def test_less_with_number_values(self):
""" Functional test for LessCondition that it uses the number conversion. """
inp = RuleInput(node={}, result_log={
'columns': {
'val': '112',
},
})
condition = LessCondition(None, '12', column_name='val')
assert condition.local_run(inp) is True
def test_greater_or_equal_to_number_values(self):
inp = RuleInput(node={}, result_log={
'columns': {
'val': '112',
},
})
# assert that the rule does not alert when the column value
# posted by osquery ('112') is less than configured in the rule ('12')
condition = GreaterEqualCondition(None, '12', column_name='val')
assert condition.local_run(inp) is True
condition = GreaterEqualCondition(None, '112', column_name='val')
assert condition.local_run(inp) is True
condition = GreaterEqualCondition(None, '113', column_name='val')
assert condition.local_run(inp) is False
def test_less_with_number_values(self):
""" Functional test for LessCondition that it uses the number conversion. """
inp = RuleInput(node={}, result_log={
'columns': {
'val': '112',
},
})
# assert that the rule does not alert when the column value
# posted by osquery ('112') is less than configured in the rule ('12')
condition = LessCondition(None, '12', column_name='val')
assert condition.local_run(inp) is False
condition = LessCondition(None, '112', column_name='val')
assert condition.local_run(inp) is False
condition = LessCondition(None, '113', column_name='val')
assert condition.local_run(inp) is True
def test_will_convert_to_numbers(self):
class TestCondition(LogicCondition):
def __init__(self, *args, **kwargs):
LogicCondition.__init__(self, *args, **kwargs)
self.compare_val = None
def compare(self, value):
self.compare_val = value
inp = RuleInput(node={}, result_log={
'columns': {
'int_col': '1234',
'float_col': '56.78',
},
})
condition = TestCondition(None, None, column_name='int_col')
condition.local_run(inp)
assert condition.compare_val == 1234
condition = TestCondition(None, None, column_name='float_col')
condition.local_run(inp)
assert condition.compare_val == 56.78
import datetime as dt
from collections import defaultdict
from doorman.rules import (
BaseCondition,
EqualCondition,
LessCondition,
GreaterEqualCondition,
LogicCondition,
MatchesRegexCondition,
Network,
NotMatchesRegexCondition,
RuleInput,
)
DUMMY_INPUT = RuleInput(result_log={}, node={})
class TestNetwork:
def test_will_cache_condition_instances(self):
class TestCondition(BaseCondition):
pass
network = Network()
one = network.make_condition(TestCondition)
two = network.make_condition(TestCondition)
assert one is two
def test_will_parse_basic(self):
query = json.loads("""