From 4746d77f9c6c3da7f7340f238e3294471f3f1aa7 Mon Sep 17 00:00:00 2001 From: Thorsten Sick Date: Wed, 14 Jul 2021 14:03:38 +0200 Subject: [PATCH] More unit tests for log --- tests/test_attack_log.py | 82 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/tests/test_attack_log.py b/tests/test_attack_log.py index d463557..d8889ab 100644 --- a/tests/test_attack_log.py +++ b/tests/test_attack_log.py @@ -4,6 +4,8 @@ import unittest from app.attack_log import AttackLog +import app.attack_log +# from unittest.mock import patch, call # from app.exceptions import ConfigurationError # https://docs.python.org/3/library/unittest.html @@ -203,3 +205,83 @@ class TestMachineConfig(unittest.TestCase): self.assertEqual(data[0]["target"], target) self.assertEqual(data[0]["plugin_name"], attack_name) self.assertEqual(data[0]["hunting_tag"], "MITRE_" + ttp) + + def test_file_write_start(self): + """ Starting a file write """ + al = AttackLog() + source = "asource" + target = "a target" + file_name = "a generic filename" + al.start_file_write(source=source, + target=target, + file_name=file_name, + ) + data = al.get_dict() + self.assertEqual(data[0]["event"], "start") + self.assertEqual(data[0]["type"], "dropping_file") + self.assertEqual(data[0]["sub-type"], "by PurpleDome") + self.assertEqual(data[0]["source"], source) + self.assertEqual(data[0]["target"], target) + self.assertEqual(data[0]["file_name"], file_name) + + def test_file_write_stop(self): + """ Stopping a file write """ + al = AttackLog() + source = "asource" + target = "a target" + file_name = "a generic filename" + al.stop_file_write(source=source, + target=target, + file_name=file_name, + ) + data = al.get_dict() + self.assertEqual(data[0]["event"], "stop") + self.assertEqual(data[0]["type"], "dropping_file") + self.assertEqual(data[0]["sub-type"], "by PurpleDome") + self.assertEqual(data[0]["source"], source) + self.assertEqual(data[0]["target"], target) + self.assertEqual(data[0]["file_name"], file_name) + + def test_execute_payload_start(self): + """ Starting a execute payload """ + al = AttackLog() + source = "asource" + target = "a target" + command = "a generic command" + al.start_execute_payload(source=source, + target=target, + command=command, + ) + data = al.get_dict() + self.assertEqual(data[0]["event"], "start") + self.assertEqual(data[0]["type"], "execute_payload") + self.assertEqual(data[0]["sub-type"], "by PurpleDome") + self.assertEqual(data[0]["source"], source) + self.assertEqual(data[0]["target"], target) + self.assertEqual(data[0]["command"], command) + + def test_execute_payload_stop(self): + """ Stopping a execute payload """ + al = AttackLog() + source = "asource" + target = "a target" + command = "a generic command" + al.stop_execute_payload(source=source, + target=target, + command=command, + ) + data = al.get_dict() + self.assertEqual(data[0]["event"], "stop") + self.assertEqual(data[0]["type"], "execute_payload") + self.assertEqual(data[0]["sub-type"], "by PurpleDome") + self.assertEqual(data[0]["source"], source) + self.assertEqual(data[0]["target"], target) + self.assertEqual(data[0]["command"], command) + + def test_mitre_fix_ttp_is_none(self): + """ Testing the mitre ttp fix for ttp being none """ + self.assertEqual(app.attack_log.__mitre_fix_ttp__(None), "") + + def test_mitre_fix_ttp_is_MITRE_SOMETHING(self): + """ Testing the mitre ttp fix for ttp being MITRE_ """ + self.assertEqual(app.attack_log.__mitre_fix_ttp__("MITRE_FOO"), "MITRE_FOO")