def testRule(self, id, count, data): events=[] for j in range(count): i=1 for item in data['rawData']: eventMap={} eventMap['report_ip']=data['reportIp'] eventMap['pause']=data['pause'] eventMap['number']=str(i+j) ran_ip='' ran_msg='' if '$randomIP' in item: ran_ip=item.replace('$randomIP', getRandomIPAddr()) else: ran_ip=item if '$randomNum' in item: ran_msg=ran_ip.replace('$randomNum', getRandomNum(1, 10000)) else: ran_msg=ran_ip eventMap['raw_event']=ran_msg events.append(eventTemp.substitute(eventMap)) i+=1 eventsMap={} eventsMap['rule_id']=id eventsMap['events']=''.join(events) inXml=eventsTemp.substitute(eventsMap) print 'sendXML: %s' % inXml msg=self.appHandler.putData(add_test_rule, inXml) number='' url_status='' while True: self.appHandler.getData(get_test_rule % id) if self.appHandler.xml: print self.appHandler.xml match=result_exp.search(self.appHandler.xml) if match: groups=match.groupdict() number=groups['number'] if number=='3': url_status='Pass' elif number=='4': url_status='Failure' else: url_status='Unfinish' if url_status=='Unfinish': time.sleep(60) else: break return url_status, self.appHandler.xml
def trigger(self, param, msgs): rept_ip = '' if param.reptDevIpAddr == '$localhost': rept_ip = getLocalhostIp() elif param.reptDevIpAddr == '$appServer': rept_ip = self.appServer else: rept_ip = param.reptDevIpAddr if param.createDevice: self.createDevice(param.reptDevIpAddr, param.deviceName, param.deviceType, domain=param.domainController) rawSend = False if self.posix and param.reptDevIpAddr != '$localhost': rawSend = True if rawSend: mySendEvent = rawUdpSendHandler.rawUdpSendHandler( self.appServer, PORTS[param.method]) else: mySendEvent = sendEventHandler.sendEventHandler( param.method, self.appServer) rept = {} rept['$localhost'] = getLocalhostIp() rept['$dataCollector'] = self.appServer rept['$reporter'] = rept_ip print rept_ip for i in range(int(param.count)): for line in msgs: msg = generalUtility.multiReplace(line, rept) if '$randomIP' in line: ip = getRandomIPAddr() msg = msg.replace('$randomIP', ip) if '$randomNum' in line: num = getRandomNum(1, 100) msg = msg.replace('$randomNum', num) if rawSend: if param.method == 'netflow': temp_msg = GenerateNetFlowData.getNetFlowPacket(msg) else: temp_msg = msg.strip() send_msg = GenerateRawIPData.getRawIpPacket( temp_msg, rept_ip, self.appServer, PORTS[param.method]) else: send_msg = msg print msg mySendEvent.sendoutEvent(send_msg) time.sleep(1)
def createDevice(appServer, opt='cmdline', num=1, file='', device_ip='', device_name='', device_type=''): """ This program will create device by simulation of discovery. """ deviceTypes = create_device_info.keys() data = [] if opt == 'random': for i in range(num): map = {} map['device_ip'] = getRandomIPAddr() map['device_name'] = 'host-' + map['device_ip'] map['device_type'] = deviceTypes[int( getRandomNum(0, len(deviceTypes) - 1))] data.append(map) elif opt == 'file': myFile = open(file) myData = myFile.readlines() myFile.close() for item in myData: if item: map = {} map['device_ip'], map['device_name'], map[ 'device_type'] = item.strip().splilt(',') if not map['device_name']: map['device_name'] = 'host-' + map['device_ip'] data.append(map) elif opt == 'cmdline': map = {} map['device_ip'] = device_ip if device_name: map['device_name'] = device_name else: map['device_name'] = 'host-' + map['device_ip'] map['device_type'] = device_type data.append(map) myDevHandler = deviceHandler(appServer) for item in data: print item myDevHandler.createDevice(item['device_ip'], item['device_name'], item['device_type'])
def sendEvent(self, msg, type, utf8=True): """This method will take a message and a type (Syslog or Netflow) to send out the packets. Message can contain '$randomNum' or '$randomIP' that will be replace by random generated numbers or IP addresses.""" self.sock = socket(AF_INET, SOCK_DGRAM) if type == 'syslog': port = SYSLOG_PORT if '$randomNum' in msg: msg = msg.replace('$randomNum', randomGen.getRandomNum(100, 900)) if '$randomIP' in msg: msg = msg.replace('$randomIP', randomGen.getRandomIPAddr()) elif type == 'netflow': port = NETFLOW_PORT msg = GenerateNetFlowData.getNetFlowPacket(msg) try: self.sock.connect((self.dataCollector, port)) except error: print 'Cannot open socket to %s' % self.dataCollector exit() if utf8: msg = msg.encode('utf-8') self.sock.sendall(msg)
def run(self, ruleType, testKey): fb_type = ruleType.filterOperators.type sleeper = 0 if fb_type == 'FOLLOWED_BY': sleeper = 5 incidentType = ruleType.incidentType.split('$')[-1] ruleId = ruleType.attribute['id'] if incidentType not in self.testConfig.commonData.keys(): print 'Incidnet Name %s Incident Type %s is NOT implemented.' % ( ruleType.name, incidentType) testRet = None else: testConf = self.testConfig.commonData[incidentType] if testConf.reptDevIpAddr == '$localhost': testConf.reptDevIpAddr = self.testConfig.localhost elif testConf.reptDevIpAddr == '$appServer': testConf.reptDevIpAddr = self.appServer allDevices = self.testConfig.globalData['devices'] approvedDevices = self.testConfig.globalData['applicableDevices'] perfObj = self.testConfig.globalData['perfObj'] #create device if needed if not allDevices or ( testConf.createDevice and not testConf.reptDevIpAddr in allDevices.keys()): if testConf.domainController: print 'create domain controller %s' % testConf.reptDevIpAddr self.deviceHandler.createDevice( testConf.reptDevIpAddr, testConf.deviceName, testConf.deviceType, perfObj, dataCollector=self.testConfig.testServer.dataCollector) else: print 'create %s device %s' % (testConf.deviceType, testConf.reptDevIpAddr) self.deviceHandler.createDevice(testConf.reptDevIpAddr, testConf.deviceName, testConf.deviceType, perfObj) else: print 'device %s is already exist.' % testConf.reptDevIpAddr #in case to make it domain controller if testConf.domainController: print 'make domain controller %s' % testConf.reptDevIpAddr self.deviceHandler.createDevice( testConf.reptDevIpAddr, testConf.deviceName, testConf.deviceType, perfObj, dataCollector=self.testConfig.testServer.dataCollector) #get raw data myData = datFileHandler.getData( self.path + '/' + incident_data_path + '/' + incidentType + '.dat', incident_data_keys) #send raw event to trigger incident if not myData.dataMap: print 'Fail to get test data. Exit.' exit() rept = {} rept['$localhost'] = self.testConfig.localhost rept['$dataCollector'] = self.testConfig.testServer.dataCollector eventMsgs = myData.dataMap['default'].eventMsg if eventMsgs is None: print '%s: No eventMsg exist.' % incidentType exit() rawSend = False if self.posix and testConf.reptDevIpAddr != self.testConfig.localhost: rawSend = True if rawSend: mySendEvent = rawUdpSendHandler.rawUdpSendHandler( self.testConfig.testServer.dataCollector, PORTS[testConf.method]) else: mySendEvent = sendEventHandler( testConf.method, self.testConfig.testServer.dataCollector) sendSleep = 0 randomIPs = [] randomNums = [] ip = '' num = '' now, sendTime, utcnow, utcsendTime = timeUtility.getTimeNow() for i in range(int(testConf.count)): for line in eventMsgs: msg = generalUtility.multiReplace(line, rept) if '$reporter' in line: msg = msg.replace('$reporter', testConf.reptDevIpAddr) if '$randomIP' in line: repeat = True while repeat: ip = randomGen.getRandomIPAddr() if ip not in randomIPs: if testConf.incidentType not in ip_in_privatenet: msg = msg.replace('$randomIP', ip) randomIPs.append(ip) repeat = False else: if ip.split('.')[0] in ['10']: msg = msg.replace('$randomIP', ip) randomIPs.append(ip) repeat = False if '$randomNum' in line: num_repeat = True while num_repeat: num = randomGen.getRandomNum(1, 1000) if num not in randomNums: msg = msg.replace('$randomNum', num) randomNums.append(num) num_repeat = False if '$group_' in line: groupName = line.split('$group_')[-1].split('@')[0] groupItem = self.restApiHandler.getData( group_name_key[groupName], module='namedValue') value = '' if groupItem: rawValue = groupItem[ group_name_key[groupName]].namedValues[0] if '-' in rawValue: temp = rawValue.split('-')[0].split('.') temp[-1] = '100' value = '.'.join(temp) else: value = rawValue msg = msg.replace('$group_' + groupName + '@', value) temp_msg = '' if testConf.method == 'netflow': temp_msg = GenerateNetFlow.getNetFlowPacket(msg) else: temp_msg = msg.strip() send_msg = '' if rawSend: if testConf.method == 'syslog': temp_msg = temp_msg.encode('ascii', 'ignore') send_msg = GenerateRawIPData.getRawIpPacket( temp_msg, testConf.reptDevIpAddr, self.testConfig.testServer.dataCollector, PORTS[testConf.method]) else: send_msg = msg time.sleep(sleeper) if not self.sendNoEvent: mySendEvent.sendoutEvent(send_msg, utf_8=False) else: print 'No event sent being configured.' self.msgList.append(msg) #retrieve incident sendSleep = 120 time.sleep(sendSleep) timeout = int(ruleType.triggerWindow) + 180 myParams = {} myParams['constr'] = incident_query_params['SingleEvtConstr'] % ( testConf.reptDevIpAddr, incidentType) if self.sendNoEvent: print 'Query:,', myParams['constr'] condition, oriRet, incidentId, failDetail, veriData, debugInfo = self.retriveIncident( incidentType, testConf, timeout, myParams) incident_id_sql = None if not condition: #check CMDB for incident rawResult = self.psql.execute( incident_sql_cmd % (incidentType, testConf.reptDevIpAddr, sendTime * 1000)) if rawResult: incident_id_sql = rawResult[0][0] condition = True failDetail = 'Incident Id found in SQL but not from query.' else: print 'no id in SQL' if not condition and not self.sendNoEvent: failDetail = "need debug" #self.eventDebug(testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, sendTime, utcsendTime, approvedDevices) testRet = getClassObj('TestSuiteResult', module='autoTest') testRet.name = testConf.name testRet.type = incidentType testRet.ruleId = ruleId testRet.queryString = myParams['constr'] testRet.rawMsg = self.msgList testRet.testMethod = testConf.method testRet.reptDevIpAddr = testConf.reptDevIpAddr testRet.taskName = 'Incident' testRet.totalRun = 1 testRet.debugInfo = debugInfo setattr(testRet, 'total' + oriRet.status, 1) testRet.caseList.append(oriRet) if incidentId: print '%s: incident triggered with id: %s' % (incidentType, incidentId) testRet.info = 'incidentId: ' + incidentId elif incident_id_sql: print '%s: incident triggered with id from sql: %s' % ( incidentType, incident_id_sql) testRet.info = 'incidentId from SQL: ' + incident_id_sql setattr(oriRet, 'reasons', failDetail) else: print '%s(%s): no incident triggered' % (testRet.name, incidentType) testRet.info = 'incidentId: None' setattr(oriRet, 'reasons', failDetail) aggmsgList = [] if self.advance in ['aggregate', 'both']: if oriRet.status != 'NoReturn' and incidentId and incidentId.strip( ): #aggregate test for i in range(int(testConf.count)): for m in self.msgList: mySendEvent.sendoutEvent(m, utf_8=False) time.sleep(60) aggParams = {} aggParams['constr'] = incident_query_advance[ 'SingleEvtConstr'] % (incidentId, '0') condition, aggRet, inId, failDetail, aggVeriData, aggData = self.retriveIncident( incidentType, testConf, timeout, aggParams, agg=veriData) if not condition: failDetail = self.eventDebug( testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, sendTime, utcsendTime, approvedDevices) if failDetail: setattr(aggRet, 'reasons', failDetail) testRet.totalRun += 1 oldVal = getattr(testRet, 'total' + aggRet.status) oldVal += 1 setattr(testRet, 'total' + aggRet.status, oldVal) testRet.caseList.append(aggRet) if self.advance in ['clear', 'both']: #clear test if oriRet.status != 'NoReturn' and hasattr( ruleType, 'clearCondition' ) and incidentId and incidentId.strip(): clearnow, clearsendTime, clearutcnow, clearutcsendTime = timeUtility.getTimeNow( ) if ruleType.clearCondition.clearOption == 'patternbased': if not hasattr(myData.dataMap['default'], 'clearEventMsg'): print '%s: need to add clearEventMsg' % incidentType else: raw_clear = getattr(myData.dataMap['default'], 'clearEventMsg') time.sleep(600) if raw_clear: for line in raw_clear: clearmsg = generalUtility.multiReplace( line.strip(), rept) if '$reporter' in line: clearmsg = clearmsg.replace( '$reporter', testConf.reptDevIpAddr) if '$randomIP' in line: ip = randomGen.getRandomIPAddr() clearmsg = clearmsg.replace( '$randomIP', ip) if self.posix: send_clearmsg = GenerateRawIPData.getRawIpPacket( clearmsg.encode('ascii', 'ignore'), testConf.reptDevIpAddr, self.testConfig.testServer. dataCollector, PORTS[testConf.method]) else: send_clearmsg = clearmsg self.clearMsgList.append(send_clearmsg) if self.clearMsgList: for i in range(int(testConf.count)): for cl_msg in self.clearMsgList: mySendEvent.sendoutEvent( cl_msg, utf_8=False) time.sleep(120) else: time.sleep( float( int(ruleType.clearCondition.clearTimeWindow) + 120)) clearParams = {} clearParams['constr'] = incident_query_advance[ 'SingleEvtConstr'] % (incidentId, '1') condition, clearRet, incidentId, failDetail, clearVari, clearData = self.retriveIncident( incidentType, testConf, timeout, clearParams, clear=True) if not condition: failDetail = "need debug" #self.eventDebug(testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, clearsendTime, clearutcsendTime, approvedDevices, clearDebug=True) if failDetail: setattr(clearRet, 'reasons', failDetail) print 'clear name: %s' % clearRet.name testRet.totalRun += 1 oldVal = getattr(testRet, 'total' + clearRet.status) oldVal += 1 setattr(testRet, 'total' + clearRet.status, oldVal) testRet.caseList.append(clearRet) mySendEvent.close() return testRet
def run(self, ruleType, testKey): fb_type=ruleType.filterOperators.type sleeper=0 if fb_type=='FOLLOWED_BY': sleeper=5 incidentType=ruleType.incidentType.split('$')[-1] ruleId=ruleType.attribute['id'] if incidentType not in self.testConfig.commonData.keys(): print 'Incidnet Name %s Incident Type %s is NOT implemented.' % (ruleType.name, incidentType) testRet=None else: testConf=self.testConfig.commonData[incidentType] if testConf.reptDevIpAddr=='$localhost': testConf.reptDevIpAddr=self.testConfig.localhost elif testConf.reptDevIpAddr=='$appServer': testConf.reptDevIpAddr=self.appServer allDevices=self.testConfig.globalData['devices'] approvedDevices=self.testConfig.globalData['applicableDevices'] perfObj=self.testConfig.globalData['perfObj'] #create device if needed if not allDevices or (testConf.createDevice and not testConf.reptDevIpAddr in allDevices.keys()): if testConf.domainController: self.deviceHandler.createDevice(testConf.reptDevIpAddr, testConf.deviceName, testConf.deviceType, perfObj, dataCollector=self.testConfig.testServer.dataCollector) else: self.deviceHandler.createDevice(testConf.reptDevIpAddr, testConf.deviceName, testConf.deviceType, perfObj) #get raw data myData=datFileHandler.getData(self.path+'/'+incident_data_path+'/'+incidentType+'.dat', incident_data_keys) #send raw event to trigger incident if not myData.dataMap: print 'Fail to get test data. Exit.' exit() now,sendTime,utcnow,utcsendTime=timeUtility.getTimeNow() rept={} rept['$localhost']=self.testConfig.localhost rept['$dataCollector']=self.testConfig.testServer.dataCollector eventMsgs=myData.dataMap['default'].eventMsg if eventMsgs is None: print '%s: No eventMsg exist.' % incidentType exit() rawSend=False if self.posix and testConf.reptDevIpAddr!=self.testConfig.localhost: rawSend=True if rawSend: mySendEvent=rawUdpSendHandler.rawUdpSendHandler(self.testConfig.testServer.dataCollector, PORTS[testConf.method]) else: mySendEvent=sendEventHandler(testConf.method, self.testConfig.testServer.dataCollector) for i in range(int(testConf.count)): for line in eventMsgs: msg=generalUtility.multiReplace(line, rept) if '$reporter' in line: msg=msg.replace('$reporter', testConf.reptDevIpAddr) if '$randomIP' in line: ip=randomGen.getRandomIPAddr() msg=msg.replace('$randomIP', ip) if '$randomNum' in line: num=randomGen.getRandomNum(1, 100) msg=msg.replace('$randomNum', num) temp_msg='' if testConf.method=='netflow': temp_msg=GenerateNetFlow.getNetFlowPacket(msg) else: temp_msg=msg.strip() send_msg='' if rawSend: send_msg=GenerateRawIPData.getRawIpPacket(temp_msg, testConf.reptDevIpAddr, self.testConfig.testServer.dataCollector, PORTS[testConf.method]) else: send_msg=msg time.sleep(sleeper) mySendEvent.sendoutEvent(send_msg) self.msgList.append(msg) #retrieve incident time.sleep(60) timeout=int(ruleType.triggerWindow)+60 if timeout>1800: timeout=1800 myParams={} myParams['constr']=incident_query_params['SingleEvtConstr'] % (testConf.reptDevIpAddr, incidentType) condition, oriRet, incidentId, failDetail, veriData, debugInfo=self.retriveIncident(incidentType, testConf, timeout, myParams) if not condition: failDetail=self.eventDebug(testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, sendTime, utcsendTime, approvedDevices) testRet=getClassObj('TestSuiteResult', module='autoTest') testRet.name=testConf.name testRet.type=incidentType testRet.ruleId=ruleId testRet.queryString=myParams['constr'] testRet.rawMsg=self.msgList testRet.testMethod=testConf.method testRet.reptDevIpAddr=testConf.reptDevIpAddr testRet.taskName='Incident' testRet.totalRun=1 testRet.debugInfo=debugInfo setattr(testRet, 'total'+oriRet.status, 1) testRet.caseList.append(oriRet) if incidentId: print '%s: incident triggered with id: %s' % (incidentType, incidentId) testRet.info='incidentId: '+incidentId else: print '%s: no incident triggered' % incidentType testRet.info='incidentId: None' setattr(oriRet, 'reasons', failDetail) aggmsgList=[] if self.advance: if oriRet.status!='NoReturn' and incidentId and incidentId.strip(): #aggregate test for i in range(int(testConf.count)): for m in self.msgList: mySendEvent.sendoutEvent(m) time.sleep(60) aggParams={} aggParams['constr']=incident_query_advance['SingleEvtConstr'] % (incidentId, '0') condition, aggRet, inId, failDetail, aggData=self.retriveIncident(incidentType, testConf, timeout, aggParams, agg=veriData) if not condition: failDetail=self.eventDebug(testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, sendTime, utcsendTime, approvedDevices) if failDetail: setattr(aggRet, 'reasons', failDetail) testRet.totalRun+=1 oldVal=getattr(testRet, 'total'+aggRet.status) oldVal+=1 setattr(testRet, 'total'+aggRet.status, oldVal) testRet.caseList.append(aggRet) #clear test if oriRet.status!='NoReturn' and hasattr(ruleType, 'clearCondition') and incidentId and incidentId.strip(): clearnow,clearsendTime,clearutcnow,clearutcsendTime=timeUtility.getTimeNow() if ruleType.clearCondition.clearOption=='patternbased': if not hasattr(myData.dataMap['default'], 'clearEventMsg'): print '%s: need to add clearEventMsg' % incidentType else: raw_clear=getattr(myData.dataMap['default'], 'clearEventMsg') if raw_clear: for line in raw_clear: clearmsg=generalUtility.multiReplace(line.strip(), rept) if '$randomIP' in line: ip=randomGen.getRandomIPAddr() clearmsg=clearmsg.replace('$randomIP', ip) self.clearMsgList.append(clearmsg) if self.posix: send_clearmsg=GenerateRawIPData.getRawIpPacket(clearmsg, testConf.reptDevIpAddr, self.testConfig.testServer.dataCollector, PORTS[testConf.method]) else: send_clearmsg=clearmsg if self.clearMsgList: for i in range(int(testConf.count)): for cl_msg in self.clearMsgList: mySendEvent.sendoutEvent(cl_msg) time.sleep(120) else: time.sleep(float(int(ruleType.clearCondition.clearTimeWindow)+120)) clearParams={} clearParams['constr']=incident_query_advance['SingleEvtConstr'] % (incidentId, '1') condition, clearRet, incidentId, failDetail, clearData=self.retriveIncident(incidentType, testConf, timeout, clearParams, clear=aggData) if not condition: failDetail=self.eventDebug(testConf.method, self.testConfig.testServer.appServer, testConf.reptDevIpAddr, ruleType, clearsendTime, clearutcsendTime, approvedDevices, clearDebug=True) if failDetail: setattr(clearRet, 'reasons', failDetail) print 'clear name: %s' % clearRet.name testRet.totalRun+=1 oldVal=getattr(testRet, 'total'+clearRet.status) oldVal+=1 setattr(testRet, 'total'+clearRet.status, oldVal) testRet.caseList.append(clearRet) mySendEvent.close() return testRet