shadowbq-threatinator 0.5.0

data/spec/threatinator/event_builder_spec.rb

@@ -0,0 +1,123 @@
+require 'spec_helper'
+require 'threatinator/event_builder'
+
+describe Threatinator::EventBuilder do
+  let(:feed_provider) { 'my_provider' }
+  let(:feed_name) { 'my_feed' }
+  let(:event_builder) { described_class.new(feed_provider, feed_name) }
+  let(:type) { :c2 }
+
+  before :each do
+    event_builder.type = :c2
+  end
+
+  describe "#reset" do
+    it "resets 'type' to nil" do
+      event_builder.type = :c2
+      event_builder.reset
+      expect {
+        event_builder.build
+      }.to raise_error(Threatinator::Exceptions::EventBuildError)
+    end
+
+    it "resets the fqdns" do
+      event_builder.add_fqdn('foo.com')
+      event_builder.reset
+      event_builder.type = :c2
+      event1 = event_builder.build
+      expect(event1.fqdns).to be_empty
+    end
+
+    it "resets the ipv4s" do
+      event_builder.add_ipv4('1.2.3.4')
+      event_builder.reset
+      event_builder.type = :c2
+      event1 = event_builder.build
+      expect(event1.ipv4s).to be_empty
+    end
+
+    it "does not reset feed_provider or feed_name" do
+      event_builder.reset
+      event_builder.type = :c2
+      event1 = event_builder.build
+      expect(event1.feed_provider).to eq('my_provider')
+      expect(event1.feed_name).to eq('my_feed')
+    end
+  end
+
+  describe "#type=(type)" do
+    it "sets the 'type' for built events" do
+      event1 = event_builder.build
+      expect(event1.type).to eq(:c2)
+    end
+  end
+
+  describe "#add_ipv4(ipv4)" do
+    it "adds the provided ipv4s to built events" do
+      event_builder.add_ipv4('1.2.3.4')
+      event_builder.add_ipv4('8.8.8.8')
+      event1 = event_builder.build
+      expect(event1.ipv4s).to contain_exactly(build(:ipv4, ipv4:'1.2.3.4'), build(:ipv4, ipv4: '8.8.8.8'))
+    end
+  end
+
+  describe "#add_fqdn(fqdn)" do
+    it "adds the provided fqdns to built events" do
+      event_builder.add_fqdn('google.com')
+      event_builder.add_fqdn('yahoo.com')
+      event1 = event_builder.build
+      expect(event1.fqdns).to contain_exactly('google.com', 'yahoo.com')
+    end
+  end
+
+  describe "#add_url(url)" do
+    it "converts the provided URLs strings into Addressable::URI objects and adds them to the built events" do
+      event_builder.add_url('http://google.com/foo/bar')
+      event_builder.add_url('http://yahoo.com')
+      event = event_builder.build
+      expect(event.urls).to contain_exactly(
+        ::Addressable::URI.parse('http://google.com/foo/bar'),
+        ::Addressable::URI.parse('http://yahoo.com')
+      )
+    end
+  end
+
+  describe "#build" do
+    it "generates a new event with each call" do
+      event1 = event_builder.build
+      event2 = event_builder.build
+      expect(event1).not_to be(event2)
+    end
+
+    specify "successively built events will == each other if the builder has not been changed" do
+      event_builder.type = :c2
+      event_builder.add_ipv4('1.2.3.4')
+      event_builder.add_fqdn('foo.com')
+      event1 = event_builder.build
+      event2 = event_builder.build
+      expect(event1).to be == event2
+    end
+
+    context "when an added URL is not parseable as a URI" do
+      it "raises EventBuildError" do
+        event_builder.type = :c2
+        event_builder.add_url(1234)
+        expect {
+          event_builder.build
+        }.to raise_error(Threatinator::Exceptions::EventBuildError)
+      end
+    end
+
+    context "when an added URL is not absolute" do
+      it "raises EventBuildError" do
+        event_builder.type = :c2
+        event_builder.add_url("/foo/bar")
+        expect {
+          event_builder.build
+        }.to raise_error(Threatinator::Exceptions::EventBuildError)
+      end
+    end
+
+  end
+end
+

data/spec/threatinator/event_spec.rb

@@ -0,0 +1,254 @@
+require 'spec_helper'
+require 'threatinator/event'
+
+describe Threatinator::Event do
+
+  let(:event_opts) { { feed_provider: 'foo', feed_name: 'bar', type: :c2 } }
+
+  describe "initialization" do
+    it "requires at least :feed_provider, :feed_name, and :type to be valid" do
+      expect {
+        described_class.new(feed_provider: 'foo', feed_name: 'bar', type: :c2)
+      }.not_to raise_error
+    end
+  end
+
+  describe "#==(other)" do
+    it "returns true when compared to an identically configured event" do
+      event_opts.merge!(ipv4s: build(:ipv4s, values: ['1.2.3.4']), fqdns: ['foo.com'])
+      event1 = described_class.new(event_opts)
+      event2 = described_class.new(event_opts)
+      expect(event1).to be == event2
+    end
+
+    it "returns true when compared to an identically configured event" do
+      event_opts.merge!(ipv4s: build(:ipv4s, values: ['1.2.3.4']), fqdns: ['foo.com'])
+      event1 = described_class.new(event_opts)
+      event_opts.merge!(ipv4s: build(:ipv4s, values: ['8.8.8.8']), fqdns: ['foo.com'])
+      event2 = described_class.new(event_opts)
+      expect(event1).not_to be == event2
+    end
+  end
+
+  describe ":feed_provider" do
+    it "can be set to a String" do
+      event_opts[:feed_provider] = "asdf"
+      expect(described_class.new(event_opts).feed_provider).to eq("asdf")
+    end
+    
+    it "is required to be a String" do
+      event_opts[:feed_provider] = 1234
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+
+    it "is required" do
+      event_opts.delete(:feed_provider)
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+  end
+
+  describe ":feed_name" do
+    it "can be set to a String" do
+      event_opts[:feed_name] = "foo"
+      expect(described_class.new(event_opts).feed_name).to eq("foo")
+    end
+
+    it "is required to be a String" do
+      event_opts[:feed_name] = 1234
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+
+    it "is required" do
+      event_opts.delete(:feed_name)
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+  end
+
+  describe ":type" do
+    it "cannot be be nil" do
+      event_opts[:type] = nil
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+    it "is required" do
+      event_opts.delete(:type)
+      expect {
+        described_class.new(event_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+    [:c2, :attacker, :malware_host, :spamming, :scanning, :phishing].each do |v|
+      it "can be #{v.inspect}" do
+        event_opts[:type] = v
+        expect(described_class.new(event_opts).type).to eq(v)
+      end
+    end
+  end
+
+  describe ":fqdns" do
+    context "when nil" do
+      it "is valid" do
+        event_opts[:fqdns] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#fqdns" do
+        it "returns an an empty array" do
+          event_opts[:fqdns] = nil
+          expect(described_class.new(event_opts).fqdns).to be_empty
+        end
+      end
+    end
+    context "when set to an empty array" do
+      it "is valid" do
+        event_opts[:fqdns] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#fqdns" do
+        it "returns an an empty array" do
+          event_opts[:fqdns] = []
+          expect(described_class.new(event_opts).fqdns).to be_empty
+        end
+      end
+    end
+    context "with :fqdns set to an array of fqdn strings" do
+      let(:fqdns) { ['foo.com', 'bar.com'] }
+      it "is valid" do
+        event_opts[:fqdns] = ['foo.com', 'bar.com']
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#fqdns" do
+        it "returns a collection containing the provided fqdns" do
+          event_opts[:fqdns] = ['foo.com', 'bar.com']
+          expect(described_class.new(event_opts).fqdns).to contain_exactly('foo.com', 'bar.com')
+        end
+      end
+    end
+  end
+
+
+  describe ":ipv4s" do
+    context "when nil" do
+      it "is valid" do
+        event_opts[:ipv4s] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#ipv4s" do
+        it "returns an an empty collection" do
+          event_opts[:ipv4s] = nil
+          expect(described_class.new(event_opts).ipv4s).to be_empty
+        end
+      end
+    end
+    context "when set to an empty array" do
+      it "is valid" do
+        event_opts[:ipv4s] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#ipv4s" do
+        it "returns an an empty collection" do
+          event_opts[:ipv4s] = []
+          expect(described_class.new(event_opts).ipv4s).to be_empty
+        end
+      end
+    end
+    context "with :ipv4s set to an empty Ipv4Collection" do
+      it "is valid" do
+        event_opts[:ipv4s] = build(:ipv4s)
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#ipv4s" do
+        it "returns an an empty collection" do
+          event_opts[:ipv4s] = []
+          expect(described_class.new(event_opts).ipv4s).to be_empty
+        end
+      end
+    end
+    context "with :ipv4s set to an array of Ipv4 observables" do
+      it "is valid" do
+        event_opts[:ipv4s] = [build(:ipv4, ipv4: '1.2.3.4'), build(:ipv4, ipv4: '8.8.8.8')]
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#ipv4s" do
+        it "returns a collection containing the provided Ipv4 observables" do
+          o1 = build(:ipv4, ipv4: '1.2.3.4')
+          o2 = build(:ipv4, ipv4: '8.8.8.8')
+          event_opts[:ipv4s] = [o1, o2]
+          expect(described_class.new(event_opts).ipv4s).to contain_exactly(o1, o2)
+        end
+      end
+    end
+  end
+
+  describe ":urls" do
+    context "when nil" do
+      it "is valid" do
+        event_opts[:urls] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#urls" do
+        it "returns an an empty array" do
+          event_opts[:urls] = nil
+          expect(described_class.new(event_opts).urls).to be_empty
+        end
+      end
+    end
+    context "when set to an empty array" do
+      it "is valid" do
+        event_opts[:urls] = nil
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#urls" do
+        it "returns an an empty array" do
+          event_opts[:urls] = []
+          expect(described_class.new(event_opts).urls).to be_empty
+        end
+      end
+    end
+    context "with :urls set to an array of url strings" do
+      let(:urls) { 
+        [
+          Addressable::URI.parse('http://yahoo.com'),
+          Addressable::URI.parse('http://google.com'),
+        ]
+      }
+      it "is valid" do
+        event_opts[:urls] = urls
+        expect {
+          described_class.new(event_opts)
+        }.not_to raise_error
+      end
+      describe "#urls" do
+        it "returns a collection containing the provided urls" do
+          event_opts[:urls] = urls
+          expect(described_class.new(event_opts).urls).to match_array(urls)
+        end
+      end
+    end
+  end
+end

data/spec/threatinator/event_spec.rb.new

@@ -0,0 +1,319 @@
+require 'spec_helper'
+require 'threatinator/event'
+
+describe Threatinator::Event do
+  it "requires at least :feed_provider, :feed_name, and :type to be valid" do
+    event = described_class.new(feed_provider: 'foo', feed_name: 'bar', type: :c2)
+    expect(event).to be_valid
+  end
+
+  let(:event_opts) { { feed_provider: 'foo', feed_name: 'bar', type: :c2 } }
+
+
+
+  describe "#validate!" do
+    context "when the event is valid" do
+      it "does not raise anything" do
+        event = described_class.new(event_opts)
+        expect(event).to be_valid
+        expect { event.validate! }.not_to raise_error
+      end
+    end
+    context "when the event is not valid" do
+      it "raises an InvalidAttributeError" do
+        event_opts.delete(:feed_name)
+        event = described_class.new(event_opts)
+        expect(event).not_to be_valid
+        expect { event.validate! }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+      end
+    end
+  end
+
+
+  describe "#==(other)" do
+    it "returns true when compared to an identically configured event" do
+      event_opts.merge!(ipv4s: ['1.2.3.4'], fqdns: ['foo.com'], urls: [{url: 'http://foo.com'}])
+      event1 = described_class.new(event_opts)
+      event2 = described_class.new(event_opts)
+      expect(event1).to be == event2
+    end
+
+    it "returns true when compared to an identically configured event" do
+      event_opts.merge!(ipv4s: ['1.2.3.4'], fqdns: ['foo.com'], urls: [{url: 'http://foo.com'}])
+      event1 = described_class.new(event_opts)
+      event_opts.merge!(ipv4s: ['8.8.8.8'], fqdns: ['foo.com'], urls: [{url: 'http://foo.com'}])
+      event2 = described_class.new(event_opts)
+      expect(event1).not_to be == event2
+    end
+  end
+
+  describe "feed_provider" do
+    it "can be set to a String" do
+      event_opts[:feed_provider] = "asdf"
+      expect(described_class.new(event_opts).feed_provider).to eq("asdf")
+    end
+    
+    it "is required to be a String" do
+      event_opts[:feed_provider] = 1234
+      x = described_class.new(event_opts)
+      expect(x).not_to be_valid
+    end
+
+    it "is required" do
+      event_opts.delete(:feed_provider)
+      x = described_class.new(event_opts)
+      expect(x).not_to be_valid
+    end
+  end
+
+  describe "feed_name" do
+    it "can be set to a String" do
+      event_opts[:feed_name] = "foo"
+      expect(described_class.new(event_opts).feed_name).to eq("foo")
+    end
+
+    it "is required to be a String" do
+      event_opts[:feed_name] = 1234
+      x = described_class.new(event_opts)
+      expect(x).not_to be_valid
+    end
+
+  end
+
+  describe "type" do
+    let(:event) { described_class.new(event_opts) }
+    context "when nil" do
+      before :each do
+        event_opts[:type] = nil
+      end
+      it "is not valid" do
+        expect(event).not_to be_valid
+      end
+    end
+    context "when not set" do
+      before :each do
+        event_opts.delete(:type)
+      end
+      it "is not valid" do
+        expect(event).not_to be_valid
+      end
+    end
+    describe ":c2" do
+      before :each do
+        event_opts[:type] = :c2
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe ":attacker" do
+      before :each do
+        event_opts[:type] = :attacker
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe ":malware_host" do
+      before :each do
+        event_opts[:type] = :malware_host
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe ":spamming" do
+      before :each do
+        event_opts[:type] = :spamming
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe ":scanning" do
+      before :each do
+        event_opts[:type] = :scanning
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe ":phishing" do
+      before :each do
+        event_opts[:type] = :phishing
+      end
+      it "is valid" do
+        expect(event).to be_valid
+      end
+    end
+    describe "an invalid type" do
+      before :each do
+        event_opts[:type] = :foo
+      end
+      it "is not valid" do
+        expect(event).not_to be_valid
+      end
+    end
+  end
+
+  describe "fqdns" do
+    let(:event) { described_class.new(event_opts.merge({ fqdns: fqdns })) }
+    context "with :fqdns set to nil" do
+      let(:fqdns) { nil }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#fqdns" do
+        it "returns an an empty array" do
+          expect(event.fqdns).to be_empty
+        end
+      end
+    end
+    context "with :fqdns set to an empty array" do
+      let(:fqdns) { [] }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#fqdns" do
+        it "returns an an empty array" do
+          expect(event.fqdns).to be_empty
+        end
+      end
+    end
+    context "with :fqdns set to an array of fqdn strings" do
+      let(:fqdns) { ['foo.com', 'bar.com'] }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#fqdns" do
+        it "returns an Array of Strings" do
+          expect(event.fqdns).to contain_exactly('foo.com', 'bar.com')
+        end
+      end
+    end
+  end
+
+  describe "ipv4s" do
+    let(:event) { described_class.new(event_opts.merge({ ipv4s: ipv4s })) }
+    context "with :ipv4s set to nil" do
+      let(:ipv4s) { nil }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#ipv4s" do
+        it "returns an an empty array" do
+          expect(event.ipv4s).to be_empty
+        end
+      end
+    end
+    context "with :ipv4s set to an empty array" do
+      let(:ipv4s) { [] }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#ipv4s" do
+        it "returns an an empty array" do
+          expect(event.ipv4s).to be_empty
+        end
+      end
+    end
+    context "with :ipv4s set to an array of ipv4 strings" do
+      let(:ipv4s) { ['1.2.3.4', '8.8.8.8'] }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#ipv4s" do
+        it "returns an Array of Strings" do
+          expect(event.ipv4s).to contain_exactly('1.2.3.4', '8.8.8.8')
+        end
+      end
+    end
+  end
+
+  describe "urls" do
+    let(:event) { described_class.new(event_opts.merge({ urls: urls })) }
+
+    context "with :urls set to nil" do
+      let(:urls) { nil }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#urls" do
+        it "returns an empty array" do
+          expect(event.urls).to eq([])
+        end
+      end
+    end
+
+    context "with :urls set to an empty array" do
+      let(:urls) { [] }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#urls" do
+        it "returns an empty array" do
+          expect(event.urls).to eq([])
+        end
+      end
+    end
+
+    context "with :urls set to an array of Hash objects" do
+      let(:urls) {
+        [
+          {url: "http://foo.com"},
+          {url: "path/to/something"},
+          {url: 1234},
+          {url: nil},
+          {}
+        ]
+      }
+      describe "#urls" do
+        it "returns an array containing Observables::Url objects that have been coerced from the hashes" do
+          expect(event.urls).to eq([
+            Threatinator::Model::Observables::Url.new(url: "http://foo.com"),
+            Threatinator::Model::Observables::Url.new(url: "path/to/something"),
+            Threatinator::Model::Observables::Url.new(url: 1234),
+            Threatinator::Model::Observables::Url.new(url: nil),
+            Threatinator::Model::Observables::Url.new(url: nil)
+          ])
+        end
+      end
+    end
+
+    context "with :urls set to an array of valid Observables::Url objects" do
+      let(:urls) {
+        [
+          Threatinator::Model::Observables::Url.new(url: "http://foo.com"),
+          Threatinator::Model::Observables::Url.new(url: "http://bar.com")
+        ]
+      }
+      it "is valid" do
+        expect(event).to be_valid
+      end
+      describe "#urls" do
+        it "returns an array containing the original Observables::Url objects" do
+          expect(event.urls).to eq(urls)
+        end
+      end
+    end
+
+    context "when the :urls array contains any invalid Observables::Url objects" do
+      let(:urls) {
+        [
+          Threatinator::Model::Observables::Url.new(url: "http://foo.com"),
+          Threatinator::Model::Observables::Url.new(url: "http://bar.com"),
+          Threatinator::Model::Observables::Url.new(url: "relative/path/to"),
+        ]
+      }
+      it "is not valid" do
+        expect(event).not_to be_valid
+      end
+      describe "#urls" do
+        it "returns an array containing the original Observables::Url objects" do
+          expect(event.urls).to eq(urls)
+        end
+      end
+    end
+  end
+
+end