def test_Fevil2(self):
# Very simple test, just make sure we don't crash and get something back
# todo: Create a real unit test
load_test_path = self.BuildTestPath("TestData-AmCache")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir='/tmp')
tempdb.close()
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries2) = main([tempdb.name, "load", load_test_path])
try:
directCorrelationData1 = main([tempdb.name, "reconscan"])
directCorrelationData1 = main([tempdb.name, "fevil"])
except Exception as e:
print traceback.format_exc()
self.fail(e.message + "\n" + traceback.format_exc())
# Remove temp db
os.remove(tempdb.name)
# Check missing tcorr data
self.assertEquals(0, 0, "TestAppFevil2 - failed!")
def test_Stack_Generic01(self):
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Run
(db_filenameFullPath, db_version, db_count, num_instances,
num_entries) = main([self.testset1, "status"])
ret = main([self.testset1, "stack", "FileName"])
for item_count, item_file_name in [(int(i[1][0]), i[1][1])
for i in ret[1:]][1:10]:
print "Checking: " + item_file_name
(num_hits, num_hits_suppressed, results) = main(
[self.testset1, "search", "-F", '\\' + item_file_name])
self.assertEquals(num_hits, item_count,
"test_Stack_Generic01 failed!")
(num_hits2, num_hits_suppressed2, results2) = main([
self.testset1, "fsearch", "FileName", "-F",
"=" + item_file_name
])
self.assertEquals(num_hits2, item_count,
"test_Stack_Generic01 failed!")
# Check total entry count from stacking on FileName = total # entries.
count = sum([int(i[1][0]) for i in ret[1:]])
self.assertEquals(count, num_entries, "test_Stack_Generic01 failed!")
def __test_ZipLoadRecursive2(self):
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
load_test_path = self.BuildTestPath("TestZip-AppCompat")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts, num_hosts2,
"test_ZipLoadRecursive failed!")
self.assertEquals(num_instances, num_instances2,
"test_ZipLoadRecursive failed!")
self.assertEquals(num_entries, num_entries2,
"test_ZipLoadRecursive failed!")
def test_ShimcacheLeftOvers(self):
# todo: Think this use case makes no sense anymore as we no longer dump to temp -shimcache.txt files:
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Remove temp db
os.remove(tempdb.name)
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
self.assertEquals(num_hosts, 22, "test_SimpleLoad failed!")
self.assertEquals(num_entries, 11561, "test_SimpleLoad failed!")
def _test_TcorrMixed(self):
# Verify that AmCache data doesn't get mixed in with AppCompat in the tcorr module
# Note that we currently print results separately but return a unique structure with aggregates both datasets
load_test_path = self.BuildTestPath("TestData-mini")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db', prefix='testCase', dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances, num_entries) = main([tempdb.name, "load", load_test_path])
directCorrelationData1 = main([tempdb.name, "tcorr", "net.exe", "-w 3"])
# Check Name
self.assertEquals(directCorrelationData1[0][3], "net1.exe", "test_TcorrTest1 - Name failed!")
# Check Before
self.assertEquals(directCorrelationData1[0][6], 0, "test_TcorrTest1 - Before failed!")
# Check After
self.assertEquals(directCorrelationData1[0][7], 158, "test_TcorrTest1 - After failed!")
load_test_path = self.BuildTestPath("TestData-AmCache")
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2, num_entries2) = main([tempdb.name, "load", load_test_path])
directCorrelationData2 = main([tempdb.name, "tcorr", "net.exe", "-w 3"])
# Remove temp db
os.remove(tempdb.name)
# Check Name
self.assertEquals(directCorrelationData2[0][3], "net1.exe", "test_TcorrTest1 - Name failed!")
# Check Before
self.assertEquals(directCorrelationData2[0][6], 0 + 0, "test_TcorrTest1 - Before failed!")
# Check After
self.assertEquals(directCorrelationData2[0][7], 158 + 21, "test_TcorrTest1 - After failed!")
def test_AppCompat_IndexedSearch2(self):
rndFileName = ''.join(
random.choice(string.ascii_uppercase) for _ in range(20))
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
for i in xrange(0, 20):
entry_fields = settings.EntriesFields(
EntryType=settings.__APPCOMPAT__,
FilePath='C:\Temp',
FileName=rndFileName,
Size=i,
ExecFlag='True')
add_entry(DB, "TestHost01", entry_fields)
# Get temp file name for the DB
with tempfile.NamedTemporaryFile(
suffix='.txt',
prefix='test_AppCompat_IndexedSearch',
dir=tempfile.gettempdir()) as temp_file_indexed:
with tempfile.NamedTemporaryFile(
suffix='.txt',
prefix='test_AppCompat_NormalSearch',
dir=tempfile.gettempdir()) as temp_file_normal:
# Indexed Search
(num_hits, num_hits_suppressed, results) = main([
"-o", temp_file_indexed.name, self.testset1, "fsearch",
"FileName", "-F", rndFileName
])
# Standard Search
(num_hits2, num_hits_suppressed2, results2) = main([
"-o", temp_file_normal.name, self.testset1, "search", "-F",
"\\" + rndFileName
])
# Check we got the same number of hits
self.assertTrue(
num_hits == num_hits2,
sys._getframe().f_code.co_name +
" num_hits: %d" % num_hits)
# Check output has the expected results
self.assertEquals(
num_hits - num_hits_suppressed,
self.count_lines_regex(temp_file_indexed.name,
rndFileName),
sys._getframe().f_code.co_name +
" Output regex count doesn't match num_hits!")
# Check output has the expected results
self.assertEquals(
num_hits2 - num_hits_suppressed2,
self.count_lines_regex(temp_file_normal.name, rndFileName),
sys._getframe().f_code.co_name +
" Output regex count doesn't match num_hits!")
# Check standard and indexed search produced the same results
self.assertTrue(
self.compare_output_files(temp_file_normal.name,
temp_file_indexed.name),
"Results differ!")
def test_MultipleInstancesLoadAppCompat4(self):
load_test_path = self.BuildTestPath("MultipleInstances-1")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
# Create new hosts
new_filename = ""
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("_w32registry.xml")
]
for f in filelist:
new_filename = os.path.join(
load_test_path,
f.replace(
"49070f781b14d49c9086144819e45bee9fa215dea18dbe1223881c479314e8be",
"59070f781b14d49c9086144819e45bee9fa215dea18dbe1223881c479314e8be"
))
# Change timestamp
with open(new_filename, "wt") as fout:
with open(os.path.join(load_test_path, f), "rt") as fin:
for line in fin:
fout.write(
line.replace('2016-01-19T10:50:30Z',
'2020-01-19T10:50:35Z'))
load_test_path = self.BuildTestPath("MultipleInstances-1")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
# Remove new_filename
os.remove(new_filename)
self.assertEquals(num_hosts1, 1,
"test_MultipleInstancesLoadAppCompat4 failed!")
self.assertEquals(num_hosts2, 1,
"test_MultipleInstancesLoadAppCompat4 failed!")
self.assertEquals(num_instances1, 1,
"test_MultipleInstancesLoadAppCompat4 failed!")
self.assertEquals(num_instances2, 2,
"test_MultipleInstancesLoadAppCompat4 failed!")
self.assertEquals(num_entries1 * 2, num_entries2,
"test_MultipleInstancesLoadAppCompat4 failed!")
def __test_ZipLoadAmCache(self):
load_test_path = self.BuildTestPath("TestData-AmCache")
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Remove all fake hosts
filelist = [
f for f in os.listdir(load_test_path) if f.startswith("new_test_")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
load_test_path = self.BuildTestPath(
"TestZip-AmCache/345a67b67f766.zip")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts, num_hosts2, "test_ZipLoadAmCache failed!")
self.assertEquals(num_instances, num_instances2,
"test_ZipLoadAmCache failed!")
self.assertEquals(num_entries, num_entries2,
"test_ZipLoadAmCache failed!")
def test_AddNewHostsAmCache(self):
load_test_path = self.BuildTestPath("TestData-AmCache")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
# Load hosts
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Do simple search
(num_hits1, num_hits_suppressed1,
results1) = main([tempdb.name, "search", "-F", "calc.exe"])
# Create new hosts
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("_octet-stream.xml")
]
for f in filelist:
copyfile(os.path.join(load_test_path, f),
os.path.join(load_test_path, "new_test_" + f))
# Add new hosts just added
(db_filenameFullPath, db_version, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Do simple search
(num_hits2, num_hits_suppressed2,
results2) = main([tempdb.name, "search", "-F", "calc.exe"])
# Remove all fake hosts
filelist = [
f for f in os.listdir(load_test_path) if f.startswith("new_test_")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts1 * 2, num_hosts2,
"test_AddNewHostsAmCache failed!")
self.assertEquals(num_entries1 * 2, num_entries2,
"test_AddNewHostsAmCache failed!")
self.assertEquals(num_hits1 * 2, num_hits2,
"test_AddNewHostsAmCache failed!")
def test_RecursiveLoad(self):
load_test_path = self.BuildTestPath("Recursive")
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
self.assertEquals(num_hosts, 23, "test_RecursiveLoad failed!")
self.assertEquals(num_entries, 12442, "test_RecursiveLoad failed!")
def test_AmCache_LiteralSearch(self):
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
for i in xrange(0, 10):
entry_fields = settings.EntriesFields(
EntryType=settings.__AMCACHE__,
FilePath='C:\Temp',
FileName='calc.exe',
Size=i,
ExecFlag='True')
add_entry(DB, "TestHost01", entry_fields)
# Get temp file name for the DB
with tempfile.NamedTemporaryFile(
suffix='.txt', prefix='Output',
dir=tempfile.gettempdir()) as temp_file:
# Search
(num_hits, num_hits_suppressed, results) = main([
"-o", temp_file.name, self.testset1, "search", "-F", "calc.exe"
])
# Check we got at least as many as we added into the DB
self.assertTrue(
num_hits >= 10,
sys._getframe().f_code.co_name + " num_hits: %d" % num_hits)
# Check output has the expected result
self.assertEquals(
num_hits, self.count_lines_regex(temp_file.name, "calc\.exe"),
sys._getframe().f_code.co_name +
" Output regex count doesn't match num_hits!")
def test_AppCompat_LiteralSearchNoHits(self):
rndFileName = ''.join(
random.choice(string.ascii_uppercase) for _ in range(20))
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Get temp file name for the DB
with tempfile.NamedTemporaryFile(
suffix='.txt',
prefix='test_AppCompat_LiteralSearch',
dir=tempfile.gettempdir()) as temp_file:
# Search
(num_hits, num_hits_suppressed, results) = main([
"-o", temp_file.name, self.testset1, "search", "-F",
rndFileName
])
# Check we got at least as many as we added into the DB
self.assertTrue(
num_hits == 0,
sys._getframe().f_code.co_name + " num_hits: %d" % num_hits)
# Check output has the expected result
self.assertEquals(
num_hits - num_hits_suppressed,
self.count_lines_regex(temp_file.name, rndFileName),
sys._getframe().f_code.co_name +
" Output regex count doesn't match num_hits!")
def test_Stack(self):
rndFileName = ''.join(
random.choice(string.ascii_uppercase) for _ in range(15))
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Add stuff to stack
for i in xrange(0, 10):
entry_fields = settings.EntriesFields(
EntryType=settings.__APPCOMPAT__,
FilePath='C:\Windows',
FileName=rndFileName,
Size=i,
ExecFlag='True')
add_entry(DB, "TestHost01", entry_fields)
# Run
ret = main([
self.testset1, "stack", "FileName", "FilePath = 'c:\Windows'"
])
# Check status count == db count
count = int([i[1][0] for i in ret if rndFileName in i[1]][0])
self.assertEquals(count, 10, "test_Stack failed!")
def test_TStack(self):
rndFileName = 'randomfilename.rnd'
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Add stuff to stack
for i in xrange(0, 10):
entry_fields = settings.EntriesFields(
EntryType=settings.__APPCOMPAT__,
FilePath='C:\Windows',
FileName=rndFileName,
Size=i,
LastModified='1000-01-01 00:00:0' + str(i))
add_entry(DB, "TestHost01", entry_fields)
# Run
ret = main([self.testset1, "tstack", '1000-01-01', '1000-01-02'])
# Check we found the right file
self.assertEquals(ret[1][1][0], rndFileName, "test_TStack failed!")
# Check expected in count
self.assertEquals(int(ret[1][1][1]), 10, "test_TStack failed!")
# Check expected out count
self.assertEquals(int(ret[1][1][2]), 0, "test_TStack failed!")
def test_Filehitcount1(self):
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
entry_fields = settings.EntriesFields(EntryType=settings.__APPCOMPAT__, FilePath='C:\Temp', FileName='test123.exe')
add_entry(DB, "TestHost01", entry_fields)
entry_fields = settings.EntriesFields(EntryType=settings.__APPCOMPAT__, FilePath='C:\Temp', FileName='test1234.exe')
add_entry(DB, "TestHost01", entry_fields)
entry_fields = settings.EntriesFields(EntryType=settings.__APPCOMPAT__, FilePath='C:\\test123.exe', FileName='nohit.exe')
add_entry(DB, "TestHost01", entry_fields)
# Get temp db name for the test
temp_file = tempfile.NamedTemporaryFile(suffix='.db', prefix='testCase', dir=tempfile.gettempdir())
temp_file.close()
with open(temp_file.name, 'w') as fh:
fh.write('test123.exe')
try:
ret = main([self.testset1, "filehitcount", temp_file.name])
except Exception as e:
print traceback.format_exc()
self.fail(e.message + "\n" + traceback.format_exc())
# Remove temp file
os.remove(temp_file.name)
num_hits = len(ret)
self.assertEquals(num_hits, 2, sys._getframe().f_code.co_name)
self.assertEquals(ret[1][1][1][0], 'test123.exe', "test_Tstomp1 failed!")
self.assertEquals(int(ret[1][1][1][1]), 1, "test_Tstomp1 failed!")
def test_SimpleLoadAppCompat(self):
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(
suffix='.db',
prefix='testCase_SimpleLoadAppCompat',
dir=tempfile.gettempdir())
tempdb.close()
try:
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
except Exception as e:
print traceback.format_exc()
self.fail(e.message + "\n" + traceback.format_exc())
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts, 22, "test_SimpleLoadAppCompat failed!")
self.assertEquals(num_instances, 22,
"test_SimpleLoadAppCompat failed!")
self.assertEquals(num_entries, 11561,
"test_SimpleLoadAppCompat failed!")
def test_AddExistingHosts_PreProcessed(self):
load_test_path = self.BuildTestPath("miniXML")
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
# Load hosts
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
# Reload the same set of hosts again
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
# Remove all pre-processed -shimcache.txt files:
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("-shimcache.txt")
]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
self.assertEquals(num_hosts1, num_hosts2,
"test_AddExistingHosts_PreProcessed failed!")
self.assertEquals(num_entries1, num_entries2,
"test_AddExistingHosts_PreProcessed failed!")
def test_ReconscanAppCompat(self):
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db', prefix='testCase', dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances, num_entries) = main([tempdb.name, "load", load_test_path])
# Remove all pre-processed -shimcache.txt files:
filelist = [ f for f in os.listdir(load_test_path) if f.endswith("-shimcache.txt") ]
for f in filelist:
os.remove(os.path.join(load_test_path, f))
num_hits = main([tempdb.name, "reconscan"])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hits, 10, "test_LiteralSearch failed!")
def test_MultipleInstancesLoadAppCompat2(self):
load_test_path = self.BuildTestPath("MultipleInstances-1")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
self.assertEquals(num_hosts1, 1,
"test_MultipleInstancesLoadAppCompat2 failed!")
if num_instances1 == 2:
print "stop"
self.assertEquals(num_instances1, 1,
"test_MultipleInstancesLoadAppCompat2 failed!")
# Remove temp db
os.remove(tempdb.name)
load_test_path = self.BuildTestPath("MultipleInstances-2")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
self.assertEquals(num_hosts1, 1,
"test_MultipleInstancesLoadAppCompat2 failed!")
self.assertEquals(num_hosts2, 1,
"test_MultipleInstancesLoadAppCompat2 failed!")
self.assertEquals(num_instances1, 1,
"test_MultipleInstancesLoadAppCompat2 failed!")
self.assertEquals(num_instances2, 2,
"test_MultipleInstancesLoadAppCompat2 failed!")
self.assertEquals(num_entries2, num_entries1 * 2,
"test_MultipleInstancesLoadAppCompat2 failed!")
# Remove temp db
os.remove(tempdb.name)
def test_AddNewHostsAppCompat(self):
# todo: Test is not finishing
return (0)
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
# Load hosts
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Do simple search
(num_hits1, num_hits_suppressed1,
results1) = main([tempdb.name, "search", "-F", "calc.exe"])
# Create new hosts
filelist = [
f for f in os.listdir(load_test_path)
if f.endswith("_w32registry.xml")
]
for f in filelist:
copyfile(os.path.join(load_test_path, f),
os.path.join(load_test_path, "new_test_" + f))
# Add new hosts just added
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Do simple search
(num_hits2, num_hits_suppressed2,
results2) = main([tempdb.name, "search", "-F", "calc.exe"])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts1 * 2, num_hosts2,
"test_AddNewHostsAppCompat failed!")
self.assertEquals(num_entries1 * 2, num_entries2,
"test_AddNewHostsAppCompat failed!")
self.assertEquals(num_hits1 * 2, num_hits2,
"test_AddNewHostsAppCompat failed!")
def test_AddExistingHostsAppCompat(self):
load_test_path = self.BuildTestPath("miniXML")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
# Load hosts
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Reload the same set of hosts again
(db_filenameFullPath2, db_version2, num_hosts2, num_instances2,
num_entries2) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts1, num_hosts2, "test_SimpleLoad failed!")
self.assertEquals(num_entries1, num_entries2,
"test_SimpleLoad failed!")
def _test_TcorrAmCache(self):
load_test_path = self.BuildTestPath("TestData-AmCache")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries2) = main([tempdb.name, "load", load_test_path])
directCorrelationData1 = main(
[tempdb.name, "tcorr", "net.exe", "-w 3"])
# Remove temp db
os.remove(tempdb.name)
# Check Name
self.assertEquals(directCorrelationData1[0][3], "net1.exe",
"test_TcorrTest1 - Name failed!")
# Check Before
self.assertEquals(directCorrelationData1[0][6], 0,
"test_TcorrTest1 - Before failed!")
# Check After
self.assertEquals(directCorrelationData1[0][7], 21,
"test_TcorrTest1 - After failed!")
def test_AppCompat_LiteralSearch_Suppressed(self):
rndFileName = ''.join(
random.choice(string.ascii_uppercase) for _ in range(15))
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Add 10 entries
for i in xrange(0, 10):
entry_fields = settings.EntriesFields(
EntryType=settings.__APPCOMPAT__,
FilePath='C:\Temp',
FileName=rndFileName,
Size=i,
ExecFlag='True')
add_entry(DB, "TestHost01", entry_fields)
# Add 10 entries which will be deduped to 1 on search
for i in xrange(0, 10):
entry_fields = settings.EntriesFields(
EntryType=settings.__APPCOMPAT__,
FilePath='C:\Temp',
FileName=rndFileName,
Size=1000,
ExecFlag='True')
add_entry(DB, "TestHost01", entry_fields)
# Get temp file name for the DB
with tempfile.NamedTemporaryFile(
suffix='.txt', prefix='Output',
dir=tempfile.gettempdir()) as temp_file:
# Search
(num_hits, num_hits_suppressed, results) = main([
"-o", temp_file.name, self.testset1, "search", "-F",
rndFileName
])
# Check we got as many hits as we expect
self.assertTrue(
num_hits == 10 + 10,
sys._getframe().f_code.co_name + " num_hits: %d - %s" %
(num_hits, self.testset1))
# Check supression worked as expected
self.assertTrue(
num_hits_suppressed == 9,
sys._getframe().f_code.co_name + " num_hits: %d" % num_hits)
# Check output has the expected result
self.assertEquals(
num_hits - num_hits_suppressed,
self.count_lines_regex(temp_file.name, rndFileName),
sys._getframe().f_code.co_name +
" Output regex count doesn't match num_hits!")
def test_Leven2(self):
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Add stuff
entry_fields = settings.EntriesFields(EntryType=settings.__APPCOMPAT__, FilePath='C:\Windows\System32',
FileName='svchosts.exe')
add_entry(DB, "TestHost01", entry_fields)
# Run
ret = main([self.testset1, "leven"])
# Check we found the right file
self.assertEquals('svchosts.exe' in ret[1][1][1], True, "test_Leven2 failed!")
def test_SimpleLoadAmCache(self):
load_test_path = self.BuildTestPath("TestData-AmCache")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath1, db_version1, num_hosts1, num_instances1,
num_entries1) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts1, 6, "test_SimpleLoad failed!")
self.assertEquals(num_entries1, 31260, "test_SimpleLoad failed!")
def test_Leven(self):
rndFileName = ''.join(random.choice(string.ascii_uppercase) for _ in range(15))
with appDB.DBClass(self.testset1, settings.__version__) as DB:
DB.appInitDB()
conn = DB.appConnectDB()
# Add stuff
entry_fields = settings.EntriesFields(EntryType=settings.__APPCOMPAT__, FilePath='C:\Windows\System32', FileName=rndFileName)
add_entry(DB, "TestHost01", entry_fields)
# Run
leven_fileName = 'a' + rndFileName
ret = main([self.testset1, "leven", leven_fileName])
# Check we found the right file
self.assertEquals(ret[1][1][1], "'"+rndFileName+"'", "test_Leven failed!")
def __test_ZipLoadAppCompat(self):
load_test_path = self.BuildTestPath(
"TestZip-AppCompat/dir1/56fe48f9b8b35.zip")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts, 22, "test_ZipLoadAppCompat failed!")
def test_RecursiveLoad(self):
load_test_path = self.BuildTestPath("Recursive")
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(suffix='.db',
prefix='testCase',
dir=tempfile.gettempdir())
tempdb.close()
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
# Remove temp db
os.remove(tempdb.name)
self.assertEquals(num_hosts, 23, "test_RecursiveLoad failed!")
self.assertEquals(num_entries, 12442, "test_RecursiveLoad failed!")
def test_ingestTestSets1(self):
test_sets = [
("StructuredRepo/HX_Grabstuffr/ICE_Exec-Defaults/AmCache-Default",
2, 2, 366),
("StructuredRepo/HX_Grabstuffr/ICE_Exec-Defaults/AppCompat-Default",
3, 3, 632),
("StructuredRepo/HX_Grabstuffr/ICE_Exec-Defaults/ShimShady64b-Default",
3, 3, 479),
("StructuredRepo/HX_Grabstuffr/ICE_Exec-Defaults", 4, 8, 1477)
]
for test in test_sets:
load_test_path = self.BuildTestPath(test[0])
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(
suffix='.db',
prefix='testCase_ingestTestSets',
dir=tempfile.gettempdir())
tempdb.close()
try:
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
except Exception as e:
print traceback.format_exc()
self.fail(traceback.format_exc())
# Remove temp db
os.remove(tempdb.name)
if num_hosts <> test[1] or num_instances <> test[
2] or num_entries <> test[3]:
print("Test %s failed!" % test[0])
self.fail("Test %s failed!" % test[0])
self.assertEquals(num_hosts, test[1], "test failed!")
self.assertEquals(num_instances, test[2], "test failed!")
self.assertEquals(num_entries, test[3], "test failed!")
def test_ingestTestSets2(self):
test_sets = [
("StructuredRepo/HX_Grabstuffr/ICE_32and64bShimShadyDefaults", 2,
2, 308),
("StructuredRepo/HX_Grabstuffr/HXRegistryAPIAudit_AMCacheAquisition",
3, 4, 626),
("StructuredRepo/HX_Grabstuffr/ICE_ACPBundle-Tunned", 3, 7, 1105),
("StructuredRepo/HX_Grabstuffr/ICE_Stacking-Defaults", 3, 3, 368)
]
for test in test_sets:
load_test_path = self.BuildTestPath(test[0])
# Get temp db name for the test
tempdb = tempfile.NamedTemporaryFile(
suffix='.db',
prefix='testCase_ingestTestSets',
dir=tempfile.gettempdir())
tempdb.close()
try:
(db_filenameFullPath, db_version, num_hosts, num_instances,
num_entries) = main([tempdb.name, "load", load_test_path])
except Exception as e:
print traceback.format_exc()
self.fail(traceback.format_exc())
# Remove temp db
os.remove(tempdb.name)
if num_hosts <> test[1] or num_instances <> test[
2] or num_entries <> test[3]:
print("Test %s failed!" % test[0])
self.fail("Test %s failed!" % test[0])
self.assertEquals(num_hosts, test[1], "test failed!")
self.assertEquals(num_instances, test[2], "test failed!")
self.assertEquals(num_entries, test[3], "test failed!")