mirror of
https://github.com/syntrex-lab/gomcp.git
synced 2026-04-28 22:06:22 +02:00
131 lines
3.1 KiB
Go
131 lines
3.1 KiB
Go
package soc
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestThreatIntel_SampleIOCs(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
iocs := ti.ListIOCs()
|
|
if len(iocs) != 4 {
|
|
t.Fatalf("expected 4 sample IOCs, got %d", len(iocs))
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_Match(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
ioc := ti.Match("185.220.101.35")
|
|
if ioc == nil {
|
|
t.Fatal("should match known IP IOC")
|
|
}
|
|
if ioc.Severity != "HIGH" {
|
|
t.Fatalf("expected HIGH severity, got %s", ioc.Severity)
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_NoMatch(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
ioc := ti.Match("192.168.1.1")
|
|
if ioc != nil {
|
|
t.Fatal("should not match unknown IP")
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_MatchEvent(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
hits := ti.MatchEvent("evt-001", "Detected connection to evil-ai-jailbreak.com from internal host")
|
|
if len(hits) != 1 {
|
|
t.Fatalf("expected 1 hit, got %d", len(hits))
|
|
}
|
|
if hits[0].Severity != "CRITICAL" {
|
|
t.Fatalf("expected CRITICAL, got %s", hits[0].Severity)
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_AddCustomIOC(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
ti.AddIOC(IOC{
|
|
Value: "bad-prompt.ai",
|
|
Type: IOCDomain,
|
|
Severity: "HIGH",
|
|
Source: "manual",
|
|
})
|
|
ioc := ti.Match("bad-prompt.ai")
|
|
if ioc == nil {
|
|
t.Fatal("should match custom IOC")
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_Feeds(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
feeds := ti.ListFeeds()
|
|
if len(feeds) != 4 {
|
|
t.Fatalf("expected 4 feeds, got %d", len(feeds))
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_Stats(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
stats := ti.ThreatIntelStats()
|
|
if stats["total_iocs"].(int) != 4 {
|
|
t.Fatal("expected 4 IOCs")
|
|
}
|
|
}
|
|
|
|
func TestThreatIntel_HitTracking(t *testing.T) {
|
|
ti := NewThreatIntelEngine()
|
|
ti.MatchEvent("evt-001", "Connection to 185.220.101.35")
|
|
ti.MatchEvent("evt-002", "Request from 185.220.101.35")
|
|
|
|
hits := ti.RecentHits(10)
|
|
if len(hits) != 2 {
|
|
t.Fatalf("expected 2 hits, got %d", len(hits))
|
|
}
|
|
}
|
|
|
|
func TestRetention_DefaultPolicies(t *testing.T) {
|
|
rp := NewDataRetentionPolicy()
|
|
policies := rp.ListPolicies()
|
|
if len(policies) != 5 {
|
|
t.Fatalf("expected 5 default policies, got %d", len(policies))
|
|
}
|
|
}
|
|
|
|
func TestRetention_Expiration(t *testing.T) {
|
|
rp := NewDataRetentionPolicy()
|
|
old := time.Now().AddDate(0, 0, -100) // 100 days ago
|
|
fresh := time.Now().Add(-1 * time.Hour)
|
|
|
|
if !rp.IsExpired("events", old) {
|
|
t.Fatal("100-day old event should be expired (90d policy)")
|
|
}
|
|
if rp.IsExpired("events", fresh) {
|
|
t.Fatal("1-hour old event should not be expired")
|
|
}
|
|
}
|
|
|
|
func TestRetention_Enforce(t *testing.T) {
|
|
rp := NewDataRetentionPolicy()
|
|
timestamps := []time.Time{
|
|
time.Now().AddDate(0, 0, -100),
|
|
time.Now().AddDate(0, 0, -95),
|
|
time.Now().Add(-1 * time.Hour),
|
|
}
|
|
expired := rp.Enforce("events", timestamps)
|
|
if expired != 2 {
|
|
t.Fatalf("expected 2 expired, got %d", expired)
|
|
}
|
|
}
|
|
|
|
func TestRetention_CustomPolicy(t *testing.T) {
|
|
rp := NewDataRetentionPolicy()
|
|
rp.SetPolicy("custom", 7, "delete")
|
|
r, ok := rp.GetPolicy("custom")
|
|
if !ok {
|
|
t.Fatal("custom policy should exist")
|
|
}
|
|
if r.RetainDays != 7 {
|
|
t.Fatalf("expected 7 days, got %d", r.RetainDays)
|
|
}
|
|
}
|