github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cticlient/types_test.go

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cticlient/types_test.go (about)

     1  package cticlient
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  
     8  	"github.com/crowdsecurity/go-cs-lib/ptr"
     9  )
    10  
    11  //func (c *SmokeItem) GetAttackDetails() []string {
    12  
    13  func getSampleSmokeItem() SmokeItem {
    14  	lat := 48.8566
    15  	long := 2.3522
    16  	emptyItem := SmokeItem{
    17  		IpRangeScore: 2.0,
    18  		Ip:           "1.2.3.4",
    19  		IpRange:      ptr.Of("1.2.3.0/24"),
    20  		AsName:       ptr.Of("AS1234"),
    21  		AsNum:        ptr.Of(1234),
    22  		Location: CTILocationInfo{
    23  			Country:   ptr.Of("FR"),
    24  			City:      ptr.Of("Paris"),
    25  			Latitude:  &lat,
    26  			Longitude: &long,
    27  		},
    28  		ReverseDNS: ptr.Of("foo.bar.com"),
    29  		Behaviors: []*CTIBehavior{
    30  			{
    31  				Name:        "ssh:bruteforce",
    32  				Label:       "SSH Bruteforce",
    33  				Description: "IP has been reported for performing brute force on ssh services.",
    34  			},
    35  		},
    36  		History: CTIHistory{
    37  			FirstSeen: ptr.Of("2022-12-05T17:45:00+00:00"),
    38  			LastSeen:  ptr.Of("2022-12-06T19:15:00+00:00"),
    39  			FullAge:   3,
    40  			DaysAge:   1,
    41  		},
    42  		Classifications: CTIClassifications{
    43  			FalsePositives:  []CTIClassification{},
    44  			Classifications: []CTIClassification{},
    45  		},
    46  		AttackDetails: []*CTIAttackDetails{
    47  			{
    48  				Name:        "ssh:bruteforce",
    49  				Label:       "SSH Bruteforce",
    50  				Description: "Detect ssh brute force",
    51  				References:  []string{},
    52  			},
    53  		},
    54  		TargetCountries: map[string]int{
    55  			"HK": 71,
    56  			"GB": 14,
    57  			"US": 14,
    58  		},
    59  		BackgroundNoiseScore: ptr.Of(3),
    60  		Scores: CTIScores{
    61  			Overall: CTIScore{
    62  				Aggressiveness: 2,
    63  				Threat:         1,
    64  				Trust:          1,
    65  				Anomaly:        0,
    66  				Total:          1,
    67  			},
    68  			LastDay: CTIScore{
    69  				Aggressiveness: 2,
    70  				Threat:         1,
    71  				Trust:          1,
    72  				Anomaly:        0,
    73  				Total:          1,
    74  			},
    75  			LastWeek: CTIScore{
    76  				Aggressiveness: 2,
    77  				Threat:         1,
    78  				Trust:          1,
    79  				Anomaly:        0,
    80  				Total:          1,
    81  			},
    82  			LastMonth: CTIScore{
    83  				Aggressiveness: 2,
    84  				Threat:         1,
    85  				Trust:          1,
    86  				Anomaly:        0,
    87  				Total:          1,
    88  			},
    89  		},
    90  	}
    91  
    92  	return emptyItem
    93  }
    94  
    95  func TestBasicSmokeItem(t *testing.T) {
    96  	item := getSampleSmokeItem()
    97  	assert.Equal(t, []string{"ssh:bruteforce"}, item.GetAttackDetails())
    98  	assert.Equal(t, []string{"ssh:bruteforce"}, item.GetBehaviors())
    99  	assert.InDelta(t, 0.1, item.GetMaliciousnessScore(), 0.000001)
   100  	assert.False(t, item.IsPartOfCommunityBlocklist())
   101  	assert.Equal(t, 3, item.GetBackgroundNoiseScore())
   102  	assert.Equal(t, []string{}, item.GetFalsePositives())
   103  	assert.False(t, item.IsFalsePositive())
   104  }
   105  
   106  func TestEmptySmokeItem(t *testing.T) {
   107  	item := SmokeItem{}
   108  	assert.Equal(t, []string{}, item.GetAttackDetails())
   109  	assert.Equal(t, []string{}, item.GetBehaviors())
   110  	assert.InDelta(t, 0.0, item.GetMaliciousnessScore(), 0)
   111  	assert.False(t, item.IsPartOfCommunityBlocklist())
   112  	assert.Equal(t, 0, item.GetBackgroundNoiseScore())
   113  	assert.Equal(t, []string{}, item.GetFalsePositives())
   114  	assert.False(t, item.IsFalsePositive())
   115  }