def test2_log_atom_known(self):
"""This test case checks the functionality of the autoIncludeFlag. If the same MatchElement is processed a second time and the
auto_include_flag was True, no event must be triggered."""
description = "Test2NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', True,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector, description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, new_match_path_detector)
log_atom_decimal_integer_value_me = LogAtom(self.match_context_decimal_integer_value_me.match_data,
ParserMatch(self.match_element_decimal_integer_value_me), t, new_match_path_detector)
self.assertTrue(new_match_path_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_s1, self.pid))
self.reset_output_stream()
# repeating should NOT produce the same result
self.assertTrue(new_match_path_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), '')
self.reset_output_stream()
# other MatchElement
self.assertTrue(new_match_path_detector.receive_atom(log_atom_decimal_integer_value_me))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_d1, self.uid))
def test10_allowlist_event_with_known_and_unknown_paths(self):
"""This test case checks in which cases an event is triggered and compares with expected results."""
description = "Test10NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'Default',
True,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector,
description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, new_match_path_detector)
new_match_path_detector.receive_atom(log_atom_fixed_dme)
self.assertEqual(
new_match_path_detector.allowlist_event(
self.analysis % new_match_path_detector.__class__.__name__,
self.match_element_fixed_dme.get_path(),
None), 'Allowlisted path(es) %s in %s.' %
(self.match_element_fixed_dme.get_path(),
self.analysis % new_match_path_detector.__class__.__name__))
new_match_path_detector.auto_include_flag = False
self.assertEqual(
new_match_path_detector.allowlist_event(
self.analysis % new_match_path_detector.__class__.__name__,
self.match_element_decimal_integer_value_me.get_path(),
None), 'Allowlisted path(es) %s in %s.' %
(self.match_element_decimal_integer_value_me.path,
self.analysis % new_match_path_detector.__class__.__name__))
def test1_log_atom_not_known(self):
"""This test case checks the correct processing of unknown log lines, which in reality means that an anomaly has been found. The
output is directed to an output stream and compared for accuracy. The auto_include_flag is False and the output must be repeatable
on second run."""
description = "Test1NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', False,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector, description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, new_match_path_detector)
log_atom_decimal_integer_value_me = LogAtom(self.match_context_decimal_integer_value_me.match_data,
ParserMatch(self.match_element_decimal_integer_value_me), t, new_match_path_detector)
self.assertTrue(new_match_path_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_s1, self.pid))
self.reset_output_stream()
# repeating should produce the same result
self.assertTrue(new_match_path_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_s1, self.pid))
self.reset_output_stream()
# other MatchElement
self.assertTrue(new_match_path_detector.receive_atom(log_atom_decimal_integer_value_me))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_d1, self.uid))
def test9WhitelistEventWhitelistingDataException(self):
"""The NewMatchPathDetector can not handle whitelisting data and therefore an exception is expected."""
description = "Test9NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', True,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector, description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, new_match_path_detector)
new_match_path_detector.receive_atom(log_atom_fixed_dme)
self.assertRaises(Exception, new_match_path_detector.whitelist_event, self.analysis % new_match_path_detector.__class__.__name__,
log_atom_fixed_dme.raw_data, self.output_stream.getvalue(), ['random', 'Data'])
def test8_whitelist_event_type_exception(self):
"""This test case checks whether an exception is thrown when entering an event of another class."""
description = "Test8NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', True,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector, description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, new_match_path_detector)
new_match_path_detector.receive_atom(log_atom_fixed_dme)
new_match_path_value_combo_detector = NewMatchPathValueComboDetector(self.aminer_config, [], [self.stream_printer_event_handler],
'Default', True, True)
self.assertRaises(
Exception, new_match_path_detector.whitelist_event, self.analysis % new_match_path_value_combo_detector.__class__.__name__,
log_atom_fixed_dme.raw_data, self.output_stream.getvalue(), None)
def test2persist_multiple_objects_of_multiple_class(self):
"""In this test case multiple instances of multiple classes are to be persisted and loaded."""
description = "Test2PersistencyUtil"
new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'Default2', True)
self.analysis_context.register_component(new_match_path_detector,
description)
t = time.time()
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, new_match_path_detector)
log_atom_decimal_integer_value_me = LogAtom(
self.match_context_decimal_integer_value_me.match_data,
ParserMatch(self.match_element_decimal_integer_value_me), t,
new_match_path_detector)
new_match_path_detector.receive_atom(log_atom_fixed_dme)
new_match_path_detector.receive_atom(log_atom_decimal_integer_value_me)
other_new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'otherDetector2', True)
self.analysis_context.register_component(other_new_match_path_detector,
description + "2")
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, other_new_match_path_detector)
other_new_match_path_detector.receive_atom(log_atom_fixed_dme)
new_match_path_value_combo_detector = NewMatchPathValueComboDetector(
self.aminer_config, ['first/f1/s1'],
[self.stream_printer_event_handler], 'Default', False, True)
self.analysis_context.register_component(
new_match_path_value_combo_detector, description + "3")
log_atom_sequence_me = LogAtom(
self.fixed_dme.fixed_data,
ParserMatch(self.match_element_first_match_me), t,
new_match_path_value_combo_detector)
new_match_path_value_combo_detector.receive_atom(log_atom_sequence_me)
PersistencyUtil.persist_all()
self.assertTrue(
PersistencyUtil.load_json(
new_match_path_detector.persistence_file_name) == [
self.match_element_fixed_dme.get_path(),
self.match_element_decimal_integer_value_me.get_path()
] or PersistencyUtil.load_json(
new_match_path_detector.persistence_file_name) == [
self.match_element_decimal_integer_value_me.get_path(),
self.match_element_fixed_dme.get_path()
])
self.assertEqual(
PersistencyUtil.load_json(
other_new_match_path_detector.persistence_file_name),
[self.match_element_fixed_dme.get_path()])
self.assertEqual(
PersistencyUtil.load_json(
new_match_path_value_combo_detector.persistence_file_name),
([[log_atom_sequence_me.raw_data]]))
def test3_log_atom_known_from_persisted_data(self):
"""The persisting and reading of permitted log lines should be checked with this test."""
description = "Test3NewMatchPathDetector"
new_match_path_detector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', True,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector, description)
t = round(time.time(), 3)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, new_match_path_detector)
self.assertTrue(new_match_path_detector.receive_atom(log_atom_fixed_dme))
self.assertEqual(self.output_stream.getvalue(), self.__expected_string % (
datetime.fromtimestamp(t).strftime(self.datetime_format_string), new_match_path_detector.__class__.__name__, description, 1,
self.match_path_s1, self.pid))
new_match_path_detector.do_persist()
self.reset_output_stream()
otherNewMatchPathDetector = NewMatchPathDetector(self.aminer_config, [self.stream_printer_event_handler], 'Default', False,
output_log_line=False)
otherLogAtomFixedDME = LogAtom(self.fixed_dme.fixed_data, ParserMatch(self.match_element_fixed_dme), t, otherNewMatchPathDetector)
self.assertTrue(otherNewMatchPathDetector.receive_atom(otherLogAtomFixedDME))
self.assertEqual(self.output_stream.getvalue(), '')
def test3receive_atom_handled_by_more_handlers(self):
"""In this test case more than one handler can handle the log atom. The impact of the stop_when_handled flag is tested."""
description = "Test3AtomFilters"
other_description = "Test3OtherAtomFilters"
new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler], 'Default',
False)
self.analysis_context.register_component(new_match_path_detector,
description)
t = time.time()
other_new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler], 'Default',
False)
self.analysis_context.register_component(other_new_match_path_detector,
other_description)
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, new_match_path_detector)
subhandler_filter = SubhandlerFilter(
[new_match_path_detector, other_new_match_path_detector], False)
self.assertTrue(subhandler_filter.receive_atom(log_atom_fixed_dme))
result = self.output_stream.getvalue()
self.reset_output_stream()
new_match_path_detector.receive_atom(log_atom_fixed_dme)
resultFixedDME = self.output_stream.getvalue()
self.reset_output_stream()
other_new_match_path_detector.receive_atom(log_atom_fixed_dme)
result_decimal_integer_value_me = self.output_stream.getvalue()
self.assertEqual(result,
resultFixedDME + result_decimal_integer_value_me)
def test1persist_multiple_objects_of_single_class(self):
"""In this test case multiple instances of one class are to be persisted and loaded."""
description = "Test1PersistenceUtil"
new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler], 'Default',
True)
self.analysis_context.register_component(new_match_path_detector,
description)
t = time.time()
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, new_match_path_detector)
log_atom_decimal_integer_value_me = LogAtom(
self.match_context_decimal_integer_value_me.match_data,
ParserMatch(self.match_element_decimal_integer_value_me), t,
new_match_path_detector)
new_match_path_detector.receive_atom(log_atom_fixed_dme)
new_match_path_detector.receive_atom(log_atom_decimal_integer_value_me)
other_new_match_path_detector = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'otherDetector', True)
self.analysis_context.register_component(other_new_match_path_detector,
description + "2")
log_atom_fixed_dme = LogAtom(self.fixed_dme.fixed_data,
ParserMatch(self.match_element_fixed_dme),
t, other_new_match_path_detector)
other_new_match_path_detector.receive_atom(log_atom_fixed_dme)
PersistenceUtil.persist_all()
persistence_data = PersistenceUtil.load_json(
new_match_path_detector.persistence_file_name)
self.assertTrue(persistence_data in ([
self.match_element_fixed_dme.get_path(),
self.match_element_decimal_integer_value_me.get_path()
], [
self.match_element_decimal_integer_value_me.get_path(),
self.match_element_fixed_dme.get_path()
]))
self.assertEqual(
PersistenceUtil.load_json(
other_new_match_path_detector.persistence_file_name),
[self.match_element_fixed_dme.get_path()])