From 058593363b0e4b558b9d796255c0891016a35304 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Mon, 13 Jan 2025 11:50:54 +0100 Subject: [PATCH] add: push object level analyst notes test cases --- ...te_analyst_relationship_distribution.json} | 0 ...ect_analyst_relationship_distribution.json | 143 ++++++++++++++++++ ...vent_blocked_object_note_distribution.json | 119 +++++++++++++++ ...t_blocked_object_opinion_distribution.json | 119 +++++++++++++++ src/test/test_push_scenarios.json | 52 ++++++- 5 files changed, 431 insertions(+), 2 deletions(-) rename src/test/fixtures/{test_event_blocked_attribute_relationship_distribution.json => test_event_blocked_attribute_analyst_relationship_distribution.json} (100%) create mode 100644 src/test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json create mode 100644 src/test/fixtures/test_event_blocked_object_note_distribution.json create mode 100644 src/test/fixtures/test_event_blocked_object_opinion_distribution.json diff --git a/src/test/fixtures/test_event_blocked_attribute_relationship_distribution.json b/src/test/fixtures/test_event_blocked_attribute_analyst_relationship_distribution.json similarity index 100% rename from src/test/fixtures/test_event_blocked_attribute_relationship_distribution.json rename to src/test/fixtures/test_event_blocked_attribute_analyst_relationship_distribution.json diff --git a/src/test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json b/src/test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json new file mode 100644 index 0000000..959fe7a --- /dev/null +++ b/src/test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json @@ -0,0 +1,143 @@ +{ + "Event": { + "id": "1", + "orgc_id": "1", + "org_id": "1", + "date": "2022-08-31", + "threat_level_id": "1", + "info": "blocked attribute type", + "published": false, + "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", + "attribute_count": "4", + "analysis": "0", + "timestamp": "1661956788", + "distribution": "1", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1661956380", + "sharing_group_id": "0", + "disable_correlation": false, + "extends_uuid": "", + "protected": null, + "event_creator_email": "admin@admin.test", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Attribute": [], + "ShadowAttribute": [], + "RelatedEvent": [], + "Galaxy": [], + "Object": [ + { + "id": "1", + "name": "domain-ip", + "meta-category": "network", + "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", + "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", + "template_version": "10", + "event_id": "1", + "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", + "timestamp": "1661956788", + "distribution": "1", + "sharing_group_id": "0", + "comment": "", + "deleted": false, + "first_seen": null, + "last_seen": null, + "ObjectReference": [], + "Attribute": [ + { + "id": "1", + "type": "hostname", + "category": "Network activity", + "to_ids": true, + "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", + "event_id": "1", + "distribution": "5", + "timestamp": "1661956788", + "comment": "", + "sharing_group_id": "0", + "deleted": false, + "disable_correlation": false, + "object_id": "3", + "object_relation": "hostname", + "first_seen": null, + "last_seen": null, + "value": "example.com", + "Galaxy": [], + "ShadowAttribute": [], + "Tag": [] + } + ], + "Relationship": [ + { + "id": "1", + "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", + "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", + "object_type": "Attribute", + "authors": "admin@admin.test", + "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "created": "2024-10-30 11:09:13", + "modified": "2024-10-30 11:09:13", + "distribution": "0", + "sharing_group_id": null, + "locked": false, + "relationship_type": "Acquaintance", + "related_object_uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", + "related_object_type": "Attribute", + "note_type": 2, + "note_type_name": "Relationship", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "_canEdit": true, + "related_object": { + "Attribute": { + "id": "1", + "type": "ip-src", + "category": "Network activity", + "to_ids": false, + "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", + "event_id": "1", + "distribution": "5", + "timestamp": "1661956302", + "comment": "", + "sharing_group_id": "0", + "deleted": false, + "disable_correlation": false, + "object_id": "0", + "object_relation": null, + "first_seen": null, + "last_seen": null, + "value": "2.2.2.2", + "Galaxy": [], + "ShadowAttribute": [] + } + } + } + ] + } + ], + "EventReport": [], + "CryptographicKey": [] + } +} \ No newline at end of file diff --git a/src/test/fixtures/test_event_blocked_object_note_distribution.json b/src/test/fixtures/test_event_blocked_object_note_distribution.json new file mode 100644 index 0000000..2026ed7 --- /dev/null +++ b/src/test/fixtures/test_event_blocked_object_note_distribution.json @@ -0,0 +1,119 @@ +{ + "Event": { + "id": "1", + "orgc_id": "1", + "org_id": "1", + "date": "2022-08-31", + "threat_level_id": "1", + "info": "blocked attribute type", + "published": false, + "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", + "attribute_count": "4", + "analysis": "0", + "timestamp": "1661956788", + "distribution": "1", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1661956380", + "sharing_group_id": "0", + "disable_correlation": false, + "extends_uuid": "", + "protected": null, + "event_creator_email": "admin@admin.test", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Attribute": [], + "ShadowAttribute": [], + "RelatedEvent": [], + "Galaxy": [], + "Object": [ + { + "id": "1", + "name": "domain-ip", + "meta-category": "network", + "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", + "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", + "template_version": "10", + "event_id": "1", + "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", + "timestamp": "1661956788", + "distribution": "1", + "sharing_group_id": "0", + "comment": "", + "deleted": false, + "first_seen": null, + "last_seen": null, + "ObjectReference": [], + "Attribute": [ + { + "id": "1", + "type": "hostname", + "category": "Network activity", + "to_ids": true, + "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", + "event_id": "1", + "distribution": "5", + "timestamp": "1661956788", + "comment": "", + "sharing_group_id": "0", + "deleted": false, + "disable_correlation": false, + "object_id": "3", + "object_relation": "hostname", + "first_seen": null, + "last_seen": null, + "value": "example.com", + "Galaxy": [], + "ShadowAttribute": [], + "Tag": [] + } + ], + "Note": [ + { + "id": "1", + "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", + "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", + "object_type": "Attribute", + "authors": "john.doe@admin.test", + "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "created": "2024-10-04 08:09:39", + "modified": "2024-10-04 08:09:39", + "distribution": "0", + "sharing_group_id": null, + "locked": false, + "note": "Ceci est une note", + "language": "fr-BE", + "note_type": 0, + "note_type_name": "Note", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "_canEdit": true + } + ] + } + ], + "EventReport": [], + "CryptographicKey": [] + } +} \ No newline at end of file diff --git a/src/test/fixtures/test_event_blocked_object_opinion_distribution.json b/src/test/fixtures/test_event_blocked_object_opinion_distribution.json new file mode 100644 index 0000000..470ec0d --- /dev/null +++ b/src/test/fixtures/test_event_blocked_object_opinion_distribution.json @@ -0,0 +1,119 @@ +{ + "Event": { + "id": "1", + "orgc_id": "1", + "org_id": "1", + "date": "2022-08-31", + "threat_level_id": "1", + "info": "blocked attribute type", + "published": false, + "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", + "attribute_count": "4", + "analysis": "0", + "timestamp": "1661956788", + "distribution": "1", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1661956380", + "sharing_group_id": "0", + "disable_correlation": false, + "extends_uuid": "", + "protected": null, + "event_creator_email": "admin@admin.test", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Attribute": [], + "ShadowAttribute": [], + "RelatedEvent": [], + "Galaxy": [], + "Object": [ + { + "id": "1", + "name": "domain-ip", + "meta-category": "network", + "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", + "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", + "template_version": "10", + "event_id": "1", + "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", + "timestamp": "1661956788", + "distribution": "1", + "sharing_group_id": "0", + "comment": "", + "deleted": false, + "first_seen": null, + "last_seen": null, + "ObjectReference": [], + "Attribute": [ + { + "id": "1", + "type": "hostname", + "category": "Network activity", + "to_ids": true, + "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", + "event_id": "1", + "distribution": "5", + "timestamp": "1661956788", + "comment": "", + "sharing_group_id": "0", + "deleted": false, + "disable_correlation": false, + "object_id": "3", + "object_relation": "hostname", + "first_seen": null, + "last_seen": null, + "value": "example.com", + "Galaxy": [], + "ShadowAttribute": [], + "Tag": [] + } + ], + "Opinion": [ + { + "id": "1", + "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", + "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", + "object_type": "Event", + "authors": "john.doe@admin.test", + "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "created": "2024-10-04 08:09:47", + "modified": "2024-10-04 08:09:47", + "distribution": "0", + "sharing_group_id": null, + "locked": false, + "opinion": "75", + "comment": "This is an opinion", + "note_type": 1, + "note_type_name": "Opinion", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", + "local": true + }, + "_canEdit": true + } + ] + } + ], + "EventReport": [], + "CryptographicKey": [] + } +} \ No newline at end of file diff --git a/src/test/test_push_scenarios.json b/src/test/test_push_scenarios.json index de9482e..9073496 100644 --- a/src/test/test_push_scenarios.json +++ b/src/test/test_push_scenarios.json @@ -820,7 +820,7 @@ ] }, { - "name": "push_new_event_blocked_attribute_relationship_distribution", + "name": "push_new_event_blocked_attribute_analyst_relationship_distribution", "host": "instance1-comp2.com", "port": 443, "url": "/events/add/metadata:1", @@ -829,7 +829,55 @@ "ip": "20.0.0.2", "port": 22 }, - "fixture_file": "./test/fixtures/test_event_blocked_attribute_relationship_distribution.json", + "fixture_file": "./test/fixtures/test_event_blocked_attribute_analyst_relationship_distribution.json", + "expected_status_code": 403, + "expected_logs": [ + "request blocked: [POST]/events/add/metadata:1 - analyst data has blocked distribution level: 0" + ] + }, + { + "name": "push_new_event_blocked_object_note_distribution", + "host": "instance1-comp2.com", + "port": 443, + "url": "/events/add/metadata:1", + "method": "POST", + "client": { + "ip": "20.0.0.2", + "port": 22 + }, + "fixture_file": "./test/fixtures/test_event_blocked_object_note_distribution.json", + "expected_status_code": 403, + "expected_logs": [ + "request blocked: [POST]/events/add/metadata:1 - analyst data has blocked distribution level: 0" + ] + }, + { + "name": "push_new_event_blocked_object_opinion_distribution", + "host": "instance1-comp2.com", + "port": 443, + "url": "/events/add/metadata:1", + "method": "POST", + "client": { + "ip": "20.0.0.2", + "port": 22 + }, + "fixture_file": "./test/fixtures/test_event_blocked_object_opinion_distribution.json", + "expected_status_code": 403, + "expected_logs": [ + "request blocked: [POST]/events/add/metadata:1 - analyst data has blocked distribution level: 0" + ] + }, + { + "name": "push_new_event_blocked_object_analyst_relationship_distribution", + "host": "instance1-comp2.com", + "port": 443, + "url": "/events/add/metadata:1", + "method": "POST", + "client": { + "ip": "20.0.0.2", + "port": 22 + }, + "fixture_file": "./test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json", "expected_status_code": 403, "expected_logs": [ "request blocked: [POST]/events/add/metadata:1 - analyst data has blocked distribution level: 0"