add content for basic incident testing

pull/1/head
Emmanuelle Vargas-Gonzalez 2021-01-15 15:13:30 -05:00
parent be0ebbad65
commit b696f14560
2 changed files with 82 additions and 0 deletions

View File

@ -9,6 +9,7 @@ CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
GROUPING_ID = "grouping--753abcde-3141-5926-ace5-0a810b1ff996" GROUPING_ID = "grouping--753abcde-3141-5926-ace5-0a810b1ff996"
IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c"
INCIDENT_ID = "incident--40fc3b35-0dc4-4afd-9927-288d44bfce20"
INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
INFRASTRUCTURE_ID = "infrastructure--3000ae1b-784c-f03d-8abc-0a625b2ff018" INFRASTRUCTURE_ID = "infrastructure--3000ae1b-784c-f03d-8abc-0a625b2ff018"
INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29" INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29"

View File

@ -0,0 +1,81 @@
import datetime as dt
import pytest
import pytz
import stix2
from .constants import INCIDENT_ID
EXPECTED = """{
"type": "incident",
"spec_version": "2.1",
"id": "incident--40fc3b35-0dc4-4afd-9927-288d44bfce20",
"created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z",
"name": "Breach of Cyber Tech Dynamics",
"description": "Intrusion into enterprise network"
}"""
def test_incident_example():
incident = stix2.v21.Incident(
id=INCIDENT_ID,
created="2015-12-21T19:59:11.000Z",
modified="2015-12-21T19:59:11.000Z",
name="Breach of Cyber Tech Dynamics",
description="Intrusion into enterprise network",
)
assert str(incident) == EXPECTED
@pytest.mark.parametrize(
"data", [
EXPECTED,
{
"created": "2015-12-21T19:59:11.000Z",
"id": INCIDENT_ID,
"description": "Intrusion into enterprise network",
"modified": "2015-12-21T19:59:11.000Z",
"name": "Breach of Cyber Tech Dynamics",
"spec_version": "2.1",
"type": "incident",
},
],
)
def test_parse_incident(data):
incident = stix2.parse(data, version="2.1")
assert incident.type == 'incident'
assert incident.spec_version == '2.1'
assert incident.id == INCIDENT_ID
assert incident.created == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
assert incident.modified == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
assert incident.name == 'Breach of Cyber Tech Dynamics'
assert incident.description == 'Intrusion into enterprise network'
def test_parse_no_type():
with pytest.raises(stix2.exceptions.ParseError):
stix2.parse(
"""
{
"id": "incident--40fc3b35-0dc4-4afd-9927-288d44bfce20",
"created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z",
"name": "Breach of Cyber Tech Dynamics",
"description": "Intrusion into enterprise network"
}""", version="2.1",
)
def test_incident_with_custom():
incident = stix2.v21.Incident(
name="Breach of Cyber Tech Dynamics",
description="Intrusion into enterprise network",
custom_properties={'x_foo': 'bar'},
)
assert incident.x_foo == "bar"
assert "x_foo" in incident.object_properties()