103 lines
3.4 KiB
Go
103 lines
3.4 KiB
Go
package checker
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
func newPulsediveServer(t *testing.T, status int, body string) (string, func()) {
|
|
t.Helper()
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.URL.Query().Get("key") == "" {
|
|
t.Errorf("missing key query parameter")
|
|
}
|
|
w.WriteHeader(status)
|
|
_, _ = w.Write([]byte(body))
|
|
}))
|
|
return srv.URL + "/info.php", srv.Close
|
|
}
|
|
|
|
func TestPulsediveSource_NoKey(t *testing.T) {
|
|
s := &pulsediveSource{endpoint: pulsediveEndpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{})[0]
|
|
if r.Enabled {
|
|
t.Errorf("expected disabled without API key, got %+v", r)
|
|
}
|
|
}
|
|
|
|
func TestPulsediveSource_Listed_High(t *testing.T) {
|
|
body := `{"risk":"high","threats":[{"name":"Emotet","category":"malware","risk":"high"}]}`
|
|
endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
|
|
defer stop()
|
|
|
|
s := &pulsediveSource{endpoint: endpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
|
|
if r.Error != "" {
|
|
t.Fatalf("unexpected error: %s", r.Error)
|
|
}
|
|
if len(r.Evidence) != 1 {
|
|
t.Fatalf("expected 1 evidence, got %d", len(r.Evidence))
|
|
}
|
|
if listed, severity := s.Evaluate(r); !listed || severity != SeverityCrit {
|
|
t.Errorf("expected (true, crit), got (%v, %q)", listed, severity)
|
|
}
|
|
}
|
|
|
|
func TestPulsediveSource_Listed_Medium(t *testing.T) {
|
|
body := `{"risk":"medium","threats":[{"name":"SomeSpam","category":"spam","risk":"medium"}]}`
|
|
endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
|
|
defer stop()
|
|
|
|
s := &pulsediveSource{endpoint: endpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
|
|
if listed, severity := s.Evaluate(r); !listed || severity != SeverityWarn {
|
|
t.Errorf("expected (true, warn), got (%v, %q)", listed, severity)
|
|
}
|
|
}
|
|
|
|
func TestPulsediveSource_NotFound(t *testing.T) {
|
|
endpoint, stop := newPulsediveServer(t, http.StatusOK, `{"error":"Indicator not found."}`)
|
|
defer stop()
|
|
|
|
s := &pulsediveSource{endpoint: endpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
|
|
if r.Error != "" {
|
|
t.Errorf("not-found should be quiet, got error: %s", r.Error)
|
|
}
|
|
if len(r.Evidence) != 0 {
|
|
t.Errorf("expected no evidence, got %d", len(r.Evidence))
|
|
}
|
|
if listed, _ := s.Evaluate(r); listed {
|
|
t.Errorf("expected not listed for not-found domain")
|
|
}
|
|
}
|
|
|
|
func TestPulsediveSource_Clean(t *testing.T) {
|
|
body := `{"risk":"none","threats":[]}`
|
|
endpoint, stop := newPulsediveServer(t, http.StatusOK, body)
|
|
defer stop()
|
|
|
|
s := &pulsediveSource{endpoint: endpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
|
|
if len(r.Evidence) != 0 {
|
|
t.Errorf("expected no evidence for clean domain, got %d", len(r.Evidence))
|
|
}
|
|
if listed, _ := s.Evaluate(r); listed {
|
|
t.Errorf("expected not listed for clean domain")
|
|
}
|
|
}
|
|
|
|
func TestPulsediveSource_HTTPError(t *testing.T) {
|
|
endpoint, stop := newPulsediveServer(t, http.StatusInternalServerError, `internal error`)
|
|
defer stop()
|
|
|
|
s := &pulsediveSource{endpoint: endpoint}
|
|
r := s.Query(context.Background(), "example.com", "example.com", sdk.CheckerOptions{"pulsedive_api_key": "k"})[0]
|
|
if r.Error == "" {
|
|
t.Errorf("expected error on HTTP 500, got clean result")
|
|
}
|
|
}
|