def test_exists(testcases): spec = utils.exists(".1.2.3") _validate_detect_spec(spec) assert len(spec) == 1 assert len(spec[0]) == 1 expr = spec[0][0][1] test, result = testcases assert result is bool(re.match(expr, test))
def _ast_convert_unary(unop_ast: ast.UnaryOp) -> SNMPDetectSpecification: if isinstance(unop_ast.op, ast.Not): operand = _ast_convert_dispatcher(unop_ast.operand) _validate_detect_spec(operand) # We can only negate atomic specs, for now if len(operand) == 1 and len(operand[0]) == 1: oidstr, pattern, result = operand[0][0] return SNMPDetectSpecification([[(oidstr, pattern, not result)]]) raise NotImplementedError("cannot negate operand") raise ValueError(ast.dump(unop_ast))
def _test_atomic_relation(relation_name, value, testcases): spec = getattr(utils, relation_name)(".1.2.3", value) _validate_detect_spec(spec) assert len(spec) == 1 assert len(spec[0]) == 1 expr = spec[0][0][1] inv_spec = getattr(utils, "not_%s" % relation_name)(".1.2.3", value) _validate_detect_spec(inv_spec) assert len(inv_spec) == 1 assert len(inv_spec[0]) == 1 assert inv_spec[0][0] == (spec[0][0][0], spec[0][0][1], not spec[0][0][2]) for test, result in testcases: assert result is bool(re.fullmatch(expr, test))
def test_any_of(): spec1 = SNMPDetectSpecification([[(".1", "1?", True)]]) spec2 = SNMPDetectSpecification([[(".2", "2?", True)]]) spec3 = SNMPDetectSpecification([[(".3", "3?", True)]]) spec123 = utils.any_of(spec1, spec2, spec3) _validate_detect_spec(spec123) assert spec123 == [ [(".1", "1?", True)], [(".2", "2?", True)], [(".3", "3?", True)], ] spec12 = utils.any_of(spec1, spec2) assert spec123 == utils.any_of(spec12, spec3)
def test_any_of(): spec1 = [[(".1", "1?", True)]] spec2 = [[(".2", "2?", True)]] spec3 = [[(".3", "3?", True)]] spec123 = utils.any_of(spec1, spec2, spec3) _validate_detect_spec(spec123) assert spec123 == [ [(".1", "1?", True)], [(".2", "2?", True)], [(".3", "3?", True)], ] spec12 = utils.any_of(spec1, spec2) assert spec123 == utils.any_of(spec12, spec3)
def test_any_of_all_of(): spec1 = SNMPDetectSpecification([[(".1", "1?", True)]]) spec2 = SNMPDetectSpecification([[(".2", "2?", True)]]) spec3 = SNMPDetectSpecification([[(".3", "3?", True)]]) spec4 = SNMPDetectSpecification([[(".4", "4?", True)]]) spec12 = utils.all_of(spec1, spec2) spec34 = utils.all_of(spec3, spec4) _validate_detect_spec(spec12) _validate_detect_spec(spec34) spec1234 = utils.any_of(spec12, spec34) _validate_detect_spec(spec1234) assert spec1234 == SNMPDetectSpecification([ [(".1", "1?", True), (".2", "2?", True)], [(".3", "3?", True), (".4", "4?", True)], ])
def test_any_of_all_of(): spec1 = [[(".1", "1?", True)]] spec2 = [[(".2", "2?", True)]] spec3 = [[(".3", "3?", True)]] spec4 = [[(".4", "4?", True)]] spec12 = utils.all_of(spec1, spec2) spec34 = utils.all_of(spec3, spec4) _validate_detect_spec(spec12) _validate_detect_spec(spec34) spec1234 = utils.any_of(spec12, spec34) _validate_detect_spec(spec1234) assert spec1234 == [ [(".1", "1?", True), (".2", "2?", True)], [(".3", "3?", True), (".4", "4?", True)], ]