ja4db

Signed-off-by: pranjalg1331 <[email protected]>

Author: pranjalg1331

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/base_test_class.py

@@ -139,10 +139,17 @@ def test_analyzer_on_supported_observables(self):
         if self.analyzer_class is None:
             self.skipTest("analyzer_class is not set")
 
-        config = AnalyzerConfig.objects.get(
+        configs = AnalyzerConfig.objects.filter(
             python_module=self.analyzer_class.python_module
         )
 
+        if not configs.exists():
+            self.skipTest(
+                f"No AnalyzerConfig found for {self.analyzer_class.python_module}"
+            )
+
+        config = configs.first()
+
         for observable_type in config.observable_supported:
             if observable_type == "generic":
                 continue
@@ -179,10 +186,17 @@ def test_analyzer_error_handling(self):
         if self.analyzer_class is None:
             self.skipTest("analyzer_class is not set")
 
-        config = AnalyzerConfig.objects.get(
+        configs = AnalyzerConfig.objects.filter(
             python_module=self.analyzer_class.python_module
         )
 
+        if not configs.exists():
+            self.skipTest(
+                f"No AnalyzerConfig found for {self.analyzer_class.python_module}"
+            )
+
+        config = configs.first()
+
         # Test with invalid observable types if applicable
         invalid_observables = {
             "domain": "invalid..domain",

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_haveibeenpwned.py

@@ -0,0 +1,25 @@
+from api_app.analyzers_manager.observable_analyzers.haveibeenpwned import HaveIBeenPwned
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse, patch
+
+
+class HaveIBeenPwnedTestCase(BaseAnalyzerTest):
+    analyzer_class = HaveIBeenPwned
+
+    @classmethod
+    def get_extra_config(cls):
+        return {
+            "truncate_response": True,
+            "include_unverified": False,
+            "domain": "",
+            "_api_key_name": "dummy-key",
+        }
+
+    @staticmethod
+    def get_mocked_response():
+        return patch(
+            "requests.get",
+            return_value=MockUpResponse({}, 200),
+        )

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_honey_db.py

@@ -0,0 +1,33 @@
+from api_app.analyzers_manager.observable_analyzers.honeydb import HoneyDB
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse, patch
+
+
+class HoneyDBTestCase(BaseAnalyzerTest):
+    analyzer_class = HoneyDB
+
+    @classmethod
+    def get_extra_config(cls):
+        return {
+            "_api_key_name": "dummy-key",
+            "_api_id_name": "dummy-id",
+            "honeydb_analysis": "ip_query",
+            "headers": {
+                "X-HoneyDb-ApiKey": "dummy-key",
+                "X-HoneyDb-ApiId": "dummy-id",
+            },
+            "result": {},
+            "endpoints": [
+                "scan_twitter",
+                "ip_query",
+                "ip_history",
+                "internet_scanner",
+                "ip_info",
+            ],
+        }
+
+    @staticmethod
+    def get_mocked_response():
+        return patch("requests.get", return_value=MockUpResponse({}, 200))

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_hudsonrock.py

@@ -0,0 +1,39 @@
+from api_app.analyzers_manager.observable_analyzers.hudsonrock import HudsonRock
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse, patch
+
+
+class HudsonRockTestCase(BaseAnalyzerTest):
+    analyzer_class = HudsonRock
+
+    @classmethod
+    def get_extra_config(cls):
+        return {
+            "_api_key_name": "dummy-api-key",
+            "observable_classification": "generic",  # to test login path
+            "observable_name": "[email protected]",
+            "page": 1,
+            "sort_by": "asc",
+            "installed_software": False,
+        }
+
+    @staticmethod
+    def get_mocked_response():
+        return patch(
+            "requests.post",
+            return_value=MockUpResponse(
+                {
+                    "credentials": [
+                        {
+                            "type": "client",
+                            "domain": "disney.com",
+                            "username": "••••",
+                            "password": "••••",
+                        }
+                    ]
+                },
+                200,
+            ),
+        )

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_hunter_io.py

@@ -0,0 +1,25 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.hunter_io import Hunter_Io
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class HunterIoTestCase(BaseAnalyzerTest):
+    analyzer_class = Hunter_Io
+
+    @staticmethod
+    def get_mocked_response():
+        mock_response = {
+            "data": {
+                "domain": "example.com",
+                "emails": [{"value": "[email protected]", "type": "generic"}],
+            }
+        }
+        return patch("requests.get", return_value=MockUpResponse(mock_response, 200))
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {"_api_key_name": "dummy_api_key"}

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_hunterhow.py

@@ -0,0 +1,35 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.hunter_how import Hunter_How
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class HunterHowTestCase(BaseAnalyzerTest):
+    analyzer_class = Hunter_How
+
+    @staticmethod
+    def get_mocked_response():
+        mock_response = {
+            "list": [
+                {
+                    "ip": "8.8.8.8",
+                    "domain": "example.com",
+                    "timestamp": "2024-01-01T00:00:00Z",
+                }
+            ]
+        }
+        return patch("requests.get", return_value=MockUpResponse(mock_response, 200))
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {
+            "_api_key_name": "dummy_api_key",
+            "page": 1,
+            "page_size": 20,
+            "start_time": "2024-01-01T00:00:00Z",
+            "end_time": "2024-12-31T23:59:59Z",
+            "parameters": {},
+        }

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_inquest.py

@@ -0,0 +1,24 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.inquest import InQuest
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class InQuestTestCase(BaseAnalyzerTest):
+    analyzer_class = InQuest
+
+    @staticmethod
+    def get_mocked_response():
+        mock_response = {"result": "ok", "data": ["some IOC result"]}
+        return patch("requests.get", return_value=MockUpResponse(mock_response, 200))
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {
+            "inquest_analysis": "dfi_search",
+            "_api_key_name": "Bearer dummy_api_key",
+            "generic_identifier_mode": "user-defined",
+        }

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_intelx.py

@@ -0,0 +1,35 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.intelx import IntelX
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class IntelXTestCase(BaseAnalyzerTest):
+    analyzer_class = IntelX
+
+    @staticmethod
+    def get_mocked_response():
+        return [
+            patch("requests.Session.post", return_value=MockUpResponse({"id": 1}, 200)),
+            patch(
+                "requests.Session.get",
+                return_value=MockUpResponse({"selectors": []}, 200),
+            ),
+        ]
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {
+            "_api_key_name": "dummy_api_key",
+            "query_type": "phonebook",  # or "intelligent"
+            "rows_limit": 10,
+            "max_tries": 3,
+            "poll_distance": 1,
+            "timeout": 5,
+            "datefrom": "2024-01-01",
+            "dateto": "2024-12-31",
+            "search_url": "",
+        }

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_ip2location.py

@@ -0,0 +1,34 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.ip2location import Ip2location
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class Ip2locationTestCase(BaseAnalyzerTest):
+    analyzer_class = Ip2location
+
+    @staticmethod
+    def get_mocked_response():
+        mock_response = {
+            "ip": "8.8.8.8",
+            "country_code": "US",
+            "country_name": "United States of America",
+            "region_name": "California",
+            "city_name": "Mountain View",
+            "latitude": 37.405992,
+            "longitude": -122.078515,
+            "zip_code": "94043",
+            "time_zone": "-07:00",
+            "asn": "15169",
+            "as": "Google LLC",
+            "is_proxy": False,
+        }
+
+        return patch("requests.get", return_value=MockUpResponse(mock_response, 200))
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {"_api_key_name": "dummy_key", "api_version": "keyed"}

tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_ip2whois.py

@@ -0,0 +1,37 @@
+from unittest.mock import patch
+
+from api_app.analyzers_manager.observable_analyzers.ip2whois import Ip2whois
+from tests.api_app.analyzers_manager.unit_tests.observable_analyzers.base_test_class import (
+    BaseAnalyzerTest,
+)
+from tests.mock_utils import MockUpResponse
+
+
+class Ip2whoisTestCase(BaseAnalyzerTest):
+    analyzer_class = Ip2whois
+
+    @staticmethod
+    def get_mocked_response():
+        mock_response = {
+            "domain": "msn.com",
+            "domain_id": "4569290_DOMAIN_COM-VRSN",
+            "status": "client delete prohibited",
+            "create_date": "1994-11-10T05:00:00Z",
+            "update_date": "2023-05-03T11:39:17Z",
+            "expire_date": "2024-06-04T16:44:29Z",
+            "domain_age": 10766,
+            "whois_server": "",
+            "registrar": {"iana_id": "292", "name": "MarkMonitor Inc.", "url": ""},
+            "nameservers": [
+                "dns1.p09.nsone.net",
+                "ns1-204.azure-dns.com",
+                "ns2-204.azure-dns.net",
+                "ns3-204.azure-dns.org",
+                "ns4-204.azure-dns.info",
+            ],
+        }
+        return patch("requests.get", return_value=MockUpResponse(mock_response, 200))
+
+    @classmethod
+    def get_extra_config(cls) -> dict:
+        return {"_api_key_name": "dummy_api_key"}