-
Julien Richard committed with GitHub 1 year ago1 parent 4745cbb1
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
-
-
-
-
-
-
-
1 - import { describe, expect, it } from 'vitest'; 2 - import { extractObservablesFromIndicatorPattern } from '../../../src/utils/syntax'; 3 - import * as C from '../../../src/schema/stixCyberObservable'; 4 - 5 - describe.concurrent('indicator', () => { 6 - it('should observables correctly extracted', async () => { 7 - console.log('indicator'); 8 - // simpleHash 9 - const simpleHash = extractObservablesFromIndicatorPattern("[file:hashes.'SHA-256' = '4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877']"); 10 - expect(simpleHash.length).toEqual(1); 11 - expect(simpleHash[0].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 12 - expect(simpleHash[0].hashes['SHA-256']).toEqual('4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877'); 13 - // multipleHashes 14 - const multipleHashes = extractObservablesFromIndicatorPattern("[file:hashes.'SHA-256' = 'bf07a7fbb825fc0aae7bf4a1177b2b31fcf8a3feeaf7092761e18c859ee52a9c' OR file:hashes.MD5 = 'cead3f77f6cda6ec00f57d76c9a6879f']"); 15 - expect(multipleHashes.length).toEqual(2); 16 - expect(multipleHashes[0].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 17 - expect(multipleHashes[0].hashes['SHA-256']).toEqual('bf07a7fbb825fc0aae7bf4a1177b2b31fcf8a3feeaf7092761e18c859ee52a9c'); 18 - expect(multipleHashes[1].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 19 - expect(multipleHashes[1].hashes.MD5).toEqual('cead3f77f6cda6ec00f57d76c9a6879f'); 20 - // simpleipv4 21 - const simpleipv4 = extractObservablesFromIndicatorPattern("[ipv4-addr:value = '183.89.215.254']"); 22 - expect(simpleipv4.length).toEqual(1); 23 - expect(simpleipv4[0].type).toEqual(C.ENTITY_IPV4_ADDR); 24 - expect(simpleipv4[0].value).toEqual('183.89.215.254'); 25 - // domainAndIp 26 - const domainAndIp = extractObservablesFromIndicatorPattern("[domain-name:value = '5z8.info' AND domain-name:resolves_to_refs[*].value = '198.51.100.1']"); 27 - expect(domainAndIp.length).toEqual(1); 28 - expect(domainAndIp[0].type).toEqual(C.ENTITY_DOMAIN_NAME); 29 - expect(domainAndIp[0].value).toEqual('5z8.info'); 30 - // domainAndHostname 31 - const domainAndHostname = extractObservablesFromIndicatorPattern("[domain-name:value = '5z8.info' OR domain-name:value = 'www.5z8.info']"); 32 - expect(domainAndHostname.length).toEqual(2); 33 - expect(domainAndHostname[0].type).toEqual(C.ENTITY_DOMAIN_NAME); 34 - expect(domainAndHostname[0].value).toEqual('5z8.info'); 35 - expect(domainAndHostname[1].type).toEqual(C.ENTITY_DOMAIN_NAME); 36 - expect(domainAndHostname[1].value).toEqual('www.5z8.info'); 37 - // simpleEmailAddress 38 - const simpleEmailAddress = extractObservablesFromIndicatorPattern("[email-message:sender_ref.value = '[email protected]' AND email-message:subject = 'Conference Info']"); 39 - expect(simpleEmailAddress.length).toEqual(1); 40 - expect(simpleEmailAddress[0].type).toEqual(C.ENTITY_EMAIL_MESSAGE); 41 - expect(simpleEmailAddress[0].subject).toEqual('Conference Info'); 42 - // simpleUrl 43 - const simpleUrl = extractObservablesFromIndicatorPattern("[url:value = 'http://localhost.com']"); 44 - expect(simpleUrl.length).toEqual(1); 45 - expect(simpleUrl[0].type).toEqual(C.ENTITY_URL); 46 - expect(simpleUrl[0].value).toEqual('http://localhost.com'); 47 - // Unknown type 48 - const unknown = extractObservablesFromIndicatorPattern("[x-company-type:value = 'http://localhost.com']"); 49 - expect(unknown.length).toEqual(0); 50 - }); 51 - }); 52 - -
1 + import { describe, expect, it } from 'vitest'; 2 + import { extractObservablesFromIndicatorPattern } from '../../../src/utils/syntax'; 3 + import * as C from '../../../src/schema/stixCyberObservable'; 4 + import { computeValidTTL, computeValidPeriod, DEFAULT_INDICATOR_TTL } from '../../../src/utils/indicator-utils'; 5 + import { ADMIN_USER, testContext } from '../../utils/testQuery'; 6 + import { MARKING_TLP_AMBER, MARKING_TLP_GREEN, MARKING_TLP_RED } from '../../../src/schema/identifier'; 7 + 8 + const DEFAULT_PARAM = { name: 'indicator', pattern_type: 'stix', pattern: 'undefined' }; 9 + 10 + describe.concurrent('indicator utils', () => { 11 + it('should observables correctly extracted', async () => { 12 + // simpleHash 13 + const simpleHash = extractObservablesFromIndicatorPattern('[file:hashes.\'SHA-256\' = \'4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877\']'); 14 + expect(simpleHash.length).toEqual(1); 15 + expect(simpleHash[0].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 16 + expect(simpleHash[0].hashes['SHA-256']).toEqual('4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877'); 17 + // multipleHashes 18 + const multipleHashes = extractObservablesFromIndicatorPattern('[file:hashes.\'SHA-256\' = \'bf07a7fbb825fc0aae7bf4a1177b2b31fcf8a3feeaf7092761e18c859ee52a9c\' OR file:hashes.MD5 = \'cead3f77f6cda6ec00f57d76c9a6879f\']'); 19 + expect(multipleHashes.length).toEqual(2); 20 + expect(multipleHashes[0].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 21 + expect(multipleHashes[0].hashes['SHA-256']).toEqual('bf07a7fbb825fc0aae7bf4a1177b2b31fcf8a3feeaf7092761e18c859ee52a9c'); 22 + expect(multipleHashes[1].type).toEqual(C.ENTITY_HASHED_OBSERVABLE_STIX_FILE); 23 + expect(multipleHashes[1].hashes.MD5).toEqual('cead3f77f6cda6ec00f57d76c9a6879f'); 24 + // simpleipv4 25 + const simpleipv4 = extractObservablesFromIndicatorPattern('[ipv4-addr:value = \'183.89.215.254\']'); 26 + expect(simpleipv4.length).toEqual(1); 27 + expect(simpleipv4[0].type).toEqual(C.ENTITY_IPV4_ADDR); 28 + expect(simpleipv4[0].value).toEqual('183.89.215.254'); 29 + // domainAndIp 30 + const domainAndIp = extractObservablesFromIndicatorPattern('[domain-name:value = \'5z8.info\' AND domain-name:resolves_to_refs[*].value = \'198.51.100.1\']'); 31 + expect(domainAndIp.length).toEqual(1); 32 + expect(domainAndIp[0].type).toEqual(C.ENTITY_DOMAIN_NAME); 33 + expect(domainAndIp[0].value).toEqual('5z8.info'); 34 + // domainAndHostname 35 + const domainAndHostname = extractObservablesFromIndicatorPattern('[domain-name:value = \'5z8.info\' OR domain-name:value = \'www.5z8.info\']'); 36 + expect(domainAndHostname.length).toEqual(2); 37 + expect(domainAndHostname[0].type).toEqual(C.ENTITY_DOMAIN_NAME); 38 + expect(domainAndHostname[0].value).toEqual('5z8.info'); 39 + expect(domainAndHostname[1].type).toEqual(C.ENTITY_DOMAIN_NAME); 40 + expect(domainAndHostname[1].value).toEqual('www.5z8.info'); 41 + // simpleEmailAddress 42 + const simpleEmailAddress = extractObservablesFromIndicatorPattern('[email-message:sender_ref.value = \'[email protected]\' AND email-message:subject = \'Conference Info\']'); 43 + expect(simpleEmailAddress.length).toEqual(1); 44 + expect(simpleEmailAddress[0].type).toEqual(C.ENTITY_EMAIL_MESSAGE); 45 + expect(simpleEmailAddress[0].subject).toEqual('Conference Info'); 46 + // simpleUrl 47 + const simpleUrl = extractObservablesFromIndicatorPattern('[url:value = \'http://localhost.com\']'); 48 + expect(simpleUrl.length).toEqual(1); 49 + expect(simpleUrl[0].type).toEqual(C.ENTITY_URL); 50 + expect(simpleUrl[0].value).toEqual('http://localhost.com'); 51 + // Unknown type 52 + const unknown = extractObservablesFromIndicatorPattern('[x-company-type:value = \'http://localhost.com\']'); 53 + expect(unknown.length).toEqual(0); 54 + }); 55 + it('should valid_from default', async () => { 56 + const { validFrom } = await computeValidPeriod(testContext, ADMIN_USER, { ...DEFAULT_PARAM }); 57 + expect(validFrom).toBeDefined(); 58 + }); 59 + it('should valid_from created', async () => { 60 + const { validFrom, validUntil } = await computeValidPeriod(testContext, ADMIN_USER, { 61 + ...DEFAULT_PARAM, 62 + created: '2023-01-21T17:57:09.266Z' 63 + }); 64 + expect(validFrom).toBe('2023-01-21T17:57:09.266Z'); 65 + expect(validUntil).toBe('2024-01-21T17:57:09.266Z'); 66 + }); 67 + it('should valid_from itself', async () => { 68 + const { validFrom, validUntil } = await computeValidPeriod(testContext, ADMIN_USER, { 69 + ...DEFAULT_PARAM, 70 + valid_from: '2023-02-21T17:57:09.266Z', 71 + created: '2023-01-21T17:57:09.266Z' 72 + }); 73 + expect(validFrom).toBe('2023-02-21T17:57:09.266Z'); 74 + expect(validUntil).toBe('2024-02-21T17:57:09.266Z'); 75 + }); 76 + it('should ttl default', async () => { 77 + let ttl = await computeValidTTL(testContext, ADMIN_USER, { ...DEFAULT_PARAM }); 78 + expect(ttl).toBe(DEFAULT_INDICATOR_TTL); 79 + ttl = await computeValidTTL(testContext, ADMIN_USER, { ...DEFAULT_PARAM, objectMarking: [] }); 80 + expect(ttl).toBe(DEFAULT_INDICATOR_TTL); 81 + ttl = await computeValidTTL(testContext, ADMIN_USER, { 82 + ...DEFAULT_PARAM, 83 + x_opencti_main_observable_type: 'wrong' 84 + }); 85 + expect(ttl).toBe(DEFAULT_INDICATOR_TTL); 86 + ttl = await computeValidTTL(testContext, ADMIN_USER, { ...DEFAULT_PARAM, objectMarking: ['invalid'] }); 87 + expect(ttl).toBe(DEFAULT_INDICATOR_TTL); 88 + }); 89 + it('should ttl File', async () => { 90 + const ttl = await computeValidTTL(testContext, ADMIN_USER, { 91 + ...DEFAULT_PARAM, 92 + x_opencti_main_observable_type: 'File', 93 + objectMarking: [MARKING_TLP_GREEN], 94 + }); 95 + expect(ttl).toBe(365); 96 + }); 97 + it('should ttl Url', async () => { 98 + const ttl = await computeValidTTL(testContext, ADMIN_USER, { 99 + ...DEFAULT_PARAM, 100 + x_opencti_main_observable_type: 'Url', 101 + objectMarking: [MARKING_TLP_AMBER], 102 + }); 103 + expect(ttl).toBe(180); 104 + }); 105 + it('should ttl Url ordered', async () => { 106 + const ttl = await computeValidTTL(testContext, ADMIN_USER, { 107 + ...DEFAULT_PARAM, 108 + x_opencti_main_observable_type: 'Url', 109 + objectMarking: [MARKING_TLP_GREEN, MARKING_TLP_RED], 110 + }); 111 + expect(ttl).toBe(180); 112 + }); 113 + it('should ttl IPv6', async () => { 114 + const ttl = await computeValidTTL(testContext, ADMIN_USER, { 115 + ...DEFAULT_PARAM, 116 + x_opencti_main_observable_type: 'IPv6-Addr', 117 + objectMarking: [MARKING_TLP_RED], 118 + }); 119 + expect(ttl).toBe(60); 120 + }); 121 + }); 122 + -
skipped 5 lines 6 6 7 7 // region static graphql modules 8 8 import '../../src/modules/index'; 9 + import type { AuthUser } from '../../src/types/user'; 9 10 // endregion 10 11 11 12 export const SYNC_RAW_START_REMOTE_URI = conf.get('app:sync_raw_start_remote_uri'); skipped 22 lines 34 35 return `Basic ${buff.toString('base64')}`; 35 36 }; 36 37 37 - export const executeExternalQuery = async (uri, query, variables = {}) => { 38 + export const executeExternalQuery = async (uri: string, query: unknown, variables = {}) => { 38 39 const response = await axios({ 39 40 url: uri, 40 41 method: 'POST', skipped 8 lines 49 50 return data; 50 51 }; 51 52 52 - export const ADMIN_USER = { 53 + export const ADMIN_USER: AuthUser = { 53 54 id: '88ec0c6a-13ce-5e39-b486-354fe4a7084f', 55 + internal_id: '88ec0c6a-13ce-5e39-b486-354fe4a7084f', 56 + organizations: [], 54 57 name: 'admin', 55 58 user_email: '[email protected]', 56 - otp_activated: false, 57 - otp_validated: false, 58 59 roles: [{ name: ROLE_ADMINISTRATOR }], 59 60 capabilities: [{ name: BYPASS }], 60 - groups: [], 61 + all_marking: [], 62 + allowed_organizations: [], 63 + inside_platform_organization: true, 61 64 allowed_marking: [], 62 - origin: { source: 'test', user_id: '88ec0c6a-13ce-5e39-b486-354fe4a7084f' }, 65 + origin: { referer: 'test', user_id: '88ec0c6a-13ce-5e39-b486-354fe4a7084f' } 63 66 }; 64 67 65 68 export const serverFromUser = (user = ADMIN_USER) => { skipped 2 lines 68 71 introspection: true, 69 72 persistedQueries: false, 70 73 context: () => { 71 - const executeContext = executionContext('test'); 72 - executeContext.user = user; 73 - return executeContext; 74 + return executionContext('test', user); 74 75 }, 75 76 }); 76 77 }; 77 78 78 79 const adminApolloServer = serverFromUser(); 79 - export const queryAsAdmin = (request) => adminApolloServer.executeOperation(request); 80 + export const queryAsAdmin = (request: any) => adminApolloServer.executeOperation(request); 80 81