def test_get_elementvalue_getroot(self):
root = Element("root")
child1 = SubElement(root, "child1")
root.text = "Text"
expected_result = root.text
result = get_elementvalue(root, ".", True)
self.assertEqual(expected_result, result)
def get_port_from_idmef(self, device, tag_converted):
"""
Get port or portlist from IDMEF
:param device: specific IDMEF source or target element
:param tag_converted: boolean, which says if port (portlist should be tag as converted
:return: list of ports, which was retrieved from portlist or port element
"""
ports = get_elementvalues(device, "Service/port", tag_converted)
if not ports:
portlist = get_elementvalue(device, "Service/portlist",
tag_converted)
if portlist:
portlist_items = portlist.split(",")
for portlist_item in portlist_items:
portlist_item = portlist_item.replace(" ", "")
if "-" in portlist_item:
range_borders = portlist_item.split("-")
# here if range borders has count not 2, throw an exception
port_inside_range = int(range_borders[0])
up_border = int(range_borders[1])
while port_inside_range <= up_border:
ports.append(port_inside_range)
port_inside_range += 1
else:
ports.append(int(portlist_item))
else:
ports = [int(port) for port in ports]
return ports
def test_get_elementvalue_getlistelement_from_parent(self):
root = Element("root")
child1 = SubElement(root, "child1")
child1.set("attr", "attr")
child1.text = "Value2"
child11 = SubElement(child1, "child11")
child111 = SubElement(child11, "child111")
child111.text = "Value"
child1111 = SubElement(child111, "child1111")
child1111.set("attrib", "attrib")
expected_result = child111.text
result = get_elementvalue(child11, "child111", True)
self.assertEqual(expected_result, result)
def save_confidence(self, alert, idea_dict, tag_converted):
"""
Converts confidence from IDMEF alert to IDEA message
:param alert: input IDMEF alert element
:param idea_dict: dict, where converted IDEA is saved
:param tag_converted: boolean, which says if confidence should be tag as converted
"""
confidence_element = alert.find("Assessment/Confidence")
if confidence_element is not None:
rating_attr = confidence_element.get("rating", None)
if rating_attr == "numeric":
save_value_to_dict(
idea_dict, "Confidence",
get_elementvalue(confidence_element, ".", tag_converted))
def test_get_elementvalue_same_elements(self):
root = Element("root")
child1 = SubElement(root, "child1")
child1.set("attr", "attr")
child1.text = "Value2"
child11 = SubElement(child1, "child11")
child111 = SubElement(child11, "child111")
child111.text = "Value"
child1111 = SubElement(child111, "child1111")
child1111.set("attrib", "attrib")
child2 = SubElement(root, "child1")
child2.set("attr", "attr")
child2.text = "Different"
expected_result = child1.text
result = get_elementvalue(root, "child1", True)
self.assertEqual(expected_result, result)
def save_time(self, idea_dict, parent_element, time_element_tag, idea_key):
"""
Save specific time (CreateTime or DetectTime) to IDEA from IDMEF
:param idea_dict: dict, where converted IDEA is saved
:param parent_element: parent element of time element
:param time_element_tag: tag of specific time element, in this case CreateTime or DetectTime
:param idea_key: key, where converted time will be saved in dictionary
"""
time_element = parent_element.find(time_element_tag)
ntp_attribute = get_elementattribute(time_element,
".",
"ntpstamp",
tag_converted=True,
default_value=None)
if ntp_attribute is not None:
save_value_to_dict(idea_dict, idea_key, ntp_attribute)
else:
save_value_to_dict(
idea_dict, idea_key,
get_elementvalue(time_element, ".", tag_converted=True))