def test_04_basic_math(self):
"""
Perform filtering tests with basic math operations.
"""
self.maxDiff = None
rule = MathBinOpRule('OP_PLUS', VariableRule("ConnCount"), IntegerRule(1))
self.assertEqual(self.check_rule(rule), 3)
rule = MathBinOpRule('OP_MINUS', VariableRule("ConnCount"), IntegerRule(1))
self.assertEqual(self.check_rule(rule), 1)
rule = MathBinOpRule('OP_TIMES', VariableRule("ConnCount"), IntegerRule(5))
self.assertEqual(self.check_rule(rule), 10)
rule = MathBinOpRule('OP_DIVIDE', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), 1)
rule = MathBinOpRule('OP_MODULO', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), 0)
def test_03_functions(self):
"""
Perform basic rules tests: instantinate and check all rule objects.
"""
self.maxDiff = None
rule_integer = IntegerRule(15)
rule_func1 = FunctionRule('utcnow')
self.assertEqual(str(rule_func1), "utcnow()")
self.assertEqual(repr(rule_func1), "FUNCTION(utcnow())")
rule_func2 = FunctionRule('resolve', rule_integer)
self.assertEqual(str(rule_func2), "resolve(INTEGER(15),)")
self.assertEqual(repr(rule_func2), "FUNCTION(resolve(INTEGER(15),))")
def test_01_basic(self):
"""
Demonstrate and test the :py:class:`pynspect.traversers.HTMLTreeTraverser` object.
"""
self.maxDiff = None
rule_binop_l = LogicalBinOpRule('OP_OR', VariableRule('Test.Variable'), IntegerRule(10))
self.assertEqual(rule_binop_l.traverse(self.tvs), '<div class="pynspect-rule-operation pynspect-rule-operation-logical"><h3 class="pynspect-rule-operation-name">OP_OR</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-variable"><kbd>Test.Variable</kbd></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>10</code></div></li></ul></div>')
rule_binop_c = ComparisonBinOpRule('OP_GT', VariableRule('Test'), IntegerRule(15))
self.assertEqual(rule_binop_c.traverse(self.tvs), '<div class="pynspect-rule-operation pynspect-rule-operation-comparison"><h3 class="pynspect-rule-operation-name">OP_GT</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>15</code></div></li></ul></div>')
rule_binop_m = MathBinOpRule('OP_PLUS', VariableRule('Test'), IntegerRule(10))
self.assertEqual(rule_binop_m.traverse(self.tvs), '<div class="pynspect-rule-operation pynspect-rule-operation-math"><h3 class="pynspect-rule-operation-name">OP_PLUS</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>10</code></div></li></ul></div>')
rule_binop = LogicalBinOpRule('OP_OR', ComparisonBinOpRule('OP_GT', MathBinOpRule('OP_PLUS', VariableRule('Test'), IntegerRule(10)), IntegerRule(20)), ComparisonBinOpRule('OP_LT', VariableRule('Test'), IntegerRule(5)))
self.assertEqual(rule_binop.traverse(self.tvs), '<div class="pynspect-rule-operation pynspect-rule-operation-logical"><h3 class="pynspect-rule-operation-name">OP_OR</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-operation pynspect-rule-operation-comparison"><h3 class="pynspect-rule-operation-name">OP_GT</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-operation pynspect-rule-operation-math"><h3 class="pynspect-rule-operation-name">OP_PLUS</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>10</code></div></li></ul></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>20</code></div></li></ul></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-operation pynspect-rule-operation-comparison"><h3 class="pynspect-rule-operation-name">OP_LT</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-left"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-constant pynspect-rule-constant-integer"><code>5</code></div></li></ul></div></li></ul></div>')
rule_unop = UnaryOperationRule('OP_NOT', VariableRule('Test'))
self.assertEqual(rule_unop.traverse(self.tvs), '<div class="pynspect-rule-operation pynspect-rule-operation-unary"><h3 class="pynspect-rule-operation-name">OP_NOT</h3><ul class="pynspect-rule-operation-arguments"><li class="pynspect-rule-operation-argument-right"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li></ul></div>')
rule_function = FunctionRule('test', VariableRule('Test'))
self.assertEqual(rule_function.traverse(self.tvs), '<div class="pynspect-rule-function"><h3 class="pynspect-rule-function-name">test</h3><ul class="pynspect-rule-function-arguments><li class="pynspect-rule-function-argument"><div class="pynspect-rule-variable"><kbd>Test</kbd></div></li></ul></div>')
def test_01_basic(self):
"""
Demonstrate and test the :py:class:`pynspect.traversers.PrintingTreeTraverser` object.
"""
self.maxDiff = None
rule_binop_l = LogicalBinOpRule('OP_OR', VariableRule("Test"), IntegerRule(10))
self.assertEqual(rule_binop_l.traverse(self.tvs), 'LOGBINOP(OP_OR;VARIABLE(Test);INTEGER(10))')
rule_binop_c = ComparisonBinOpRule('OP_GT', VariableRule("Test"), IntegerRule(15))
self.assertEqual(rule_binop_c.traverse(self.tvs), 'COMPBINOP(OP_GT;VARIABLE(Test);INTEGER(15))')
rule_binop_m = MathBinOpRule('OP_PLUS', VariableRule("Test"), IntegerRule(10))
self.assertEqual(rule_binop_m.traverse(self.tvs), 'MATHBINOP(OP_PLUS;VARIABLE(Test);INTEGER(10))')
rule_binop = LogicalBinOpRule('OP_OR', ComparisonBinOpRule('OP_GT', MathBinOpRule('OP_PLUS', VariableRule("Test"), IntegerRule(10)), IntegerRule(20)), ComparisonBinOpRule('OP_LT', VariableRule("Test"), IntegerRule(5)))
self.assertEqual(rule_binop.traverse(self.tvs), 'LOGBINOP(OP_OR;COMPBINOP(OP_GT;MATHBINOP(OP_PLUS;VARIABLE(Test);INTEGER(10));INTEGER(20));COMPBINOP(OP_LT;VARIABLE(Test);INTEGER(5)))')
rule_unop = UnaryOperationRule('OP_NOT', VariableRule("Test"))
self.assertEqual(rule_unop.traverse(self.tvs), 'UNOP(OP_NOT;VARIABLE(Test))')
rule_function = FunctionRule('test', VariableRule("Test"))
self.assertEqual(rule_function.traverse(self.tvs), "FUNCTION(test;VARIABLE(Test))")
def test_02_operations(self):
"""
Perform basic rules tests: instantinate and check all rule objects.
"""
self.maxDiff = None
rule_var = VariableRule("Test")
rule_integer = IntegerRule(15)
rule_binop_l = LogicalBinOpRule("OP_OR", rule_var, rule_integer)
self.assertEqual(str(rule_binop_l), "(Test OP_OR 15)")
self.assertEqual(repr(rule_binop_l),
"LOGBINOP(VARIABLE('Test') OP_OR INTEGER(15))")
rule_binop_c = ComparisonBinOpRule("OP_GT", rule_var, rule_integer)
self.assertEqual(str(rule_binop_c), "(Test OP_GT 15)")
self.assertEqual(repr(rule_binop_c),
"COMPBINOP(VARIABLE('Test') OP_GT INTEGER(15))")
rule_binop_m = MathBinOpRule("OP_PLUS", rule_var, rule_integer)
self.assertEqual(str(rule_binop_m), "(Test OP_PLUS 15)")
self.assertEqual(repr(rule_binop_m),
"MATHBINOP(VARIABLE('Test') OP_PLUS INTEGER(15))")
rule_binop = LogicalBinOpRule(
"OP_OR",
ComparisonBinOpRule(
"OP_GT",
MathBinOpRule("OP_PLUS", VariableRule("Test"),
IntegerRule(10)), IntegerRule(20)),
ComparisonBinOpRule("OP_LT", VariableRule("Test"), IntegerRule(5)))
self.assertEqual(
str(rule_binop),
"(((Test OP_PLUS 10) OP_GT 20) OP_OR (Test OP_LT 5))")
self.assertEqual(
repr(rule_binop),
"LOGBINOP(COMPBINOP(MATHBINOP(VARIABLE('Test') OP_PLUS INTEGER(10)) OP_GT INTEGER(20)) OP_OR COMPBINOP(VARIABLE('Test') OP_LT INTEGER(5)))"
)
rule_unop = UnaryOperationRule("OP_NOT", rule_var)
self.assertEqual(str(rule_unop), "(OP_NOT Test)")
self.assertEqual(repr(rule_unop), "UNOP(OP_NOT VARIABLE('Test'))")
def test_01_values(self):
"""
Perform basic rules tests: instantinate and check all rule objects.
"""
self.maxDiff = None
rule_var = VariableRule("Test")
self.assertEqual(str(rule_var), "Test")
self.assertEqual(repr(rule_var), "VARIABLE('Test')")
rule_const = ConstantRule("constant")
self.assertEqual(str(rule_const), '"constant"')
self.assertEqual(repr(rule_const), "CONSTANT('constant')")
rule_ipv4 = IPV4Rule("127.0.0.1")
self.assertEqual(str(rule_ipv4), "127.0.0.1")
self.assertEqual(repr(rule_ipv4), "IPV4('127.0.0.1')")
rule_ipv6 = IPV6Rule("::1")
self.assertEqual(str(rule_ipv6), "::1")
self.assertEqual(repr(rule_ipv6), "IPV6('::1')")
rule_datetime = DatetimeRule("2017-01-01T12:00:00Z")
self.assertEqual(str(rule_datetime), "2017-01-01T12:00:00Z")
self.assertEqual(repr(rule_datetime),
"DATETIME('2017-01-01T12:00:00Z')")
rule_timedelta = TimedeltaRule(3600)
self.assertEqual(str(rule_timedelta), "3600")
self.assertEqual(repr(rule_timedelta), "TIMEDELTA(3600)")
rule_integer = IntegerRule(15)
self.assertEqual(str(rule_integer), "15")
self.assertEqual(repr(rule_integer), "INTEGER(15)")
rule_float = FloatRule(15.5)
self.assertEqual(str(rule_float), "15.5")
self.assertEqual(repr(rule_float), "FLOAT(15.5)")
rule_list = ListRule(
VariableRule("Test"),
ListRule(ConstantRule("constant"),
ListRule(IPV4Rule("127.0.0.1"))))
self.assertEqual(str(rule_list), '[Test, "constant", 127.0.0.1]')
self.assertEqual(
repr(rule_list),
"LIST(VARIABLE('Test'), CONSTANT('constant'), IPV4('127.0.0.1'))")
self.assertEqual(
str(rule_list.value),
"[VARIABLE('Test'), CONSTANT('constant'), IPV4('127.0.0.1')]")
self.assertEqual(
pformat(rule_list.value),
"[VARIABLE('Test'), CONSTANT('constant'), IPV4('127.0.0.1')]")
def _create_factor_rule(tok):
"""
Simple helper method for creating factor node objects based on node name.
"""
if tok[0] == 'IPV4':
return IPV4Rule(tok[1])
if tok[0] == 'IPV6':
return IPV6Rule(tok[1])
if tok[0] == 'DATETIME':
return DatetimeRule(tok[1])
if tok[0] == 'TIMEDELTA':
return TimedeltaRule(tok[1])
if tok[0] == 'INTEGER':
return IntegerRule(tok[1])
if tok[0] == 'FLOAT':
return FloatRule(tok[1])
if tok[0] == 'VARIABLE':
return VariableRule(tok[1])
return ConstantRule(tok[1])
raise FilteringRuleException("Invalid function name '{}'".format(fname))
#-------------------------------------------------------------------------------
#
# Perform the demonstration.
#
if __name__ == "__main__":
from pynspect.rules import IntegerRule, VariableRule, LogicalBinOpRule,\
UnaryOperationRule, ComparisonBinOpRule, MathBinOpRule
# Create couple of test rules.
RULE_VAR = VariableRule("Test")
RULE_INTEGER = IntegerRule(15)
RULE_BINOP_L = LogicalBinOpRule('OP_OR', RULE_VAR, RULE_INTEGER)
RULE_BINOP_C = ComparisonBinOpRule('OP_GT', RULE_VAR, RULE_INTEGER)
RULE_BINOP_M = MathBinOpRule('OP_PLUS', RULE_VAR, RULE_INTEGER)
RULE_BINOP = LogicalBinOpRule('OP_OR', ComparisonBinOpRule('OP_GT', MathBinOpRule('OP_PLUS', VariableRule("Test"), IntegerRule(10)), IntegerRule(20)), ComparisonBinOpRule('OP_LT', VariableRule("Test"), IntegerRule(5)))
RULE_UNOP = UnaryOperationRule('OP_NOT', RULE_VAR)
print("* Traverser usage:")
RULE_TRAVERSER = PrintingTreeTraverser()
print("{}".format(RULE_BINOP_L.traverse(RULE_TRAVERSER)))
print("{}".format(RULE_BINOP_C.traverse(RULE_TRAVERSER)))
print("{}".format(RULE_BINOP_M.traverse(RULE_TRAVERSER)))
print("{}".format(RULE_BINOP.traverse(RULE_TRAVERSER)))
print("{}".format(RULE_UNOP.traverse(RULE_TRAVERSER)))
def test_02_basic_comparison(self):
"""
Perform filtering tests with basic comparison operations.
"""
self.maxDiff = None
rule = ComparisonBinOpRule('OP_EQ', VariableRule("ID"), ConstantRule("e214d2d9-359b-443d-993d-3cc5637107a0"))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_EQ', VariableRule("ID"), ConstantRule("e214d2d9-359b-443d-993d-3cc5637107"))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_NE', VariableRule("ID"), ConstantRule("e214d2d9-359b-443d-993d-3cc5637107a0"))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_NE', VariableRule("ID"), ConstantRule("e214d2d9-359b-443d-993d-3cc5637107"))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_LIKE', VariableRule("ID"), ConstantRule("e214d2d9"))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_LIKE', VariableRule("ID"), ConstantRule("xxxxxxxx"))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_IN', VariableRule("Category"), ListRule(ConstantRule("Phishing"), ListRule(ConstantRule("Attempt.Login"))))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_IN', VariableRule("Category"), ListRule(ConstantRule("Phishing"), ListRule(ConstantRule("Spam"))))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_IS', VariableRule("Category"), ListRule(ConstantRule("Attempt.Login")))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_IS', VariableRule("Category"), ListRule(ConstantRule("Phishing"), ListRule(ConstantRule("Attempt.Login"))))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_EQ', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_EQ', VariableRule("ConnCount"), IntegerRule(4))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_NE', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_NE', VariableRule("ConnCount"), IntegerRule(4))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_GT', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_GT', VariableRule("ConnCount"), IntegerRule(1))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_GE', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_GE', VariableRule("ConnCount"), IntegerRule(1))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_GE', VariableRule("ConnCount"), IntegerRule(3))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_LT', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), False)
rule = ComparisonBinOpRule('OP_LT', VariableRule("ConnCount"), IntegerRule(3))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_LE', VariableRule("ConnCount"), IntegerRule(2))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_LE', VariableRule("ConnCount"), IntegerRule(3))
self.assertEqual(self.check_rule(rule), True)
rule = ComparisonBinOpRule('OP_LE', VariableRule("ConnCount"), IntegerRule(1))
self.assertEqual(self.check_rule(rule), False)
def binary_operation_math(self, rule, left, right, **kwargs):
"""
Implementation of :py:func:`pynspect.traversers.RuleTreeTraverser.binary_operation_math` interface.
"""
return self.evaluate_binop_math(rule.operation, left, right, **kwargs)
def unary_operation(self, rule, right, **kwargs):
"""
Implementation of :py:func:`pynspect.traversers.RuleTreeTraverser.unary_operation` interface.
"""
return self.evaluate_unop(rule.operation, right, **kwargs)
#-------------------------------------------------------------------------------
#
# Perform the demonstration.
#
if __name__ == "__main__":
import pprint
from pynspect.rules import IntegerRule, VariableRule, ComparisonBinOpRule
DEMO_DATA = {"Test": 15, "Attr": "ABC"}
DEMO_RULE = ComparisonBinOpRule('OP_GT', VariableRule("Test"), IntegerRule(10))
DEMO_FILTER = DataObjectFilter()
pprint.pprint(DEMO_FILTER.filter(DEMO_RULE, DEMO_DATA))