コード例 #1
0
    def test_01_mark_simple(self):
        """
        Load mark.yaml configuration file, parse it and analyze it

        This shouldn't rise any exceptions
        """
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/mark.yaml')
        self.config = Config(self.parser)

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)

        of1 = "/tmp/output1.idea"
        of2 = "/tmp/output2.idea"

        with open(of1, "r") as f:
            stored = json.load(f)
        self.assertEqual(stored['Test'], True)

        with open(of2, "r") as f:
            stored = json.load(f)
        self.assertEqual(stored["_CESNET"]["Status"]["Processed"], True)

        try:
            os.unlink(of1)
        except Exception:
            pass
        try:
            os.unlink(of2)
        except Exception:
            pass
コード例 #2
0
    def test_01_receive_message(self):
        """Perform multiple actions on matched message

        If an action is matched perform these actions:
            * Mark
            * Mongo
            * File

        Load multiple_actions.yaml configuration file, parse it and analyze it

        This shouldn't rise any exceptions
        """
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/multiple_actions.yaml')
        self.config = Config(self.parser)

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)

        # The actions must be checked in reversed order

        # Check if file created by File Action  exists
        self.assertTrue(os.path.exists("testfile.idea"), True)

        # Find the event in DB
        rec = self.collection.find_one()
        self.assertTrue(rec["ID"], "e214d2d9-359b-443d-993d-3cc5637107a0")

        # Check if message was marked
        self.assertEqual(rec['Test'], True)
コード例 #3
0
        def test_01_list(self):
                """
                Load mongo.yaml configuration file, parse it and analyze it

                This shouldn't rise any exceptions

                Should store message in DB and test if there is one record
                """
                self.parser = Parser(os.path.dirname(__file__) + '/rc_config/addressgroup.yaml');
                self.config = Config(self.parser);

                self.assertNotEqual(self.config, None)
                for idea in self.messages_pass:
                    results, actions = self.config.match(idea)
                    if True in results:
                        pass
                    else:
                        print("passing rules")
                        print("Test FAILED!!!")

                for idea in self.messages_notpass:
                    results, actions = self.config.match(idea)
                    if True not in results:
                        pass
                    else:
                        print("NOT passing rules")
                        print("Test FAILED!!!")
コード例 #4
0
 def test_05_malformedyaml(self):
     try:
         self.parser = Parser(
             os.path.dirname(__file__) + '/rc_config/malformedyaml.yaml')
         self.config = Config(self.parser)
         self.fail("Malformed YAML must raise exception with error.")
     except Exception:
         pass
コード例 #5
0
    def test_03_oneruledrop(self):
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/minimaldrop.yaml')
        self.config = Config(self.parser)
        self.assertNotEqual(self.config, None)

        results, actions = self.config.match(self.msg)
        self.assertEqual(results, [True])
コード例 #6
0
 def test_01_load_basic_config(self):
     try:
         self.parser = Parser(
             os.path.dirname(__file__) + '/rc_config/incompleterules.yaml')
         self.config = Config(self.parser)
         self.fail("Rules must contain at least one rule.")
     except Exception as e:
         self.assertEqual(
             str(e),
             "YAML file should contain at least one `rule` in `rules`.")
コード例 #7
0
 def test_00_load_basic_config(self):
     try:
         self.parser = Parser(
             os.path.dirname(__file__) + '/rc_config/empty.yaml')
         self.config = Config(self.parser)
         self.fail(
             "Empty configuration file shouldn't be loaded! It must contain rules."
         )
     except Exception as e:
         self.assertEqual(str(e), "YAML file must contain `rules`.")
コード例 #8
0
    def test_02_basic_match(self):
        self.parser = Parser(os.path.dirname(__file__) + '/rc_config/basic.yaml');
        self.config = Config(self.parser);

        try:
            results, actions = self.config.match(self.msg)
        except Exception:
            pass

        self.assertEqual(results[0], True)
コード例 #9
0
    def test_01_drop(self):
        """
        Load drop.yaml configuration file, parse it and analyze it

        """
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/drop.yaml')
        self.config = Config(self.parser)

        self.assertNotEqual(self.config, None)

        self.config.match(self.msg)
コード例 #10
0
    def test_01_store_record(self):
        """
        Load mongo.yaml configuration file, parse it and analyze it

        This shouldn't rise any exceptions

        Should store message in DB and test if there is one record
        """
        self.parser = Parser(os.path.dirname(__file__) + '/rc_config/mongo.yaml');
        self.config = Config(self.parser);

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)
コード例 #11
0
    def test_02_check_record(self):
        """
        Load mongo.yaml configuration file, parse it and analyze it

        This shouldn't rise any exceptions

        Should store message in DB, find it, and check contents
        """
        self.parser = Parser(os.path.dirname(__file__) + '/rc_config/mongo.yaml');
        self.config = Config(self.parser);

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)
コード例 #12
0
    def test_01_file_created(self):
        """
        Load email.yaml configuration file, parse it and analyze it

        This shouldn't rise any exceptions
        """
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/file.yaml')
        self.config = Config(self.parser)

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)

        self.assertTrue(
            os.path.exists(
                self.config.conf["custom_actions"][0]["file"]["path"]), True)
        os.remove(self.config.conf["custom_actions"][0]["file"]["path"])
コード例 #13
0
    def test_02_basic_match(self):
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/tautology.yaml')
        self.config = Config(self.parser)

        results, actions = self.config.match(self.msg)

        self.assertEqual(results, 5 * [True] + 3 * [False])
        performedActions = []
        for al in actions:
            ruleactions = []
            for a in al:
                ruleactions.append(a.actionId)
            performedActions.append(ruleactions)

        expectedActions = 5 * [['basic_mark']] + 3 * [[]]
        self.assertEqual(performedActions, expectedActions)
コード例 #14
0
    def test_02_file_content(self):
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/file.yaml')
        self.config = Config(self.parser)

        self.assertNotEqual(self.config, None)
        self.config.match(self.msg)

        filepath = self.config.conf["custom_actions"][0]["file"]["path"]

        # Delete the Config instance in order to close file pointer
        del self.config

        with open(filepath, 'r') as f:
            self.content = json.load(f)
        os.remove(filepath)

        self.assertTrue(self.content["ID"],
                        "e214d2d9-359b-443d-993d-3cc5637107a0")
コード例 #15
0
    def test_01_load_basic_config(self):
        """
        Load basic configuration file, parse it and analyze it

        This shouldn't rise any exceptions
        """
        self.parser = Parser(os.path.dirname(__file__) + '/rc_config/basic.yaml');
        self.config = Config(self.parser);

        self.assertNotEqual(self.config, None)

        # There should be only one address group
        self.assertEqual(len(self.config.addrGroups), 1)

        # There should be only one custom action and DROP action
        self.assertEqual(len(self.config.actions), 2)

        # There should be only one rule
        self.assertEqual(len(self.config.rules), 1)
コード例 #16
0
    def test_04_secondruleterminated(self):
        of = "/tmp/output1.idea"
        if os.path.isfile(of):
            os.unlink(of)
        self.parser = Parser(
            os.path.dirname(__file__) + '/rc_config/minimalfirstdrop.yaml')
        self.config = Config(self.parser)
        self.assertNotEqual(self.config, None)

        results, actions = self.config.match(self.msg)
        # only one rule should have been processed since drop was in the first rule
        self.assertEqual(results, [True])

        if os.path.isfile(of) and os.stat(of).st_size:
            os.unlink(of)
            self.fail(
                "Drop action was the first one, file should not be existing.")
        else:
            try:
                os.unlink(of)
            except Exception:
                pass
コード例 #17
0
        def setUp(self):
                """
                Example message created by a conv function in a reporter
                """
                with open("/tmp/testwhitelist", 'w') as f:
                        f.write("192.168.0.0/24\n10.0.1.1\n")
                with open(os.path.dirname(__file__) + '/rc_msg.json', 'r') as f:
                        self.msg = json.load(f)
                self.parser = Parser(os.path.dirname(__file__) + '/rc_config/mongo.yaml')
                self.config = Config(self.parser);

                # format from IDEA message: "Source": [{"IP4": ["1.2.3.4"]}]
                self.messages_pass = []
                for ip in ["10.0.0.9", "10.0.0.10", "192.168.0.254", "10.0.1.1"]:
                    m = copy.deepcopy(self.msg)
                    m["Source"][0]["IP4"][0] = ip
                    self.messages_pass.append(m)

                self.messages_notpass = []
                for ip in ["1.2.3.5", "10.10.0.1", "192.168.1.1"]:
                    m = copy.deepcopy(self.msg)
                    m["Source"][0]["IP4"][0] = ip
                    self.messages_notpass.append(m)
コード例 #18
0
 def test_02_onerule(self):
     self.parser = Parser(
         os.path.dirname(__file__) + '/rc_config/minimal.yaml')
     self.config = Config(self.parser)
     self.assertNotEqual(self.config, None)