def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')])
d = {'left': {'id': 7, 'type': 'field'},
'right': [{'type': 'ip', 'value': '172.18.1.1'},
{'type': 'ip', 'value': '172.18.1.2'}],
'type': 'in'}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(
FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')])
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')])
d = {'left': {'name': 'Src', 'type': 'field'},
'right': [{'type': 'ip', 'value': '1.1.1.1'}],
'type': 'in'}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
d = {
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "172.18.1.1"
}, {
"type": "ip",
"value": "172.18.1.2"
}],
"type":
"in",
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue("Src"), [IPValue("1.1.1.1")])
d = {
"left": {
"name": "Src",
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue("Src"), [IPValue("1.1.1.1")]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
d = {
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '172.18.1.1'
}, {
'type': 'ip',
'value': '172.18.1.2'
}],
'type':
'in'
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')])
d = {
'left': {
'name': 'Src',
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def add_in_filter(self, *values):
"""
Add a filter using "IN" logic. This is typically the primary filter
that will be used to find a match and generally combines other
filters to get more granular. An example of usage would be searching
for an IP address (or addresses) in a specific log field. Or looking
for an IP address in multiple log fields.
.. seealso:: :class:`smc_monitoring.models.filters.InFilter` for examples.
:param values: optional constructor args for
:class:`smc_monitoring.models.filters.InFilter`
:rtype: InFilter
"""
filt = InFilter(*values)
self.update_filter(filt)
return filt
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"and",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
])
d = {
"type":
"and",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 14,
"type": "field"
},
"right": [{
"type": "constant",
"value": 0
}, {
"type": "constant",
"value": 13
}],
"type":
"in",
},
],
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"or",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]),
])
d = {
"type":
"or",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/443"
}],
"type": "in",
},
],
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("TCP/443")]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_not_filter(self):
notfilter = NotFilter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("UDP/53", "TCP/80")])
])
f = {
"type": "not",
"value": {
"left": {
"id": 27,
"type": "field"
},
"right": [
{
"type": "service",
"value": "UDP/53"
},
{
"type": "service",
"value": "TCP/80"
},
],
"type":
"in",
},
}
self.assertDictEqual(notfilter.filter, f)
query = LogQuery()
query.add_not_filter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("UDP/53", "TCP/80")])
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
notfilter.update_filter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue("play.googleapis.com")])
])
d = {
"type": "not",
"value": {
"left": {
"id": 1586,
"type": "field"
},
"right": [{
"type": "string",
"value": "play.googleapis.com"
}],
"type": "in",
},
}
self.assertDictEqual(d, notfilter.filter)
query.update_filter(
NotFilter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue("play.googleapis.com")])
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'and',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
])
d = {
'type':
'and',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 14,
'type': 'field'
},
'right': [{
'type': 'constant',
'value': 0
}, {
'type': 'constant',
'value': 13
}],
'type':
'in'
}]
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'or',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')])
])
d = {
'type':
'or',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/443'
}],
'type': 'in'
}]
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('TCP/443')])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_not_filter(self):
notfilter = NotFilter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('UDP/53', 'TCP/80')])
])
f = {
'type': 'not',
'value': {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'UDP/53'
}, {
'type': 'service',
'value': 'TCP/80'
}],
'type':
'in'
}
}
self.assertDictEqual(notfilter.filter, f)
query = LogQuery()
query.add_not_filter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('UDP/53', 'TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
notfilter.update_filter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue('play.googleapis.com')])
])
d = {
'type': 'not',
'value': {
'left': {
'id': 1586,
'type': 'field'
},
'right': [{
'type': 'string',
'value': 'play.googleapis.com'
}],
'type': 'in'
}
}
self.assertDictEqual(d, notfilter.filter)
query.update_filter(
NotFilter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue('play.googleapis.com')])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)