def test_format_message_default_rule_description(self):
"""SlackOutput - Format Message, Default Rule Description"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
loaded_message = SlackOutput._format_message(rule_name, alert)
# tests
default_rule_description = '*Rule Description:*\nNo rule description provided\n'
assert_equal(loaded_message['attachments'][0]['pretext'], default_rule_description)
def test_format_message_default_rule_description(self):
"""Format Message Default Rule Description - Slack"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
loaded_message = json.loads(self.__dispatcher._format_message(rule_name, alert))
# tests
default_rule_description = '*Rule Description:*\nNo rule description provided\n'
assert_equal(
loaded_message['attachments'][0]['pretext'],
default_rule_description)
def test_format_message_mutliple(self):
"""SlackOutput - Format Multi-Message"""
rule_name = 'test_rule_multi-part'
alert = get_random_alert(30, rule_name)
loaded_message = SlackOutput._format_message(rule_name, alert)
# tests
assert_set_equal(set(loaded_message.keys()), {'text', 'mrkdwn', 'attachments'})
assert_equal(loaded_message['text'], '*StreamAlert Rule Triggered: test_rule_multi-part*')
assert_equal(len(loaded_message['attachments']), 2)
assert_equal(loaded_message['attachments'][1]['text'].split('\n')[3][1:7], '000028')
def test_format_message_single(self):
"""SlackOutput - Format Single Message - Slack"""
rule_name = 'test_rule_single'
alert = get_random_alert(25, rule_name)
loaded_message = SlackOutput._format_message(rule_name, alert)
# tests
assert_set_equal(set(loaded_message.keys()),
{'text', 'mrkdwn', 'attachments'})
assert_equal(loaded_message['text'],
'*StreamAlert Rule Triggered: test_rule_single*')
assert_equal(len(loaded_message['attachments']), 1)
def test_format_message_default_rule_description(self):
"""SlackOutput - Format Message, Default Rule Description"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
default_rule_description = '*Rule Description:*\nNo rule description provided\n'
assert_equal(loaded_message['attachments'][0]['pretext'],
default_rule_description)
def test_format_message_custom_attachment(self):
"""SlackOutput - Format Message, Custom Attachment"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
alert_publication['@slack.attachments'] = [{'text': 'aasdfkjadfj'}]
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_equal(len(loaded_message['attachments']), 1)
assert_equal(loaded_message['attachments'][0]['text'], 'aasdfkjadfj')
def test_format_message_single(self):
"""SlackOutput - Format Single Message - Slack"""
rule_name = 'test_rule_single'
alert = get_random_alert(25, rule_name)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_set_equal(set(loaded_message.keys()),
{'text', 'mrkdwn', 'attachments'})
assert_equal(loaded_message['text'],
'*StreamAlert Rule Triggered: test_rule_single*')
assert_equal(len(loaded_message['attachments']), 1)
def test_format_message_custom_text(self):
"""SlackOutput - Format Single Message - Custom Text"""
rule_name = 'test_rule_single'
alert = get_random_alert(25, rule_name)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
alert_publication['@slack.text'] = 'Lorem ipsum foobar'
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_set_equal(set(loaded_message.keys()),
{'text', 'mrkdwn', 'attachments'})
assert_equal(loaded_message['text'], 'Lorem ipsum foobar')
assert_equal(len(loaded_message['attachments']), 1)
def test_format_message_multiple(self):
"""SlackOutput - Format Multi-Message"""
rule_name = 'test_rule_multi-part'
alert = get_random_alert(30, rule_name)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_set_equal(set(loaded_message.keys()),
{'text', 'mrkdwn', 'attachments'})
assert_equal(loaded_message['text'],
'*StreamAlert Rule Triggered: test_rule_multi-part*')
assert_equal(len(loaded_message['attachments']), 2)
assert_equal(
loaded_message['attachments'][1]['text'].split('\n')[3][1:7],
'000028')
def test_format_message_custom_attachment_limit(self, log_warning):
"""SlackOutput - Format Message, Custom Attachment is Truncated"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
long_message = 'a' * (SlackOutput.MAX_MESSAGE_SIZE + 1)
alert_publication['@slack.attachments'] = [{'text': long_message}]
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_equal(len(loaded_message['attachments'][0]['text']),
3999) # bug in elide
log_warning.assert_called_with(
'Custom attachment was truncated to length %d. Full message: %s',
SlackOutput.MAX_MESSAGE_SIZE, long_message)
def test_format_message_custom_attachment_multi_limit(self, log_warning):
"""SlackOutput - Format Message, Too many Custom Attachments is truncated"""
rule_name = 'test_empty_rule_description'
alert = get_random_alert(10, rule_name, True)
output = MagicMock(spec=SlackOutput)
alert_publication = compose_alert(alert, output, 'asdf')
alert_publication['@slack.attachments'] = []
for _ in range(SlackOutput.MAX_ATTACHMENTS + 1):
alert_publication['@slack.attachments'].append({'text': 'yay'})
loaded_message = SlackOutput._format_message(alert, alert_publication)
# tests
assert_equal(len(loaded_message['attachments']),
SlackOutput.MAX_ATTACHMENTS)
assert_equal(loaded_message['attachments'][19]['text'], 'yay')
log_warning.assert_called_with(
'Message with %d custom attachments was truncated to %d attachments',
SlackOutput.MAX_ATTACHMENTS + 1, SlackOutput.MAX_ATTACHMENTS)
