-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnote_test.go
117 lines (106 loc) · 3.7 KB
/
note_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// Copyright 2020 Joakim Kennedy. All rights reserved. Use of
// this source code is governed by the included BSD license.
package stix2
import (
"encoding/json"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
func TestNote(t *testing.T) {
assert := assert.New(t)
content := "Note content"
authors := []string{"Author 1", "Author 2"}
abstract := "Note abstract"
ip := NewIdentifier(TypeIPv4Addr)
objects := []Identifier{ip}
t.Run("missing_property", func(t *testing.T) {
obj, err := NewNote("", []Identifier{}, nil)
assert.Nil(obj)
assert.Equal(ErrPropertyMissing, err)
})
t.Run("no_optional", func(t *testing.T) {
obj, err := NewNote(content, objects, nil)
assert.NotNil(obj)
assert.NoError(err)
})
t.Run("with_options", func(t *testing.T) {
conf := 50
ts := &Timestamp{time.Now()}
createdBy := NewIdentifier(TypeIdentity)
ref := &ExternalReference{}
marking := make([]*GranularMarking, 0)
labels := []string{"tag1", "tag2"}
lang := "en"
objmark := []Identifier{Identifier("id")}
specVer := "2.0"
opts := []STIXOption{
OptionConfidence(conf),
OptionCreated(ts),
OptionModified(ts),
OptionCreatedBy(createdBy),
OptionExternalReferences([]*ExternalReference{ref}),
OptionGranularMarking(marking),
OptionLabels(labels),
OptionLang(lang),
OptionObjectMarking(objmark),
OptionRevoked(true),
OptionSpecVersion(specVer),
//
OptionAbstract(abstract),
OptionAuthors(authors),
}
obj, err := NewNote(content, objects, opts...)
assert.NotNil(obj)
assert.NoError(err)
assert.Equal(conf, obj.Confidence)
assert.Equal(ts, obj.Created)
assert.Equal(ts, obj.Modified)
assert.Equal(createdBy, obj.CreatedBy)
assert.Contains(obj.ExternalReferences, ref)
assert.Equal(marking, obj.GranularMarking)
assert.Equal(labels, obj.Labels)
assert.Equal(lang, obj.Lang)
assert.Equal(objmark, obj.ObjectMarking)
assert.True(obj.Revoked)
assert.Equal(specVer, obj.SpecVersion)
assert.Equal(abstract, obj.Abstract)
assert.Equal(authors, obj.Authors)
})
t.Run("parse_json", func(t *testing.T) {
data := []byte(`{
"type": "note",
"spec_version": "2.1",
"id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"external_references": [
{
"source_name": "job-tracker",
"external_id": "job-id-1234"
}
],
"abstract": "Tracking Team Note#1",
"content": "This note indicates the various steps taken by the threat analyst team to investigate this specific campaign. Step 1) Do a scan 2) Review scanned results for identified hosts not known by external intel….etc",
"authors": ["John Doe"],
"object_refs": ["campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"]
}`)
ts, err := time.Parse(time.RFC3339Nano, "2016-05-12T08:17:27.000Z")
assert.NoError(err)
var obj *Note
err = json.Unmarshal(data, &obj)
assert.NoError(err)
assert.Equal(Identifier("note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"), obj.ID)
assert.Equal("2.1", obj.SpecVersion)
assert.Equal(TypeNote, obj.Type)
assert.Equal(ts, obj.Created.Time)
assert.Equal(ts, obj.Modified.Time)
assert.Equal("Tracking Team Note#1", obj.Abstract)
assert.Equal("This note indicates the various steps taken by the threat analyst team to investigate this specific campaign. Step 1) Do a scan 2) Review scanned results for identified hosts not known by external intel….etc", obj.Content)
assert.Contains(obj.Authors, "John Doe")
assert.Contains(obj.Objects, Identifier("campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"))
assert.Len(obj.ExternalReferences, 1)
assert.Equal("job-tracker", obj.ExternalReferences[0].Name)
assert.Equal("job-id-1234", obj.ExternalReferences[0].ExternalID)
})
}