Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix tests #211

Merged
merged 1 commit into from
Apr 22, 2022
Merged

Fix tests #211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ max-line-length = 120
disable = "C0114, R1705, C0103"

[tool.pytest.ini_options]
addopts = "-n auto -v --cov=. --cov-report term-missing --cov-fail-under 98"
addopts = "-n auto -vv --cov=. --cov-report term-missing --cov-fail-under 98"
python_files = "tests/test_*.py"
13 changes: 4 additions & 9 deletions tests/find_iocs_cases/domains.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,9 @@
param(
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
{
"domains": ["google.com", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"domains": ["asf.goole.com", "cba0019_file_00002_pdf.zip", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cba0019_file_00002_pdf.zip should, ideally, not be caught here, but this will be fixed in #210 .

"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
],
},
{},
Expand All @@ -22,21 +20,18 @@
{
"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
]
],
"domains": ['cba0019_file_00002_pdf.zip', 'freasdfuewriter.com', 'uniddloos.zddfdd.org']
},
{'parse_domain_from_url': False},
id="domain-issue_104__domains_read_from_percent_encoded_url_query_params__with_options_false",
),
param(
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
{
"domains": ["google.com", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"domains": ["asf.goole.com", "cba0019_file_00002_pdf.zip", "freasdfuewriter.com", "uniddloos.zddfdd.org"],
"urls": [
"https://asf.goole.com/mail?url=http%3A%2F%2Ffreasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://freasdfuewriter.com%2Fcs%2Fimage%2FCommerciaE.jpg&t=1575955624&ymreqid=733bc9eb-e8f-34cb-1cb5-120010019e00&sig=x2Pa2oOYxanG52s4vyCEFg--~Chttp://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
"http://uniddloos.zddfdd.org/CBA0019_file_00002_pdf.zip",
],
},
{'parse_from_url_path': False},
Expand Down
9 changes: 7 additions & 2 deletions tests/find_iocs_cases/file_paths.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,12 @@
{},
id="file_path_2",
),
param("and this is a file ~/foo/bar/abc.py", {'file_paths': ["~/foo/bar/abc.py"]}, {}, id="file_path_3"),
param(
"and this is a file ~/foo/bar/abc.py",
{'file_paths': ["~/foo/bar/abc.py"], 'domains': ['abc.py']},
{},
id="file_path_3",
),
param(
"test /Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/pivtoken.appex file",
{'file_paths': ["/Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/pivtoken.appex"]},
Expand All @@ -56,7 +61,7 @@
),
param(
"another home directory ~/Desktop/test.py python file",
{'file_paths': ["~/Desktop/test.py"]},
{'file_paths': ["~/Desktop/test.py"], 'domains': ['test.py']},
{},
id="file_path_5",
),
Expand Down
76 changes: 41 additions & 35 deletions tests/find_iocs_cases/hashes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,40 +71,18 @@
imphash\t18ddf28a71089acdbab5038f58044c0a
imphash\n18ddf28a71089acdbab5038f58044c0a
imphash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{},
id="imphash_1",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper imphash: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 210.209.127.8:443
imphash: 18ddf28a71089acdbab5038f58044c0a
imphash 18ddf28a71089acdbab5038f58044c0a
imphash 18ddf28a71089acdbab5038f58044c0a
imphash: 18ddf28a71089acdbab5038f58044c0a
imphash\t18ddf28a71089acdbab5038f58044c0a
imphash\n18ddf28a71089acdbab5038f58044c0a
imphash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_1",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper IMPHASH: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 210.209.127.8:443
IMPHASH: 18ddf28a71089acdbab5038f58044c0a
IMPHASH 18ddf28a71089acdbab5038f58044c0a
IMPHASH 18ddf28a71089acdbab5038f58044c0a
IMPHASH: 18ddf28a71089acdbab5038f58044c0a
IMPHASH\t18ddf28a71089acdbab5038f58044c0a
IMPHASH\n18ddf28a71089acdbab5038f58044c0a
IMPHASH - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{},
id="imphash_2",
),
param(
"""SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper import hash: 18ddf28a71089acdbab5038f58044c0a
Expand All @@ -116,7 +94,15 @@
import hash\t18ddf28a71089acdbab5038f58044c0a
import hash\n18ddf28a71089acdbab5038f58044c0a
import hash - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_3",
),
Expand All @@ -131,7 +117,15 @@
IMPORT HASH\t18ddf28a71089acdbab5038f58044c0a
IMPORT HASH\n18ddf28a71089acdbab5038f58044c0a
IMPORT HASH - 18ddf28a71089acdbab5038f58044c0a""",
{"imphashes": ["18ddf28a71089acdbab5038f58044c0a"], "ipv4s": ["210.209.127.8"]},
{
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigating in #213.

"imphashes": [
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
"18ddf28a71089acdbab5038f58044c0a",
],
"ipv4s": ["210.209.127.8"],
"sha256s": ["093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a"],
},
{},
id="imphash_4",
),
Expand All @@ -146,7 +140,13 @@
authentihash\t3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
authentihash\n3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
""",
{"authentihashes": ["3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4"]},
{
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigating in #213.

"authentihashes": [
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
]
},
{},
id="authentihash_1",
),
Expand All @@ -161,7 +161,13 @@
AUTHENTIHASH\t3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
AUTHENTIHASH\n3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4',
""",
{"authentihashes": ["3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4"]},
{
"authentihashes": [
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
"3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4",
]
},
Comment on lines +164 to +170
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigating in #213.

{},
id="authentihash_2",
),
Expand Down
3 changes: 2 additions & 1 deletion tests/find_iocs_cases/ip_addr.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
"2001:db8:0:0:0:ff00:42:8329",
"2001:db8::ff00:42:8329",
"::1",
]
],
"ssdeeps": ['0000:0000:ff00', '2001:0db8:0000'],
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll look into this in #212

},
{},
id="ipv6_1",
Expand Down
5 changes: 3 additions & 2 deletions tests/find_iocs_cases/registry_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,7 @@
{
'registry_key_paths': [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell",
Comment on lines 270 to +271
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigating in #213.

],
'domains': [
"citizenlab.ca",
Expand Down Expand Up @@ -295,10 +296,10 @@
'urls': [
"https://citizenlab.ca/2016/05/stealth-falcon-appendices",
"https://citizenlab.ca/2016/05/stealth-falcon/",
"https://citizenlab.ca/about/",
"https://citizenlab.ca/about/),",
"https://docs.microsoft.com/en-us/windows/win32/bits/background-intelligent-transfer-service-portal",
"https://www.reuters.com/investigates/special-report/usa-spying-raven/",
"https://www.secureworks.com/blog/malware-lingers-with-bits",
"https://www.secureworks.com/blog/malware-lingers-with-bits).",
Comment on lines +299 to +302
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These will be fixed in #130

],
'attack_techniques': {
'enterprise': [
Expand Down