chg: Add test for loading existing malware sample from MISP

pull/171/head
Raphaël Vinot 2018-01-04 17:12:15 +01:00
parent 95bef91588
commit 53eb22cac5
2 changed files with 173 additions and 0 deletions

View File

@ -0,0 +1,165 @@
{"response":[{
"Event": {
"id": "6719",
"orgc_id": "1",
"org_id": "1",
"date": "2018-01-04",
"threat_level_id": "1",
"info": "Test existing malware PyMISP",
"published": false,
"uuid": "5a4e4fdd-1eb4-4ff3-9e87-43fa950d210f",
"attribute_count": "6",
"analysis": "0",
"timestamp": "1515081727",
"distribution": "0",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "0",
"sharing_group_id": "0",
"disable_correlation": false,
"event_creator_email": "raphael.vinot@circl.lu",
"Org": {
"id": "1",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "1",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Attribute": [],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": [
{
"id": "2279",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"event_id": "6719",
"uuid": "5a4e4ffe-4cb8-48b1-bd5c-48fb950d210f",
"timestamp": "1515081726",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "814967",
"type": "malware-sample",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a4e4fff-407c-40ff-9de5-43dc950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "2279",
"object_relation": "malware-sample",
"value": "simple.json|7637beddacbeac59d44469b2b120b9e6",
"data": "UEsDBAoACQAAAEOAJEyjHboUIQAAABUAAAAgABwANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTZVVAkAA\/5PTlr+T05adXgLAAEEIQAAAAQhAAAATvzonhGOj12MyB1QeGLJ5iZhOjD+zymV4FU2+kjD4oTYUEsHCKMduhQhAAAAFQAAAFBLAwQKAAkAAABDgCRMg45UABcAAAALAAAALQAcADc2MzdiZWRkYWNiZWFjNTlkNDQ0NjliMmIxMjBiOWU2LmZpbGVuYW1lLnR4dFVUCQAD\/k9OWv5PTlp1eAsAAQQhAAAABCEAAADDgZOh6307Bduy829xtRjpivO\/xFI3KVBLBwiDjlQAFwAAAAsAAABQSwECHgMKAAkAAABDgCRMox26FCEAAAAVAAAAIAAYAAAAAAABAAAApIEAAAAANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTZVVAUAA\/5PTlp1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABDgCRMg45UABcAAAALAAAALQAYAAAAAAABAAAApIGLAAAANzYzN2JlZGRhY2JlYWM1OWQ0NDQ2OWIyYjEyMGI5ZTYuZmlsZW5hbWUudHh0VVQFAAP+T05adXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAABkBAAAAAA==",
"ShadowAttribute": []
},
{
"id": "814968",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "5a4e4fff-9ec0-4822-a405-4e29950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "2279",
"object_relation": "filename",
"value": "simple.json",
"ShadowAttribute": []
},
{
"id": "814969",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a4e4fff-8000-49f9-8c3e-4598950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "2279",
"object_relation": "md5",
"value": "7637beddacbeac59d44469b2b120b9e6",
"ShadowAttribute": []
},
{
"id": "814970",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a4e4fff-dae0-4aa4-81ea-4899950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "2279",
"object_relation": "sha1",
"value": "023853a4331db8d67e44553004cf338ec1b7440e",
"ShadowAttribute": []
},
{
"id": "814971",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a4e4fff-03ec-4e88-b5f4-472b950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "2279",
"object_relation": "sha256",
"value": "6ae8b0f1c7d6f3238d1fc14038018c3b4704c8cc23dac1c2bfd2c81b5a278eef",
"ShadowAttribute": []
},
{
"id": "814972",
"type": "size-in-bytes",
"category": "Other",
"to_ids": false,
"uuid": "5a4e4fff-b6f4-41ba-a6eb-446c950d210f",
"event_id": "6719",
"distribution": "5",
"timestamp": "1515081727",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": true,
"object_id": "2279",
"object_relation": "size-in-bytes",
"value": "21",
"ShadowAttribute": []
}
]
}
]
}
}]}

View File

@ -93,6 +93,14 @@ class TestMISPEvent(unittest.TestCase):
ref_json = json.load(f) ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2)) self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_existing_malware(self):
self.mispevent.load_file('tests/mispevent_testfiles/malware_exist.json')
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
pseudofile = BytesIO(f.read())
self.assertEqual(
self.mispevent.objects[0].get_attributes_by_relation('malware-sample')[0].malware_binary.read(),
pseudofile.read())
def test_sighting(self): def test_sighting(self):
sighting = MISPSighting() sighting = MISPSighting()
sighting.from_dict(value='1', type='bar', timestamp=11111111) sighting.from_dict(value='1', type='bar', timestamp=11111111)