fix: edited method works as expected, add tests.

2018-01-05 19:17:25 +01:00 · 2018-01-05 19:17:25 +01:00 · a01e7f5e27
parent 8ce7a497af
commit a01e7f5e27
6 changed files with 4690 additions and 13 deletions
--- a/pymisp/abstract.py
+++ b/pymisp/abstract.py
@ -145,10 +145,11 @@ class AbstractMISP(collections.MutableMapping):
        for p in self.properties:
            if self.__edited:
                break
-            if isinstance(p, AbstractMISP) and p.edited:
+            val = getattr(self, p)
+            if isinstance(val, AbstractMISP) and val.edited:
                self.__edited = True
-            elif isinstance(p, list) and all(isinstance(a, AbstractMISP) for a in p):
-                if any(a.edited for a in p):
+            elif isinstance(val, list) and all(isinstance(a, AbstractMISP) for a in val):
+                if any(a.edited for a in val):
                    self.__edited = True
        return self.__edited

--- a/pymisp/mispevent.py
+++ b/pymisp/mispevent.py
@ -667,7 +667,7 @@ class MISPEvent(AbstractMISP):
    def get_object_by_id(self, object_id):
        """Get an object by ID (the ID is the one set by the server when creating the new object)"""
        for obj in self.objects:
-            if hasattr(obj, 'id') and obj.id == object_id:
+            if hasattr(obj, 'id') and int(obj.id) == int(object_id):
                return obj
        raise InvalidMISPObject('Object with {} does not exists in ths event'.format(object_id))

--- a/tests/mispevent_testfiles/event_tags.json
+++ b/tests/mispevent_testfiles/event_tags.json
@ -0,0 +1,20 @@
+{
+  "Event": {
+	"Tag": [
+	  {
+		"name": "bar"
+	  },
+	  {
+		"name": "baz"
+	  },
+	  {
+		"name": "foo"
+	  }
+	],
+    "analysis": "1",
+    "date": "2017-12-31",
+    "distribution": "1",
+    "info": "This is a test",
+    "threat_level_id": "1"
+  }
+}
--- a/tests/mispevent_testfiles/existing_event.json
+++ b/tests/mispevent_testfiles/existing_event.json
@ -67,7 +67,7 @@
        "to_ids": false,
        "type": "text",
        "uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81",
-        "value": "The Sednit group \u2014 also known as Strontium, APT28, Fancy Bear or Sofacy\u2009\u2014\u2009is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET\u2019s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit\u2019s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group\u2019s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
+        "value": "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
      },
      {
        "category": "Network activity",
@ -406,7 +406,7 @@
              "Timo Steffens",
              "Christophe Vandeplas"
            ],
-            "description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group\u2019s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
+            "description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
            "galaxy_id": "367",
            "id": "46669",
            "meta": {
@ -1276,7 +1276,7 @@
            "to_ids": true,
            "type": "filename",
            "uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f",
-            "value": "Trump\u2019s_Attack_on_Syria_English.docx"
+            "value": "Trump’s_Attack_on_Syria_English.docx"
          },
          {
            "category": "Payload delivery",
@ -3920,7 +3920,7 @@
          "date": "2017-12-14",
          "distribution": "3",
          "id": "9616",
-          "info": "OSINT - Attackers Deploy New ICS Attack Framework \u201cTRITON\u201d and Cause Operational Disruption to Critical Infrastructure",
+          "info": "OSINT - Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure",
          "org_id": "2",
          "orgc_id": "2",
          "published": false,
@ -4020,7 +4020,7 @@
          "date": "2017-10-23",
          "distribution": "3",
          "id": "9208",
-          "info": "Talos: \u201cCyber Conflict\u201d Decoy Document Used In Real Cyber Conflict",
+          "info": "Talos: “Cyber Conflict” Decoy Document Used In Real Cyber Conflict",
          "org_id": "291",
          "orgc_id": "291",
          "published": true,
@ -4095,7 +4095,7 @@
          "date": "2017-05-11",
          "distribution": "3",
          "id": "7820",
-          "info": "APT28-Sednit adds two zero-day exploits using \u2018Trump\u2019s attack on Syria\u2019 as a decoy",
+          "info": "APT28-Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy",
          "org_id": "277",
          "orgc_id": "277",
          "published": true,
@ -4145,7 +4145,7 @@
          "date": "2016-12-29",
          "distribution": "3",
          "id": "5667",
-          "info": "OSINT - GRIZZLY STEPPE \u2013 Russian Malicious Cyber Activity",
+          "info": "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity",
          "org_id": "2",
          "orgc_id": "2",
          "published": true,
@ -4270,7 +4270,7 @@
          "date": "2016-10-17",
          "distribution": "3",
          "id": "5165",
-          "info": "OSINT: \u2018DealersChoice\u2019 is Sofacy\u2019s Flash Player Exploit Platform",
+          "info": "OSINT: ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform",
          "org_id": "278",
          "orgc_id": "278",
          "published": true,
--- a/tests/mispevent_testfiles/existing_event_edited.json
+++ b/tests/mispevent_testfiles/existing_event_edited.json
--- a/tests/test_mispevent.py
+++ b/tests/test_mispevent.py
@ -5,7 +5,7 @@ import unittest
 import json
 from io import BytesIO

-from pymisp import MISPEvent, MISPSighting
+from pymisp import MISPEvent, MISPSighting, MISPTag


 class TestMISPEvent(unittest.TestCase):
@ -39,6 +39,17 @@ class TestMISPEvent(unittest.TestCase):
            ref_json = json.load(f)
        self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))

+    def test_event_tag(self):
+        self.init_event()
+        self.mispevent.add_tag('bar')
+        self.mispevent.add_tag(name='baz')
+        new_tag = MISPTag()
+        new_tag.from_dict(name='foo')
+        self.mispevent.add_tag(new_tag)
+        with open('tests/mispevent_testfiles/event_tags.json', 'r') as f:
+            ref_json = json.load(f)
+        self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
+
    def test_attribute(self):
        self.init_event()
        self.mispevent.add_attribute('filename', 'bar.exe')
@ -152,6 +163,76 @@ class TestMISPEvent(unittest.TestCase):
            ref_json = json.load(f)
        self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))

+    def test_event_not_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+
+    def test_event_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.mispevent.info = 'blah'
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_tag_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.add_tag('foo')
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_attribute_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.mispevent.attributes[0].value = 'blah'
+        self.assertTrue(self.mispevent.attributes[0].edited)
+        self.assertFalse(self.mispevent.attributes[1].edited)
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_attribute_tag_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.attributes[0].tags[0].name = 'blah'
+        self.assertTrue(self.mispevent.attributes[0].tags[0].edited)
+        self.assertFalse(self.mispevent.attributes[0].tags[1].edited)
+        self.assertTrue(self.mispevent.attributes[0].edited)
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_attribute_tag_edited_second(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.attributes[0].add_tag(name='blah')
+        self.assertTrue(self.mispevent.attributes[0].edited)
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_object_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.objects[0].comment = 'blah'
+        self.assertTrue(self.mispevent.objects[0].edited)
+        self.assertFalse(self.mispevent.objects[1].edited)
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_object_attribute_edited(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.objects[0].attributes[0].comment = 'blah'
+        self.assertTrue(self.mispevent.objects[0].attributes[0].edited)
+        self.assertTrue(self.mispevent.objects[0].edited)
+        self.assertTrue(self.mispevent.edited)
+
+    def test_event_object_attribute_edited_tag(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        self.assertFalse(self.mispevent.edited)
+        self.mispevent.objects[0].attributes[0].add_tag('blah')
+        self.assertTrue(self.mispevent.objects[0].attributes[0].edited)
+        self.assertTrue(self.mispevent.objects[0].edited)
+        self.assertTrue(self.mispevent.edited)
+        with open('tests/mispevent_testfiles/existing_event_edited.json', 'r') as f:
+            ref_json = json.load(f)
+        self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
+
+    def test_obj_by_id(self):
+        self.mispevent.load_file('tests/mispevent_testfiles/existing_event.json')
+        misp_obj = self.mispevent.get_object_by_id(1556)
+        self.assertEqual(misp_obj.uuid, '5a3cd604-e11c-4de5-bbbf-c170950d210f')
+

 if __name__ == '__main__':
    unittest.main()