def test_init_and_attrs_1(self):
obj = self.obj = n6NormalizedData(
id=sen.event_id,
ip=sen.some_ip_addr,
dport=sen.some_port_number,
time='2014-04-01 01:07:42+02:00',
)
self.assertEqual(obj.id, sen.event_id)
self.assertEqual(obj.ip, sen.some_ip_addr)
self.assertEqual(obj.dport, sen.some_port_number)
self.assertEqual(
obj.time,
datetime.datetime(2014, 3, 31, 23, 7, 42))
for name in n6NormalizedData._n6columns:
if name in ('id', 'ip', 'dport', 'time'):
continue
val = getattr(obj, name)
self.assertIsNone(val)
self.assertIsInstance(
obj.clients,
sqlalchemy.orm.collections.InstrumentedList)
self.assertEqual(obj.clients, [])
self.client1 = MagicMock()
self.client1.client = 'c1'
self.client2 = MagicMock()
self.client2.client = 'c2'
obj.clients.append(self.client2)
obj.clients.append(self.client1)
self.assertEqual(obj.clients, [self.client2, self.client1])
def blacklist_update(self):
"""
Black list update (change expires to new value in existing blacklist event).
"""
# add event records from RecordDict
for event_record in self.record_dict.iter_db_items():
self.records['event'].append(event_record)
self.json_to_record(self.records['event'])
id_event = self.records['event'][0]["id"]
expires = self.records['event'][0]["expires"]
LOGGER.debug("ID: %r NEW_EXPIRES: %r", id_event, expires)
with transact:
rec_count = (self.session_db.query(n6NormalizedData).
filter(n6NormalizedData.id == id_event).
update({'expires': expires,
'modified': datetime.datetime.utcnow().replace(microsecond=0),
}))
if rec_count:
LOGGER.debug("records with the same id %r exist: %r",
id_event, rec_count)
else:
items = []
for record in self.records['event']:
record["status"] = "active"
event = n6NormalizedData(**record)
items.append(event)
for record in self.records['client']:
client = n6ClientToEvent(**record)
items.append(client)
LOGGER.debug("bl-update, records with id %r DO NOT EXIST!", id_event)
LOGGER.debug("insert new events,::count:: %r", len(items))
self.insert_new_event(items, with_transact=False)
def test_init_and_attrs_2(self):
obj = self.obj = n6NormalizedData(
time='2014-04-01 01:07:42+02:00',
expires='2015-04-01 01:07:43+02:00',
until='2015-04-01 01:07:43+02:00',
)
self.assertIsNone(obj.id)
self.assertEqual(obj.ip, '0.0.0.0') # "no IP" placeholder
self.assertEqual(obj.time, datetime.datetime(2014, 3, 31, 23, 7, 42))
self.assertEqual(obj.expires,
datetime.datetime(2015, 3, 31, 23, 7, 43))
### THIS IS A PROBLEM -- TO BE SOLVED IN #3113:
self.assertEqual(obj.until, '2015-04-01 01:07:43+02:00')
def suppressed_update(self):
"""
Agregated event update(change fields: until and count, to the value of suppressed event).
"""
LOGGER.debug('* suppressed_update() %a', self.record_dict)
# add event records from RecordDict
for event_record in self.record_dict.iter_db_items():
self.records['event'].append(event_record)
self.json_to_record(self.records['event'])
id_event = self.records['event'][0]["id"]
until = self.records['event'][0]["until"]
count = self.records['event'][0]["count"]
# optimization: we can limit time => searching within one partition, not all;
# it seems that mysql (and/or sqlalchemy?) truncates times to seconds,
# we are also not 100% sure if other time data micro-distortions are not done
# -- that's why here we use a 1-second-range instead of an exact value
first_time_min = parse_iso_datetime_to_utc(
self.record_dict["_first_time"]).replace(microsecond=0)
first_time_max = first_time_min + datetime.timedelta(days=0, seconds=1)
with transact:
rec_count = (self.session_db.query(n6NormalizedData).filter(
n6NormalizedData.time >= first_time_min,
n6NormalizedData.time <= first_time_max,
n6NormalizedData.id == id_event).update({
'until': until,
'count': count
}))
if rec_count:
LOGGER.debug("records with the same id %a exist: %a", id_event,
rec_count)
else:
items = []
for record in self.records['event']:
event = n6NormalizedData(**record)
items.append(event)
for record in self.records['client']:
client = n6ClientToEvent(**record)
items.append(client)
LOGGER.warning(
"suppressed_update, records with id %a DO NOT EXIST!",
id_event)
LOGGER.debug("insert new events,,::count:: %a", len(items))
self.insert_new_event(items, with_transact=False)
def blacklist_change(self):
"""
Black list change(change status to replaced in existing blacklist event,
and add new event in changing values(new id, and old replaces give comparator)).
"""
# add event records from RecordDict
for event_record in self.record_dict.iter_db_items():
self.records['event'].append(event_record)
self.json_to_record(self.records['event'])
id_db = self.records['event'][0]["id"]
id_replaces = self.records['event'][0]["replaces"]
LOGGER.debug("ID: %a REPLACES: %a", id_db, id_replaces)
try:
with transact:
rec_count = (self.session_db.query(n6NormalizedData).filter(
n6NormalizedData.id == id_replaces).update({
'status':
'replaced',
'modified':
datetime.datetime.utcnow().replace(microsecond=0)
}))
with transact:
items = []
for record in self.records['event']:
record["status"] = "active"
event = n6NormalizedData(**record)
items.append(event)
for record in self.records['client']:
client = n6ClientToEvent(**record)
items.append(client)
if rec_count:
LOGGER.debug("insert new events, count.: %a", len(items))
else:
LOGGER.debug("bl-change, records with id %a DO NOT EXIST!",
id_replaces)
LOGGER.debug("inserting new events anyway, count.: %a",
len(items))
self.insert_new_event(items,
with_transact=False,
recorded=True)
except IntegrityError as exc:
LOGGER.warning("IntegrityError: %a", exc)
def new_event(self, _is_blacklist=False):
"""
Add new event to n6 database.
"""
LOGGER.debug('* new_event() %r', self.record_dict)
# add event records from RecordDict
for event_record in self.record_dict.iter_db_items():
if _is_blacklist:
event_record["status"] = "active"
self.records['event'].append(event_record)
self.json_to_record(self.records['event'])
items = []
for record in self.records['event']:
event = n6NormalizedData(**record)
items.append(event)
for record in self.records['client']:
client = n6ClientToEvent(**record)
items.append(client)
LOGGER.debug("insert new events, count.: %r", len(items))
self.insert_new_event(items, recorded=True)