Skip to content

Commit 8eb43a0

Browse files
kamalq97kamalq97
committed
Add unit tests (round 8)
1 parent f9d887a commit 8eb43a0

File tree

3 files changed

+305
-1
lines changed

3 files changed

+305
-1
lines changed

Packs/CommonScripts/Scripts/FileEnrichment/FileEnrichment_test.py

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,32 @@ def test_add_source_brand_to_values():
251251
}
252252

253253

254+
def test_merge_context_outputs():
255+
"""
256+
Given:
257+
- The per-command entry context from 5 commands.
258+
259+
When:
260+
- Calling `merge_context_outputs`.
261+
262+
Assert:
263+
- Ensure merged correct context output.
264+
"""
265+
from FileEnrichment import merge_context_outputs
266+
267+
per_command_context = {
268+
"findIndicators": util_load_json("test_data/search_file_indicator_expected.json")["Context"],
269+
"file": util_load_json("test_data/file_reputation_command_expected.json")["Context"],
270+
"wildfire-report": util_load_json("test_data/wildfire_report_command_expected.json")["Context"],
271+
"wildfire-get-verdict": util_load_json("test_data/wildfire_verdict_command_expected.json")["Context"],
272+
"core-get-hash-analytics-prevalence": util_load_json("test_data/ir_hash_analytics_command_expected.json")["Context"],
273+
}
274+
275+
expected_merged_context = util_load_json("test_data/merged_context_expected.json")
276+
277+
assert merge_context_outputs(per_command_context) == expected_merged_context
278+
279+
254280
def test_execute_file_reputation(mocker: MockerFixture):
255281
"""
256282
Given:

Packs/CommonScripts/Scripts/FileEnrichment/test_data/merged_context_expected.json

Lines changed: 278 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,278 @@
1+
{
2+
"File(val.MD5 && val.MD5 == obj.MD5 || val.SHA1 && val.SHA1 == obj.SHA1 || val.SHA256 && val.SHA256 == obj.SHA256 || val.SHA512 && val.SHA512 == obj.SHA512 || val.CRC32 && val.CRC32 == obj.CRC32 || val.CTPH && val.CTPH == obj.CTPH || val.SSDeep && val.SSDeep == obj.SSDeep)": {
3+
"Extension": "zip",
4+
"Type": "JAVA JAR",
5+
"MD5": "4e76823c05048e92a4c0122d61000edf",
6+
"SHA1": "d8b426700c3c10413abb8acdcfeccaaec8f06cd9",
7+
"SHA256": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
8+
"Size": "262291",
9+
"SSDeep": "6144:WWEH6pcEypX3dNGGkfxlLrnR8mfhAd2HNRg/U/:WWs6pcVlHtkDR8/Ad23z",
10+
"Tags": [
11+
"malware"
12+
],
13+
"DBotScore": {
14+
"Indicator": [
15+
{
16+
"Value": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
17+
"Source": "VirusTotal (API v3)"
18+
},
19+
{
20+
"Value": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
21+
"Source": "WildFire-v2"
22+
},
23+
{
24+
"Value": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
25+
"Source": "WildFire-v2"
26+
}
27+
],
28+
"Reliability": [
29+
{
30+
"Value": "C - Fairly reliable",
31+
"Source": "VirusTotal (API v3)"
32+
},
33+
{
34+
"Value": "B - Usually reliable",
35+
"Source": "WildFire-v2"
36+
},
37+
{
38+
"Value": "B - Usually reliable",
39+
"Source": "WildFire-v2"
40+
}
41+
],
42+
"Score": [
43+
{
44+
"Value": 3,
45+
"Source": "VirusTotal (API v3)"
46+
},
47+
{
48+
"Value": 3,
49+
"Source": "WildFire-v2"
50+
},
51+
{
52+
"Value": 3,
53+
"Source": "WildFire-v2"
54+
}
55+
],
56+
"Type": [
57+
{
58+
"Value": "file",
59+
"Source": "VirusTotal (API v3)"
60+
},
61+
{
62+
"Value": "file",
63+
"Source": "WildFire-v2"
64+
},
65+
{
66+
"Value": "file",
67+
"Source": "WildFire-v2"
68+
}
69+
],
70+
"Vendor": [
71+
{
72+
"Value": "VirusTotal (API v3)",
73+
"Source": "VirusTotal (API v3)"
74+
},
75+
{
76+
"Value": "WildFire-v2",
77+
"Source": "WildFire-v2"
78+
},
79+
{
80+
"Value": "WildFire-v2",
81+
"Source": "WildFire-v2"
82+
}
83+
]
84+
},
85+
"Hashes": [
86+
{
87+
"type": "MD5",
88+
"value": "4e76823c05048e92a4c0122d61000edf"
89+
},
90+
{
91+
"type": "SHA1",
92+
"value": "d8b426700c3c10413abb8acdcfeccaaec8f06cd9"
93+
},
94+
{
95+
"type": "SHA256",
96+
"value": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0"
97+
}
98+
],
99+
"Relationships": [
100+
{
101+
"EntityA": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
102+
"EntityAType": "File",
103+
"EntityB": "jmcoru.alcatelupd.xyz",
104+
"EntityBType": "Domain",
105+
"Relationship": "communicates-with"
106+
}
107+
],
108+
"VTVendors": {
109+
"EngineDetectionNames": [
110+
"Trojan.ZIP.Java.m!c",
111+
"Malicious (score: 99)"
112+
],
113+
"EngineDetections": 43,
114+
"EngineVendors": [
115+
"CTX",
116+
"AVG"
117+
]
118+
},
119+
"VTFileVerdict": "Malicious",
120+
"DigitalSignature": {
121+
"Published": "None"
122+
},
123+
"Malicious": {
124+
"Description": null,
125+
"Vendor": "WildFire-v2"
126+
},
127+
"Report": {
128+
"Status": [
129+
{
130+
"Value": "Success",
131+
"Source": "WildFire-v2"
132+
}
133+
],
134+
"SHA256": [
135+
{
136+
"Value": "7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0",
137+
"Source": "WildFire-v2"
138+
}
139+
]
140+
},
141+
"Verdicts": {
142+
"Verdict": [
143+
{
144+
"Value": 1,
145+
"Source": "WildFire-v2"
146+
}
147+
],
148+
"VerdictDescription": [
149+
{
150+
"Value": "malware",
151+
"Source": "WildFire-v2"
152+
}
153+
],
154+
"Type": [
155+
{
156+
"Value": "JAVA JAR",
157+
"Source": "WildFire-v2"
158+
}
159+
],
160+
"MD5": [
161+
{
162+
"Value": "4e76823c05048e92a4c0122d61000edf",
163+
"Source": "WildFire-v2"
164+
}
165+
],
166+
"SHA1": [
167+
{
168+
"Value": "d8b426700c3c10413abb8acdcfeccaaec8f06cd9",
169+
"Source": "WildFire-v2"
170+
}
171+
]
172+
},
173+
"Hash": {
174+
"data": {
175+
"global_prevalence": {
176+
"description": [
177+
{
178+
"Value": "The global prevalence of the file.",
179+
"Source": "Cortex Core - IR"
180+
}
181+
],
182+
"value": [
183+
{
184+
"Value": 0,
185+
"Source": "Cortex Core - IR"
186+
}
187+
]
188+
},
189+
"local_prevalence": {
190+
"description": [
191+
{
192+
"Value": "The local prevalence of the file.",
193+
"Source": "Cortex Core - IR"
194+
}
195+
],
196+
"value": [
197+
{
198+
"Value": 0.058823529411764705,
199+
"Source": "Cortex Core - IR"
200+
}
201+
]
202+
},
203+
"prevalence": {
204+
"description": [
205+
{
206+
"Value": "The prevalence of the file.",
207+
"Source": "Cortex Core - IR"
208+
}
209+
],
210+
"value": [
211+
{
212+
"Value": 0.058823529411764705,
213+
"Source": "Cortex Core - IR"
214+
}
215+
]
216+
}
217+
},
218+
"debug": {
219+
"file_global_prevalence_by_global_process_sha256": {
220+
"description": [
221+
{
222+
"Value": "The prevalence of the file according to global_process_sha256 profile.",
223+
"Source": "Cortex Core - IR"
224+
}
225+
],
226+
"value": [
227+
{
228+
"Value": 0,
229+
"Source": "Cortex Core - IR"
230+
}
231+
]
232+
},
233+
"file_local_prevalence_by_file_sha256": {
234+
"description": [
235+
{
236+
"Value": "The prevalence of the file according to file_sha256 profile.",
237+
"Source": "Cortex Core - IR"
238+
}
239+
],
240+
"value": [
241+
{
242+
"Value": 0,
243+
"Source": "Cortex Core - IR"
244+
}
245+
]
246+
},
247+
"file_local_prevalence_by_loaded_module_sha256": {
248+
"description": [
249+
{
250+
"Value": "The prevalence of the file according to loaded_module_sha256 profile.",
251+
"Source": "Cortex Core - IR"
252+
}
253+
],
254+
"value": [
255+
{
256+
"Value": 0.058823529411764705,
257+
"Source": "Cortex Core - IR"
258+
}
259+
]
260+
},
261+
"file_local_prevalence_by_process_sha256": {
262+
"description": [
263+
{
264+
"Value": "The prevalence of the file according to process_sha256 profile.",
265+
"Source": "Cortex Core - IR"
266+
}
267+
],
268+
"value": [
269+
{
270+
"Value": 0.058823529411764705,
271+
"Source": "Cortex Core - IR"
272+
}
273+
]
274+
}
275+
}
276+
}
277+
}
278+
}

Packs/CommonScripts/Scripts/FileEnrichment/test_data/wildfire_report_command_expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,4 +63,4 @@
6363
}
6464
},
6565
"HumanReadable": "#### Result for !wildfire-report sha256=\"7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0\"\n### WildFire File Report - PDF format\n|FileType|MD5|SHA256|Size|Status|\n|---|---|---|---|---|\n| JAVA JAR | 4e76823c05048e92a4c0122d61000edf | 7aa15bd505a240a8bf62735a5389a530322945eec6ce9d7b6ad299ca33b2b1b0 | 262291 | Completed |\n"
66-
}
66+
}

0 commit comments

Comments
 (0)