def testValidIPv6(self):
"""Test valid IPv6 addresses result in new attributes"""
analyzer = MaxMindDbWebIPAnalyzer('test', 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
IP_FIELDS = [
'ip', 'host_ip', 'src_ip', 'dst_ip', 'source_ip', 'dest_ip',
'ip_address', 'client_ip', 'address', 'saddr', 'daddr',
'requestMetadata_callerIp', 'a_answer'
]
_create_mock_event(analyzer.datastore,
0,
1,
source_attrs={
ip_field: '2001:4860:4860::8888'
for ip_field in IP_FIELDS
})
message = analyzer.run()
event = analyzer.datastore.event_store['0']
for ip_field in IP_FIELDS:
self.assertTrue(
'{0}_latitude'.format(ip_field) in event['_source'])
self.assertTrue(
'{0}_longitude'.format(ip_field) in event['_source'])
self.assertTrue(
'{0}_iso_code'.format(ip_field) in event['_source'])
self.assertTrue('{0}_city'.format(ip_field) in event['_source'])
self.assertEqual(message, 'Found 1 IP address(es).')
def testNoEvents(self):
"""Test no events"""
analyzer = MaxMindDbWebIPAnalyzer("test", 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
message = analyzer.run()
self.assertEqual(message, "Found 0 IP address(es).")
def testValidIPv6(self):
"""Test valid IPv6 addresses result in new attributes"""
analyzer = MaxMindDbWebIPAnalyzer("test", 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
IP_FIELDS = [
"ip",
"host_ip",
"src_ip",
"dst_ip",
"source_ip",
"dest_ip",
"ip_address",
"client_ip",
"address",
"saddr",
"daddr",
"requestMetadata_callerIp",
"a_answer",
]
_create_mock_event(
analyzer.datastore,
0,
1,
source_attrs={
ip_field: "2001:4860:4860::8888"
for ip_field in IP_FIELDS
},
)
message = analyzer.run()
event = analyzer.datastore.event_store["0"]
for ip_field in IP_FIELDS:
self.assertTrue(
"{0}_latitude".format(ip_field) in event["_source"])
self.assertTrue(
"{0}_longitude".format(ip_field) in event["_source"])
self.assertTrue(
"{0}_iso_code".format(ip_field) in event["_source"])
self.assertTrue("{0}_city".format(ip_field) in event["_source"])
self.assertEqual(message, "Found 1 IP address(es).")
def testInvalidIPv4(self):
"""Test invalid IP address"""
analyzer = MaxMindDbWebIPAnalyzer("test", 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
_create_mock_event(analyzer.datastore,
0,
1,
source_attrs={"ip_address": None})
message = analyzer.run()
event = analyzer.datastore.event_store["0"]
self.assertTrue("ip_address_latitude" not in event["_source"])
self.assertTrue("ip_address_longitude" not in event["_source"])
self.assertTrue("ip_address_iso_code" not in event["_source"])
self.assertTrue("ip_address_city" not in event["_source"])
self.assertEqual(message, "Found 0 IP address(es).")
def testMultipleValidIPv4(self):
"""Test valid IPv4 addresses result in new attributes"""
analyzer = MaxMindDbWebIPAnalyzer('test', 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
_create_mock_event(analyzer.datastore,
0,
1,
source_attrs={'ip_address': ['8.8.8.8', '8.8.4.4']})
message = analyzer.run()
event = analyzer.datastore.event_store['0']
self.assertTrue('ip_address_latitude' in event['_source'])
self.assertTrue('ip_address_longitude' in event['_source'])
self.assertTrue('ip_address_iso_code' in event['_source'])
self.assertTrue('ip_address_city' in event['_source'])
self.assertEqual(message, 'Found 2 IP address(es).')
def testInvalidIPv4(self):
"""Test invalid IP address"""
analyzer = MaxMindDbWebIPAnalyzer('test', 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
_create_mock_event(analyzer.datastore,
0,
1,
source_attrs={'ip_address': None})
message = analyzer.run()
event = analyzer.datastore.event_store['0']
self.assertTrue('ip_address_latitude' not in event['_source'])
self.assertTrue('ip_address_longitude' not in event['_source'])
self.assertTrue('ip_address_iso_code' not in event['_source'])
self.assertTrue('ip_address_city' not in event['_source'])
self.assertEqual(message, 'Found 0 IP address(es).')
def testMixedValidIP(self):
"""Test valid IPv4 addresses result in new attributes"""
analyzer = MaxMindDbWebIPAnalyzer("test", 1)
analyzer.GEOIP_CLIENT = MockReader
analyzer.datastore.client = mock.Mock()
_create_mock_event(
analyzer.datastore,
0,
1,
source_attrs={"ip_address": ["8.8.8.8", "2001:4860:4860::8844"]},
)
message = analyzer.run()
event = analyzer.datastore.event_store["0"]
self.assertTrue("ip_address_latitude" in event["_source"])
self.assertTrue("ip_address_longitude" in event["_source"])
self.assertTrue("ip_address_iso_code" in event["_source"])
self.assertTrue("ip_address_city" in event["_source"])
self.assertEqual(message, "Found 2 IP address(es).")