| """Tests for Task 2 — Threat Graph Core.""" |
|
|
| import os |
| import sys |
|
|
| _PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir)) |
| if _PROJECT_ROOT not in sys.path: |
| sys.path.insert(0, _PROJECT_ROOT) |
|
|
| from server.threat_graph import ( |
| ThreatGraph, |
| HostNode, |
| ProcessNode, |
| IOCNode, |
| VulnerabilityNode, |
| AlertNode, |
| Edge, |
| ) |
|
|
|
|
| def _make_host(name="WS-001"): |
| return HostNode( |
| hostname=name, |
| subnet="corporate", |
| business_criticality="medium", |
| status="compromised", |
| ) |
|
|
|
|
| def _make_ioc(value="1.2.3.4", **kw): |
| return IOCNode(ioc_value=value, ioc_type="ip", confidence=0.9, **kw) |
|
|
|
|
| def test_add_and_retrieve_host(): |
| g = ThreatGraph() |
| g.add_host(_make_host("WS-001")) |
| assert "WS-001" in g.hosts |
|
|
|
|
| def test_add_ioc_with_enrichment(): |
| g = ThreatGraph() |
| g.add_ioc(_make_ioc("8.8.8.8", enriched=True)) |
| assert g.iocs["8.8.8.8"].enriched is True |
|
|
|
|
| def test_version_increments(): |
| g = ThreatGraph() |
| assert g.version == 0 |
| g.add_host(_make_host("WS-001")) |
| assert g.version == 1 |
| g.add_ioc(_make_ioc("1.1.1.1")) |
| assert g.version == 2 |
|
|
|
|
| def test_delta_since_zero_returns_all(): |
| g = ThreatGraph() |
| g.add_host(_make_host("WS-001")) |
| g.add_host(_make_host("WS-002")) |
| g.add_ioc(_make_ioc("1.1.1.1")) |
| delta = g.delta_since(0) |
| counts = delta["counts"] |
| assert counts.get("host", 0) == 2 |
| assert counts.get("ioc", 0) == 1 |
|
|
|
|
| def test_delta_since_version_filters(): |
| g = ThreatGraph() |
| g.add_host(_make_host("WS-001")) |
| g.add_ioc(_make_ioc("1.1.1.1")) |
| delta = g.delta_since(1) |
| counts = delta["counts"] |
| assert counts.get("host", 0) == 0 |
| assert counts.get("ioc", 0) == 1 |
|
|
|
|
| def test_evidence_confidence_zero_when_no_edges(): |
| g = ThreatGraph() |
| assert g.compute_evidence_confidence("THREAT-XYZ") == 0.0 |
|
|
|
|
| def test_evidence_confidence_partial(): |
| g = ThreatGraph() |
| g.add_host(_make_host("WS-001")) |
| g.add_edge(Edge(edge_type="part_of_chain", source_id="THREAT-1", target_id="WS-001")) |
| conf = g.compute_evidence_confidence("THREAT-1") |
| assert 0.0 < conf < 1.0 |
|
|
|
|
| def test_context_summary_under_100_words(): |
| g = ThreatGraph() |
| g.add_host(_make_host("WS-001")) |
| g.add_ioc(_make_ioc("1.1.1.1")) |
| summary = g.get_context_summary() |
| assert len(summary.split()) <= 100 |
|
|
|
|
| def test_add_vulnerability(): |
| g = ThreatGraph() |
| vuln = VulnerabilityNode( |
| cve_id="CVE-2024-0001", |
| hostname="WS-001", |
| cvss_score=9.8, |
| exploitability="active", |
| patch_available=True, |
| ) |
| g.add_vulnerability(vuln) |
| assert "WS-001:CVE-2024-0001" in g.vulnerabilities |
|
|
