From d7beed9f76d5fba86b9fa0993d830ba4af06c5e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 14 May 2020 22:47:24 +0200
Subject: [PATCH] new: Test search with timestamp

---
 tests/testlive_comprehensive.py | 49 +++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py
index e656384..323b3fb 100644
--- a/tests/testlive_comprehensive.py
+++ b/tests/testlive_comprehensive.py
@@ -2263,6 +2263,55 @@ class TestComprehensive(unittest.TestCase):
             self.admin_misp_connector.delete_event(first)
             self.admin_misp_connector.delete_tag(tag)
 
+    def test_search_workflow_ts(self):
+        first = self.create_simple_event()
+        first.add_attribute('domain', 'google.com')
+        tag = MISPTag()
+        tag.name = 'my_tag'
+        try:
+            # Note: attribute 0 doesn't matter
+            # Attribute 1 = google.com, no tag
+            # Init tag and event
+            tag = self.admin_misp_connector.add_tag(tag, pythonify=True)
+            self.assertEqual(tag.name, 'my_tag')
+            first = self.user_misp_connector.add_event(first, pythonify=True)
+            time.sleep(10)
+            # Add tag to attribute 1, add attribute 2, update
+            first.attributes[1].add_tag(tag)
+            first.add_attribute('domain', 'google.fr')
+            # Attribute 1 = google.com, tag
+            # Attribute 2 = google.fr, no tag
+            first = self.user_misp_connector.update_event(first, pythonify=True)
+            self.assertEqual(first.attributes[1].tags[0].name, 'my_tag')
+            self.assertEqual(first.attributes[2].tags, [])
+            updated_attrs = self.user_misp_connector.search(controller='attributes', eventid=first.id, timestamp=first.timestamp.timestamp(), pythonify=True)
+            # Get two attributes, 0 (google.com) has a tag, 1 (google.fr) doesn't
+            self.assertEqual(len(updated_attrs), 2)
+            self.assertEqual(updated_attrs[0].tags[0].name, 'my_tag')
+            self.assertEqual(updated_attrs[1].value, 'google.fr')
+            self.assertEqual(updated_attrs[1].tags, [])
+            # Get the metadata only of the event
+            first_meta_only = self.user_misp_connector.search(eventid=first.id, metadata=True, pythonify=True)
+
+            # Add tag to attribute 1 (google.fr)
+            attr_to_update = updated_attrs[1]
+            attr_to_update.add_tag(tag)
+            # attr_to_update.pop('timestamp')
+            # Add new attribute to event with metadata only
+            first_meta_only[0].add_attribute('domain', 'google.lu')
+            # Add tag to new attribute
+            first_meta_only[0].attributes[0].add_tag('my_tag')
+            # Re-add attribute 1 (google.fr), newly tagged
+            first_meta_only[0].add_attribute(**attr_to_update)
+            # When we push, all the attributes should be tagged
+            first = self.user_misp_connector.update_event(first_meta_only[0], pythonify=True)
+            self.assertEqual(first.attributes[1].tags[0].name, 'my_tag')
+            self.assertEqual(first.attributes[2].tags[0].name, 'my_tag')
+            self.assertEqual(first.attributes[3].tags[0].name, 'my_tag')
+        finally:
+            self.admin_misp_connector.delete_event(first)
+            self.admin_misp_connector.delete_tag(tag)
+
 
 if __name__ == '__main__':
     unittest.main()