def test_unload_loaded_unpersisted(self, mock_reload, mock_get_audit_info):
"""
Unnitest to unload a loaded and unpersisted rule.
:param mock_reload:
:param mock_delete:
:param mock_get_audit_info:
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
audit_info = {'loaded': 'yes', 'persisted': 'no',
'type': 'System Call Rule',
'rule_info': {'action': u'always',
'filter': u'exit',
'systemcall': u'init_module,'
u'delete_module,'
u'finit_module',
'key': u'abc99', 'field': [u'arch=b32',
u'arch=b64',
u'key=abc99']
},
'rule': u'-a always,exit -F arch=b32 '
u'-F arch=b64 -S init_module,'
u'delete_module,finit_module'
u' -F key=abc99'
}
mock_get_audit_info.return_value = audit_info
mock_reload.return_value = {}
rulemodel = RuleModel()
rulemodel.unload(rule)
mock_get_audit_info.assert_called_with(rule)
def test_unload_loaded_unpersisted(self, mock_reload, mock_get_audit_info):
"""
Unnitest to unload a loaded and unpersisted rule.
:param mock_reload:
:param mock_delete:
:param mock_get_audit_info:
:return:
"""
rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \
'delete_module,finit_module -F key=abc99'
audit_info = {'loaded': 'yes', 'persisted': 'no',
'type': 'System Call Rule',
'rule_info': {'action': u'always',
'filter': u'exit',
'systemcall': u'init_module,'
u'delete_module,'
u'finit_module',
'key': u'abc99', 'field': [u'arch=b32',
u'arch=b64',
u'key=abc99']
},
'rule': u'-a always,exit -F arch=b32 '
u'-F arch=b64 -S init_module,'
u'delete_module,finit_module'
u' -F key=abc99'
}
mock_get_audit_info.return_value = audit_info
mock_reload.return_value = {}
rulemodel = RuleModel()
rulemodel.unload(rule)
mock_get_audit_info.assert_called_with(rule)
