Added unittest

The test generates file and ip rules Then checks the rules file is not empty and The rules pass a simple regex validation
2024-11-06 01:05:18 +00:00 · 2017-01-27 16:31:27 +00:00 · 2017-01-27 16:31:27 +00:00 · 22dfa2d4cd
commit 22dfa2d4cd
parent 003305d62e
2 changed files with 77 additions and 0 deletions
--- a/otx-suricata/.travis.yml
+++ b/otx-suricata/.travis.yml
@ -0,0 +1,10 @@
+language: python
+python:
+  - 2.7
+  - 3.4
+
+before_script:
+ - chmod +x test_rules.py
+
+# command to run tests
+script: python test_client.py
--- a/otx-suricata/test_rules.py
+++ b/otx-suricata/test_rules.py
@ -0,0 +1,67 @@
+import unittest
+import datetime
+import os
+import pprint
+import string
+import re
+
+from OTXv2 import OTXv2, InvalidAPIKey, BadRequest
+from suricata import SuricataClient
+import IndicatorTypes
+
+ALIEN_API_APIKEY = os.getenv('X_OTX_API_KEY', "mysecretkey")
+STRP_TIME_FORMAT = '%Y-%m-%dT%H:%M:%S.%f'
+# Rule regex autogenerated by http://regex.inginf.units.it/
+FILE_RULE_REGEX = "^alert[^;]+[^\)]+\)$"
+# Overly complex rules? Credit http://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
+IPV4_RULE_REGEX = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?),"
+IPV6_RULE_REGEX = "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))"
+
+# Class names should start with "Test"
+class TestOTXv2(unittest.TestCase):
+    """
+    Base class configure API Key to use on a per test basis.
+    """
+    def setUp(self, **kwargs):
+        provided_key = kwargs.get('api_key', '')
+        if provided_key:
+            self.api_key = provided_key
+        else:
+            self.api_key = ALIEN_API_APIKEY
+        self.suricata_client = SuricataClient(self.api_key, "./")
+
+
+# Generate some rules. Test that they're not empty, and that there is at least one rule in a valid format in there
+class TestGenerateRules(TestOTXv2):
+
+    def setUp(self, **kwargs):
+        super(TestGenerateRules, self).setUp(**{'api_key': ALIEN_API_APIKEY})
+
+    def testRuleGenerate(self):
+        self.suricata_client.generate_rules(True, True)
+
+        file_rules = []
+        with open('otx_file_rules.rules', 'r') as f:
+            file_rules = f.readlines()
+        # Check > 0 lines
+        self.assertTrue(file_rules)
+        # Check each rule matches a very lax regex
+        for rule in file_rules:
+            print "- Validating file rule [" + rule.strip() + "]"
+            self.assertTrue(re.match(FILE_RULE_REGEX, rule.strip()))
+
+
+        ip_rules = []
+        with open('reputation.list', 'r') as f:
+            ip_rules = f.readlines()
+        # Check > 0 lines
+        self.assertTrue(ip_rules)
+        # Check each rule matches a very lax regex
+        for rule in ip_rules:
+            print "- Validating IP rule [" + rule.strip() + "]"
+            self.assertTrue(re.match(IPV4_RULE_REGEX, rule.strip()) or re.match(IPV6_RULE_REGEX, rule.strip()))
+
+
+
+if __name__ == '__main__':
+    unittest.main()