RubyGems - shadowbq-threatinator - Versions diffs - 0.5.0 - Mend

shadowbq-threatinator 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (389) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +66 -0
data/CONTRIBUTING.md +119 -0
data/Gemfile +38 -0
data/LICENSE +165 -0
data/README.md +101 -0
data/Rakefile +47 -0
data/VERSION +1 -0
data/bin/threatinator +5 -0
data/bin/threatinator_loader +21 -0
data/feeds/ET_block-ip_reputation.feed +27 -0
data/feeds/ET_compromised-ip_reputation.feed +20 -0
data/feeds/ET_openbadlist-ip_reputation.feed +36 -0
data/feeds/alienvault-ip_reputation.feed +39 -0
data/feeds/arbor_fastflux-domain_reputation.feed +19 -0
data/feeds/arbor_ssh-ip_reputation.feed +24 -0
data/feeds/autoshun_shunlist.feed +17 -0
data/feeds/bambenek_c2_masterlist-domain_reputation.feed +16 -0
data/feeds/bambenek_c2_masterlist-ip_reputation.feed +16 -0
data/feeds/bambenek_dga_feed-domain_reputation.feed +16 -0
data/feeds/berkeley-ip_reputation.feed +25 -0
data/feeds/bitcash_cz_blacklist.feed +22 -0
data/feeds/blocklist_de_apache-ip_reputation.feed +26 -0
data/feeds/blocklist_de_bots-ip_reputation.feed +26 -0
data/feeds/blocklist_de_ftp-ip_reputation.feed +25 -0
data/feeds/blocklist_de_imap-ip_reputation.feed +25 -0
data/feeds/blocklist_de_pop3-ip_reputation.feed +26 -0
data/feeds/blocklist_de_proftpd-ip_reputation.feed +26 -0
data/feeds/blocklist_de_sip-ip_reputation.feed +25 -0
data/feeds/blocklist_de_ssh-ip_reputation.feed +25 -0
data/feeds/blocklist_de_strongips-ip_reputation.feed +25 -0
data/feeds/botscout-ip_reputation.feed +25 -0
data/feeds/cert_mxpoison-ip_reputation.feed +22 -0
data/feeds/chaosreigns-ip_reputation.feed +37 -0
data/feeds/ciarmy-ip_reputation.feed +20 -0
data/feeds/cruzit-ip_reputation.feed +30 -0
data/feeds/cydef_torexit-ip_reputation.feed +25 -0
data/feeds/dan_me_uk_torlist-ip_reputation.feed +25 -0
data/feeds/danger_bruteforce-ip_reputation.feed +24 -0
data/feeds/dshield_attackers-top1000.feed +34 -0
data/feeds/falconcrest-ip_reputation.feed +19 -0
data/feeds/feodo-domain_reputation.feed +19 -0
data/feeds/feodo-ip_reputation.feed +20 -0
data/feeds/h3x_asprox.feed +18 -0
data/feeds/hosts-file_hphostspartial-domain_reputation.feed +19 -0
data/feeds/infiltrated-ip_reputation.feed +26 -0
data/feeds/infiltrated_vabl-ip_reputation.feed +30 -0
data/feeds/isc_suspicious_high-domain_reputation.feed +26 -0
data/feeds/isc_suspicious_low-domain_reputation.feed +26 -0
data/feeds/isc_suspicious_medium-domain_reputation.feed +26 -0
data/feeds/malc0de-domain_reputation.feed +24 -0
data/feeds/malc0de-ip_reputation.feed +26 -0
data/feeds/malwaredomainlist-url_reputation.feed +18 -0
data/feeds/malwaredomains-domain_reputation.feed +29 -0
data/feeds/malwaredomains_dyndns-domain_reputation.feed +29 -0
data/feeds/malwaredomains_justdomains-domain_reputation.feed +20 -0
data/feeds/mirc-domain_reputation.feed +30 -0
data/feeds/multiproxy-ip_reputation.feed +22 -0
data/feeds/nothink_irc-ip_reputation.feed +23 -0
data/feeds/nothink_ssh-ip_reputation.feed +21 -0
data/feeds/openbl-ip_reputation.feed +21 -0
data/feeds/openphish-url_reputation.feed +24 -0
data/feeds/packetmail_perimeterbad-ip_reputation.feed +28 -0
data/feeds/palevo-domain_reputation.feed +22 -0
data/feeds/palevo-ip_reputation.feed +23 -0
data/feeds/phishtank.feed +22 -0
data/feeds/sigmaproject_atma.feed +27 -0
data/feeds/sigmaproject_spyware.feed +28 -0
data/feeds/sigmaproject_webexploit.feed +26 -0
data/feeds/snort_bpf-ip_reputation.feed +19 -0
data/feeds/spyeye-domain_reputation.feed +18 -0
data/feeds/spyeye-ip_reputation.feed +19 -0
data/feeds/steeman-ip_reputation.feed +20 -0
data/feeds/t-arend-de_ssh-ip_reputation.feed +20 -0
data/feeds/the_haleys_ssh-ip_reputation.feed +20 -0
data/feeds/trustedsec-ip_reputation.feed +18 -0
data/feeds/virbl-ip_reputation.feed +25 -0
data/feeds/vxvault-url_reputation.feed +23 -0
data/feeds/yourcmc_ssh-ip_reputation.feed +20 -0
data/feeds/yoyo_adservers-domain_reputation.feed +17 -0
data/feeds/zeus-domain_reputation.feed +19 -0
data/feeds/zeus-ip_reputation.feed +21 -0
data/lib/threatinator/action.rb +14 -0
data/lib/threatinator/actions/list/action.rb +97 -0
data/lib/threatinator/actions/list/config.rb +12 -0
data/lib/threatinator/actions/list.rb +2 -0
data/lib/threatinator/actions/run/action.rb +57 -0
data/lib/threatinator/actions/run/config.rb +32 -0
data/lib/threatinator/actions/run/coverage_observer.rb +59 -0
data/lib/threatinator/actions/run/output_config.rb +59 -0
data/lib/threatinator/actions/run/status_observer.rb +37 -0
data/lib/threatinator/actions/run.rb +2 -0
data/lib/threatinator/cli/action_builder.rb +33 -0
data/lib/threatinator/cli/list_action_builder.rb +19 -0
data/lib/threatinator/cli/parser.rb +123 -0
data/lib/threatinator/cli/run_action_builder.rb +41 -0
data/lib/threatinator/cli.rb +19 -0
data/lib/threatinator/config/base.rb +35 -0
data/lib/threatinator/config/feed_search.rb +25 -0
data/lib/threatinator/config/logger.rb +14 -0
data/lib/threatinator/config.rb +7 -0
data/lib/threatinator/decoder.rb +24 -0
data/lib/threatinator/decoders/gzip.rb +30 -0
data/lib/threatinator/event.rb +63 -0
data/lib/threatinator/event_builder.rb +70 -0
data/lib/threatinator/exceptions.rb +58 -0
data/lib/threatinator/feed.rb +88 -0
data/lib/threatinator/feed_builder.rb +161 -0
data/lib/threatinator/feed_registry.rb +47 -0
data/lib/threatinator/feed_runner.rb +177 -0
data/lib/threatinator/fetcher.rb +22 -0
data/lib/threatinator/fetchers/http.rb +50 -0
data/lib/threatinator/filter.rb +12 -0
data/lib/threatinator/filters/block.rb +18 -0
data/lib/threatinator/filters/comments.rb +16 -0
data/lib/threatinator/filters/whitespace.rb +19 -0
data/lib/threatinator/logger.rb +66 -0
data/lib/threatinator/logging.rb +20 -0
data/lib/threatinator/model/base.rb +23 -0
data/lib/threatinator/model/collection.rb +89 -0
data/lib/threatinator/model/observables/fqdn_collection.rb +15 -0
data/lib/threatinator/model/observables/ipv4.rb +33 -0
data/lib/threatinator/model/observables/ipv4_collection.rb +14 -0
data/lib/threatinator/model/observables/url_collection.rb +16 -0
data/lib/threatinator/model/validations/type.rb +21 -0
data/lib/threatinator/model/validations.rb +1 -0
data/lib/threatinator/output.rb +50 -0
data/lib/threatinator/parser.rb +23 -0
data/lib/threatinator/parsers/csv/parser.rb +77 -0
data/lib/threatinator/parsers/csv.rb +7 -0
data/lib/threatinator/parsers/getline/parser.rb +45 -0
data/lib/threatinator/parsers/getline.rb +8 -0
data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
data/lib/threatinator/parsers/json/parser.rb +45 -0
data/lib/threatinator/parsers/json/record.rb +20 -0
data/lib/threatinator/parsers/json.rb +8 -0
data/lib/threatinator/parsers/xml/node.rb +79 -0
data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
data/lib/threatinator/parsers/xml/parser.rb +44 -0
data/lib/threatinator/parsers/xml/path.rb +70 -0
data/lib/threatinator/parsers/xml/pattern.rb +53 -0
data/lib/threatinator/parsers/xml/record.rb +14 -0
data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
data/lib/threatinator/parsers/xml.rb +8 -0
data/lib/threatinator/plugin_loader.rb +115 -0
data/lib/threatinator/plugins/output/amqp/config.rb +18 -0
data/lib/threatinator/plugins/output/amqp.rb +41 -0
data/lib/threatinator/plugins/output/csv.rb +58 -0
data/lib/threatinator/plugins/output/json/config.rb +14 -0
data/lib/threatinator/plugins/output/json.rb +53 -0
data/lib/threatinator/plugins/output/null.rb +17 -0
data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
data/lib/threatinator/record.rb +22 -0
data/lib/threatinator/registry.rb +53 -0
data/lib/threatinator/util.rb +15 -0
data/lib/threatinator.rb +3 -0
data/spec/feeds/ET_block-ip_reputation_spec.rb +50 -0
data/spec/feeds/ET_compromised-ip_reputation_spec.rb +47 -0
data/spec/feeds/ET_openbadlist-ip_reputation_spec.rb +56 -0
data/spec/feeds/alienvault-ip_reputation_spec.rb +46 -0
data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +46 -0
data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +46 -0
data/spec/feeds/autoshun_shunlist_spec.rb +38 -0
data/spec/feeds/bambenek_c2_masterlist-domain_reputation_spec.rb +38 -0
data/spec/feeds/bambenek_c2_masterlist-ip_reputation_spec.rb +39 -0
data/spec/feeds/bambenek_dga_feed-domain_reputation_spec.rb +39 -0
data/spec/feeds/berkeley-ip_reputation_spec.rb +47 -0
data/spec/feeds/bitcash_cz_blacklist-ip_reputation_spec.rb +50 -0
data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +47 -0
data/spec/feeds/botscout-ip_reputation_spec.rb +50 -0
data/spec/feeds/cert_mxpoison-ip_reputation_spec.rb +47 -0
data/spec/feeds/chaosreigns-ip_reputation_spec.rb +50 -0
data/spec/feeds/ciarmy-ip_reputation_spec.rb +47 -0
data/spec/feeds/cruzit-ip_reputation_spec.rb +47 -0
data/spec/feeds/cydef_torexit-ip_reputation_spec.rb +47 -0
data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +47 -0
data/spec/feeds/danger_bruteforce-ip_reputation_spec.rb +47 -0
data/spec/feeds/data/ET_block-ip_reputation.txt +80 -0
data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
data/spec/feeds/data/ET_openbadlist-ip_reputation.txt +62 -0
data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
data/spec/feeds/data/arbor_domainlist.txt +11 -0
data/spec/feeds/data/arbor_ssh.txt +16 -0
data/spec/feeds/data/autoshun_shunlist.csv +20 -0
data/spec/feeds/data/bambenek_c2-dommasterlist.csv +30 -0
data/spec/feeds/data/bambenek_c2-ipmasterlist.csv +27 -0
data/spec/feeds/data/bambenek_dga_feed.csv +42 -0
data/spec/feeds/data/berkeley.txt +29 -0
data/spec/feeds/data/bitcash_cz_blacklist.txt +7 -0
data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
data/spec/feeds/data/botscout-ip-reputation.txt +713 -0
data/spec/feeds/data/cert_mxpoison-ip_reputation.txt +17 -0
data/spec/feeds/data/chaosreigns-ip-reputation.txt +26 -0
data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
data/spec/feeds/data/cydef_torexit-ip_reputation.txt +27 -0
data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
data/spec/feeds/data/danger_bruteforce-ip_reputation.txt +12 -0
data/spec/feeds/data/dshield_topattackers.xml +4 -0
data/spec/feeds/data/falconcrest_iplist.txt +345 -0
data/spec/feeds/data/feodo_domainlist.txt +18 -0
data/spec/feeds/data/feodo_iplist.txt +20 -0
data/spec/feeds/data/h3x_asprox.txt +20 -0
data/spec/feeds/data/hosts-file_hphostspartial_domainlist.txt +24 -0
data/spec/feeds/data/infiltrated_iplist.txt +16 -0
data/spec/feeds/data/infiltrated_vabl_iplist.txt +33 -0
data/spec/feeds/data/isc_suspicious_high_domainlist.txt +26 -0
data/spec/feeds/data/isc_suspicious_low_domainlist.txt +34 -0
data/spec/feeds/data/isc_suspicious_medium_domainlist.txt +32 -0
data/spec/feeds/data/malc0de_domainlist.txt +18 -0
data/spec/feeds/data/malc0de_iplist.txt +14 -0
data/spec/feeds/data/malwaredomainlist-url-reputation.txt +8 -0
data/spec/feeds/data/malwaredomains_domainlist.txt +24 -0
data/spec/feeds/data/malwaredomains_dyndns_domainlist.txt +34 -0
data/spec/feeds/data/malwaredomains_justdomains_domainlist.txt +18 -0
data/spec/feeds/data/mirc_domainlist.txt +31 -0
data/spec/feeds/data/multiproxy_iplist.txt +15 -0
data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
data/spec/feeds/data/openbl_iplist.txt +12 -0
data/spec/feeds/data/openphish-url-reputation.txt +16 -0
data/spec/feeds/data/packetmail_perimeterbad-ip_reputation.txt +44 -0
data/spec/feeds/data/palevo_domainlist.txt +25 -0
data/spec/feeds/data/palevo_iplist.txt +24 -0
data/spec/feeds/data/phishtank-sample.json.gz +0 -0
data/spec/feeds/data/sigmaproject_atma.return.gz +0 -0
data/spec/feeds/data/sigmaproject_spyware.return.gz +0 -0
data/spec/feeds/data/sigmaproject_webexploit.return.gz +0 -0
data/spec/feeds/data/snort_bpf-ip_reputation.txt +16 -0
data/spec/feeds/data/spyeye_domainlist.txt +16 -0
data/spec/feeds/data/spyeye_iplist.txt +19 -0
data/spec/feeds/data/steeman-ip-reputation.txt +13 -0
data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
data/spec/feeds/data/trustedsec-ip-reputation.txt +12 -0
data/spec/feeds/data/valid.json +2908 -0
data/spec/feeds/data/virbl-ip_reputation.txt +14 -0
data/spec/feeds/data/vxvault-url-reputation.txt +15 -0
data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
data/spec/feeds/data/yoyo_adservers.txt +25 -0
data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
data/spec/feeds/data/zeus_domainlist.txt +27 -0
data/spec/feeds/dshield_attackers-top1000_spec.rb +39 -0
data/spec/feeds/falconcrest-ip_reputation_spec.rb +39 -0
data/spec/feeds/feodo-domain_reputation_spec.rb +47 -0
data/spec/feeds/feodo-ip_reputation_spec.rb +47 -0
data/spec/feeds/h3x_asprox-ip_reputation_spec.rb +50 -0
data/spec/feeds/hosts-file_hphostspartial-domain_reputation_spec.rb +47 -0
data/spec/feeds/infiltrated-ip_reputation_spec.rb +47 -0
data/spec/feeds/infiltrated_vabl-ip_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_high-domain_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_low-domain_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_medium-domain_reputation_spec.rb +47 -0
data/spec/feeds/malc0de-domain_reputation_spec.rb +47 -0
data/spec/feeds/malc0de-ip_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomainlist_url_reputation_spec.rb +50 -0
data/spec/feeds/malwaredomains-domain_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomains_dyndns-domain_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomains_justdomains-domain_reputation_spec.rb +47 -0
data/spec/feeds/mirc-domain_reputation_spec.rb +47 -0
data/spec/feeds/multiproxy-ip_reputation_spec.rb +47 -0
data/spec/feeds/nothink_irc-ip_reputation_spec.rb +47 -0
data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/openbl-ip_reputation_spec.rb +47 -0
data/spec/feeds/openphish_url_reputation_spec.rb +50 -0
data/spec/feeds/packetmail_perimeterbad-ip_reputation_spec.rb +47 -0
data/spec/feeds/palevo-domain_reputation_spec.rb +47 -0
data/spec/feeds/palevo-ip_reputation_spec.rb +47 -0
data/spec/feeds/phishtank_spec.rb +41 -0
data/spec/feeds/sigmaproject_atma_spec.rb +62 -0
data/spec/feeds/sigmaproject_spyware_spec.rb +63 -0
data/spec/feeds/sigmaproject_webexploit_spec.rb +62 -0
data/spec/feeds/snort_bpf-ip_reputation_spec.rb +47 -0
data/spec/feeds/spyeye-domain_reputation_spec.rb +47 -0
data/spec/feeds/spyeye-ip_reputation_spec.rb +47 -0
data/spec/feeds/steeman-ip_reputation_spec.rb +50 -0
data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/trustedsec-ip_reputation_spec.rb +47 -0
data/spec/feeds/virbl-ip_reputation_spec.rb +47 -0
data/spec/feeds/vxvault_url_reputation_spec.rb +50 -0
data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/yoyo_adservers_spec.rb +47 -0
data/spec/feeds/zeus-domain_reputation_spec.rb +47 -0
data/spec/feeds/zeus-ip_reputation_spec.rb +47 -0
data/spec/fixtures/feed/provider1/feed1.feed +6 -0
data/spec/fixtures/parsers/test.xml +13 -0
data/spec/fixtures/parsers/test_self_closing.xml +20 -0
data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
data/spec/fixtures/plugins/fake.rb +19 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
data/spec/spec_helper.rb +54 -0
data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
data/spec/support/bad_feeds/missing_name.feed +6 -0
data/spec/support/bad_feeds/missing_parser.feed +3 -0
data/spec/support/bad_feeds/missing_provider.feed +5 -0
data/spec/support/factories/event.rb +31 -0
data/spec/support/factories/feed.rb +59 -0
data/spec/support/factories/feed_builder.rb +65 -0
data/spec/support/factories/feed_registry.rb +8 -0
data/spec/support/factories/ipv4.rb +36 -0
data/spec/support/factories/output.rb +11 -0
data/spec/support/factories/record.rb +17 -0
data/spec/support/factories/url.rb +34 -0
data/spec/support/factories/xml_node.rb +33 -0
data/spec/support/helpers/io.rb +11 -0
data/spec/support/helpers/models.rb +13 -0
data/spec/support/shared/action_builder.rb +47 -0
data/spec/support/shared/decoder.rb +70 -0
data/spec/support/shared/feed_runner_observer.rb +136 -0
data/spec/support/shared/feeds.rb +233 -0
data/spec/support/shared/fetcher.rb +48 -0
data/spec/support/shared/filter.rb +14 -0
data/spec/support/shared/io-like.rb +7 -0
data/spec/support/shared/model/collection.rb +164 -0
data/spec/support/shared/output.rb +120 -0
data/spec/support/shared/parsers.rb +51 -0
data/spec/support/shared/record.rb +111 -0
data/spec/threatinator/actions/list/action_spec.rb +148 -0
data/spec/threatinator/actions/run/action_spec.rb +106 -0
data/spec/threatinator/actions/run/config_spec.rb +39 -0
data/spec/threatinator/actions/run/coverage_observer_spec.rb +151 -0
data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
data/spec/threatinator/actions/run/status_observer_spec.rb +86 -0
data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
data/spec/threatinator/cli_spec.rb +175 -0
data/spec/threatinator/config/base_spec.rb +39 -0
data/spec/threatinator/config/feed_search_spec.rb +76 -0
data/spec/threatinator/decoders/gzip_spec.rb +75 -0
data/spec/threatinator/event_builder_spec.rb +123 -0
data/spec/threatinator/event_spec.rb +254 -0
data/spec/threatinator/event_spec.rb.new +319 -0
data/spec/threatinator/feed_builder_spec.rb +633 -0
data/spec/threatinator/feed_registry_spec.rb +198 -0
data/spec/threatinator/feed_runner_spec.rb +372 -0
data/spec/threatinator/feed_spec.rb +169 -0
data/spec/threatinator/fetcher_spec.rb +12 -0
data/spec/threatinator/fetchers/http_spec.rb +32 -0
data/spec/threatinator/filter_spec.rb +13 -0
data/spec/threatinator/filters/block_spec.rb +16 -0
data/spec/threatinator/filters/comments_spec.rb +13 -0
data/spec/threatinator/filters/whitespace_spec.rb +12 -0
data/spec/threatinator/logger_spec.rb +29 -0
data/spec/threatinator/model/observables/fqdn_collection_spec.rb +41 -0
data/spec/threatinator/model/observables/ipv4_collection_spec.rb +36 -0
data/spec/threatinator/model/observables/ipv4_spec.rb +75 -0
data/spec/threatinator/model/observables/url_collection_spec.rb +45 -0
data/spec/threatinator/model/validations/type_spec.rb +37 -0
data/spec/threatinator/parser_spec.rb +13 -0
data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
data/spec/threatinator/parsers/json/record_spec.rb +30 -0
data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
data/spec/threatinator/plugin_loader_spec.rb +238 -0
data/spec/threatinator/plugins/output/csv_spec.rb +47 -0
data/spec/threatinator/plugins/output/null_spec.rb +17 -0
data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
data/spec/threatinator/record_spec.rb +19 -0
data/spec/threatinator/registry_spec.rb +97 -0
data/spec/threatinator/runner_spec.rb +273 -0
metadata +674 -0

data/spec/threatinator/feed_spec.rb ADDED Viewed

@@ -0,0 +1,169 @@
+require 'spec_helper'
+require 'threatinator/feed'
+describe Threatinator::Feed do
+  let (:provider) { 'FakeSecureCo' }
+  let (:name) { 'MaliciousDataFeed' }
+  let(:fetcher_io) { double("io") }
+  let(:parser_block) { lambda {}  }
+  let(:filter_builders) { [] }
+  let(:decoder_builders) { [] }
+  let(:fetcher_builder) { lambda { FeedSpec::Fetcher.new({}) }  }
+  let(:parser_builder) { lambda { FeedSpec::Parser.new({}) { } }  }
+  let(:feed_opts) {
+    {
+      :provider => provider,
+      :name => name,
+      :parser_block => parser_block,
+      :fetcher_builder => fetcher_builder,
+      :parser_builder => parser_builder,
+      :filter_builders => filter_builders,
+      :decoder_builders => filter_builders,
+    }
+  }
+  shared_examples_for "a field with an invalid value" do |value|
+    it "should raise InvalidAttributeError if it is a #{value.class}" do
+      expect {
+        described_class.new(feed_opts.merge(field => value))
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+  end
+  shared_examples_for "a field with a valid value" do |value|
+    it "should not raise any errors when set to a #{value.class}" do
+      expect {
+        described_class.new(feed_opts.merge(field => value))
+      }.not_to raise_error
+    end
+  end
+  shared_examples_for "a field that is required" do
+    it "is required" do
+      feed_opts.delete(field)
+      expect { described_class.new(feed_opts) }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+  end
+  shared_examples_for "a field with a default" do |value|
+    it "should default to #{value.inspect}" do
+      feed_opts.delete(field)
+      feed = described_class.new(feed_opts)
+      expect(feed.send(field)).to eq(value)
+    end
+  end
+  shared_examples_for "a field that is immutable" do
+    it "should be immutable" do
+      feed = described_class.new(feed_opts)
+      expect(feed.send(field)).not_to be(feed.send(field))
+    end
+  end
+  describe ":provider" do
+    let(:field) { :provider }
+    include_examples "a field that is required"
+    include_examples "a field that is immutable"
+    include_examples "a field with a valid value", "asdf"
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", []
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":name" do
+    let(:field) { :name }
+    include_examples "a field that is required", :name
+    include_examples "a field that is immutable"
+    include_examples "a field with a valid value", "asdf"
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", []
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":fetcher_builder" do
+    let(:field) { :fetcher_builder}
+    include_examples "a field that is required", :fetcher_builder
+    include_examples "a field with a valid value", lambda { }
+    include_examples "a field with an invalid value", Class.new
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", []
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":parser_builder" do
+    let(:field) { :parser_builder }
+    include_examples "a field that is required", :parser_builder
+    include_examples "a field with a valid value", lambda { }
+    include_examples "a field with an invalid value", Class.new
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", []
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":filter_builders" do
+    let(:field) { :filter_builders}
+    include_examples "a field with a default", []
+    include_examples "a field with a valid value", []
+    include_examples "a field with a valid value", [ lambda { }  ]
+    include_examples "a field that is immutable"
+    include_examples "a field with an invalid value", Class.new
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", [1,2,3]
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":decoder_builders" do
+    let(:field) { :decoder_builders}
+    include_examples "a field with a default", []
+    include_examples "a field with a valid value", []
+    include_examples "a field with a valid value", [ lambda { }  ]
+    include_examples "a field that is immutable"
+    include_examples "a field with an invalid value", Class.new
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", [1,2,3]
+    include_examples "a field with an invalid value", {}
+  end
+  describe ":parser_block" do
+    let(:field) { :parser_block }
+    include_examples "a field that is required", :parser_block
+    include_examples "a field with a valid value", lambda {}
+    include_examples "a field with an invalid value", 1234
+    include_examples "a field with an invalid value", :asdf
+    include_examples "a field with an invalid value", []
+  end
+  context "when initialized with required fields" do
+    let (:feed) do
+      described_class.new(feed_opts)
+    end
+    describe "#name" do
+      it "should return the name" do
+        expect(feed.name).to eq(name)
+      end
+    end
+    describe "#provider" do
+      it "should return the provider" do
+        expect(feed.provider).to eq(provider)
+      end
+    end
+    describe "#parser_block" do
+      it "should return the parser_block" do
+        expect(feed.parser_block).to eq(parser_block)
+      end
+    end
+  end
+end

data/spec/threatinator/fetcher_spec.rb ADDED Viewed

@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'threatinator/fetcher'
+describe Threatinator::Fetcher do
+  let(:fetcher) { Threatinator::Fetcher.new }
+  describe "#fetch" do
+    it "should raise NotImplementedError because it's not implemented" do
+      expect {fetcher.fetch}.to raise_error(NotImplementedError)
+    end
+  end
+end

data/spec/threatinator/fetchers/http_spec.rb ADDED Viewed

@@ -0,0 +1,32 @@
+require 'spec_helper'
+require 'threatinator/fetchers/http'
+describe Threatinator::Fetchers::Http do
+    let(:url) { "http://foobar.com/bla.json" }
+    let(:fetcher_builder) { lambda { described_class.new(url: url) } }
+    let(:fetcher_builder_different) { lambda { described_class.new(url: "http://foobar.com/sdf.json") } }
+    let(:fetcher) { fetcher_builder.call() }
+  it_should_behave_like "a fetcher" do
+    before :each do
+      stub_request(:get, url).to_return(:body => expected_data)
+    end
+  end
+  describe "#url" do
+    it "should return the value of the URL" do
+      expect(fetcher.url).to eq(url)
+    end
+  end
+  [404, 500].each do |status_code|
+    context "when an HTTP response has a status code of #{status_code}" do
+      it_should_behave_like "a #fetch call that failed" do
+        before :each do
+          stub_request(:get, url)
+            .to_return(:status => status_code)
+        end
+      end
+    end
+  end
+end

data/spec/threatinator/filter_spec.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'spec_helper'
+require 'threatinator/filter'
+describe Threatinator::Filter do
+  let(:filter) { Threatinator::Filter.new }
+  describe "#filter?(record)" do
+    it "should raise NotImplementedError because it's not implemented" do
+      expect {filter.filter?(1234)}.to raise_error(NotImplementedError)
+    end
+  end
+end

data/spec/threatinator/filters/block_spec.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'spec_helper'
+require 'threatinator/record'
+require 'threatinator/filters/block'
+describe Threatinator::Filters::Block do
+  it_should_behave_like "a filter" do
+    let(:filter_block) {
+      lambda do |record|
+        record.data =~ /^FILTERME$/
+      end
+    }
+    let(:filter) { described_class.new(filter_block) }
+    let(:should_filter) { Threatinator::Record.new("FILTERME") }
+    let(:shouldnt_filter) { Threatinator::Record.new("I'm OK!") }
+  end
+end

data/spec/threatinator/filters/comments_spec.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'spec_helper'
+require 'threatinator/record'
+require 'threatinator/filters/comments'
+describe Threatinator::Filters::Comments do
+  it_should_behave_like "a filter" do
+    let(:filter) { described_class.new() }
+    let(:should_filter) { Threatinator::Record.new("# Here's my comment") }
+    let(:shouldnt_filter) { Threatinator::Record.new("I'm OK # wooo!") }
+  end
+end

data/spec/threatinator/filters/whitespace_spec.rb ADDED Viewed

@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'threatinator/record'
+require 'threatinator/filters/whitespace'
+describe Threatinator::Filters::Whitespace do
+  it_should_behave_like "a filter" do
+    let(:filter) { described_class.new() }
+    let(:should_filter) { Threatinator::Record.new("    ") }
+    let(:shouldnt_filter) { Threatinator::Record.new("    I'm OK!") }
+  end
+end

data/spec/threatinator/logger_spec.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require 'spec_helper'
+require 'threatinator/logger'
+require 'threatinator/config/logger'
+describe Threatinator::Logger do
+  before :each do
+    @orig_level = Threatinator::Logger.level
+  end
+  after :each do
+    Threatinator::Logger.level = @orig_level
+  end
+  describe ".configure_logger(config)" do
+    let(:config) { Threatinator::Config::Logger.new }
+    it "sets the logging level to that specified by config.level" do
+      Threatinator::Logger.level = Threatinator::Logger::Levels::FATAL
+      config.level = "DEBUG"
+      Threatinator::Logger.configure_logger(config)
+      expect(Threatinator::Logger.level).to eq(Threatinator::Logger::Levels::DEBUG)
+    end
+    it "warns when an unknown logging level is provided" do
+      config.level = "FOO"
+      expect(Threatinator::Logger.default_logger).to receive(:warn).with(/Ignoring unknown logging level:/)
+      Threatinator::Logger.configure_logger(config)
+    end
+  end
+end

data/spec/threatinator/model/observables/fqdn_collection_spec.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'threatinator/model/observables/fqdn_collection'
+describe Threatinator::Model::Observables::FqdnCollection do
+  it_behaves_like "a model collection" do
+    def generate_ten_valid_members
+      ret = []
+      1.upto(10) do |i|
+        ret << "domain#{i}.com"
+      end
+      ret
+    end
+    def generate_invalid_members
+      [1234, :foobar]
+    end
+  end
+  let(:collection) { described_class.new }
+  describe "#valid_member?(v)" do
+    context "when provided a valid FQDN string" do
+      it "returns true" do
+        expect(collection.valid_member?("yahoo.com")).to eq(true)
+      end
+    end
+    context "when provided an invalid FQDN string" do
+      it "returns false" do
+        expect(collection.valid_member?("yahoo..com")).to eq(false)
+      end
+    end
+    context "when provided something other than a string" do
+      it "returns false" do
+        expect(collection.valid_member?(:asdf)).to eq(false)
+        expect(collection.valid_member?(1234)).to eq(false)
+      end
+    end
+  end
+end

data/spec/threatinator/model/observables/ipv4_collection_spec.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'spec_helper'
+require 'threatinator/model/observables/ipv4_collection'
+require 'threatinator/model/observables/ipv4'
+describe Threatinator::Model::Observables::Ipv4Collection do
+  it_behaves_like "a model collection" do
+    def generate_ten_valid_members
+      ret = []
+      1.upto(10) do |i|
+        ret << build(:ipv4, ipv4: "1.2.3.#{i}")
+      end
+      ret
+    end
+    def generate_invalid_members
+      [1234, :foobar]
+    end
+  end
+  let(:collection) { described_class.new }
+  describe "#valid_member?(v)" do
+    context "when provided an Ipv4 observable" do
+      it "returns true" do
+        ipv4 = build(:ipv4, ipv4: "1.2.3.4")
+        expect(collection.valid_member?(ipv4)).to eq(true)
+      end
+    end
+    context "when provided something other than an Ipv4 observable" do
+      it "returns false" do
+        expect(collection.valid_member?("1.2.3.257")).to eq(false)
+      end
+    end
+  end
+end

data/spec/threatinator/model/observables/ipv4_spec.rb ADDED Viewed

@@ -0,0 +1,75 @@
+require 'spec_helper'
+require 'threatinator/model/observables/ipv4'
+describe Threatinator::Model::Observables::Ipv4 do
+  let(:ipv4_opts) { {} }
+  describe ":ipv4" do
+    it "is required" do
+      ipv4_opts.delete(:ipv4)
+      expect {
+        described_class.new(ipv4_opts)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+    end
+    it "must be an IP::V4 object" do
+      opts1 = ipv4_opts.dup
+      opts1[:ipv4] = '1.2.3.4'
+      expect {
+        described_class.new(opts1)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+      opts2 = ipv4_opts.dup
+      opts2[:ipv4] = IP::V4.parse('1.2.3.4')
+      expect {
+        described_class.new(opts2)
+      }.not_to raise_error
+    end
+    it "must have a 32 bit prefix" do
+      opts1 = ipv4_opts.dup
+      opts1[:ipv4] = IP::V4.parse('10.1.1.0/24')
+      expect {
+        described_class.new(opts1)
+      }.to raise_error(Threatinator::Exceptions::InvalidAttributeError)
+      opts2 = ipv4_opts.dup
+      opts2[:ipv4] = IP::V4.parse('10.1.1.0/32')
+      expect {
+        described_class.new(opts2)
+      }.not_to raise_error
+    end
+    it "sets the value of #ipv4" do
+      ipv4 = IP::V4.parse('1.2.3.4')
+      ipv4_opts[:ipv4] = ipv4
+      o = described_class.new(ipv4_opts)
+      expect(o.ipv4).to be(ipv4)
+    end
+  end
+  describe "#==(other)" do
+    it "returns true when compared to an identically configured event" do
+      opts1 = ipv4_opts.dup
+      opts1[:ipv4] = IP::V4.parse('1.2.3.4')
+      opts2 = ipv4_opts.dup
+      opts2[:ipv4] = IP::V4.parse('1.2.3.4')
+      o1 = described_class.new(opts1)
+      o2 = described_class.new(opts2)
+      expect(o1).to be == o2
+    end
+    it "returns false when compared to differently configured event" do
+      opts1 = ipv4_opts.dup
+      opts1[:ipv4] = IP::V4.parse('1.2.3.4')
+      opts2 = ipv4_opts.dup
+      opts2[:ipv4] = IP::V4.parse('8.8.8.8')
+      o1 = described_class.new(opts1)
+      o2 = described_class.new(opts2)
+      expect(o1).not_to be == o2
+    end
+  end
+end

data/spec/threatinator/model/observables/url_collection_spec.rb ADDED Viewed

@@ -0,0 +1,45 @@
+require 'spec_helper'
+require 'threatinator/model/observables/url_collection'
+require 'addressable/uri'
+describe Threatinator::Model::Observables::UrlCollection do
+  it_behaves_like "a model collection" do
+    def generate_ten_valid_members
+      ret = []
+      1.upto(10) do |i|
+        ret << ::Addressable::URI.parse("http://foobar#{i}.com")
+      end
+      ret
+    end
+    def generate_invalid_members
+      [
+        1234,
+       :foobar,
+       'http://yahoo.com',
+       ::Addressable::URI.parse('/foo/bar')
+      ]
+    end
+  end
+  let(:collection) { described_class.new }
+  describe "#valid_member?(v)" do
+    it "returns true when an absolute Addressable::URI" do
+      url = Addressable::URI.parse('http://yahoo.com')
+      expect(collection.valid_member?(url)).to eq(true)
+    end
+    it "returns false when the Addressable::URI is relative"  do
+      url = Addressable::URI.parse('/foo/bar')
+      expect(collection.valid_member?(url)).to eq(false)
+    end
+    it "returns false when not an Addressable::URI" do
+      expect(collection.valid_member?('http://yahoo.com')).to eq(false)
+      expect(collection.valid_member?(:foobar)).to eq(false)
+      expect(collection.valid_member?(nil)).to eq(false)
+    end
+  end
+end

data/spec/threatinator/model/validations/type_spec.rb ADDED Viewed

@@ -0,0 +1,37 @@
+require 'spec_helper'
+require 'threatinator/model/validations/type'
+describe Threatinator::Model::Validations::TypeValidator do
+  before :each do
+    module Examples
+      class Person
+        include ActiveModel::Validations
+        include Threatinator::Model::Validations
+        attr_accessor :name, :age
+      end
+    end
+  end
+  after :each do
+    Examples::Person.clear_validators!
+  end
+  it "validates that the value is an instance of the class specified by :type" do
+    Examples::Person.validates :name, type: String
+    person = Examples::Person.new
+    expect(person).not_to be_valid
+    person.name = :asdf
+    expect(person).not_to be_valid
+    person.name = "Mike"
+    expect(person).to be_valid
+    Examples::Person.validates :age, type: Integer
+    expect(person).not_to be_valid
+    person.age = :eight
+    expect(person).not_to be_valid
+    person.age = 8
+    expect(person).to be_valid
+  end
+end

data/spec/threatinator/parser_spec.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'spec_helper'
+require 'threatinator/parser'
+describe Threatinator::Parser do
+  let(:parser) { Threatinator::Parser.new() }
+  describe "#run" do
+    it "should raise NotImplementedError because it's not implemented" do
+      expect { |b| parser.run(double("io"), &b) }.to raise_error(NotImplementedError)
+    end
+  end
+end