shadowbq-threatinator 0.5.0

data/spec/threatinator/actions/run/status_observer_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'threatinator/actions/run/status_observer'
+
+describe Threatinator::Actions::Run::StatusObserver do
+  let(:observer) { described_class.new() }
+  let(:record) { build(:record, line_number: 23, pos_start: 99, pos_end: 105, data: "foobar\r\n") }
+
+  it_should_behave_like "a FeedRunner observer"
+
+  describe "#filtered" do
+    it "returns the number of records that have been filtered" do
+      expect(observer.filtered).to eq(0)
+      observer.update(:record_filtered, record)
+      expect(observer.filtered).to eq(1)
+    end
+  end
+
+  describe "#filtered?" do
+    it "returns true if any records were filtered, false otherwise" do
+      expect(observer.filtered?).to eq(false)
+      observer.update(:record_filtered, record)
+      expect(observer.filtered?).to eq(true)
+    end
+  end
+
+  describe "#missed" do
+    it "returns the number of records that have been missed" do
+      expect(observer.missed).to eq(0)
+      observer.update(:record_missed, record)
+      expect(observer.missed).to eq(1)
+    end
+  end
+
+  describe "#missed?" do
+    it "returns true if any records were missed, false otherwise" do
+      expect(observer.missed?).to eq(false)
+      observer.update(:record_missed, record)
+      expect(observer.missed?).to eq(true)
+    end
+  end
+
+  describe "#parsed" do
+    it "returns the number of records that have been parsed" do
+      expect(observer.parsed).to eq(0)
+      observer.update(:record_parsed, record)
+      expect(observer.parsed).to eq(1)
+    end
+  end
+
+  describe "#parsed?" do
+    it "returns true if any records were parsed, false otherwise" do
+      expect(observer.parsed?).to eq(false)
+      observer.update(:record_parsed, record)
+      expect(observer.parsed?).to eq(true)
+    end
+  end
+
+  describe "#errors" do
+    it "returns the number of records that had errors" do
+      expect(observer.errors).to eq(0)
+      observer.update(:record_error, record)
+      expect(observer.errors).to eq(1)
+    end
+  end
+
+  describe "#errors?" do
+    it "returns true if any records had errors, false otherwise" do
+      expect(observer.errors?).to eq(false)
+      observer.update(:record_error, record)
+      expect(observer.errors?).to eq(true)
+    end
+  end
+
+
+  describe "#total" do
+    it "returns the total number of records that were parsed, missed, filtered, and errored" do
+      expect(observer.total).to eq(0)
+      10.times { observer.update(:record_parsed, record) }
+      10.times { observer.update(:record_missed, record) }
+      10.times { observer.update(:record_filtered, record) }
+      10.times { observer.update(:record_error, record) }
+      expect(observer.total).to eq(40)
+    end
+  end
+end
+

data/spec/threatinator/cli/list_action_builder_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+require 'threatinator/cli/list_action_builder'
+
+describe Threatinator::CLI::ListActionBuilder do
+  describe 'an instance' do
+    let(:config_hash) { {} }
+    let(:extra_args) { [] }
+    let(:builder) { described_class.new(config_hash, extra_args) }
+
+    it_behaves_like "an action builder"
+    
+    describe "#config" do
+      context "when config_hash['list'] is provided" do
+        let(:list_hash) { double('list hash') }
+        before :each do
+          config_hash['list'] = list_hash
+        end
+        it "builds a new Threatinator::Actions::List::Config using config_hash['list']" do
+          expect(Threatinator::Actions::List::Config).to receive(:new).with(list_hash)
+          builder.config
+        end
+      end
+      context "when config_hash['list'] does not exist" do
+        before :each do
+          config_hash.delete 'list'
+        end
+        it "builds a new Threatinator::Config::FeedSearch using an empty hash" do
+          expect(Threatinator::Actions::List::Config).to receive(:new).with({})
+          builder.config
+        end
+      end
+    end
+
+    describe "#build" do
+      let(:action) { double('action') }
+      let(:config) { double('config') }
+      let(:feed_registry) { double('feed registry') }
+      before :each do
+        allow(Threatinator::Actions::List::Action).to receive(:new).and_return(action)
+        allow(builder).to receive(:config).and_return(config)
+        allow(builder).to receive(:feed_registry).and_return(feed_registry)
+      end
+
+      let(:result) { builder.build }
+
+      it "builds an instance of Threatinator::Actions::List::Action using #feed_registry and #config" do
+        expect(Threatinator::Actions::List::Action).to receive(:new).with(feed_registry, config)
+        builder.build
+      end
+
+      it "returns the instance of the action" do
+        expect(builder.build).to be(action)
+      end
+
+    end
+  end
+end

data/spec/threatinator/cli/run_action_builder_spec.rb

@@ -0,0 +1,133 @@
+require 'spec_helper'
+require 'fileutils'
+require 'threatinator/cli/run_action_builder'
+require 'threatinator/plugin_loader'
+
+describe Threatinator::CLI::RunActionBuilder do
+  describe 'an instance' do
+    let(:plugin_loader) { Threatinator::PluginLoader.new }
+    let(:config_class) { Threatinator::Actions::Run::Config.generate(plugin_loader) }
+    let(:config_hash) { { 'run' => {} } }
+    let(:extra_args) { [] }
+    let(:builder) { described_class.new(config_hash, extra_args, config_class) }
+
+    it_behaves_like "an action builder"
+
+    describe "#config" do
+      let(:config) { builder.config }
+      it "returns an instance of config_class" do
+        expect(config).to be_a(config_class)
+      end
+
+      describe "config_hash['run']['coverage_output']" do
+        context "when nil" do
+          before :each do
+            config_hash['run'].delete('coverage_output')
+          end
+
+          it "sets config.observers to []" do
+            config = builder.config
+            expect(config.observers).to contain_exactly()
+          end
+        end
+
+        context "when set to a string" do
+          let(:coverage_proc) { lambda { } }
+          before :each do
+            config_hash['run']['coverage_output'] = "asdf"
+          end
+          it "initializes a CoverageObserver with the string" do
+            expect(Threatinator::Actions::Run::CoverageObserver).to receive(:new).with('asdf')
+            builder.config
+          end
+          it "sets config.observers an array consisting of the CoverageObserver" do
+            observer = double('observer')
+            expect(Threatinator::Actions::Run::CoverageObserver).to receive(:new).and_return(observer)
+
+            config = builder.config
+            expect(config.observers).to contain_exactly(observer)
+          end
+        end
+      end
+
+      context "config_hash['run']['feed_provider']" do
+        context "when nil" do
+          before :each do
+            config_hash['run'].delete('feed_provider')
+          end
+          context "and there are no extra arguments" do
+            specify "#feed_provider is nil" do
+              expect(config.feed_provider).to be_nil
+            end
+          end
+
+          context "and there is at least one extra argument" do
+            before :each do
+              extra_args << "arg1"
+              extra_args << "arg2"
+              extra_args << "arg3"
+            end
+            specify "#feed_provider is the first extra argument" do
+              expect(config.feed_provider).to eq("arg1")
+            end
+          end
+        end
+      end
+
+      context "config_hash['run']['feed_name']" do
+        context "when nil" do
+          before :each do
+            config_hash['run'].delete('feed_name')
+          end
+          context "and there are no extra arguments" do
+            specify "#feed_name is nil" do
+              expect(config.feed_name).to be_nil
+            end
+          end
+
+          context "and there are extra arguments" do
+            before :each do
+              extra_args << "arg1"
+              extra_args << "arg2"
+              extra_args << "arg3"
+            end
+
+            specify "#feed_name is the first extra argument if feed_provider was configured" do
+              config_hash['run']['feed_provider'] = "foo"
+              expect(config.feed_name).to eq("arg1")
+            end
+
+            specify "#feed_name is the second extra argument if feed_provider was not configured" do
+              config_hash['run'].delete('feed_provider')
+              expect(config.feed_name).to eq("arg2")
+            end
+          end
+        end
+      end
+    end
+
+    describe "#build" do
+      let(:action) { double('action') }
+      let(:config) { double('config') }
+      let(:feed_registry) { double('feed registry') }
+      before :each do
+        allow(Threatinator::Actions::Run::Action).to receive(:new).and_return(action)
+        allow(builder).to receive(:config).and_return(config)
+        allow(builder).to receive(:feed_registry).and_return(feed_registry)
+      end
+
+      let(:result) { builder.build }
+
+      it "builds an instance of Threatinator::Actions::Run::Action using #feed_registry and #config" do
+        expect(Threatinator::Actions::Run::Action).to receive(:new).with(feed_registry, config)
+        builder.build
+      end
+
+      it "returns the instance of the action" do
+        expect(builder.build).to be(action)
+      end
+
+    end
+  end
+end
+

data/spec/threatinator/cli_spec.rb

@@ -0,0 +1,175 @@
+require 'spec_helper'
+require 'threatinator/cli'
+require 'fileutils'
+
+shared_context "threatinator commands" do
+  let(:action) { double('action') }
+  let(:builder) { double('builder') }
+
+  before :each do
+    allow(action_builder_class).to receive(:new).and_return(builder)
+    allow(builder).to receive(:build).and_return(action)
+    allow(action).to receive(:exec)
+  end
+
+end
+shared_examples_for "a threatinator command" do
+  context '--feed_search.path=foo/bar' do
+    before :each do
+      global_args << '--feed_search.path=foo/bar'
+      Threatinator::CLI.process!(args)
+    end
+
+    it "generates the proper config hash" do
+      expect(action_builder_class).to have_received(:new) do |opts, args, *extra| 
+        expect(opts).to match(
+          {
+            'feed_search' => {
+              'exclude_default' => false,
+              'path' => ['foo/bar']
+            }
+          }
+        )
+        expect(args).to eq([])
+      end
+    end
+  end
+
+  context '--feed_search.path=foo/bar,woof/bark' do
+    before :each do
+      global_args << '--feed_search.path=foo/bar,woof/bark'
+      Threatinator::CLI.process!(args)
+    end
+
+    it "generates the proper config hash" do
+      expect(action_builder_class).to have_received(:new) do |opts, args, *extra|
+        expect(opts).to match(
+          {
+            'feed_search' => {
+              'exclude_default' => false,
+              'path' => ['foo/bar', 'woof/bark']
+            }
+          }
+        )
+        expect(args).to eq([])
+      end
+    end
+  end
+
+  context '--feed_search.exclude_default' do
+    before :each do
+      global_args << '--feed_search.exclude_default'
+      Threatinator::CLI.process!(args)
+    end
+
+    it "generates the proper config hash" do
+      expect(action_builder_class).to have_received(:new).with({
+        'feed_search' => {
+          'exclude_default' => true
+        }
+      }, [],
+      kind_of(Class)
+     )
+    end
+  end
+
+  context "--help" do
+    before :each do
+      global_args << '--help'
+      @exception = nil
+      @exit_code = nil
+
+      @captured_output = temp_stdout do
+        @exit_code = Threatinator::CLI.process!(args)
+      end
+    end
+
+    it "should have an exit code of 0" do
+      expect(@exit_code).to eq(0)
+    end
+
+    it "should print usage information" do
+      expect(@captured_output).to match(/^NAME/)
+    end
+
+    it "should not create an action builder" do
+      expect(action_builder_class).not_to have_received(:new)
+    end
+  end
+end
+
+describe Threatinator::CLI do
+  let(:global_args) { [] }
+  let(:command) { [] }
+  let(:command_args) { [] }
+  let(:args) { global_args + [ command ] + command_args }
+
+  describe "list command" do
+    let(:command) { 'list' }
+    let(:action) { double('action') }
+    let(:builder) { double('builder') }
+
+    before :each do
+      allow(Threatinator::CLI::ListActionBuilder).to receive(:new).and_return(builder)
+      allow(builder).to receive(:build).and_return(action)
+      allow(action).to receive(:exec)
+    end
+
+    it "should create a ListActionBuilder" do
+      Threatinator::CLI.process!(args)
+      expect(Threatinator::CLI::ListActionBuilder).to have_received(:new).with({"feed_search" => {"exclude_default" => false}}, [])
+    end
+
+    it "should build an action" do
+      Threatinator::CLI.process!(args)
+      expect(builder).to have_received(:build)
+    end
+
+    it "should execute a list action" do
+      Threatinator::CLI.process!(args)
+      expect(action).to have_received(:exec)
+    end
+  end
+
+  describe "run" do
+    let(:action_builder_class) { Threatinator::CLI::RunActionBuilder }
+    let(:command) { 'run' }
+    include_context "threatinator commands"
+
+    context "with no additional arguments" do
+      it "should create an action builder with no config or args" do
+        Threatinator::CLI.process!(args)
+        expect(action_builder_class).to have_received(:new).with(
+          {
+            "feed_search" => {
+              "exclude_default" => false
+            }
+          }, [], kind_of(Class))
+      end
+    end
+
+    context "feed_provider feed_name" do
+      before :each do
+        command_args << 'feed_provider'
+        command_args << 'feed_name'
+      end
+      it "should create an action builder with args feed_provider feed_name" do
+        Threatinator::CLI.process!(args)
+        expect(action_builder_class).to have_received(:new).with(
+          {
+            "feed_search" => {
+              "exclude_default" => false
+            }, 
+            "run" => {
+              "feed_provider" => "feed_provider", 
+              "feed_name" => "feed_name"
+            }
+          }, [], kind_of(Class)
+        )
+      end
+    end
+
+    it_should_behave_like "a threatinator command"
+  end
+end
+

data/spec/threatinator/config/base_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'threatinator/config/base'
+
+describe Threatinator::Config::Base do
+  describe '.properties' do
+    class Foobar3 < Threatinator::Config::Base
+      attribute :deep1, String, description: "deep prop1"
+      attribute :deep2, String, description: "deep prop2"
+    end
+
+    class Foobar2 < Threatinator::Config::Base
+      attribute :nested_prop1, String, description: "Nested prop1"
+      attribute :nested_prop2, String, description: "Nested prop2"
+      attribute :deep, Foobar3
+    end
+
+    class Foobar1 < Threatinator::Config::Base
+      attribute :prop1, String, description: "This is prop1"
+      attribute :prop2, Boolean, description: "This is prop2"
+      attribute :nested1, Foobar2
+      attribute :nested2, Foobar2
+    end
+
+    it "should return a hash of all properties and nested properties" do
+      expect(Foobar1.properties).to match({
+        "prop1" => ["This is prop1", Axiom::Types::String],
+        "prop2" => ["This is prop2", Axiom::Types::Boolean],
+        "nested1.nested_prop1" => ["Nested prop1", Axiom::Types::String],
+        "nested1.nested_prop2" => ["Nested prop2", Axiom::Types::String],
+        "nested1.deep.deep1" => ["deep prop1", Axiom::Types::String],
+        "nested1.deep.deep2" => ["deep prop2", Axiom::Types::String],
+        "nested2.nested_prop1" => ["Nested prop1", Axiom::Types::String],
+        "nested2.nested_prop2" => ["Nested prop2", Axiom::Types::String],
+        "nested2.deep.deep1" => ["deep prop1", Axiom::Types::String],
+        "nested2.deep.deep2" => ["deep prop2", Axiom::Types::String]
+      })
+    end
+  end
+end

data/spec/threatinator/config/feed_search_spec.rb

@@ -0,0 +1,76 @@
+require 'spec_helper'
+require 'threatinator/config/feed_search'
+
+describe Threatinator::Config::FeedSearch do
+  describe "#path" do
+    context "when :path not specified" do
+      it "returns an empty array" do
+        x = described_class.new
+        expect(x.path).to eq([])
+      end
+    end
+    context "when :path is an array of strings" do
+      it "returns the array of strings" do
+        x = described_class.new(path: ['foo', 'bar'])
+        expect(x.path).to eq(['foo', 'bar'])
+      end
+    end
+  end
+
+  describe "#exclude_default" do
+    context "when :exclude_default is not specified" do
+      it "returns false" do
+        expect(described_class.new.exclude_default).to eq(false)
+      end
+    end
+
+    context "when :exclude_default is set to true" do
+      it "returns true" do
+        x = described_class.new(exclude_default: true)
+        expect(x.exclude_default).to eq(true)
+      end
+    end
+
+    context "when :exclude_default is set to false" do
+      it "returns false" do
+        x = described_class.new(exclude_default: false)
+        expect(x.exclude_default).to eq(false)
+      end
+    end
+  end
+
+  describe "#search_path" do
+    context "when neither :path nor :exclude_default are supplied" do
+      it "returns an array containing the default search path" do
+        x = described_class.new
+        expect(x.search_path).to eq([described_class::DEFAULT_FEED_PATH])
+      end
+    end
+
+    context "when :path is an array of paths" do
+      let(:paths) { ["foo", "bar"] }
+      let(:config) { described_class.new(path: paths) }
+      specify "the first search paths are those specified by :path" do
+        expect(config.search_path[0..1]).to eq(['foo', 'bar'])
+      end
+
+      context "when :exclude_default is not specified" do
+        specify "the default search path is appended" do
+          expect(config.search_path[-1]).to eq(described_class::DEFAULT_FEED_PATH)
+        end
+      end
+      context "when :exclude_default is false" do
+        let(:config) { described_class.new(path: paths, exclude_default: false) }
+        specify "the default search path is appended" do
+          expect(config.search_path[-1]).to eq(described_class::DEFAULT_FEED_PATH)
+        end
+      end
+      context "when :exclude_default is true" do
+        let(:config) { described_class.new(path: paths, exclude_default: true) }
+        specify "the default search path is not appended" do
+          expect(config.search_path[-1]).not_to eq(described_class::DEFAULT_FEED_PATH)
+        end
+      end
+    end
+  end
+end

data/spec/threatinator/decoders/gzip_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+require 'threatinator/decoders/gzip'
+require 'stringio'
+require 'zlib'
+
+describe Threatinator::Decoders::Gzip do
+  let(:encode_data_proc) {
+    lambda do |data|
+      sio = StringIO.new
+      sio.set_encoding("binary")
+      gz = Zlib::GzipWriter.new(sio)
+      gz.write(data)
+      gz.close
+      sio.string
+    end
+  }
+
+  it_should_behave_like "a decoder" do
+    let(:decoder_opts) { {} }
+  end
+
+  let(:uncompressed_data) { 
+    ret = "".encode("binary")
+    '!'.upto('~') { |a| '!'.upto('~') { |b| ret << "#{a}#{b}" }  }
+    ret
+  }
+
+  let(:compressed_data) {
+    encode_data_proc.call(uncompressed_data)
+  }
+
+  let(:decoder) { Threatinator::Decoders::Gzip.new }
+
+
+  context "normal operation" do
+    it "should decompress a Gzip compressed stream" do 
+      encoded_io = StringIO.new(compressed_data)
+      expect(decoder.decode(encoded_io).read).to eq(uncompressed_data)
+    end
+  end
+
+  context "handling truncated data" do
+    let(:truncated_data) {
+      data = compressed_data
+      data_len = data.length / 2
+      data[0..(data_len - 1)]
+    }
+
+    it_should_behave_like "a decoder encountering an error during decoding" do
+      let(:input_io) {StringIO.new(truncated_data)}
+    end
+  end
+
+  context "handling a gzip stream with no footer" do
+    let(:missing_footer_data) {
+      compressed_data[0..-9] # knock off the footer, which is 8 bytes long
+    }
+
+    it_should_behave_like "a decoder encountering an error during decoding" do
+      let(:input_io) {StringIO.new(missing_footer_data)}
+    end
+  end
+
+  context "handling a gzip with an invalid footer" do
+    let(:missing_footer_data) {
+      ret = compressed_data
+      ret[-9..-1] = "\0\0\0\0\0\0\0\0"
+      ret
+    }
+
+    it_should_behave_like "a decoder encountering an error during decoding" do
+      let(:input_io) { StringIO.new(missing_footer_data) }
+    end
+  end
+end