[tests] Improved Unit and integration tests (OpenCTI-Platform#192)

Author: nor3th

requirements.txt

@@ -10,3 +10,4 @@ sseclient==0.0.27
 black==20.8b1
 python-magic==0.4.22; sys_platform == 'linux' or sys_platform == 'darwin'
 python-magic-bin==0.4.14; sys_platform == 'win32'
+pytest_randomly==3.8.0

tests/01-unit/test_stix.py

@@ -0,0 +1,31 @@
+from pycti.utils.constants import (
+    StixCyberObservableTypes,
+    IdentityTypes,
+    LocationTypes,
+    ContainerTypes,
+)
+
+
+def test_for_enum_typos():
+    # Test check for typos between enum names and values
+    enums = [StixCyberObservableTypes, LocationTypes, IdentityTypes, ContainerTypes]
+    for enum in enums:
+        for data in enum:
+            name = data.name.replace("_", "-")
+            value = data.value.upper()
+            assert name == value
+
+
+def test_for_enum_has_value_functionality():
+    # Test if the has_value function works as intended
+    assert StixCyberObservableTypes.has_value("url") is True
+    assert StixCyberObservableTypes.has_value("LRU") is False
+
+    assert LocationTypes.has_value("CITY") is True
+    assert LocationTypes.has_value("YTIC") is False
+
+    assert IdentityTypes.has_value("SECTOR") is True
+    assert IdentityTypes.has_value("RECTOS") is False
+
+    assert ContainerTypes.has_value("Note") is True
+    assert ContainerTypes.has_value("ETON") is False

tests/01-unit/test_stix_split.py

@@ -0,0 +1,104 @@
+import datetime
+from pycti.utils.opencti_stix2 import OpenCTIStix2
+import pytest
+
+
+@pytest.fixture
+def opencti_stix2(api_client):
+    return OpenCTIStix2(api_client)
+
+
+def test_unknown_type(opencti_stix2: OpenCTIStix2, caplog):
+    opencti_stix2.unknown_type({"type": "foo"})
+    for record in caplog.records:
+        assert record.levelname == "ERROR"
+    assert 'Unknown object type "foo", doing nothing...' in caplog.text
+
+
+def test_convert_markdown(opencti_stix2: OpenCTIStix2):
+    result = opencti_stix2.convert_markdown(
+        " my <code> is very </special> </code> to me"
+    )
+    assert " my ` is very </special> ` to me" == result
+
+
+def test_convert_markdown_typo(opencti_stix2: OpenCTIStix2):
+    result = opencti_stix2.convert_markdown(
+        " my <code is very </special> </code> to me"
+    )
+    assert " my <code is very </special> ` to me" == result
+
+
+def test_format_date_with_tz(opencti_stix2: OpenCTIStix2):
+    # Test all 4 format_date cases with timestamp + timezone
+    my_datetime = datetime.datetime(
+        2021, 3, 5, 13, 31, 19, 42621, tzinfo=datetime.timezone.utc
+    )
+    my_datetime_str = my_datetime.isoformat(timespec="milliseconds").replace(
+        "+00:00", "Z"
+    )
+    assert my_datetime_str == opencti_stix2.format_date(my_datetime)
+    my_date = my_datetime.date()
+    my_date_str = "2021-03-05T00:00:00.000Z"
+    assert my_date_str == opencti_stix2.format_date(my_date)
+    assert my_datetime_str == opencti_stix2.format_date(my_datetime_str)
+    assert (
+        str(
+            datetime.datetime.now(tz=datetime.timezone.utc)
+            .isoformat(timespec="seconds")
+            .replace("+00:00", "")
+        )
+        in opencti_stix2.format_date()
+    )
+    with pytest.raises(ValueError):
+        opencti_stix2.format_date("No time")
+
+    # Test all 4 format_date cases with timestamp w/o timezone
+    my_datetime = datetime.datetime(2021, 3, 5, 13, 31, 19, 42621)
+    my_datetime_str = (
+        my_datetime.replace(tzinfo=datetime.timezone.utc)
+        .isoformat(timespec="milliseconds")
+        .replace("+00:00", "Z")
+    )
+    assert my_datetime_str == opencti_stix2.format_date(my_datetime)
+    my_date = my_datetime.date()
+    my_date_str = "2021-03-05T00:00:00.000Z"
+    assert my_date_str == opencti_stix2.format_date(my_date)
+    assert my_datetime_str == opencti_stix2.format_date(my_datetime_str)
+    assert (
+        str(
+            datetime.datetime.now(tz=datetime.timezone.utc)
+            .isoformat(timespec="seconds")
+            .replace("+00:00", "")
+        )
+        in opencti_stix2.format_date()
+    )
+    with pytest.raises(ValueError):
+        opencti_stix2.format_date("No time")
+
+
+def test_filter_objects(opencti_stix2: OpenCTIStix2):
+    objects = [{"id": "123"}, {"id": "124"}, {"id": "125"}, {"id": "126"}]
+    result = opencti_stix2.filter_objects(["123", "124", "126"], objects)
+    assert len(result) == 1
+    assert "126" not in result
+
+
+def test_pick_aliases(opencti_stix2: OpenCTIStix2) -> None:
+    stix_object = {}
+    assert opencti_stix2.pick_aliases(stix_object) is None
+    stix_object["aliases"] = "alias"
+    assert opencti_stix2.pick_aliases(stix_object) == "alias"
+    stix_object["x_amitt_aliases"] = "amitt_alias"
+    assert opencti_stix2.pick_aliases(stix_object) == "amitt_alias"
+    stix_object["x_mitre_aliases"] = "mitre_alias"
+    assert opencti_stix2.pick_aliases(stix_object) == "mitre_alias"
+    stix_object["x_opencti_aliases"] = "opencti_alias"
+    assert opencti_stix2.pick_aliases(stix_object) == "opencti_alias"
+
+
+def test_import_bundle_from_file(opencti_stix2: OpenCTIStix2, caplog) -> None:
+    opencti_stix2.import_bundle_from_file("foo.txt")
+    for record in caplog.records:
+        assert record.levelname == "ERROR"
+    assert "The bundle file does not exists" in caplog.text

tests/01-unit/utils/__init__.py

@@ -0,0 +1,35 @@
+import json
+from stix.report import Report
+from pycti.utils.opencti_stix2_splitter import OpenCTIStix2Splitter
+
+
+def test_split_bundle():
+    stix_splitter = OpenCTIStix2Splitter()
+    with open("./tests/data/enterprise-attack.json") as file:
+        content = file.read()
+    bundles = stix_splitter.split_bundle(content)
+    assert len(bundles) == 7029
+    #
+    # with open("./tests/data/test.pdf", 'w') as file:
+    #     content = file.read()
+    # with pytest.raises(Exception):
+    #     stix_splitter.split_bundle(content)
+
+
+def test_crate_bundle():
+    stix_splitter = OpenCTIStix2Splitter()
+    report = Report().to_json()
+    observables = [report]
+    bundle = stix_splitter.stix2_create_bundle(
+        observables, use_json=True, event_version=None
+    )
+    for key in ["type", "id", "spec_version", "objects"]:
+        assert key in bundle
+    assert len(json.loads(bundle).keys()) == 4
+
+    bundle = stix_splitter.stix2_create_bundle(
+        observables, use_json=True, event_version=1
+    )
+    for key in ["type", "id", "spec_version", "objects", "x_opencti_event_version"]:
+        assert key in bundle
+    assert len(json.loads(bundle).keys()) == 5

tests/01-unit/utils/test_constants.py

@@ -0,0 +1,50 @@
+# coding: utf-8
+
+import json
+
+import pytest
+from dateutil.parser import parse
+from stix2 import TLP_GREEN, TLP_WHITE
+
+# Commented out since OpenCTI requires at least 100 indicators
+# for this test to work
+#
+# def test_get_100_indicators_with_pagination(api_client):
+#     # Get 100 Indicators using the pagination
+#     custom_attributes = """
+#         id
+#         revoked
+#         created
+#     """
+#
+#     final_indicators = []
+#     data = api_client.indicator.list(
+#         first=50, customAttributes=custom_attributes, withPagination=True
+#     )
+#     final_indicators = final_indicators + data["entities"]
+#
+#     assert len(final_indicators) == 50
+#
+#     after = data["pagination"]["endCursor"]
+#     data = api_client.indicator.list(
+#         first=50,
+#         after=after,
+#         customAttributes=custom_attributes,
+#         withPagination=True,
+#     )
+#     final_indicators = final_indicators + data["entities"]
+#
+#     assert len(final_indicators) == 100
+
+
+def test_indicator_stix_marshall(api_client):
+    with open("tests/data/indicator_stix.json", "r") as content_file:
+        content = content_file.read()
+
+    json_data = json.loads(content)
+
+    for indic in json_data["objects"]:
+        imported_indicator = api_client.indicator.import_from_stix2(
+            stixObject=indic, update=True
+        )
+        assert imported_indicator is not None