def test_parse_incident_with_H_record():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
incident = parse_incident(result, include_parts=True)
expected_ids = sorted([960024, 981203])
found_ids = sorted(map(lambda x: int(x['id']), incident['details']))
assert found_ids == expected_ids
def test_read_sample_file_fragment_id():
""" the correct fragment id is part of the string representation. """
result = read_file("log_importer/tests/test_files/file_read_test.txt")
# test if the right fragment_id was detected
assert result[0] == u"7cf8df3f", "fragment_id %r unexpected" % result[0]
def test_read_sample_file_part_content_A():
result = read_file("log_importer/tests/test_files/file_read_test.txt")
# just test a simple example
assert (
result[1]["A"][0] == u"[30/Mar/2015:23:10:38 +0200] VRm7zgr5AlMAAClwIZoAAAAU 10.199.23.1 40889 1.2.3.4 18060\n"
), ("unexpected result %r" % result[1]["A"][0])
def test_parse_incident_with_B_record():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(create_db=True)
incident = parse_incident(session, result[0], result[1], include_parts=True)
assert incident.host == u"somehostname.at", "unexpected host, was: %r" % incident.host
assert incident.path == u"/fubar/sr/10/SomeAction.do", "invalid path, was:%r" %incident.path
assert incident.method == u"GET", "unexpected HTTP method, was: %r" % incident.method
def test_read_sample_file_part_categories():
result = read_file("log_importer/tests/test_files/file_read_test.txt")
# test if the right parts were detected
assert sorted(result[1].keys()) == sorted((u"A", u"B", u"F", u"E", u"H", u"Z")), (
"unexpected keys %r" % result[1].keys()
)
def test_parse_incident_with_H_record():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(create_db=True)
incident = parse_incident(session, result[0], result[1], include_parts=True)
expected_ids = sorted([960024, 981203])
found_ids = sorted([i.incident_catalog.catalog_id for i in incident.details])
assert found_ids == expected_ids
def test_parse_incident():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
incident = parse_incident(result)
assert incident['fragment_id'] == u'7cf8df3f'
assert incident['timestamp'] == datetime.datetime(2015, 3, 30, 21, 10, 38) # should be in UTC
assert incident['unique_id'] == u'VRm7zgr5AlMAAClwIZoAAAAU'
assert incident['source'][0] == u'10.199.23.1'
assert incident['source'][1] == 40889
assert incident['destination'][0] == u'1.2.3.4'
assert incident['destination'][1] == 18060
assert len(incident['parts']) == 0
def test_parse_incident():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(create_db=True)
incident = parse_incident(session, result[0], result[1])
assert incident.fragment_id == u'7cf8df3f'
assert incident.timestamp == datetime.datetime(2015, 3, 30, 21, 10, 38) # should be in UTC
assert incident.unique_id == u'VRm7zgr5AlMAAClwIZoAAAAU'
assert incident.source.ip == u'10.199.23.1'
assert incident.source.port == 40889
assert incident.destination.ip == u'1.2.3.4'
assert incident.destination.port == 18060
assert not incident.parts
def test_import_with_parts():
""" import file while saving (optional) parts. """
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(create_db=True)
incident = parse_incident(session, result[0], result[1], include_parts=True)
session.add(incident)
session.commit()
# reload from db
i = session.query(Incident).filter(Incident.id == incident.id).first()
common_data(i, incident)
assert len(i.parts) == 6
def test_import_with_parts():
""" import file while saving (optional) parts. """
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(True, "postgresql://modsec@localhost/modsec")
cache_destination = DestinationCache(session)
cache_source = SourceCache(session)
cache_details = IncidentDetailCache(session)
incident_counter = IncidentCount(session)
incident_cache = IncidentCache()
incident = parse_incident(result, include_parts=True)
incidentObject = forward_to_db(session, incident, incident_counter, incident_cache, cache_destination, cache_source, cache_details, diff=1)
# reload from db
i = session.query(Incident).filter(Incident.id == incidentObject['id']).first()
common_data(i, incident)
assert len(i.parts) == 6
def test_parse_incident_with_B_record():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
incident = parse_incident(result, include_parts=True)
assert incident['host'] == u"somehostname.at", "unexpected host, was: %r" % incident.host
assert incident['path'] == u"/fubar/sr/10/SomeAction.do", "invalid path, was:%r" %incident.path
assert incident['method'] == u"GET", "unexpected HTTP method, was: %r" % incident.method
def test_parse_incident_with_parts():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
incident = parse_incident(result, include_parts=True)
assert len(incident['parts']) == 6
def test_should_not_fail_with_file_including_error():
result = read_file("log_importer/tests/test_files/file_read_with_error.txt")
def test_parse_incident_with_parts():
result = read_file('log_importer/tests/test_files/file_read_test.txt')
session = setup_connection(create_db=True)
incident = parse_incident(session, result[0], result[1], include_parts=True)
assert len(incident.parts) == 6
