def test_exists(testcases):
spec = utils.exists(".1.2.3")
_validate_detect_spec(spec)
assert len(spec) == 1
assert len(spec[0]) == 1
expr = spec[0][0][1]
test, result = testcases
assert result is bool(re.match(expr, test))
def _ast_convert_unary(unop_ast: ast.UnaryOp) -> SNMPDetectSpecification:
if isinstance(unop_ast.op, ast.Not):
operand = _ast_convert_dispatcher(unop_ast.operand)
_validate_detect_spec(operand)
# We can only negate atomic specs, for now
if len(operand) == 1 and len(operand[0]) == 1:
oidstr, pattern, result = operand[0][0]
return SNMPDetectSpecification([[(oidstr, pattern, not result)]])
raise NotImplementedError("cannot negate operand")
raise ValueError(ast.dump(unop_ast))
def _test_atomic_relation(relation_name, value, testcases):
spec = getattr(utils, relation_name)(".1.2.3", value)
_validate_detect_spec(spec)
assert len(spec) == 1
assert len(spec[0]) == 1
expr = spec[0][0][1]
inv_spec = getattr(utils, "not_%s" % relation_name)(".1.2.3", value)
_validate_detect_spec(inv_spec)
assert len(inv_spec) == 1
assert len(inv_spec[0]) == 1
assert inv_spec[0][0] == (spec[0][0][0], spec[0][0][1], not spec[0][0][2])
for test, result in testcases:
assert result is bool(re.fullmatch(expr, test))
def test_any_of():
spec1 = SNMPDetectSpecification([[(".1", "1?", True)]])
spec2 = SNMPDetectSpecification([[(".2", "2?", True)]])
spec3 = SNMPDetectSpecification([[(".3", "3?", True)]])
spec123 = utils.any_of(spec1, spec2, spec3)
_validate_detect_spec(spec123)
assert spec123 == [
[(".1", "1?", True)],
[(".2", "2?", True)],
[(".3", "3?", True)],
]
spec12 = utils.any_of(spec1, spec2)
assert spec123 == utils.any_of(spec12, spec3)
def test_any_of():
spec1 = [[(".1", "1?", True)]]
spec2 = [[(".2", "2?", True)]]
spec3 = [[(".3", "3?", True)]]
spec123 = utils.any_of(spec1, spec2, spec3)
_validate_detect_spec(spec123)
assert spec123 == [
[(".1", "1?", True)],
[(".2", "2?", True)],
[(".3", "3?", True)],
]
spec12 = utils.any_of(spec1, spec2)
assert spec123 == utils.any_of(spec12, spec3)
def test_any_of_all_of():
spec1 = SNMPDetectSpecification([[(".1", "1?", True)]])
spec2 = SNMPDetectSpecification([[(".2", "2?", True)]])
spec3 = SNMPDetectSpecification([[(".3", "3?", True)]])
spec4 = SNMPDetectSpecification([[(".4", "4?", True)]])
spec12 = utils.all_of(spec1, spec2)
spec34 = utils.all_of(spec3, spec4)
_validate_detect_spec(spec12)
_validate_detect_spec(spec34)
spec1234 = utils.any_of(spec12, spec34)
_validate_detect_spec(spec1234)
assert spec1234 == SNMPDetectSpecification([
[(".1", "1?", True), (".2", "2?", True)],
[(".3", "3?", True), (".4", "4?", True)],
])
def test_any_of_all_of():
spec1 = [[(".1", "1?", True)]]
spec2 = [[(".2", "2?", True)]]
spec3 = [[(".3", "3?", True)]]
spec4 = [[(".4", "4?", True)]]
spec12 = utils.all_of(spec1, spec2)
spec34 = utils.all_of(spec3, spec4)
_validate_detect_spec(spec12)
_validate_detect_spec(spec34)
spec1234 = utils.any_of(spec12, spec34)
_validate_detect_spec(spec1234)
assert spec1234 == [
[(".1", "1?", True), (".2", "2?", True)],
[(".3", "3?", True), (".4", "4?", True)],
]
