def test4_allowlist_event_with_known_and_unknown_paths(self): """This test case checks in which cases an event is triggered and compares with expected results.""" description = "Test4EnhancedNewMatchPathValueComboDetector" enhanced_new_match_path_value_combo_detector = EnhancedNewMatchPathValueComboDetector( self.aminer_config, [self.first_seq_s1, self.first_seq_d1], [self.stream_printer_event_handler], 'Default', False, True, output_log_line=False) self.analysis_context.register_component( enhanced_new_match_path_value_combo_detector, description) t = time.time() self.assertEqual( enhanced_new_match_path_value_combo_detector.allowlist_event( 'Analysis.%s' % enhanced_new_match_path_value_combo_detector. __class__.__name__, self.match_element_sequence_me.get_path(), None), self.__expected_allowlisting_string % (', '.join( enhanced_new_match_path_value_combo_detector.target_path_list), self.match_element_sequence_me.get_path())) log_atom_sequence_me2 = LogAtom( self.match_element_sequence_me2.get_match_string(), ParserMatch(self.match_element_sequence_me2), t, enhanced_new_match_path_value_combo_detector) enhanced_new_match_path_value_combo_detector.auto_include_flag = False self.assertEqual( enhanced_new_match_path_value_combo_detector.allowlist_event( 'Analysis.%s' % enhanced_new_match_path_value_combo_detector. __class__.__name__, [ log_atom_sequence_me2.get_timestamp(), self.match_element_sequence_me2.get_path() ], None), self.__expected_allowlisting_string % (', '.join( enhanced_new_match_path_value_combo_detector.target_path_list), [ log_atom_sequence_me2.get_timestamp(), self.match_element_sequence_me2.path ]))
def test4has_idle_source(self): """In this test case a source becomes idle and expires.""" description = "Test4SimpleMultisourceAtomSync" sync_wait_time = 3 any_byte_data_model_element = AnyByteDataModelElement('a1') new_match_path_detector1 = NewMatchPathDetector( self.aminer_config, [self.stream_printer_event_handler], 'Default', False, output_log_line=False) self.analysis_context.register_component(new_match_path_detector1, description) new_match_path_detector2 = NewMatchPathDetector( self.aminer_config, [self.stream_printer_event_handler], 'Default', False, output_log_line=False) self.analysis_context.register_component(new_match_path_detector2, description + "2") simple_multisource_atom_sync = SimpleMultisourceAtomSync( [new_match_path_detector1], sync_wait_time) t = time() match_context = MatchContext(self.calculation) match_element = any_byte_data_model_element.get_match_element( 'match', match_context) log_atom1 = LogAtom(match_element.match_object, ParserMatch(match_element), t, new_match_path_detector1) log_atom2 = LogAtom(match_element.match_object, ParserMatch(match_element), t, new_match_path_detector2) self.assertTrue( not simple_multisource_atom_sync.receive_atom(log_atom1)) self.assertTrue( not simple_multisource_atom_sync.receive_atom(log_atom2)) sleep(sync_wait_time + 1) self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1)) # log_atom1 is handled now, so new_match_path_detector1 should be deleted after waiting the sync_wait_time. self.assertTrue( not simple_multisource_atom_sync.receive_atom(log_atom2)) sleep(sync_wait_time + 1) self.assertTrue( not simple_multisource_atom_sync.receive_atom(log_atom2)) self.assertEqual( simple_multisource_atom_sync.sources_dict, { new_match_path_detector1: [log_atom1.get_timestamp(), None], new_match_path_detector2: [log_atom2.get_timestamp(), log_atom2] }) self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1)) self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1)) sleep(sync_wait_time + 1) self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1)) self.assertEqual( simple_multisource_atom_sync.sources_dict, { new_match_path_detector1: [log_atom1.get_timestamp(), None], new_match_path_detector2: [log_atom2.get_timestamp(), log_atom2] }) log_atom1 = LogAtom(match_element.match_object, ParserMatch(match_element), t + 1, new_match_path_detector1) self.assertTrue( not simple_multisource_atom_sync.receive_atom(log_atom1)) self.assertEqual( simple_multisource_atom_sync.sources_dict, { new_match_path_detector1: [log_atom1.get_timestamp() - 1, log_atom1], new_match_path_detector2: [log_atom2.get_timestamp(), log_atom2] }) log_atom1 = LogAtom(match_element.match_object, ParserMatch(match_element), t - 1, new_match_path_detector1) self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))