pymisp 2.5.7__py3-none-any.whl → 2.5.7.1__py3-none-any.whl

tests/test_analyst_data.py

@@ -1,123 +0,0 @@
-#!/usr/bin/env python
-
-from __future__ import annotations
-
-import unittest
-from pymisp import (MISPAttribute, MISPEvent, MISPEventReport, MISPNote,
-                    MISPObject, MISPOpinion)
-from uuid import uuid4
-
-
-class TestAnalystData(unittest.TestCase):
-    def setUp(self) -> None:
-        self.note_dict = {
-            "uuid": uuid4(),
-            "note": "note3"
-        }
-        self.opinion_dict = {
-            "uuid": uuid4(),
-            "opinion": 75,
-            "comment": "Agree"
-        }
-
-    def test_analyst_data_on_attribute(self) -> None:
-        attribute = MISPAttribute()
-        attribute.from_dict(type='filename', value='foo.exe')
-        self._attach_analyst_data(attribute)
-
-    def test_analyst_data_on_attribute_alternative(self) -> None:
-        event = MISPEvent()
-        event.info = 'Test on Attribute'
-        event.add_attribute('domain', 'foo.bar')
-        self._attach_analyst_data(event.attributes[0])
-
-    def test_analyst_data_on_event(self) -> None:
-        event = MISPEvent()
-        event.info = 'Test Event'
-        self._attach_analyst_data(event)
-
-    def test_analyst_data_on_event_report(self) -> None:
-        event_report = MISPEventReport()
-        event_report.from_dict(name='Test Report', content='This is a report')
-        self._attach_analyst_data(event_report)
-
-    def test_analyst_data_on_event_report_alternative(self) -> None:
-        event = MISPEvent()
-        event.info = 'Test on Event Report'
-        event.add_event_report('Test Report', 'This is a report')
-        self._attach_analyst_data(event.event_reports[0])
-
-    def test_analyst_data_on_object(self) -> None:
-        misp_object = MISPObject('file')
-        misp_object.add_attribute('filename', 'foo.exe')
-        self._attach_analyst_data(misp_object)
-
-    def test_analyst_data_on_object_alternative(self) -> None:
-        event = MISPEvent()
-        event.info = 'Test on Object'
-        misp_object = MISPObject('file')
-        misp_object.add_attribute('filename', 'foo.exe')
-        event.add_object(misp_object)
-        self._attach_analyst_data(event.objects[0])
-
-    def test_analyst_data_on_object_attribute(self) -> None:
-        misp_object = MISPObject('file')
-        object_attribute = misp_object.add_attribute('filename', 'foo.exe')
-        self._attach_analyst_data(object_attribute)
-
-    def test_analyst_data_object_object_attribute_alternative(self) -> None:
-        misp_object = MISPObject('file')
-        misp_object.add_attribute('filename', 'foo.exe')
-        self._attach_analyst_data(misp_object.attributes[0])
-
-    def _attach_analyst_data(
-            self, container: MISPAttribute | MISPEvent | MISPEventReport | MISPObject) -> None:
-        object_type = container._analyst_data_object_type
-        note1 = container.add_note(note='note1')
-        opinion1 = note1.add_opinion(opinion=25, comment='Disagree')
-        opinion2 = container.add_opinion(opinion=50, comment='Neutral')
-        note2 = opinion2.add_note(note='note2')
-
-        dict_note = MISPNote()
-        dict_note.from_dict(
-            object_type=object_type, object_uuid=container.uuid, **self.note_dict
-        )
-        note3 = container.add_note(**dict_note)
-        dict_opinion = MISPOpinion()
-        dict_opinion.from_dict(
-            object_type='Note', object_uuid=note3.uuid, **self.opinion_dict
-        )
-        container.add_opinion(**dict_opinion)
-
-        self.assertEqual(len(container.notes), 3)
-        self.assertEqual(len(container.opinions), 3)
-
-        misp_note1, misp_note2, misp_note3 = container.notes
-        misp_opinion1, misp_opinion2, misp_opinion3 = container.opinions
-
-        self.assertEqual(misp_note1.object_type, object_type)
-        self.assertEqual(misp_note1.object_uuid, container.uuid)
-        self.assertEqual(misp_note1.note, 'note1')
-
-        self.assertEqual(misp_note2.object_type, 'Opinion')
-        self.assertEqual(misp_note2.object_uuid, opinion2.uuid)
-        self.assertEqual(misp_note2.note, 'note2')
-
-        self.assertEqual(misp_note3.object_type, object_type)
-        self.assertEqual(misp_note3.object_uuid, container.uuid)
-        self.assertEqual(misp_note3.note, 'note3')
-
-        self.assertEqual(misp_opinion1.object_type, 'Note')
-        self.assertEqual(misp_opinion1.object_uuid, note1.uuid)
-        self.assertEqual(misp_opinion1.opinion, 25)
-        self.assertEqual(misp_opinion1.comment, 'Disagree')
-
-        self.assertEqual(misp_opinion2.object_type, object_type)
-        self.assertEqual(misp_opinion2.object_uuid, container.uuid)
-        self.assertEqual(misp_opinion2.opinion, 50)
-        self.assertEqual(misp_opinion2.comment, 'Neutral')
-
-        self.assertEqual(misp_opinion3.object_type, 'Note')
-        self.assertEqual(misp_opinion3.object_uuid, note3.uuid)
-        self.assertEqual(misp_opinion3.opinion, 75)
-        self.assertEqual(misp_opinion3.comment, 'Agree')

tests/test_emailobject.py

@@ -1,157 +0,0 @@
-from __future__ import annotations
-
-# import json
-import unittest
-
-from email.message import EmailMessage
-from io import BytesIO
-from os import urandom
-from pathlib import Path
-from typing import TypeVar, Type
-from zipfile import ZipFile
-
-from pymisp.tools import EMailObject
-from pymisp.exceptions import PyMISPNotImplementedYet, InvalidMISPObject
-
-T = TypeVar('T', bound='TestEmailObject')
-
-
-class TestEmailObject(unittest.TestCase):
-
-    eml_1: BytesIO
-
-    @classmethod
-    def setUpClass(cls: type[T]) -> None:
-        with ZipFile(Path("tests/email_testfiles/mail_1.eml.zip"), 'r') as myzip:
-            with myzip.open('mail_1.eml', pwd=b'AVs are dumb') as myfile:
-                cls.eml_1 = BytesIO(myfile.read())
-
-    def test_mail_1(self) -> None:
-        email_object = EMailObject(pseudofile=self.eml_1)
-        self.assertEqual(self._get_values(email_object, "subject")[0], "письмо уведом-е")
-        self.assertEqual(self._get_values(email_object, "to")[0], "kinney@noth.com")
-        self.assertEqual(self._get_values(email_object, "from")[0], "suvorov.s@nalg.ru")
-        self.assertEqual(self._get_values(email_object, "from-display-name")[0], "служба ФНС Даниил Суворов")
-        self.assertEqual(len(self._get_values(email_object, "email-body")), 1)
-
-        self.assertEqual(self._get_values(email_object, "received-header-ip"),
-                         ['64.98.42.207', '2603:10b6:207:3d::31',
-                          '2a01:111:f400:7e49::205', '43.230.105.145'])
-
-        self.assertIsInstance(email_object.email, EmailMessage)
-        for file_name, file_content in email_object.attachments:
-            self.assertIsInstance(file_name, str)
-            self.assertIsInstance(file_content, BytesIO)
-
-    def test_mail_1_headers_only(self) -> None:
-        email_object = EMailObject(Path("tests/email_testfiles/mail_1_headers_only.eml"))
-        self.assertEqual(self._get_values(email_object, "subject")[0], "письмо уведом-е")
-        self.assertEqual(self._get_values(email_object, "to")[0], "kinney@noth.com")
-        self.assertEqual(self._get_values(email_object, "from")[0], "suvorov.s@nalg.ru")
-
-        self.assertEqual(len(self._get_values(email_object, "email-body")), 0)
-
-        self.assertIsInstance(email_object.email, EmailMessage)
-        self.assertEqual(len(email_object.attachments), 0)
-
-    def test_mail_multiple_to(self) -> None:
-        email_object = EMailObject(Path("tests/email_testfiles/mail_multiple_to.eml"))
-
-        to = self._get_values(email_object, "to")
-        to_display_name = self._get_values(email_object, "to-display-name")
-        self.assertEqual(to[0], "jan.novak@example.com")
-        self.assertEqual(to_display_name[0], "Novak, Jan")
-        self.assertEqual(to[1], "jan.marek@example.com")
-        self.assertEqual(to_display_name[1], "Marek, Jan")
-
-    def test_msg(self) -> None:
-        # Test result of eml converted to msg is the same
-        eml_email_object = EMailObject(pseudofile=self.eml_1)
-        email_object = EMailObject(Path("tests/email_testfiles/mail_1.msg"))
-
-        self.assertIsInstance(email_object.email, EmailMessage)
-        for file_name, file_content in email_object.attachments:
-            self.assertIsInstance(file_name, str)
-            self.assertIsInstance(file_content, BytesIO)
-
-        self.assertEqual(self._get_values(email_object, "subject")[0],
-                         self._get_values(eml_email_object, "subject")[0])
-        self.assertEqual(self._get_values(email_object, "to")[0],
-                         self._get_values(eml_email_object, "to")[0])
-        self.assertEqual(self._get_values(email_object, "from")[0],
-                         self._get_values(eml_email_object, "from")[0])
-        self.assertEqual(self._get_values(email_object, "from-display-name")[0],
-                         self._get_values(eml_email_object, "from-display-name")[0])
-        self.assertEqual(len(self._get_values(email_object, "email-body")), 2)
-
-        self.assertEqual(self._get_values(email_object, "received-header-ip"),
-                         self._get_values(eml_email_object, "received-header-ip"))
-
-    def test_bom_encoded(self) -> None:
-        """Test utf-8-sig encoded email"""
-        bom_email_object = EMailObject(Path("tests/email_testfiles/mail_1_bom.eml"))
-        eml_email_object = EMailObject(pseudofile=self.eml_1)
-
-        self.assertIsInstance(bom_email_object.email, EmailMessage)
-        for file_name, file_content in bom_email_object.attachments:
-            self.assertIsInstance(file_name, str)
-            self.assertIsInstance(file_content, BytesIO)
-
-        self.assertEqual(self._get_values(bom_email_object, "subject")[0],
-                         self._get_values(eml_email_object, "subject")[0])
-        self.assertEqual(self._get_values(bom_email_object, "to")[0],
-                         self._get_values(eml_email_object, "to")[0])
-        self.assertEqual(self._get_values(bom_email_object, "from")[0],
-                         self._get_values(eml_email_object, "from")[0])
-        self.assertEqual(self._get_values(bom_email_object, "from-display-name")[0],
-                         self._get_values(eml_email_object, "from-display-name")[0])
-        self.assertEqual(len(self._get_values(bom_email_object, "email-body")), 1)
-
-        self.assertEqual(self._get_values(bom_email_object, "received-header-ip"),
-                         self._get_values(eml_email_object, "received-header-ip"))
-
-    def test_handling_of_various_email_types(self) -> None:
-        self._does_not_fail(Path("tests/email_testfiles/mail_2.eml"),
-                            "ensuring all headers work")
-        self._does_not_fail(Path('tests/email_testfiles/mail_3.eml'),
-                            "Check for related content in emails emls")
-        self._does_not_fail(Path('tests/email_testfiles/mail_3.msg'),
-                            "Check for related content in emails msgs")
-        self._does_not_fail(Path('tests/email_testfiles/mail_4.msg'),
-                            "Check that HTML without specific encoding")
-        self._does_not_fail(Path('tests/email_testfiles/mail_5.msg'),
-                            "Check encapsulated HTML works")
-
-    def _does_not_fail(self, path: Path, test_type: str="test") -> None:
-        found_error = None
-        try:
-            EMailObject(path)
-        except Exception as _e:
-            found_error = _e
-        if found_error is not None:
-            self.fail('Error {} raised when parsing test email {} which tests against {}. It should not have raised an error.'.format(
-                type(found_error),
-                path,
-                test_type))
-
-    def test_random_binary_blob(self) -> None:
-        """Email parser fails correctly on random binary blob."""
-        random_data = urandom(1024)
-        random_blob = BytesIO(random_data)
-        found_error = None
-        try:
-            broken_obj = EMailObject(pseudofile=random_data)
-        except Exception as _e:
-            found_error = _e
-        if not isinstance(found_error, InvalidMISPObject):
-            self.fail("Expected InvalidMISPObject when EmailObject receives completely unknown binary input data. But, did not get that exception.")
-        try:
-            broken_obj = EMailObject(pseudofile=random_blob)
-        except Exception as _e:
-            found_error = _e
-        if not isinstance(found_error, InvalidMISPObject):
-            self.fail("Expected InvalidMISPObject when EmailObject receives completely unknown binary input data in a pseudofile. But, did not get that exception.")
-
-    @staticmethod
-    def _get_values(obj: EMailObject, relation: str) -> list[str]:
-        return [attr.value for attr in obj.attributes if attr['object_relation'] == relation]

tests/test_fileobject.py

@@ -1,20 +0,0 @@
-#!/usr/bin/env python
-
-from __future__ import annotations
-
-import unittest
-import json
-from pymisp.tools import FileObject
-import pathlib
-
-
-class TestFileObject(unittest.TestCase):
-    def test_mimeType(self) -> None:
-        file_object = FileObject(filepath=pathlib.Path(__file__))
-        attributes = json.loads(file_object.to_json())['Attribute']
-        mime = next(attr for attr in attributes if attr['object_relation'] == 'mimetype')
-        # was "Python script, ASCII text executable"
-        # libmagic on linux: 'text/x-python'
-        # libmagic on os x:  'text/x-script.python'
-        self.assertEqual(mime['value'][:7], 'text/x-')
-        self.assertEqual(mime['value'][-6:], 'python')