def test_CEF_formatter_converts_to_expected_string(self):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.CEF)
output = formatter.get_formatted_output(self.test_df)
assert (
next(output) ==
"CEF:0|Code42|Advanced Exfiltration Detection|1|C42203|READ_BY_APP|5|externalId=0_1d71796f-af5b-4231-9d8e-df6434da4663_912339407325443353_918253081700247636_16 end=1567996943851 rt=1568069262724 filePath=/Users/testtesterson/Downloads/About Downloads.lpdf/Contents/Resources/English.lproj/ fname=InfoPlist.strings fileType=UNCATEGORIZED fsize=86 fileHash=19b92e63beb08c27ab4489fcfefbbe44 fileCreateTime=1342923569000 fileModificationTime=1355886008000 [email protected] shost=Test's MacBook Air dvchost=192.168.0.3 src=71.34.4.22 deviceExternalId=912339407325443353 suid=912338501981077099 sourceServiceName=Endpoint reason=ApplicationRead spriv=testtesterson sproc=/Applications/Google Chrome.app/Contents/MacOS/Google Chrome\n"
)
def test_format_when_unknown_format_raises_CLI_error(self):
with pytest.raises(Code42CLIError):
FileEventsOutputFormatter("NOT_A_FORMAT")
with pytest.raises(Code42CLIError):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.JSON)
formatter.output_format = "NOT_A_FORMAT"
list(formatter.get_formatted_output(self.test_df))
def test_init_sets_format_func_to_cef_function_when_cef_format_option_is_passed(
self, mock_to_cef):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.CEF)
for _ in formatter.get_formatted_output(["TEST"]):
pass
mock_to_cef.assert_called_once_with("TEST")
def test_init_sets_format_func_to_table_function_when_no_format_option_is_passed(
self, mock_to_table):
formatter = FileEventsOutputFormatter(None)
for _ in formatter.get_formatted_output("TEST"):
pass
mock_to_table.assert_called_once_with("TEST", None)
def test_init_sets_format_func_to_dynamic_csv_function_when_csv_option_is_passed(
self, mock_to_csv):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.CSV)
for _ in formatter.get_formatted_output("TEST"):
pass
mock_to_csv.assert_called_once_with("TEST")