mirror of https://github.com/MISP/PyMISP
chg: Add test for loading existing malware sample from MISP
parent
95bef91588
commit
53eb22cac5
|
@ -0,0 +1,165 @@
|
||||||
|
{"response":[{
|
||||||
|
"Event": {
|
||||||
|
"id": "6719",
|
||||||
|
"orgc_id": "1",
|
||||||
|
"org_id": "1",
|
||||||
|
"date": "2018-01-04",
|
||||||
|
"threat_level_id": "1",
|
||||||
|
"info": "Test existing malware PyMISP",
|
||||||
|
"published": false,
|
||||||
|
"uuid": "5a4e4fdd-1eb4-4ff3-9e87-43fa950d210f",
|
||||||
|
"attribute_count": "6",
|
||||||
|
"analysis": "0",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"distribution": "0",
|
||||||
|
"proposal_email_lock": false,
|
||||||
|
"locked": false,
|
||||||
|
"publish_timestamp": "0",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"disable_correlation": false,
|
||||||
|
"event_creator_email": "raphael.vinot@circl.lu",
|
||||||
|
"Org": {
|
||||||
|
"id": "1",
|
||||||
|
"name": "CIRCL",
|
||||||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||||||
|
},
|
||||||
|
"Orgc": {
|
||||||
|
"id": "1",
|
||||||
|
"name": "CIRCL",
|
||||||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||||||
|
},
|
||||||
|
"Attribute": [],
|
||||||
|
"ShadowAttribute": [],
|
||||||
|
"RelatedEvent": [],
|
||||||
|
"Galaxy": [],
|
||||||
|
"Object": [
|
||||||
|
{
|
||||||
|
"id": "2279",
|
||||||
|
"name": "file",
|
||||||
|
"meta-category": "file",
|
||||||
|
"description": "File object describing a file with meta-information",
|
||||||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||||||
|
"template_version": "7",
|
||||||
|
"event_id": "6719",
|
||||||
|
"uuid": "5a4e4ffe-4cb8-48b1-bd5c-48fb950d210f",
|
||||||
|
"timestamp": "1515081726",
|
||||||
|
"distribution": "5",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"comment": "",
|
||||||
|
"deleted": false,
|
||||||
|
"ObjectReference": [],
|
||||||
|
"Attribute": [
|
||||||
|
{
|
||||||
|
"id": "814967",
|
||||||
|
"type": "malware-sample",
|
||||||
|
"category": "Payload delivery",
|
||||||
|
"to_ids": true,
|
||||||
|
"uuid": "5a4e4fff-407c-40ff-9de5-43dc950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": false,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "malware-sample",
|
||||||
|
"value": "simple.json|7637beddacbeac59d44469b2b120b9e6",
|
||||||
|
"data": "UEsDBAoACQAAAEOAJEyjHboUIQAAABUAAAAgABwANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTZVVAkAA\/5PTlr+T05adXgLAAEEIQAAAAQhAAAATvzonhGOj12MyB1QeGLJ5iZhOjD+zymV4FU2+kjD4oTYUEsHCKMduhQhAAAAFQAAAFBLAwQKAAkAAABDgCRMg45UABcAAAALAAAALQAcADc2MzdiZWRkYWNiZWFjNTlkNDQ0NjliMmIxMjBiOWU2LmZpbGVuYW1lLnR4dFVUCQAD\/k9OWv5PTlp1eAsAAQQhAAAABCEAAADDgZOh6307Bduy829xtRjpivO\/xFI3KVBLBwiDjlQAFwAAAAsAAABQSwECHgMKAAkAAABDgCRMox26FCEAAAAVAAAAIAAYAAAAAAABAAAApIEAAAAANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTZVVAUAA\/5PTlp1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABDgCRMg45UABcAAAALAAAALQAYAAAAAAABAAAApIGLAAAANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTYuZmlsZW5hbWUudHh0VVQFAAP+T05adXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAABkBAAAAAA==",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "814968",
|
||||||
|
"type": "filename",
|
||||||
|
"category": "Payload delivery",
|
||||||
|
"to_ids": false,
|
||||||
|
"uuid": "5a4e4fff-9ec0-4822-a405-4e29950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": false,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "filename",
|
||||||
|
"value": "simple.json",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "814969",
|
||||||
|
"type": "md5",
|
||||||
|
"category": "Payload delivery",
|
||||||
|
"to_ids": true,
|
||||||
|
"uuid": "5a4e4fff-8000-49f9-8c3e-4598950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": false,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "md5",
|
||||||
|
"value": "7637beddacbeac59d44469b2b120b9e6",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "814970",
|
||||||
|
"type": "sha1",
|
||||||
|
"category": "Payload delivery",
|
||||||
|
"to_ids": true,
|
||||||
|
"uuid": "5a4e4fff-dae0-4aa4-81ea-4899950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": false,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "sha1",
|
||||||
|
"value": "023853a4331db8d67e44553004cf338ec1b7440e",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "814971",
|
||||||
|
"type": "sha256",
|
||||||
|
"category": "Payload delivery",
|
||||||
|
"to_ids": true,
|
||||||
|
"uuid": "5a4e4fff-03ec-4e88-b5f4-472b950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": false,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "sha256",
|
||||||
|
"value": "6ae8b0f1c7d6f3238d1fc14038018c3b4704c8cc23dac1c2bfd2c81b5a278eef",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "814972",
|
||||||
|
"type": "size-in-bytes",
|
||||||
|
"category": "Other",
|
||||||
|
"to_ids": false,
|
||||||
|
"uuid": "5a4e4fff-b6f4-41ba-a6eb-446c950d210f",
|
||||||
|
"event_id": "6719",
|
||||||
|
"distribution": "5",
|
||||||
|
"timestamp": "1515081727",
|
||||||
|
"comment": "",
|
||||||
|
"sharing_group_id": "0",
|
||||||
|
"deleted": false,
|
||||||
|
"disable_correlation": true,
|
||||||
|
"object_id": "2279",
|
||||||
|
"object_relation": "size-in-bytes",
|
||||||
|
"value": "21",
|
||||||
|
"ShadowAttribute": []
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}]}
|
|
@ -93,6 +93,14 @@ class TestMISPEvent(unittest.TestCase):
|
||||||
ref_json = json.load(f)
|
ref_json = json.load(f)
|
||||||
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
|
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
|
||||||
|
|
||||||
|
def test_existing_malware(self):
|
||||||
|
self.mispevent.load_file('tests/mispevent_testfiles/malware_exist.json')
|
||||||
|
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
|
||||||
|
pseudofile = BytesIO(f.read())
|
||||||
|
self.assertEqual(
|
||||||
|
self.mispevent.objects[0].get_attributes_by_relation('malware-sample')[0].malware_binary.read(),
|
||||||
|
pseudofile.read())
|
||||||
|
|
||||||
def test_sighting(self):
|
def test_sighting(self):
|
||||||
sighting = MISPSighting()
|
sighting = MISPSighting()
|
||||||
sighting.from_dict(value='1', type='bar', timestamp=11111111)
|
sighting.from_dict(value='1', type='bar', timestamp=11111111)
|
||||||
|
|
Loading…
Reference in New Issue