diff --git a/src/test/fixtures/test_event_xuserorguuid-attribute_blocked_sharing_group.json b/src/test/fixtures/test_event_xuserorguuid-attribute_blocked_sharing_group.json new file mode 100644 index 0000000..354061b --- /dev/null +++ b/src/test/fixtures/test_event_xuserorguuid-attribute_blocked_sharing_group.json @@ -0,0 +1,100 @@ +{ + "Event": { + "id": "1", + "orgc_id": "1", + "org_id": "1", + "date": "2022-08-31", + "threat_level_id": "1", + "info": "blocked event with X-UserOrgUUID sharing group mismatch", + "published": false, + "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", + "attribute_count": "4", + "analysis": "0", + "timestamp": "1661956788", + "distribution": "2", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1661956380", + "sharing_group_id": "0", + "disable_correlation": false, + "extends_uuid": "", + "protected": null, + "event_creator_email": "admin@admin.test", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "local": true + }, + "Attribute": [ + { + "id": "1", + "type": "ip-src", + "category": "Network activity", + "to_ids": false, + "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", + "event_id": "1", + "distribution": "4", + "timestamp": "1661956302", + "comment": "", + "sharing_group_id": "1", + "deleted": false, + "disable_correlation": false, + "object_id": "0", + "object_relation": null, + "first_seen": null, + "last_seen": null, + "value": "2.2.2.2", + "Galaxy": [], + "ShadowAttribute": [], + "SharingGroup": { + "id": "1", + "name": "test_sharing_group", + "releasability": "", + "description": "", + "uuid": "e5d5a2a7-d659-4022-8b59-6afa4b658fd5", + "organisation_uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "org_id": "1", + "sync_user_id": "0", + "active": true, + "created": "2022-08-31 14:41:35", + "modified": "2022-08-31 15:06:51", + "local": true, + "roaming": false, + "Organisation": { + "id": "1", + "name": "test_org", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" + }, + "SharingGroupOrg": [ + { + "id": "10", + "sharing_group_id": "1", + "org_id": "1", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "extend": true, + "Organisation": { + "id": "1", + "name": "test_org", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" + } + } + ], + "SharingGroupServer": [] + } + } + ], + "ShadowAttribute": [], + "RelatedEvent": [], + "Galaxy": [], + "Object": [], + "EventReport": [], + "CryptographicKey": [] + } +} \ No newline at end of file diff --git a/src/test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json b/src/test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json index ae18eda..4aaa20e 100644 --- a/src/test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json +++ b/src/test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json @@ -11,7 +11,7 @@ "attribute_count": "4", "analysis": "0", "timestamp": "1661956788", - "distribution": "2", + "distribution": "4", "proposal_email_lock": false, "locked": false, "publish_timestamp": "1661956380", diff --git a/src/test/fixtures/test_event_xuserorguuid-object-attribute_blocked_sharing_group.json b/src/test/fixtures/test_event_xuserorguuid-object-attribute_blocked_sharing_group.json new file mode 100644 index 0000000..5941b69 --- /dev/null +++ b/src/test/fixtures/test_event_xuserorguuid-object-attribute_blocked_sharing_group.json @@ -0,0 +1,127 @@ +{ + "Event": { + "id": "1", + "orgc_id": "1", + "org_id": "1", + "date": "2022-08-31", + "threat_level_id": "1", + "info": "blocked event with X-UserOrgUUID sharing group mismatch", + "published": false, + "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", + "attribute_count": "4", + "analysis": "0", + "timestamp": "1661956788", + "distribution": "2", + "proposal_email_lock": false, + "locked": false, + "publish_timestamp": "1661956380", + "sharing_group_id": "0", + "disable_correlation": false, + "extends_uuid": "", + "protected": null, + "event_creator_email": "admin@admin.test", + "Org": { + "id": "1", + "name": "HOST", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "local": true + }, + "Orgc": { + "id": "1", + "name": "HOST", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "local": true + }, + "Attribute": [], + "ShadowAttribute": [], + "RelatedEvent": [], + "Galaxy": [], + "Object": [ + { + "id": "1", + "name": "domain-ip", + "meta-category": "network", + "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", + "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", + "template_version": "10", + "event_id": "1", + "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", + "timestamp": "1661956788", + "distribution": "4", + "sharing_group_id": "1", + "comment": "", + "deleted": false, + "first_seen": null, + "last_seen": null, + "ObjectReference": [], + "SharingGroup": { + "id": "1", + "name": "test_sharing_group", + "releasability": "", + "description": "", + "uuid": "e5d5a2a7-d659-4022-8b59-6afa4b658fd5", + "organisation_uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "org_id": "1", + "sync_user_id": "0", + "active": true, + "created": "2022-08-31 14:41:35", + "modified": "2022-08-31 15:06:51", + "local": true, + "roaming": false, + "Organisation": { + "id": "1", + "name": "test_org", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" + }, + "SharingGroupOrg": [ + { + "id": "10", + "sharing_group_id": "1", + "org_id": "1", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", + "extend": true, + "Organisation": { + "id": "1", + "name": "test_org", + "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" + } + } + ], + "SharingGroupServer": [] + }, + "Attribute": [ + { + "id": "1", + "type": "hostname", + "category": "Network activity", + "to_ids": true, + "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", + "event_id": "1", + "distribution": "5", + "timestamp": "1661956788", + "comment": "", + "sharing_group_id": "0", + "deleted": false, + "disable_correlation": false, + "object_id": "3", + "object_relation": "hostname", + "first_seen": null, + "last_seen": null, + "value": "example.com", + "Galaxy": [], + "ShadowAttribute": [], + "Tag": [ + { + "id": "1", + "name": "tlp:red", + "colour": "#FF0000" + } + ] + } + ] + } + ], + "EventReport": [], + "CryptographicKey": [] + } +} \ No newline at end of file diff --git a/src/test/test_misp_guard.py b/src/test/test_misp_guard.py index 2d0dd93..7836239 100644 --- a/src/test/test_misp_guard.py +++ b/src/test/test_misp_guard.py @@ -406,7 +406,15 @@ async def test_rules_push(self, scenario: dict, caplog): ), f"expected log {expected_log} not found for scenario {scenario['name']}" @pytest.mark.asyncio - async def test_pull_XUserOrgUUID_mismatch(self, caplog): + @pytest.mark.parametrize( + "scenario", + [ + "test_event_xuserorguuid-blocked_sharing_group", + "test_event_xuserorguuid-attribute_blocked_sharing_group", + "test_event_xuserorguuid-object-attribute_blocked_sharing_group", + ], + ) + async def test_pull_XUserOrgUUID_mismatch(self, scenario: str, caplog): caplog.set_level("INFO") mispguard = self.load_mispguard() @@ -418,9 +426,7 @@ async def test_pull_XUserOrgUUID_mismatch(self, caplog): headers=Headers(content_type="application/json"), ) - with open( - "test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json", "rb" - ) as f: + with open("test/fixtures/" + scenario + ".json", "rb") as f: fixture = f.read() event_view_resp = tutils.tresp(