diff --git a/tests/artifacts/.gitignore b/tests/artifacts/.gitignore new file mode 100644 index 0000000..529112d --- /dev/null +++ b/tests/artifacts/.gitignore @@ -0,0 +1 @@ +test.stix2 diff --git a/tests/artifacts/generate_stix.py b/tests/artifacts/generate_stix.py index 677c300..8c638a2 100644 --- a/tests/artifacts/generate_stix.py +++ b/tests/artifacts/generate_stix.py @@ -2,10 +2,9 @@ import os from stix2.v21 import (Indicator, Malware, Relationship, Bundle) - -if __name__ == "__main__": - if os.path.isfile("test.stix2"): - os.remove("test.stix2") +def generate_test_stix_file(file_path): + if os.path.isfile(file_path): + os.remove(file_path) domains = ["example.org"] processes = ["Launch"] @@ -36,7 +35,10 @@ if __name__ == "__main__": res.append(Relationship(i, 'indicates', malware)) bundle = Bundle(objects=res) - with open("test.stix2", "w+") as f: + with open(file_path, "w+") as f: f.write(bundle.serialize(pretty=True)) + +if __name__ == "__main__": + generate_test_stix_file("test.stix2") print("test.stix2 file created") diff --git a/tests/artifacts/test.stix2 b/tests/artifacts/test.stix2 deleted file mode 100644 index 0204786..0000000 --- a/tests/artifacts/test.stix2 +++ /dev/null @@ -1,112 +0,0 @@ -{ - "type": "bundle", - "id": "bundle--25fa4351-8a0a-4fea-bb4c-88ecbd0dfbf2", - "objects": [ - { - "type": "malware", - "spec_version": "2.1", - "id": "malware--b4581613-1fe9-441a-a7a5-56df36664e54", - "created": "2021-12-16T11:49:29.897487Z", - "modified": "2021-12-16T11:49:29.897487Z", - "name": "TestMalware", - "description": "", - "is_family": false - }, - { - "type": "indicator", - "spec_version": "2.1", - "id": "indicator--8614e326-7863-4d79-902c-89a0b769f290", - "created": "2021-12-16T11:49:29.897624Z", - "modified": "2021-12-16T11:49:29.897624Z", - "indicator_types": [ - "malicious-activity" - ], - "pattern": "[domain-name:value='example.org']", - "pattern_type": "stix", - "pattern_version": "2.1", - "valid_from": "2021-12-16T11:49:29.897624Z" - }, - { - "type": "relationship", - "spec_version": "2.1", - "id": "relationship--6e02e776-1aa7-4436-8df0-d6cb6227f098", - "created": "2021-12-16T11:49:29.903846Z", - "modified": "2021-12-16T11:49:29.903846Z", - "relationship_type": "indicates", - "source_ref": "indicator--8614e326-7863-4d79-902c-89a0b769f290", - "target_ref": "malware--b4581613-1fe9-441a-a7a5-56df36664e54" - }, - { - "type": "indicator", - "spec_version": "2.1", - "id": "indicator--1917e54e-d91d-4d11-811c-79e861c31661", - "created": "2021-12-16T11:49:29.903984Z", - "modified": "2021-12-16T11:49:29.903984Z", - "indicator_types": [ - "malicious-activity" - ], - "pattern": "[process:name='Launch']", - "pattern_type": "stix", - "pattern_version": "2.1", - "valid_from": "2021-12-16T11:49:29.903984Z" - }, - { - "type": "relationship", - "spec_version": "2.1", - "id": "relationship--e6561236-ef2e-45ed-984b-d1c4832119ca", - "created": "2021-12-16T11:49:29.905442Z", - "modified": "2021-12-16T11:49:29.905442Z", - "relationship_type": "indicates", - "source_ref": "indicator--1917e54e-d91d-4d11-811c-79e861c31661", - "target_ref": "malware--b4581613-1fe9-441a-a7a5-56df36664e54" - }, - { - "type": "indicator", - "spec_version": "2.1", - "id": "indicator--bd3961ab-e13a-42f5-b677-a797ced82adf", - "created": "2021-12-16T11:49:29.905565Z", - "modified": "2021-12-16T11:49:29.905565Z", - "indicator_types": [ - "malicious-activity" - ], - "pattern": "[file:name='/var/foobar/txt']", - "pattern_type": "stix", - "pattern_version": "2.1", - "valid_from": "2021-12-16T11:49:29.905565Z" - }, - { - "type": "relationship", - "spec_version": "2.1", - "id": "relationship--9f4b5ee9-45d1-4b55-877c-082104baedab", - "created": "2021-12-16T11:49:29.906687Z", - "modified": "2021-12-16T11:49:29.906687Z", - "relationship_type": "indicates", - "source_ref": "indicator--bd3961ab-e13a-42f5-b677-a797ced82adf", - "target_ref": "malware--b4581613-1fe9-441a-a7a5-56df36664e54" - }, - { - "type": "indicator", - "spec_version": "2.1", - "id": "indicator--0a798fe3-2293-4e60-8d45-d8d5cbd3f22f", - "created": "2021-12-16T11:49:29.906826Z", - "modified": "2021-12-16T11:49:29.906826Z", - "indicator_types": [ - "malicious-activity" - ], - "pattern": "[email-addr:value='foobar@example.org']", - "pattern_type": "stix", - "pattern_version": "2.1", - "valid_from": "2021-12-16T11:49:29.906826Z" - }, - { - "type": "relationship", - "spec_version": "2.1", - "id": "relationship--40f7462d-173b-43b5-b9e3-056f28c01ff7", - "created": "2021-12-16T11:49:29.907909Z", - "modified": "2021-12-16T11:49:29.907909Z", - "relationship_type": "indicates", - "source_ref": "indicator--0a798fe3-2293-4e60-8d45-d8d5cbd3f22f", - "target_ref": "malware--b4581613-1fe9-441a-a7a5-56df36664e54" - } - ] -} \ No newline at end of file diff --git a/tests/common/test_indicators.py b/tests/common/test_indicators.py index 8456a06..71ceecc 100644 --- a/tests/common/test_indicators.py +++ b/tests/common/test_indicators.py @@ -1,37 +1,26 @@ -import pytest import logging import os from mvt.common.indicators import Indicators -from ..utils import get_artifact, init_setup - - class TestIndicators: - @pytest.fixture(scope="session", autouse=True) - def set(self): - init_setup() - - def test_parse_stix2(self): - stix_path = get_artifact("test.stix2") + def test_parse_stix2(self, indicator_file): ind = Indicators(log=logging) - ind.load_indicators_files([stix_path], load_default=False) + ind.load_indicators_files([indicator_file], load_default=False) assert ind.ioc_count == 4 assert len(ind.ioc_domains) == 1 assert len(ind.ioc_emails) == 1 assert len(ind.ioc_files) == 1 assert len(ind.ioc_processes) == 1 - def test_check_domain(self): + def test_check_domain(self, indicator_file): ind = Indicators(log=logging) - stix_path = get_artifact("test.stix2") - ind.load_indicators_files([stix_path], load_default=False) + ind.load_indicators_files([indicator_file], load_default=False) assert ind.check_domain("https://www.example.org/foobar") assert ind.check_domain("http://example.org:8080/toto") - def test_env_stix(self): - stix_path = get_artifact("test.stix2") - os.environ["MVT_STIX2"] = stix_path + def test_env_stix(self, indicator_file): + os.environ["MVT_STIX2"] = indicator_file ind = Indicators(log=logging) - ind.load_indicators_files([stix_path], load_default=False) + ind.load_indicators_files([indicator_file], load_default=False) assert ind.ioc_count == 4 diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 0000000..517714c --- /dev/null +++ b/tests/conftest.py @@ -0,0 +1,21 @@ +import os + +import pytest + +from .artifacts.generate_stix import generate_test_stix_file + + +@pytest.fixture(scope="session", autouse=True) +def indicator_file(request, tmp_path_factory): + indicator_dir = tmp_path_factory.mktemp("indicators") + stix_path = indicator_dir / "indicators.stix2" + generate_test_stix_file(stix_path) + return str(stix_path) + + +@pytest.fixture(scope="session", autouse=True) +def clean_test_env(request, tmp_path_factory): + try: + del os.environ['MVT_STIX2'] + except KeyError: + pass diff --git a/tests/ios/test_backup_info.py b/tests/ios/test_backup_info.py index 0492550..75b40a0 100644 --- a/tests/ios/test_backup_info.py +++ b/tests/ios/test_backup_info.py @@ -1,17 +1,12 @@ -import pytest import logging from mvt.ios.modules.backup.backup_info import BackupInfo from mvt.common.module import run_module -from ..utils import get_backup_folder, init_setup +from ..utils import get_backup_folder class TestBackupInfoModule: - @pytest.fixture(scope="session", autouse=True) - def set(self): - init_setup() - def test_manifest(self): m = BackupInfo(base_folder=get_backup_folder(), log=logging) run_module(m) diff --git a/tests/ios/test_datausage.py b/tests/ios/test_datausage.py index 71ad36a..0ec2590 100644 --- a/tests/ios/test_datausage.py +++ b/tests/ios/test_datausage.py @@ -1,17 +1,12 @@ -import pytest import logging from mvt.common.indicators import Indicators from mvt.ios.modules.mixed.net_datausage import Datausage from mvt.common.module import run_module -from ..utils import get_artifact, get_backup_folder, init_setup +from ..utils import get_backup_folder class TestDatausageModule: - @pytest.fixture(scope="session", autouse=True) - def set(self): - init_setup() - def test_datausage(self): m = Datausage(base_folder=get_backup_folder(), log=logging) run_module(m) @@ -19,10 +14,10 @@ class TestDatausageModule: assert len(m.timeline) == 60 assert len(m.detected) == 0 - def test_detection(self): + def test_detection(self, indicator_file): m = Datausage(base_folder=get_backup_folder(), log=logging) ind = Indicators(log=logging) - ind.parse_stix2(get_artifact("test.stix2")) + ind.parse_stix2(indicator_file) # Adds a file that exists in the manifest ind.ioc_processes[0] = "CumulativeUsageTracker" m.indicators = ind diff --git a/tests/ios/test_manifest.py b/tests/ios/test_manifest.py index 385d828..20af5b2 100644 --- a/tests/ios/test_manifest.py +++ b/tests/ios/test_manifest.py @@ -1,17 +1,13 @@ -import pytest import logging from mvt.common.indicators import Indicators from mvt.ios.modules.backup.manifest import Manifest from mvt.common.module import run_module -from ..utils import get_artifact, get_backup_folder, init_setup +from ..utils import get_backup_folder + class TestManifestModule: - @pytest.fixture(scope="session", autouse=True) - def set(self): - init_setup() - def test_manifest(self): m = Manifest(base_folder=get_backup_folder(), log=logging) run_module(m) @@ -19,10 +15,10 @@ class TestManifestModule: assert len(m.timeline) == 5881 assert len(m.detected) == 0 - def test_detection(self): + def test_detection(self, indicator_file): m = Manifest(base_folder=get_backup_folder(), log=logging) ind = Indicators(log=logging) - ind.parse_stix2(get_artifact("test.stix2")) + ind.parse_stix2(indicator_file) # Adds a file that exists in the manifest ind.ioc_files[0] = "com.apple.CoreBrightness.plist" m.indicators = ind diff --git a/tests/ios/test_tcc.py b/tests/ios/test_tcc.py index a140aff..4d11455 100644 --- a/tests/ios/test_tcc.py +++ b/tests/ios/test_tcc.py @@ -1,16 +1,11 @@ -import pytest import logging from mvt.ios.modules.mixed.tcc import TCC from mvt.common.module import run_module -from ..utils import get_backup_folder, init_setup +from ..utils import get_backup_folder class TestManifestModule: - @pytest.fixture(scope="session", autouse=True) - def set(self): - init_setup() - def test_manifest(self): m = TCC(base_folder=get_backup_folder(), log=logging) run_module(m) diff --git a/tests/utils.py b/tests/utils.py index 8020ca2..2f577c7 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -18,11 +18,5 @@ def get_artifact_folder(): def get_backup_folder(): return os.path.join(os.path.dirname(__file__), "artifacts", "ios_backup") -def init_setup(): - """ - init data to have a clean state before testing - """ - try: - del os.environ['MVT_STIX2'] - except KeyError: - pass +def get_indicator_file(): + print("PYTEST env", os.getenv('PYTEST_CURRENT_TEST'))