2019-04-02 15:30:11 +02:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
import requests
|
|
|
|
from urllib.parse import urljoin
|
2019-07-24 09:35:55 +02:00
|
|
|
import json
|
2019-04-02 15:30:11 +02:00
|
|
|
|
|
|
|
|
|
|
|
class TestExpansions(unittest.TestCase):
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.maxDiff = None
|
|
|
|
self.headers = {'Content-Type': 'application/json'}
|
|
|
|
self.url = "http://127.0.0.1:6666/"
|
|
|
|
|
|
|
|
def misp_modules_post(self, query):
|
|
|
|
return requests.post(urljoin(self.url, "query"), json=query)
|
|
|
|
|
|
|
|
def get_values(self, response):
|
2019-07-24 09:35:55 +02:00
|
|
|
data = response.json()
|
2019-07-24 09:49:05 +02:00
|
|
|
if not isinstance(data, dict):
|
2019-07-24 09:57:52 +02:00
|
|
|
print(json.dumps(data, indent=2))
|
2019-07-24 09:49:05 +02:00
|
|
|
return data
|
2019-07-24 09:35:55 +02:00
|
|
|
return data['results'][0]['values']
|
2019-04-02 15:30:11 +02:00
|
|
|
|
|
|
|
def test_cve(self):
|
|
|
|
query = {"module": "cve", "vulnerability": "CVE-2010-3333"}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
self.assertTrue(self.get_values(response).startswith("Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3"))
|
|
|
|
|
|
|
|
def test_dns(self):
|
|
|
|
query = {"module": "dns", "hostname": "www.circl.lu", "config": {"nameserver": "8.8.8.8"}}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
self.assertEqual(self.get_values(response), ['149.13.33.14'])
|
|
|
|
|
|
|
|
def test_macvendors(self):
|
|
|
|
query = {"module": "macvendors", "mac-address": "FC-A1-3E-2A-1C-33"}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
self.assertEqual(self.get_values(response), 'Samsung Electronics Co.,Ltd')
|
|
|
|
|
|
|
|
def test_haveibeenpwned(self):
|
|
|
|
query = {"module": "hibp", "email-src": "info@circl.lu"}
|
|
|
|
response = self.misp_modules_post(query)
|
2019-07-24 09:57:52 +02:00
|
|
|
to_check = self.get_values(response)
|
|
|
|
if to_check == "haveibeenpwned.com API not accessible (HTTP 403)":
|
2019-07-24 09:49:05 +02:00
|
|
|
self.skipTest(f"haveibeenpwned blocks travis IPs: {response}")
|
2019-07-24 09:57:52 +02:00
|
|
|
self.assertEqual(to_check, 'OK (Not Found)', response)
|
2019-04-02 15:30:11 +02:00
|
|
|
|
|
|
|
def test_greynoise(self):
|
|
|
|
query = {"module": "greynoise", "ip-dst": "1.1.1.1"}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
self.assertEqual(self.get_values(response)['status'], 'ok')
|
|
|
|
|
|
|
|
def test_ipasn(self):
|
|
|
|
query = {"module": "ipasn", "ip-dst": "1.1.1.1"}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
key = list(self.get_values(response)['response'].keys())[0]
|
|
|
|
entry = self.get_values(response)['response'][key]['asn']
|
|
|
|
self.assertEqual(entry, '13335')
|
|
|
|
|
|
|
|
def test_bgpranking(self):
|
|
|
|
query = {"module": "bgpranking", "AS": "13335"}
|
|
|
|
response = self.misp_modules_post(query)
|
|
|
|
self.assertEqual(self.get_values(response)['response']['asn_description'], 'CLOUDFLARENET - Cloudflare, Inc., US')
|