Added test for investigation

intelowlproject · Nov 13, 2024 · 4f1d284 · 4f1d284
1 parent ce171f4
commit 4f1d284
Show file tree

Hide file tree

Showing 2 changed files with 225 additions and 0 deletions.
diff --git a/tests/mocked_requests.py b/tests/mocked_requests.py
@@ -215,3 +215,56 @@ def mocked_delete_tag_by_id(*args, **kwargs):
         200,
         "/api/tags/1",
     )
+
+
+def mocked_get_investigation_by_id(*args, **kwargs):
+    return MockResponse(
+        {
+            "id": 1,
+            "tags": [],
+            "tlp": "CLEAR",
+            "total_jobs": 2,
+            "jobs": [1],
+            "status": "concluded",
+            "for_organization": True,
+            "name": "Analyzer1: https://www.test.com",
+            "description": "test_description",
+            "start_time": "2024-11-13T07:42:17.534614Z",
+            "end_time": "2024-11-13T07:42:35.861687Z",
+            "owner": "admin",
+        },
+        200,
+        "/api/investigation/1",
+    )
+
+
+def mocked_get_investigation_tree_by_id(*args, **kwargs):
+    return MockResponse(
+        {
+            "name": "InvestigationName: https://www.test.com",
+            "owner": 1,
+            "jobs": [
+                {
+                    "pk": 1,
+                    "analyzed_object_name": "https://www.test.com",
+                    "playbook": "Playbook1",
+                    "status": "reported_without_fails",
+                    "received_request_time": "2024-11-13T07:42:17.534614Z",
+                    "is_sample": False,
+                    "children": [
+                        {
+                            "pk": 2,
+                            "analyzed_object_name": "test.0",
+                            "pivot_config": "Pivot1",
+                            "playbook": "Playbook2",
+                            "status": "reported_without_fails",
+                            "received_request_time": "2024-11-13T07:42:35.243833Z",
+                            "is_sample": True,
+                        }
+                    ],
+                }
+            ],
+        },
+        200,
+        "/api/investigation/1/tree",
+    )
diff --git a/tests/test_investigations.py b/tests/test_investigations.py
@@ -0,0 +1,172 @@
+from unittest.mock import patch
+
+from pyintelowl import IntelOwlClientException
+from tests.mocked_requests import (
+    mocked_get_investigation_by_id,
+    mocked_get_investigation_tree_by_id,
+)
+from tests.utils import BaseTest, mock_connections
+
+
+class TestInvestigations(BaseTest):
+    @mock_connections(
+        patch("requests.Session.get", side_effect=mocked_get_investigation_by_id)
+    )
+    def test_get_investigation_by_id(self, mock_requests):
+        investigation = self.client.get_investigation_by_id(self.job_id)
+        self.assertEqual(investigation.get("id", None), 1)
+        self.assertEqual(investigation.get("tags"), [])
+        self.assertEqual(investigation.get("total_jobs", 2), 2)
+        self.assertEqual(investigation.get("jobs", []), [1])
+        self.assertEqual(investigation.get("status", ""), "concluded")
+        self.assertTrue(investigation.get("for_organization", False))
+        self.assertEqual(
+            investigation.get("name", ""), "Analyzer1: https://www.test.com"
+        )
+        self.assertEqual(investigation.get("description", ""), "test_description")
+        self.assertEqual(
+            investigation.get("start_time", ""), "2024-11-13T07:42:17.534614Z"
+        )
+        self.assertEqual(
+            investigation.get("end_time", ""), "2024-11-13T07:42:35.861687Z"
+        )
+        self.assertEqual(investigation.get("owner", ""), "admin")
+
+        investigation = self.client.get_investigation_by_id(str(self.job_id))
+        self.assertEqual(investigation.get("id", None), 1)
+        self.assertEqual(investigation.get("tags"), [])
+        self.assertEqual(investigation.get("total_jobs", 2), 2)
+        self.assertEqual(investigation.get("jobs", []), [1])
+        self.assertEqual(investigation.get("status", ""), "concluded")
+        self.assertTrue(investigation.get("for_organization", False))
+        self.assertEqual(
+            investigation.get("name", ""), "Analyzer1: https://www.test.com"
+        )
+        self.assertEqual(investigation.get("description", ""), "test_description")
+        self.assertEqual(
+            investigation.get("start_time", ""), "2024-11-13T07:42:17.534614Z"
+        )
+        self.assertEqual(
+            investigation.get("end_time", ""), "2024-11-13T07:42:35.861687Z"
+        )
+        self.assertEqual(investigation.get("owner", ""), "admin")
+
+    @mock_connections(
+        patch("requests.Session.get", side_effect=mocked_get_investigation_by_id)
+    )
+    def test_get_investigation_by_id_invalid(self, mock_requests):
+        job_id = 999
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_by_id(), job_id
+        )
+
+        job_id = "999"
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_by_id(), job_id
+        )
+
+        job_id = ""
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_by_id(), job_id
+        )
+
+        job_id = None
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_by_id(), job_id
+        )
+
+        job_id = "a"
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_by_id(), job_id
+        )
+
+    @mock_connections(
+        patch("requests.Session.get", side_effect=mocked_get_investigation_tree_by_id)
+    )
+    def test_get_investigation_tree_by_id(self, mock_requests):
+        investigation = self.client.get_investigation_tree_by_id(self.job_id)
+        self.assertEqual(
+            investigation.get("name", ""), "InvestigationName: https://www.test.com"
+        )
+        self.assertEqual(investigation.get("owner", ""), "admin")
+        self.assertNotEqual(investigation.get("jobs", []), [])
+
+        jobs = investigation.get("jobs")[0]
+        self.assertEqual(jobs.get("pk", None), 1)
+        self.assertEqual(jobs.get("analyzed_object_name", ""), "https://www.test.com")
+        self.assertEqual(jobs.get("playbook", ""), "Playbook1")
+        self.assertEqual(jobs.get("status", ""), "reported_without_fails")
+        self.assertEqual(
+            jobs.get("received_request_time", ""),
+            "2024-11-13T07:42:17.534614Z",
+        )
+        self.assertFalse(investigation.get("is_sample", True))
+
+        children = jobs.get("children")[0]
+        self.assertEqual(children.get("pk", 0), 2)
+        self.assertEqual(children.get("analyzed_object_name", ""), "test.0")
+        self.assertEqual(children.get("pivot_config", ""), "Pivot1")
+        self.assertEqual(children.get("playbook", ""), "Playbook2")
+        self.assertEqual(children.get("status", ""), "reported_without_fails")
+        self.assertEqual(
+            children.get("received_request_time", ""), "2024-11-13T07:42:35.243833Z"
+        )
+        self.assertTrue(children.get("is_sample", False))
+
+        investigation = self.client.get_investigation_tree_by_id(str(self.job_id))
+        self.assertEqual(
+            investigation.get("name", ""), "InvestigationName: https://www.test.com"
+        )
+        self.assertEqual(investigation.get("owner", ""), "admin")
+        self.assertNotEqual(investigation.get("jobs", []), [])
+
+        jobs = investigation.get("jobs")[0]
+        self.assertEqual(jobs.get("pk", None), 1)
+        self.assertEqual(jobs.get("analyzed_object_name", ""), "https://www.test.com")
+        self.assertEqual(jobs.get("playbook", ""), "Playbook1")
+        self.assertEqual(jobs.get("status", ""), "reported_without_fails")
+        self.assertEqual(
+            jobs.get("received_request_time", ""),
+            "2024-11-13T07:42:17.534614Z",
+        )
+        self.assertFalse(investigation.get("is_sample", True))
+
+        children = jobs.get("children")[0]
+        self.assertEqual(children.get("pk", 0), 2)
+        self.assertEqual(children.get("analyzed_object_name", ""), "test.0")
+        self.assertEqual(children.get("pivot_config", ""), "Pivot1")
+        self.assertEqual(children.get("playbook", ""), "Playbook2")
+        self.assertEqual(children.get("status", ""), "reported_without_fails")
+        self.assertEqual(
+            children.get("received_request_time", ""), "2024-11-13T07:42:35.243833Z"
+        )
+        self.assertTrue(children.get("is_sample", False))
+
+    @mock_connections(
+        patch("requests.Session.get", side_effect=mocked_get_investigation_tree_by_id)
+    )
+    def test_get_investigation_tree_by_id_invalid(self, mock_requests):
+        job_id = 999
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_tree_by_id(), job_id
+        )
+
+        job_id = "999"
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_tree_by_id(), job_id
+        )
+
+        job_id = ""
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_tree_by_id(), job_id
+        )
+
+        job_id = None
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_tree_by_id(), job_id
+        )
+
+        job_id = "a"
+        self.assertRaises(
+            IntelOwlClientException, self.client.get_investigation_tree_by_id(), job_id
+        )