m17hr1l/psyc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stage-14: pytest test suite over the worker lines

Browse Source 
38 tests covering the pure worker-line logic: Classifyline rules, Routeline
TLP/country/incident-type gates, Sealine seal/unseal round-trip, Proofline
confidence scoring, Mapline CVEResolver escalation, Trainline dataset
well-posedness (the v1/v3 input-signal bugs are now regression-guarded), and
the Scoutline feed parsers. pytest added as a dev extra.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
m17hr1l
2026-05-18 23:36:41 +02:00
parent bc61b9a3a1
commit e504b3dbcf
9 changed files with 403 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
tests/test_scout.py Normal file
View File

@@ -0,0 +1,49 @@
"""Scoutline parser tests — feed rows to normalized Case objects."""
from __future__ import annotations
from psyc.lines.scout import _feodo_record_to_case, _kev_vuln_to_case, _parse_urlhaus_csv
URLHAUS_CSV = """\
# comment line
"3846688","2026-05-14 11:01:14","http://1.2.3.4/x","online","2026-05-14","malware_download","elf,mirai","https://urlhaus.abuse.ch/url/3846688/","reporter1"
"""
def test__parse_urlhaus_csv_skips_comments_and_parses_rows():
rows = list(_parse_urlhaus_csv(URLHAUS_CSV))
assert len(rows) == 1
assert rows[0]["url"] == "http://1.2.3.4/x"
assert rows[0]["url_status"] == "online"
def test_kev_vuln_to_case():
vuln = {
"cveID": "CVE-2026-0300",
"vendorProject": "Microsoft",
"product": "Exchange",
"vulnerabilityName": "Exchange XSS",
"dateAdded": "2026-05-15",
"knownRansomwareCampaignUse": "Known",
}
case = _kev_vuln_to_case(vuln)
assert case.case_id == "PSYC-KEV-CVE-2026-0300"
assert case.observables.cves == ["CVE-2026-0300"]
assert case.source_metadata["feed"] == "cisa-kev"
assert case.source_metadata["ransomware"] == "Known"
def test_feodo_record_to_case():
record = {
"ip_address": "162.243.103.246",
"port": 8080,
"status": "online",
"malware": "Emotet",
"country": "US",
"first_seen": "2022-06-04 21:24:53",
}
case = _feodo_record_to_case(record)
assert case.observables.ips == ["162.243.103.246"]
assert case.source_metadata["feed"] == "feodo"
assert case.source_metadata["malware"] == "Emotet"
assert case.source_metadata["status"] == "online"