def test12or_match_rule(self):
"""This case unit the OrMatchRule."""
description = "Test12Rules"
path_exists_match_rule = PathExistsMatchRule(self.match_ipv4, None)
self.analysis_context.register_component(path_exists_match_rule,
description)
i_pv4_in_rfc1918_match_rule = IPv4InRFC1918MatchRule(self.match_ipv4)
self.analysis_context.register_component(i_pv4_in_rfc1918_match_rule,
description + "2")
or_match_rule = OrMatchRule(
[path_exists_match_rule, i_pv4_in_rfc1918_match_rule])
self.analysis_context.register_component(or_match_rule,
description + "3")
ip_address_data_model_element = IpAddressDataModelElement('IPv4')
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), time(), or_match_rule)
self.assertTrue(or_match_rule.match(log_atom))
# changing to IPv6
path_exists_match_rule = PathExistsMatchRule('match/IPv6', None)
or_match_rule = OrMatchRule(
[path_exists_match_rule, i_pv4_in_rfc1918_match_rule])
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), time(), or_match_rule)
self.assertTrue(or_match_rule.match(log_atom))
def test3path_exists_match_rule(self):
"""This case unit the PathExistsMatchRule."""
description = "Test3Rules"
path_exists_match_rule = PathExistsMatchRule(self.match_s1, None)
self.analysis_context.register_component(path_exists_match_rule,
description)
self.fixed_dme = FixedDataModelElement('s1', self.fixed_string)
t = time()
match_context = MatchContext(self.fixed_string)
match_element = self.fixed_dme.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), t,
path_exists_match_rule)
self.assertTrue(path_exists_match_rule.match(log_atom))
self.fixed_dme = FixedDataModelElement('s2', self.fixed_string)
match_context = MatchContext(self.fixed_string)
match_element = self.fixed_dme.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), t,
path_exists_match_rule)
self.assertTrue(not path_exists_match_rule.match(log_atom))
def test1match_found(self):
"""This test case checks if valid inputs are recognized."""
description = "Test1WhitelistViolationDetector"
path_exists_match_rule = PathExistsMatchRule('match/s1', None)
path_exists_match_rule2 = PathExistsMatchRule('match/s2', None)
t = time.time()
whitelist_violation_detector = WhitelistViolationDetector(
self.aminer_config,
[path_exists_match_rule, path_exists_match_rule2],
[self.stream_printer_event_handler],
output_log_line=False)
self.analysis_context.register_component(whitelist_violation_detector,
description)
fixed_dme = FixedDataModelElement('s1', self.fixed_string)
match_context = MatchContext(self.fixed_string)
match_element = fixed_dme.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), t,
whitelist_violation_detector)
self.assertTrue(whitelist_violation_detector.receive_atom(log_atom))
self.assertEqual(self.output_stream.getvalue(), '')
fixed_dme = FixedDataModelElement('s2', self.fixed_string)
match_context = MatchContext(self.fixed_string)
match_element = fixed_dme.get_match_element('match', match_context)
log_atom = LogAtom(match_element.match_object,
ParserMatch(match_element), t,
whitelist_violation_detector)
self.assertTrue(whitelist_violation_detector.receive_atom(log_atom))
self.assertEqual(self.output_stream.getvalue(), '')
fixed_dme = FixedDataModelElement('s3', self.fixed_string)
match_context = MatchContext(self.fixed_string)
match_element = fixed_dme.get_match_element('match', match_context)
log_atom = LogAtom(match_element.match_object,
ParserMatch(match_element), t,
path_exists_match_rule)
self.assertTrue(
not whitelist_violation_detector.receive_atom(log_atom))
self.assertEqual(
self.output_stream.getvalue(), self.__expected_string %
(datetime.fromtimestamp(t).strftime("%Y-%m-%d %H:%M:%S"),
whitelist_violation_detector.__class__.__name__, description, 1,
"b'fixed String'"))
def run_whitelist_violation_detector(self, number_of_pathes,
modulo_factor):
results = [None] * self.iterations
avg = 0
z = 0
while z < self.iterations:
i = 0
rules = []
while i < number_of_pathes:
rules.append(
PathExistsMatchRule(
self.integerd + str(i % number_of_pathes), None))
i = i + 1
whitelist_violation_detector = WhitelistViolationDetector(
self.aminer_config, rules, [self.stream_printer_event_handler])
t = time.time()
seconds = time.time()
i = 0
while int(time.time() - seconds) < self.waiting_time:
p = process_time()
r = random.randint(1, 100)
if r >= modulo_factor:
r = 2
else:
r = 1
seconds = seconds + process_time() - p
decimal_integer_value_me = DecimalIntegerValueModelElement(
'd' + str(i % (number_of_pathes * r)),
DecimalIntegerValueModelElement.SIGN_TYPE_NONE,
DecimalIntegerValueModelElement.PAD_TYPE_NONE)
match_context = MatchContext(str(i % 100).encode())
match_element = decimal_integer_value_me.get_match_element(
'integer', match_context)
log_atom = LogAtom(match_element.match_string,
ParserMatch(match_element), t,
whitelist_violation_detector)
whitelist_violation_detector.receive_atom(log_atom)
i = i + 1
results[z] = i
z = z + 1
avg = avg + i
avg = avg / self.iterations
type(self).result = self.result + self.result_string % (
whitelist_violation_detector.__class__.__name__, avg, results,
'%d different PathExistsMatchRules and a moduloFactor of %d.' %
(number_of_pathes, modulo_factor))