Add Pulsedive domain threat intelligence source

2026-05-15 21:39:43 +08:00 · 2026-05-15 21:39:43 +08:00 · c8bcac5a72
commit c8bcac5a72
parent faae2f80c5
4 changed files with 273 additions and 1 deletions
--- a/checker/pulsedive_test.go
+++ b/checker/pulsedive_test.go
@ -0,0 +1,103 @@
+package checker
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	sdk "git.happydns.org/checker-sdk-go/checker"
+)
+
+func newPulsediveServer(t *testing.T, status int, body string) (string, func()) {
+	t.Helper()
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Query().Get("key") == "" {
+			t.Errorf("missing key query parameter")
+		}
+		w.WriteHeader(status)
+		_, _ = w.Write([]byte(body))
+	}))
+	return srv.URL + "/info.php", srv.Close
+}
+
+func TestPulsediveSource_NoKey(t *testing.T) {
+	s := &pulsediveSource{endpoint: pulsediveEndpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{})[0]
+	if r.Enabled {
+		t.Errorf("expected disabled without API key, got %+v", r)
+	}
+}
+
+func TestPulsediveSource_Listed_High(t *testing.T) {
+	body := `{"risk":"high","threats":[{"name":"Emotet","category":"malware","risk":"high"}]}`
+	endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
+	defer stop()
+
+	s := &pulsediveSource{endpoint: endpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
+	if r.Error != "" {
+		t.Fatalf("unexpected error: %s", r.Error)
+	}
+	if len(r.Evidence) != 1 {
+		t.Fatalf("expected 1 evidence, got %d", len(r.Evidence))
+	}
+	if listed, severity := s.Evaluate(r); !listed || severity != SeverityCrit {
+		t.Errorf("expected (true, crit), got (%v, %q)", listed, severity)
+	}
+}
+
+func TestPulsediveSource_Listed_Medium(t *testing.T) {
+	body := `{"risk":"medium","threats":[{"name":"SomeSpam","category":"spam","risk":"medium"}]}`
+	endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
+	defer stop()
+
+	s := &pulsediveSource{endpoint: endpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
+	if listed, severity := s.Evaluate(r); !listed || severity != SeverityWarn {
+		t.Errorf("expected (true, warn), got (%v, %q)", listed, severity)
+	}
+}
+
+func TestPulsediveSource_NotFound(t *testing.T) {
+	endpoint, stop := newPulsediveServer(t, http.StatusOK, `{"error":"Indicator not found."}`)
+	defer stop()
+
+	s := &pulsediveSource{endpoint: endpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
+	if r.Error != "" {
+		t.Errorf("not-found should be quiet, got error: %s", r.Error)
+	}
+	if len(r.Evidence) != 0 {
+		t.Errorf("expected no evidence, got %d", len(r.Evidence))
+	}
+	if listed, _ := s.Evaluate(r); listed {
+		t.Errorf("expected not listed for not-found domain")
+	}
+}
+
+func TestPulsediveSource_Clean(t *testing.T) {
+	body := `{"risk":"none","threats":[]}`
+	endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
+	defer stop()
+
+	s := &pulsediveSource{endpoint: endpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
+	if len(r.Evidence) != 0 {
+		t.Errorf("expected no evidence for clean domain, got %d", len(r.Evidence))
+	}
+	if listed, _ := s.Evaluate(r); listed {
+		t.Errorf("expected not listed for clean domain")
+	}
+}
+
+func TestPulsediveSource_HTTPError(t *testing.T) {
+	endpoint, stop := newPulsediveServer(t, http.StatusInternalServerError, `internal error`)
+	defer stop()
+
+	s := &pulsediveSource{endpoint: endpoint}
+	r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
+	if r.Error == "" {
+		t.Errorf("expected error on HTTP 500, got clean result")
+	}
+}