Skip to content

Commit

Permalink
Merge pull request #211 from fhightower/197-fix-tests
Browse files Browse the repository at this point in the history 
Fix tests
  • Loading branch information
@fhightower
fhightower authored Apr 22, 2022
2 parents 425fa76 + 4456e6e commit eb8c446
Show file tree
Hide file tree
Showing 6 changed files with 58 additions and 50 deletions.
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ max-line-length = 120
disable = "C0114, R1705, C0103"

[tool.pytest.ini_options]
addopts = "-n auto -v --cov=. --cov-report term-missing --cov-fail-under 98"
addopts = "-n auto -vv --cov=. --cov-report term-missing --cov-fail-under 98"
python_files = "tests/test_*.py"
13 changes: 4 additions & 9 deletions tests/find_iocs_cases/domains.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,9 @@
param(
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
{
"domains": ["google.com", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"domains": ["asf.goole.com", "cba0019_file_00002_pdf.zip", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
],
},
{},
Expand All @@ -22,21 +20,18 @@
{
"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
]
],
"domains": ['cba0019_file_00002_pdf.zip', 'freasdfuewriter.com', 'uniddloos.zddfdd.org']
},
{'parse_domain_from_url': False},
id="domain-issue_104__domains_read_from_percent_encoded_url_query_params__with_options_false",
),
param(
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
{
"domains": ["google.com", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"domains": ["asf.goole.com", "cba0019_file_00002_pdf.zip", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
],
},
{'parse_from_url_path': False},
Expand Down
9 changes: 7 additions & 2 deletions tests/find_iocs_cases/file_paths.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,12 @@
{},
id="file_path_2",
),
param("and this is a file ~/foo/bar/abc.py", {'file_paths': ["~/foo/bar/abc.py"]}, {}, id="file_path_3"),
param(
"and this is a file ~/foo/bar/abc.py",
{'file_paths': ["~/foo/bar/abc.py"], 'domains': ['abc.py']},
{},
id="file_path_3",
),
param(
"test /Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/pivtoken.appex file",
{'file_paths': ["/Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/pivtoken.appex"]},
Expand All @@ -56,7 +61,7 @@
),
param(
"another home directory ~/Desktop/test.py python file",
{'file_paths': ["~/Desktop/test.py"]},
{'file_paths': ["~/Desktop/test.py"], 'domains': ['test.py']},
{},
id="file_path_5",
),
Expand Down
76 changes: 41 additions & 35 deletions tests/find_iocs_cases/hashes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,40 +71,18 @@
imphash\t18ddf28a71089acdbab5038f58044c0a
imphash\n18ddf28a71089acdbab5038f58044c0a
imphash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{},
id="imphash_1",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper imphash: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 210.209.127.8:443
imphash: 18ddf28a71089acdbab5038f58044c0a
imphash 18ddf28a71089acdbab5038f58044c0a
imphash 18ddf28a71089acdbab5038f58044c0a
imphash: 18ddf28a71089acdbab5038f58044c0a
imphash\t18ddf28a71089acdbab5038f58044c0a
imphash\n18ddf28a71089acdbab5038f58044c0a
imphash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_1",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper IMPHASH: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 210.209.127.8:443
IMPHASH: 18ddf28a71089acdbab5038f58044c0a
IMPHASH 18ddf28a71089acdbab5038f58044c0a
IMPHASH 18ddf28a71089acdbab5038f58044c0a
IMPHASH: 18ddf28a71089acdbab5038f58044c0a
IMPHASH\t18ddf28a71089acdbab5038f58044c0a
IMPHASH\n18ddf28a71089acdbab5038f58044c0a
IMPHASH - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{},
id="imphash_2",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper import hash: 18ddf28a71089acdbab5038f58044c0a
Expand All @@ -116,7 +94,15 @@
import hash\t18ddf28a71089acdbab5038f58044c0a
import hash\n18ddf28a71089acdbab5038f58044c0a
import hash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_3",
),
Expand All @@ -131,7 +117,15 @@
IMPORT HASH\t18ddf28a71089acdbab5038f58044c0a
IMPORT HASH\n18ddf28a71089acdbab5038f58044c0a
IMPORT HASH - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_4",
),
Expand All @@ -146,7 +140,13 @@
authentihash\t3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
authentihash\n3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
""",
{"authentihashes": ["3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4"]},
{
"authentihashes": [
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
]
},
{},
id="authentihash_1",
),
Expand All @@ -161,7 +161,13 @@
AUTHENTIHASH\t3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
AUTHENTIHASH\n3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
""",
{"authentihashes": ["3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4"]},
{
"authentihashes": [
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
]
},
{},
id="authentihash_2",
),
Expand Down
3 changes: 2 additions & 1 deletion tests/find_iocs_cases/ip_addr.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
"2001:db8:0:0:0:ff00:42:8329",
"2001:db8::ff00:42:8329",
"::1",
]
],
"ssdeeps": ['0000:0000:ff00', '2001:0db8:0000'],
},
{},
id="ipv6_1",
Expand Down
5 changes: 3 additions & 2 deletions tests/find_iocs_cases/registry_keys.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,7 @@
{
'registry_key_paths': [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell",
],
'domains': [
"citizenlab.ca",
Expand Down Expand Up @@ -295,10 +296,10 @@
'urls': [
"https://citizenlab.ca/2016/05/stealth-falcon-appendices",
"https://citizenlab.ca/2016/05/stealth-falcon/",
"https://citizenlab.ca/about/",
"https://citizenlab.ca/about/),",
"https://docs.microsoft.com/en-us/windows/win32/bits/background-intelligent-transfer-service-portal",
"https://www.reuters.com/investigates/special-report/usa-spying-raven/",
"https://www.secureworks.com/blog/malware-lingers-with-bits",
"https://www.secureworks.com/blog/malware-lingers-with-bits).",
],
'attack_techniques': {
'enterprise': [
Expand Down

0 comments on commit eb8c446

Please sign in to comment.