='Note', object_uuid=note3.uuid, **self.opinion_dict
+        )
+        container.add_opinion(**dict_opinion)
+
+        self.assertEqual(len(container.notes), 3)
+        self.assertEqual(len(container.opinions), 3)
+
+        misp_note1, misp_note2, misp_note3 = container.notes
+        misp_opinion1, misp_opinion2, misp_opinion3 = container.opinions
+
+        self.assertEqual(misp_note1.object_type, object_type)
+        self.assertEqual(misp_note1.object_uuid, container.uuid)
+        self.assertEqual(misp_note1.note, 'note1')
+        
+        self.assertEqual(misp_note2.object_type, 'Opinion')
+        self.assertEqual(misp_note2.object_uuid, opinion2.uuid)
+        self.assertEqual(misp_note2.note, 'note2')
+
+        self.assertEqual(misp_note3.object_type, object_type)
+        self.assertEqual(misp_note3.object_uuid, container.uuid)
+        self.assertEqual(misp_note3.note, 'note3')
+
+        self.assertEqual(misp_opinion1.object_type, 'Note')
+        self.assertEqual(misp_opinion1.object_uuid, note1.uuid)
+        self.assertEqual(misp_opinion1.opinion, 25)
+        self.assertEqual(misp_opinion1.comment, 'Disagree')
+
+        self.assertEqual(misp_opinion2.object_type, object_type)
+        self.assertEqual(misp_opinion2.object_uuid, container.uuid)
+        self.assertEqual(misp_opinion2.opinion, 50)
+        self.assertEqual(misp_opinion2.comment, 'Neutral')
+        
+        self.assertEqual(misp_opinion3.object_type, 'Note')
+        self.assertEqual(misp_opinion3.object_uuid, note3.uuid)
+        self.assertEqual(misp_opinion3.opinion, 75)
+        self.assertEqual(misp_opinion3.comment, 'Agree')
+