Commit Graph

145 Commits (6b89e40e8b3959628cee20936ebaf0b806c68dae)

Author SHA1 Message Date
chrisr3d c41545debb
fix: [tests] Fixed error catching in passive dns and ssl modules 2019-12-17 16:46:26 +01:00
chrisr3d 2fc9171a3f
fix: [tests] Avoiding issues with btc addresses 2019-12-17 16:32:29 +01:00
chrisr3d aa721acfd9
fix: [tests] Added missing variable 2019-12-17 15:47:22 +01:00
chrisr3d 3f7ee7c1a2
add: Test cases for reworked passive dns and ssl modules 2019-12-17 15:19:29 +01:00
Raphaël Vinot 772822a903 fix: OTX tests were failing, new entry. 2019-12-10 11:28:01 +01:00
Raphaël Vinot 6fcd9c9b8d fix: MIssing parameter in skip 2019-12-04 17:46:09 +01:00
Raphaël Vinot 7048f01633 chg: deactive emails tests, need update 2019-12-04 17:03:16 +01:00
Raphaël Vinot 9744c1e0a5 Revert "Merge pull request #341 from StefanKelm/master"
This reverts commit 1df0d9152e, reversing
changes made to 6042619c6b.

This PR was a fixing a typo in a test case. The typo is in a 3rd party
service.
2019-11-26 17:49:01 +01:00
Raphaël Vinot 1df0d9152e
Merge pull request #341 from StefanKelm/master
Update test_expansions.py
2019-11-26 17:21:33 +01:00
chrisr3d 9068725322
add: Xforce Exchange module tests 2019-11-05 17:13:34 +01:00
chrisr3d 2b592ce267
fix: Avoiding empty config error on passivetotal module 2019-11-01 16:59:58 +01:00
chrisr3d 83227ba889
fix: Fixed results parsing for various module tests 2019-10-31 17:16:27 +01:00
chrisr3d 4fb65672e3
fix: Fixed variable name 2019-10-31 17:16:08 +01:00
chrisr3d 604fac9690
add: Added test for vulners module 2019-10-31 11:47:47 +01:00
chrisr3d 2adba0bf83
fix: Fixed VT results 2019-10-31 11:46:58 +01:00
chrisr3d 969d8b627d
add: Added qrcode module test with its test image 2019-10-31 11:46:11 +01:00
chrisr3d 4cabbe6334
add: [test expansion] Added various tests for modules with api authentication 2019-10-30 16:29:18 +01:00
chrisr3d 7170ed6105
fix: [test expansion] Using CVE with lighter results 2019-10-29 21:36:07 +01:00
chrisr3d edb6bef628
add: [test expansion] New modules tests
- Starting testing some modules with api keys
- Testing new apiosintDS module
2019-10-29 21:35:45 +01:00
chrisr3d d683665589
chg: [test expansion] Enhanced results parsing 2019-10-29 21:15:22 +01:00
chrisr3d f15ab8162f
add: cve_advanced module test + functions to test attributes and objects results 2019-10-27 21:19:43 +01:00
chrisr3d 93858e302a
fix: Removed unused self param turning the associated functions into static methods 2019-10-27 21:16:31 +01:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d 6df0072e60
fix: Using absolute path to open files instead of relative path 2019-10-18 09:43:53 +02:00
chrisr3d 93bc178717
fix: Removed unused import\ 2019-10-17 16:36:56 +02:00
chrisr3d 7aa78636a5
add: Tests for all the office, libreoffice, pdf & OCR enrich modules 2019-10-17 16:32:26 +02:00
chrisr3d 60ef1901e2
fix: Handling issues when the otx api is queried too often in a short time 2019-10-17 12:46:29 +02:00
chrisr3d 9f7f11107c
fix: Fixed ThreatMiner results parsing 2019-10-17 10:41:11 +02:00
chrisr3d a7e523ab61
add: threatminer module test 2019-10-16 22:00:36 +02:00
StefanKelm 0e6d514198
Update test_expansions.py
Tiniest of typos
2019-10-16 12:40:22 +02:00
chrisr3d 1786b23b27
add: Tests for expansion modules with different input types 2019-10-15 16:04:03 +02:00
chrisr3d bc0c7c7d7d
fix: Catching wikidata errors properly + fixed errors parsing 2019-10-15 14:41:38 +02:00
chrisr3d b1ae8deb6b
fix: Handling errors and exceptions for expansion modules tests that could fail due to a connection error 2019-10-08 15:50:15 +02:00
chrisr3d e1faf64296
add: Added tests for the rest of the easily testable expansion modules
- More tests for more complex modules to come soon
2019-10-07 17:14:27 +02:00
chrisr3d 6a3c907222
fix: DBL spamhaus test 2019-10-05 00:15:29 +02:00
chrisr3d 1130eaf840
fix: Quick typo & dbl spamhaus test fixes 2019-10-04 23:16:28 +02:00
chrisr3d db804b6a12
add: Tests for sigma queries and syntax validator modules 2019-10-04 17:46:25 +02:00
chrisr3d 5e53583eb1 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-04 17:23:38 +02:00
chrisr3d b9b78d1606
fix: Travis tests should be happy now 2019-10-04 17:22:32 +02:00
chrisr3d 5cd42b52b6 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-04 17:02:19 +02:00
chrisr3d 6bcd60871c
fix: copy paste syntax error 2019-10-04 17:01:22 +02:00
chrisr3d 43f663ac99 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-04 16:49:49 +02:00
chrisr3d d48d884ef0
fix: Fixed greynoise test following the latest changes on the module 2019-10-04 16:48:59 +02:00
chrisr3d cbb7a430a7
add: More modules tested 2019-10-04 16:46:57 +02:00
chrisr3d a591138020
add: Added tests for some expansion modules without API key required
- More tests to come
2019-10-04 16:07:19 +02:00
chrisr3d 8995303878
fix: [tests] Fixed tests to avoid config issues with the cve module
- Config currently empty in the module, but being
  updated soon with a pending pull request
2019-09-17 13:50:33 +02:00
Raphaël Vinot 696bafa749 fix: have I been pwned API changed again. 2019-08-19 11:37:43 +02:00
Raphaël Vinot fee889f71c fix: Wrong change in last commit. 2019-07-24 09:57:52 +02:00
Raphaël Vinot 80ce0a58b5 fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy. 2019-07-24 09:49:05 +02:00
Raphaël Vinot 40c70c1a53 chg: Add print to figure out what's going on on travis. 2019-07-24 09:35:55 +02:00
Raphaël Vinot 79992f0204 chg: Bump dependencies 2019-07-24 09:24:46 +02:00
Raphaël Vinot b89d068c04 new: Modules for greynoise, haveibeenpwned and macvendors
Source: https://github.com/src7/misp-modules
2019-04-02 15:30:11 +02:00
chrisr3d 4149a07eff
add: Added test files for yara to test yara library & potentially yara syntax 2018-11-13 16:00:55 +01:00
Alexandre Dulaunoy 5d1583d88b
chg: [onyphe] fix #252 2018-11-11 15:49:14 +01:00
chrisr3d 479e66cc9b
fix: Removed STIX related libraries, files, documentation, etc. 2018-06-11 17:03:23 +02:00
Alexandre Dulaunoy 2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules 2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy 0af064ac40
fix: missing cve module test 2018-05-29 21:57:38 +02:00
Alexandre Dulaunoy 9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset. 2018-05-29 21:54:22 +02:00
chrisr3d a02dbd6a8d
fix: Fixed typo of the aml type for country codes 2018-02-26 18:52:28 +01:00
chrisr3d 694a63c8f3
add: Added an example file generated by GoAML export module 2018-02-22 10:29:05 +01:00
Thomas Gardner 441d41cf5d added test files for threat_connect_export 2017-08-03 16:21:41 -06:00
seamus tuohy 40c71af637 Added support for malformed internationalized email headers
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93)

To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.

This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
2017-07-02 18:03:14 -04:00
seamus tuohy 3eecf9afe5 Merge branch 'master' into utf_hate 2017-07-01 18:23:01 -04:00
Raphaël Vinot c508e60f65 Add OpenIOC import module 2017-02-27 13:32:31 +01:00
seamus tuohy 0566049c63 Added unit tests for UTF emails 2017-01-11 17:53:54 -05:00
seamus tuohy 83a9d695ea Email import no longer unzips major compressed text document formats.
Let this commit serve as a warning about the perils of duck typing.
Word documents (docx,odt,etc) were being uncompressed when they were
attached to emails. The email importer now checks a list of well known
extensions and will not attempt to unzip them.

It is stuck using a list of extensions instead of using file magic because
many of these formats produce an application/zip mimetype when scanned.
2017-01-10 09:55:33 -05:00
Raphaël Vinot 9f84db3659 Fix tests, cleanup 2017-01-07 18:36:08 -05:00
seamus tuohy 1a7973bc06 Add additional email parsing and tests
Added additional attribute parsing and corresponding unit-tests.
E-mail attachment and url extraction added in this commit. This includes
unpacking zipfiles and simple password cracking of encrypted zipfiles.
2017-01-04 10:21:36 -08:00
seamus tuohy 0ff270a3be Fixed basic errors 2016-12-26 14:33:10 -08:00
seamus tuohy 08261366b7 Merged with current master 2016-12-26 14:17:20 -08:00
seamus tuohy 6ec307b911 Adding basic test mockup 2016-12-26 14:09:52 -08:00
Raphaël Vinot f8bedd4554 Remove domaintools tests 2016-12-02 16:16:25 +01:00
Raphaël Vinot 2b020c55ba Add test for domaintools 2016-12-02 15:29:44 +01:00
Hannah Ward c567d1e6f2
Moved to misp_stix_converter 2016-11-21 10:59:30 +00:00
Raphaël Vinot 5624104b77 Fix STIX import module 2016-11-15 16:47:17 +01:00
seamus tuohy 5033b1a9ca Added email meta-data import module.
This email meta-data import module collects basic meta-data from an e-mail
and populates an event with it. It populates the email subject, source
addresses, destination addresses, subject, and any attachment file names.
This commit also contains unit-tests for this module as well as updates to
the readme. Readme updates are additions aimed to make it easier for
outsiders to build modules.
2016-10-22 17:13:20 -04:00
Alexandre Dulaunoy 2df8bf970e Merge pull request #47 from FloatingGhost/CEF_Export
CEF export, fixes in CountryCode, virustotal
2016-09-01 19:39:16 +02:00
Raphaël Vinot c69fae087c Add timeout for the modules, cleanup. 2016-08-25 17:36:28 +02:00
Hannah Ward 232014f221
Added virustotal tests 2016-08-17 13:01:11 +01:00
Alexandre Dulaunoy d499ac0ce6 Merge pull request #44 from Rafiot/travis
Add coverage, update logging
2016-08-12 15:20:26 +02:00
Raphaël Vinot b24b16b30a Add coverage, update logging 2016-08-12 15:15:38 +02:00
Hannah Ward 6db269f965
stiximport now uses temporary files to store stix data.
Set max size in config, in bytes
2016-08-12 13:53:23 +01:00
Hannah Ward c02a452c05
added tests, also disregards related_observables. Because they're useless 2016-08-12 12:16:49 +01:00
Raphaël Vinot ef6e3b27f8 Proper testcases 2016-06-18 15:09:42 +09:00
Raphaël Vinot 0752c5e3f4 Make it a package 2016-06-18 11:04:41 +09:00
Alexandre Dulaunoy 2699eef633 dns module test with option added 2016-04-01 08:00:56 +02:00
Raphaël Vinot be27730fd3 Add CIRCL pssl module 2016-03-25 17:38:03 +01:00
Alexandre Dulaunoy 6cf77031cc Tests updated to include CIRCL passive dns 2016-03-25 11:01:12 +01:00
Alexandre Dulaunoy 1b6afbe736 Test file for passivetotal updated 2016-03-25 09:04:23 +01:00
Alexandre Dulaunoy b505f1bd32 cve module tests added 2016-03-18 08:17:17 +01:00
Alexandre Dulaunoy e282150850 Sample JSON files reflecting config changes 2016-03-16 07:47:01 +01:00
Alexandre Dulaunoy 5cc07c0203 A minimal caching module added to cache link or url from MISP 2016-03-14 20:40:06 +01:00
Alexandre Dulaunoy d86b58165e First version of a passivetotal MISP expansion module 2016-03-02 21:17:37 +01:00
Alexandre Dulaunoy e7e8f28a03 curl is now silent 2016-02-17 18:33:33 +01:00
Alexandre Dulaunoy ad87f947a5 Basic test cases added 2016-02-17 16:05:30 +01:00