def test_valid_unsubscription(self):
topic = "some/topic"
expected = Unsubscription(topic)
# with snapshot:
msg = {"action": "unsubscribe", "topic": topic}
unsub = map_management_message(msg)
expected = Unsubscription(topic)
self.assertEqual(unsub, expected)
def map_management_message(
broker_data, module_namespace: str,
logger) -> Union[Subscription, Unsubscription, None]:
"""
Maps a management message to an actionable instruction for Threat Bus.
@param broker_data The raw data that was received via broker
@param module_namespace A Zeek namespace to accept events from
@return A Subscription/Unsubscription object or None in case there is no
valid mapping.
"""
event = broker.zeek.Event(broker_data)
name, args = event.name(), event.args()
module_namespace = module_namespace + "::" if module_namespace else ""
name = name[name.startswith(module_namespace) and len(module_namespace):]
if name == "subscribe" and len(args) == 2:
(topic, snapshot_delta) = args
if topic:
return Subscription(topic, snapshot_delta)
elif name == "unsubscribe" and len(args) == 1:
topic = args[0]
if topic:
return Unsubscription(topic)
logger.debug(
f"Discarding Broker management message with unknown type: {name}")
return None
def map_management_message(msg):
"""Maps a management message to an actionable instruction for threatbus.
@param msg The message that was received, as python dictionary
"""
action = msg.get("action", None)
topic = msg.get("topic", None)
snapshot = msg.get("snapshot", 0)
snapshot = timedelta(days=int(snapshot))
if action == "subscribe" and topic is not None and snapshot is not None:
return Subscription(topic, snapshot)
elif action == "unsubscribe" and topic is not None:
return Unsubscription(topic)
def map_management_message(broker_data, module_namespace):
"""Maps a management message to an actionable instruction for threatbus.
@param broker_data The raw data that was received via broker
@param module_namespace A Zeek namespace to accept events from
"""
event = broker.zeek.Event(broker_data)
name, args = event.name(), event.args()
module_namespace = module_namespace + "::" if module_namespace else ""
name = name[name.startswith(module_namespace) and len(module_namespace):]
if name == "subscribe" and len(args) == 2:
return Subscription(args[0], args[1])
elif name == "unsubscribe" and len(args) == 1:
return Unsubscription(args[0])
def test_valid_unsubscription(self):
topic = "some/topic"
expected = Unsubscription(topic)
# without namespace
event = broker.zeek.Event("unsubscribe", topic)
unsubscription = map_management_message(event, self.module_namespace)
self.assertEqual(unsubscription, expected)
# with namespace:
event = broker.zeek.Event(self.module_namespace + "::unsubscribe",
topic)
unsubscription = map_management_message(event, self.module_namespace)
self.assertEqual(unsubscription, expected)
def test_valid_unsubscription(self):
msg = {"action": "unsubscribe", "topic": self.topic}
unsub = map_management_message(msg)
expected = Unsubscription(self.topic)
self.assertEqual(unsub, expected)