public function testReader() { $xml = file_get_contents(__DIR__ . '/iodef.xml'); $XMLDoc = new Marknl\Iodef\Reader($xml); $iodef_read = $XMLDoc->parse(); // The value for the 'action' attribute is expected to be 'investigate'. $expectation_attributes = $iodef_read['value']->Incident[0]->EventData[0]->Expectation[0]->getAttributes(); $this->assertEquals('investigate', $expectation_attributes['action']); // This object has required attributes $this->assertObjectHasAttribute('attributes', $iodef_read['value']->Incident[0]); // IncidentID should have this value. $this->assertEquals(908711, $iodef_read['value']->Incident[0]->IncidentID->value); // There should be 2 reference entries. $this->assertCount(2, $iodef_read['value']->Incident[0]->Method[0]->Reference); // This object MUST have a value. $this->assertObjectHasAttribute('value', $iodef_read['value']->Incident[0]->ReportTime); $iodef_write = new Marknl\Iodef\Writer(); $iodef_write->write([['name' => 'IODEF-Document', 'attributes' => $iodef_read['value']->getAttributes(), 'value' => $iodef_read['value']]]); $expected = new DOMDocument(); $expected->loadXML(file_get_contents(__DIR__ . '/iodef.xml')); $actual = new DOMDocument(); $actual->loadXML($iodef_write->outputMemory()); $this->assertEqualXMLStructure($expected->firstChild, $actual->firstChild, true); }
public function testWriter() { $Document = new Marknl\Iodef\Elements\IODEFDocument(); $Incident = new Marknl\Iodef\Elements\Incident(); $Incident->setAttributes(['purpose' => 'mitigation']); $IncidentID = new Marknl\Iodef\Elements\IncidentID(); $IncidentID->setAttributes(['name' => 'csirt.example.com']); $IncidentID->value('908711'); $Incident->addChild($IncidentID); $ReportTime = new Marknl\Iodef\Elements\ReportTime(); $ReportTime->value('2006-06-08T05:44:53-05:00'); $Incident->addChild($ReportTime); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('Large bot-net'); $Incident->addChild($Description); $Assessment = new Marknl\Iodef\Elements\Assessment(); $Impact = new Marknl\Iodef\Elements\Impact(); $Impact->setAttributes(['type' => 'dos', 'severity' => 'high', 'completion' => 'succeeded']); $Assessment->addChild($Impact); $Incident->addChild($Assessment); $Method = new Marknl\Iodef\Elements\Method(); $Reference = new Marknl\Iodef\Elements\Reference(); $ReferenceName = new Marknl\Iodef\Elements\ReferenceName(); $ReferenceName->value('GT Bot'); $Reference->addChild($ReferenceName); $Method->addChild($Reference); $Reference = new Marknl\Iodef\Elements\Reference(); $ReferenceName = new Marknl\Iodef\Elements\ReferenceName(); $ReferenceName->value('CA-2003-22'); $Reference->addChild($ReferenceName); $URL = new Marknl\Iodef\Elements\URL(); $URL->value('http://www.cert.org/advisories/CA-2003-22.html'); $Reference->addChild($URL); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('Root compromise via this IE vulnerability to install the GT Bot'); $Reference->addChild($Description); $Method->addChild($Reference); $Incident->addChild($Method); $Contact = new Marknl\Iodef\Elements\Contact(); $Contact->setAttributes(['role' => 'irt', 'type' => 'person']); $ContactName = new Marknl\Iodef\Elements\ContactName(); $ContactName->value('Joe Smith'); $Contact->addChild($ContactName); $Email = new Marknl\Iodef\Elements\Email(); $Email->value('*****@*****.**'); $Contact->addChild($Email); $Incident->addChild($Contact); $EventData = new Marknl\Iodef\Elements\EventData(); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('These hosts are compromised and acting as bots communicating with irc.example.com.'); $EventData->addChild($Description); $Flow = new Marknl\Iodef\Elements\Flow(); $System = new Marknl\Iodef\Elements\System(); $System->setAttributes(['category' => 'source']); $Node = new Marknl\Iodef\Elements\Node(); $Address = new Marknl\Iodef\Elements\Address(); $Address->setAttributes(['category' => 'ipv4-addr']); $Address->value('192.0.2.3'); $Node->addChild($Address); $System->addChild($Node); $Counter = new Marknl\Iodef\Elements\Counter(); $Counter->setAttributes(['type' => 'byte', 'duration' => 'second']); $Counter->value(250000); $System->addChild($Counter); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('Sample description for this contact.'); $System->addChild($Description); $Flow->addChild($System); $EventData->addChild($Flow); $Flow = new Marknl\Iodef\Elements\Flow(); $System = new Marknl\Iodef\Elements\System(); $System->setAttributes(['category' => 'intermediate']); $Node = new Marknl\Iodef\Elements\Node(); $NodeName = new Marknl\Iodef\Elements\NodeName(); $NodeName->value('irc.example.com'); $Node->addChild($NodeName); $Address = new Marknl\Iodef\Elements\Address(); $Address->setAttributes(['category' => 'ipv4-addr']); $Address->value('192.0.2.20'); $Node->addChild($Address); $DateTime = new Marknl\Iodef\Elements\DateTime(); $DateTime->value('2006-06-08T01:01:03-05:00'); $Node->addChild($DateTime); $System->addChild($Node); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('IRC server on #give-me-cmd channel'); $System->addChild($Description); $Flow->addChild($System); $EventData->addChild($Flow); $Expectation = new Marknl\Iodef\Elements\Expectation(); $Expectation->setAttributes(['action' => 'investigate']); $Description = new Marknl\Iodef\Elements\Description(); $Description->value('Confirm the source and take machines off-line and remediate'); $Expectation->addChild($Description); $EventData->addChild($Expectation); $Incident->addChild($EventData); $Document->addChild($Incident); $iodef = new Marknl\Iodef\Writer(); $iodef->write([['name' => 'IODEF-Document', 'attributes' => $Document->getAttributes(), 'value' => $Document]]); $expected = new DOMDocument(); $expected->loadXML(file_get_contents(__DIR__ . '/iodef.xml')); $actual = new DOMDocument(); $actual->loadXML($iodef->outputMemory()); $this->assertEqualXMLStructure($expected->firstChild, $actual->firstChild, true); }