def test5_missing_value_on_persisted(self):
"""Persisting elements is tested in this test case."""
description = "Test5MissingMatchPathValueDetector"
t = time.time()
match_context_fixed_dme = MatchContext(self.pid)
fixed_dme = FixedDataModelElement('s1', self.pid)
match_element_fixed_dme = fixed_dme.get_match_element("match1", match_context_fixed_dme)
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', True, self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(missing_match_path_value_detector, description)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(match_element_fixed_dme), round(t),
missing_match_path_value_detector)
self.assertTrue(missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
missing_match_path_value_detector.do_persist()
past_time = 4000
other_missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', True, self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(other_missing_match_path_value_detector, description + "2")
other_missing_match_path_value_detector.set_check_value(other_missing_match_path_value_detector.get_channel_key(
log_atom_fixed_dme)[1], self.__default_interval - past_time, match_element_fixed_dme.get_path())
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(match_element_fixed_dme), round(t) + past_time,
other_missing_match_path_value_detector)
self.assertTrue(other_missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
# skipcq: PYL-R1714
self.assertTrue((self.output_stream.getvalue() == self.__expected_string % (
datetime.fromtimestamp(t + past_time).strftime(self.datetime_format_string),
other_missing_match_path_value_detector.__class__.__name__, description + "2", 1, self.match1_s1_overdue)) or (
self.output_stream.getvalue() == self.__expected_string % (
datetime.fromtimestamp(t + past_time + 1).strftime(self.datetime_format_string),
other_missing_match_path_value_detector.__class__.__name__, description + "2", 1, self.match1_s1_overdue)))
def test4_receive_atom_missing_value(self):
"""This test case checks if missing values are reported correctly."""
description = "Test4MissingMatchPathValueDetector"
t = time.time()
match_context_fixed_dme = MatchContext(self.pid)
fixed_dme = FixedDataModelElement('s1', self.pid)
match_element_fixed_dme = fixed_dme.get_match_element("match1", match_context_fixed_dme)
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', True, self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(missing_match_path_value_detector, description)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(match_element_fixed_dme), t, missing_match_path_value_detector)
self.assertTrue(missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
past_time = 4000
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', True, missing_match_path_value_detector.default_interval - past_time,
self.__realert_interval, output_log_line=False)
self.analysis_context.register_component(missing_match_path_value_detector, description + "2")
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(match_element_fixed_dme), t + past_time,
missing_match_path_value_detector)
self.assertTrue(missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t + past_time).strftime(self.datetime_format_string),
missing_match_path_value_detector.__class__.__name__, description + "2", 1, self.match1_s1_overdue))
def test3_receive_atom_no_missing_value(self):
"""This test case checks whether the class returns wrong positives, when the time limit is not passed."""
description = "Test3MissingMatchPathValueDetector"
match_context_fixed_dme = MatchContext(self.pid)
fixed_dme = FixedDataModelElement('s1', self.pid)
match_element_fixed_dme = fixed_dme.get_match_element(
"match1", match_context_fixed_dme)
missing_match_path_value_detector = MissingMatchPathValueDetector(
self.aminer_config, match_element_fixed_dme.get_path(),
[self.stream_printer_event_handler], 'Default', True,
self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(
missing_match_path_value_detector, description)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data,
ParserMatch(match_element_fixed_dme),
time.time(),
missing_match_path_value_detector)
self.assertTrue(
missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
past_time = 3200
missing_match_path_value_detector = MissingMatchPathValueDetector(
self.aminer_config, match_element_fixed_dme.get_path(),
[self.stream_printer_event_handler], 'Default', True,
missing_match_path_value_detector.default_interval - past_time,
self.__realert_interval)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data,
ParserMatch(match_element_fixed_dme),
time.time() + past_time,
missing_match_path_value_detector)
self.assertTrue(
missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), '')
def test1_receive_atom(self):
"""This test case checks whether a missing value is created without using the auto_include_flag (should not be the case)."""
description = "Test1MissingMatchPathValueDetector"
match_context_fixed_dme = MatchContext(self.pid)
fixed_dme = FixedDataModelElement('s1', self.pid)
match_element_fixed_dme = fixed_dme.get_match_element("match1", match_context_fixed_dme)
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', False, self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(missing_match_path_value_detector, description)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(match_element_fixed_dme), 1, missing_match_path_value_detector)
self.assertTrue(missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
def test2_receive_atom_without_match_element(self):
"""This test case checks if the ReceiveAtom controls the MatchElement and responds correctly, when it is missing."""
description = "Test2MissingMatchPathValueDetector"
match_context_fixed_dme = MatchContext(self.pid)
fixed_dme = FixedDataModelElement('s1', self.pid)
match_element_fixed_dme = fixed_dme.get_match_element("match1", match_context_fixed_dme)
match_context_fixed_dme = MatchContext(self.pid)
matchElementFixedDME2 = fixed_dme.get_match_element("match2", match_context_fixed_dme)
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [match_element_fixed_dme.get_path()], [
self.stream_printer_event_handler], 'Default', False, self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(missing_match_path_value_detector, description)
log_atom_fixed_dme = LogAtom(fixed_dme.fixed_data, ParserMatch(matchElementFixedDME2), 1, missing_match_path_value_detector)
self.assertFalse(missing_match_path_value_detector.receive_atom(log_atom_fixed_dme))
def test11multiple_paths(self):
"""Test the functionality of the MissingMatchPathValueDetector with multiple paths."""
description = "Test11MissingMatchPathValueDetector"
match_context = MatchContext(self.pid + b"22")
fixed_dme = FixedDataModelElement('s1', self.pid)
decimal_integer_value_me = DecimalIntegerValueModelElement('d1', DecimalIntegerValueModelElement.SIGN_TYPE_NONE,
DecimalIntegerValueModelElement.PAD_TYPE_NONE)
seq = SequenceModelElement('model', [fixed_dme, decimal_integer_value_me])
match_element = seq.get_match_element("match", match_context)
missing_match_path_value_detector = MissingMatchPathValueDetector(self.aminer_config, [
"match/model", "match/model/s1", "match/model/d1"], [self.stream_printer_event_handler], 'Default', False,
self.__default_interval, self.__realert_interval)
self.analysis_context.register_component(missing_match_path_value_detector, description)
log_atom = LogAtom(fixed_dme.fixed_data + b"22", ParserMatch(match_element), 1, missing_match_path_value_detector)
self.assertTrue(missing_match_path_value_detector.receive_atom(log_atom))
def test12multiple_paths_data_from_file(self):
"""Test the functionality of the MissingMatchPathValueDetector with multiple paths with more data."""
description = "Test12MissingMatchPathValueDetector"
with open('unit/data/multiple_pathes_mmpvd.txt', 'rb') as f:
data = f.readlines()
host1 = FixedDataModelElement("host1", b"host1 ")
host2 = FixedDataModelElement("host2", b"host2 ")
service1 = FixedDataModelElement("service1", b"service1")
service2 = FixedDataModelElement("service2", b"service2")
seq11 = SequenceModelElement("seq11", [host1, service1])
seq12 = SequenceModelElement("seq12", [host1, service2])
seq21 = SequenceModelElement("seq21", [host2, service1])
seq22 = SequenceModelElement("seq22", [host2, service2])
first = FirstMatchModelElement("first", [seq11, seq12, seq21, seq22])
missing_match_path_value_detector11 = MissingMatchPathValueDetector(self.aminer_config, [
"match/first/seq11", "match/first/seq11/host1", "match/first/seq11/service1"], [self.stream_printer_event_handler],
'Default11', True, 480, 480)
self.analysis_context.register_component(missing_match_path_value_detector11, description+"11")
missing_match_path_value_detector12 = MissingMatchPathValueDetector(self.aminer_config, [
"match/first/seq12", "match/first/seq12/host1", "match/first/seq12/service2"], [self.stream_printer_event_handler],
'Default23', True, 480, 480)
self.analysis_context.register_component(missing_match_path_value_detector12, description+"12")
missing_match_path_value_detector21 = MissingMatchPathValueDetector(self.aminer_config, [
"match/first/seq21", "match/first/seq21/host2", "match/first/seq21/service1"], [self.stream_printer_event_handler],
'Default21', True, 480, 480)
self.analysis_context.register_component(missing_match_path_value_detector21, description+"21")
missing_match_path_value_detector22 = MissingMatchPathValueDetector(self.aminer_config, [
"match/first/seq22", "match/first/seq22/host2", "match/first/seq22/service2"], [self.stream_printer_event_handler],
'Default22', True, 480, 480)
self.analysis_context.register_component(missing_match_path_value_detector22, description+"22")
t = 0
for line in data:
split_line = line.rsplit(b" ", 2)
date = datetime.strptime(split_line[0].decode(), "%Y-%m-%d %H:%M:%S")
date = date.astimezone(timezone.utc)
t = (date - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds()
# initialize the detectors and remove the first output.
if missing_match_path_value_detector11.auto_include_flag is True:
line = b"host1 service1host1 service2host2 service1host2 service2"
match_context = MatchContext(line)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector11)
missing_match_path_value_detector11.receive_atom(log_atom)
missing_match_path_value_detector11.auto_include_flag = False
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector12)
missing_match_path_value_detector12.receive_atom(log_atom)
missing_match_path_value_detector12.auto_include_flag = False
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector21)
missing_match_path_value_detector21.receive_atom(log_atom)
missing_match_path_value_detector21.auto_include_flag = False
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector22)
missing_match_path_value_detector22.receive_atom(log_atom)
missing_match_path_value_detector22.auto_include_flag = False
self.reset_output_stream()
line = split_line[1] + b" " + split_line[2]
match_context = MatchContext(line)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector11)
res = missing_match_path_value_detector11.receive_atom(log_atom)
if match_element.get_path() == "match/first/seq11":
self.assertTrue(res)
res = missing_match_path_value_detector12.receive_atom(log_atom)
if match_element.get_path() == "match/first/seq12":
self.assertTrue(res)
res = missing_match_path_value_detector21.receive_atom(log_atom)
if match_element.get_path() == "match/first/seq21":
self.assertTrue(res)
res = missing_match_path_value_detector22.receive_atom(log_atom)
if match_element.get_path() == "match/first/seq22":
self.assertTrue(res)
# need to produce a valid match to trigger missing match paths.
line = b"host1 service1host1 service2host2 service1host2 service2"
match_context = MatchContext(line)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector11)
missing_match_path_value_detector11.receive_atom(log_atom)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector12)
missing_match_path_value_detector12.receive_atom(log_atom)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector21)
missing_match_path_value_detector21.receive_atom(log_atom)
match_element = first.get_match_element("match", match_context)
log_atom = LogAtom(line, ParserMatch(match_element), t, missing_match_path_value_detector22)
missing_match_path_value_detector22.receive_atom(log_atom)
# exactly one overdue should be found
msg = "2021-03-12 21:30:51 Interval too large between values\nMissingMatchPathValueDetector: \"Test12MissingMatchPathValue" \
"Detector11\" (1 lines)\n ['match/first/seq11', 'match/first/seq11/host1', 'match/first/seq11/service1']: \"['host1 " \
"service1', 'host1 ', 'service1']\" overdue 12.0s (interval 480)\n\n"
self.assertEqual(msg, self.output_stream.getvalue())