def test_execute(self, mock_rules, mock_upload, mock_rotate_logs): watcher = SuricataAlertWatcher() now = datetime(2015, 1, 1) watcher.execute(now) mock_rotate_logs.assert_called_with(watcher) mock_upload.assert_called_with(watcher, now, compress=True) mock_rules.assert_called_with(watcher)
def test_execute_no_rules(self, mock_rules, mock_upload, mock_rotate_logs, mock_utc): now = datetime(2015, 1, 1) mock_utc.return_value = now watcher = SuricataAlertWatcher() watcher.execute(now) mock_rotate_logs.assert_called_with(watcher) mock_upload.assert_called_with(watcher, now, compress=True) self.assertEquals(mock_rules.call_count, 0)
def test_execute_no_suricata(self, mock_check_output): watcher = SuricataAlertWatcher() watcher.api = MagicMock() # It's time to update, but the rule directory doesn't exist. # So we won't. rule_path = path.join(self.tempdir, 'different-dir/downloaded.rules') with patch(patch_path('SURICATA_RULE_PATH'), rule_path): now = datetime(2015, 1, 1) watcher.execute(now) self.assertFalse(watcher.api.mock_calls)
def test_execute_no_rules(self, mock_rules, mock_upload, mock_rotate_logs, mock_utc): watcher = SuricataAlertWatcher() rule_path = path.join(self.tempdir, 'downloaded.rules') # 2015 is now, according to this test, so it's not time to update. # However, the rule file doesn't exist - so we will. now = datetime(2015, 1, 1) mock_utc.return_value = now with patch(patch_path('SURICATA_RULE_PATH'), rule_path): watcher.execute(now) mock_rotate_logs.assert_called_with(watcher) mock_upload.assert_called_with(watcher, now, compress=True) self.assertEquals(mock_rules.call_count, 1)
def test_execute(self, mock_rules, mock_upload, mock_rotate_logs): watcher = SuricataAlertWatcher() # Rules exist rule_path = path.join(self.tempdir, 'downloaded.rules') with open(rule_path, 'wt') as outfile: outfile.write(b'rule_data\n') # 2015 was a long time ago, so it's time to update with patch(patch_path('SURICATA_RULE_PATH'), rule_path): now = datetime(2015, 1, 1) watcher.execute(now) mock_rotate_logs.assert_called_with(watcher) mock_upload.assert_called_with(watcher, now, compress=True) mock_rules.assert_called_with(watcher)