From 308547acb69f452d5a1423285d2b8c007f477fea Mon Sep 17 00:00:00 2001
From: Matthias Held <ilovemilk@wusa.io>
Date: Fri, 7 Sep 2018 17:49:46 +0200
Subject: Reduce file suspicion levels to 3

---
 tests/Unit/Analyzer/SequenceAnalyzerTest.php | 10 +++----
 tests/Unit/ClassifierTest.php                | 42 ++++++++++++++--------------
 tests/Unit/Controller/ScanControllerTest.php |  2 +-
 tests/Unit/Db/FileOperationTest.php          |  6 ++--
 4 files changed, 30 insertions(+), 30 deletions(-)

(limited to 'tests')

diff --git a/tests/Unit/Analyzer/SequenceAnalyzerTest.php b/tests/Unit/Analyzer/SequenceAnalyzerTest.php
index 892134c..595a532 100644
--- a/tests/Unit/Analyzer/SequenceAnalyzerTest.php
+++ b/tests/Unit/Analyzer/SequenceAnalyzerTest.php
@@ -62,28 +62,28 @@ class SequenceAnalyzerTest extends TestCase
         $fileOperation1->setOriginalName('test.csv');
         $fileOperation1->setSize(123000);
         $fileOperation1->setType('file');
-        $fileOperation1->setSuspicionClass(Classifier::HIGH_LEVEL_OF_SUSPICION);
+        $fileOperation1->setSuspicionClass(Classifier::SUSPICIOUS);
 
         $fileOperation2 = new FileOperation();
         $fileOperation2->setCommand(Monitor::DELETE);
         $fileOperation2->setOriginalName('test.csv');
         $fileOperation2->setSize(123000);
         $fileOperation2->setType('file');
-        $fileOperation2->setSuspicionClass(Classifier::HIGH_LEVEL_OF_SUSPICION);
+        $fileOperation2->setSuspicionClass(Classifier::SUSPICIOUS);
 
         $fileOperation3 = new FileOperation();
         $fileOperation3->setCommand(Monitor::WRITE);
         $fileOperation3->setOriginalName('test.csv');
         $fileOperation3->setSize(123000);
         $fileOperation3->setType('file');
-        $fileOperation3->setSuspicionClass(Classifier::MIDDLE_LEVEL_OF_SUSPICION);
+        $fileOperation3->setSuspicionClass(Classifier::MAYBE_SUSPICIOUS);
 
         $fileOperation4 = new FileOperation();
         $fileOperation4->setCommand(Monitor::WRITE);
         $fileOperation4->setOriginalName('test.csv');
         $fileOperation4->setSize(123000);
         $fileOperation4->setType('file');
-        $fileOperation4->setSuspicionClass(Classifier::LOW_LEVEL_OF_SUSPICION);
+        $fileOperation4->setSuspicionClass(Classifier::NOT_SUSPICIOUS);
 
         $fileOperation5 = new FileOperation();
         $fileOperation5->setCommand(Monitor::WRITE);
@@ -123,7 +123,7 @@ class SequenceAnalyzerTest extends TestCase
             ['sequence' => [$fileOperationRename], 'suspicionScore' => 0],
             ['sequence' => [$fileOperationUnknown], 'suspicionScore' => 0],
             ['sequence' => [$fileOperation3], 'suspicionScore' => 0.75],
-            ['sequence' => [$fileOperation4], 'suspicionScore' => 0.5],
+            ['sequence' => [$fileOperation4], 'suspicionScore' => 0],
             ['sequence' => [$fileOperation5], 'suspicionScore' => 0],
             ['sequence' => [$fileOperation6], 'suspicionScore' => 0],
         ];
diff --git a/tests/Unit/ClassifierTest.php b/tests/Unit/ClassifierTest.php
index 43b9dcd..aba5c87 100644
--- a/tests/Unit/ClassifierTest.php
+++ b/tests/Unit/ClassifierTest.php
@@ -59,14 +59,14 @@ class ClassifierTest extends TestCase
     public function dataClassifyFile()
     {
         return [
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
             ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
             ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
@@ -81,26 +81,26 @@ class ClassifierTest extends TestCase
             ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
             ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
             ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
             ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
             ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::SUSPICIOUS],
             ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
+            ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MAYBE_SUSPICIOUS],
             ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
             ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
diff --git a/tests/Unit/Controller/ScanControllerTest.php b/tests/Unit/Controller/ScanControllerTest.php
index 6c971c3..a8b7bf2 100644
--- a/tests/Unit/Controller/ScanControllerTest.php
+++ b/tests/Unit/Controller/ScanControllerTest.php
@@ -233,7 +233,7 @@ class ScanControllerTest extends TestCase
         $fileOperation1->setStandardDeviation(0.1);
         $fileOperation1->setFileClass(EntropyResult::NORMAL);
         $fileOperation1->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
-        $fileOperation1->setSuspicionClass(Classifier::HIGH_LEVEL_OF_SUSPICION);
+        $fileOperation1->setSuspicionClass(Classifier::SUSPICIOUS);
 
         $sequenceResult = new SequenceResult(1, 0.0, 1.1, 2.2, 4.5, []);
 
diff --git a/tests/Unit/Db/FileOperationTest.php b/tests/Unit/Db/FileOperationTest.php
index d5581cb..3befa4d 100644
--- a/tests/Unit/Db/FileOperationTest.php
+++ b/tests/Unit/Db/FileOperationTest.php
@@ -66,9 +66,9 @@ class FileOperationTest extends TestCase
             ['field' => 'fileExtensionClass', 'value' => FileExtensionResult::SUSPICIOUS],
             ['field' => 'suspicionClass', 'value' => Classifier::NO_INFORMATION],
             ['field' => 'suspicionClass', 'value' => Classifier::NOT_SUSPICIOUS],
-            ['field' => 'suspicionClass', 'value' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
-            ['field' => 'suspicionClass', 'value' => Classifier::LOW_LEVEL_OF_SUSPICION],
-            ['field' => 'suspicionClass', 'value' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+            ['field' => 'suspicionClass', 'value' => Classifier::MAYBE_SUSPICIOUS],
+            ['field' => 'suspicionClass', 'value' => Classifier::MAYBE_SUSPICIOUS],
+            ['field' => 'suspicionClass', 'value' => Classifier::SUSPICIOUS],
         ];
 
         return $data;
-- 
cgit v1.2.3