def test12or_match_rule(self):
"""This case unit the OrMatchRule."""
description = "Test12Rules"
path_exists_match_rule = PathExistsMatchRule(self.match_ipv4, None)
self.analysis_context.register_component(path_exists_match_rule,
description)
i_pv4_in_rfc1918_match_rule = IPv4InRFC1918MatchRule(self.match_ipv4)
self.analysis_context.register_component(i_pv4_in_rfc1918_match_rule,
description + "2")
or_match_rule = OrMatchRule(
[path_exists_match_rule, i_pv4_in_rfc1918_match_rule])
self.analysis_context.register_component(or_match_rule,
description + "3")
ip_address_data_model_element = IpAddressDataModelElement('IPv4')
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), time(), or_match_rule)
self.assertTrue(or_match_rule.match(log_atom))
# changing to IPv6
path_exists_match_rule = PathExistsMatchRule('match/IPv6', None)
or_match_rule = OrMatchRule(
[path_exists_match_rule, i_pv4_in_rfc1918_match_rule])
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), time(), or_match_rule)
self.assertTrue(or_match_rule.match(log_atom))
def test9get_match_element_match_context_input_validation(self):
"""Check if an exception is raised, when other classes than MatchContext are used in get_match_element."""
model_element = IpAddressDataModelElement(self.id_)
data = b"abcdefghijklmnopqrstuvwxyz.!?"
model_element.get_match_element(self.path, DummyMatchContext(data))
model_element.get_match_element(self.path, MatchContext(data))
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, MatchElement(None, data, None, None))
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, data)
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, data.decode())
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, 123)
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, 123.22)
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, True)
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, None)
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, [])
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, {"key": MatchContext(data)})
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, set())
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, ())
self.assertRaises(AttributeError, model_element.get_match_element,
self.path, model_element)
def test13value_dependent_delegated_match_rule(self):
"""This case unit the ValueDependentDelegatedMatchRule."""
description = "Test13Rules"
string_regex_match_rule = StringRegexMatchRule(self.match_any,
re.compile(rb'\w'),
None)
self.analysis_context.register_component(string_regex_match_rule,
description)
any_byte_date_me = AnyByteDataModelElement('any')
i_pv4_in_rfc1918_match_rule = IPv4InRFC1918MatchRule(self.match_ipv4)
self.analysis_context.register_component(i_pv4_in_rfc1918_match_rule,
description + "2")
ip_address_data_model_element = IpAddressDataModelElement('IPv4')
value_dependent_delegated_match_rule = ValueDependentDelegatedMatchRule(
[self.match_any, self.match_ipv4], {
(self.alphabet, ): string_regex_match_rule,
(3232235520, ): i_pv4_in_rfc1918_match_rule
})
self.analysis_context.register_component(
value_dependent_delegated_match_rule, description + "3")
match_context = MatchContext(self.alphabet)
match_element = any_byte_date_me.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), 1,
value_dependent_delegated_match_rule)
self.assertTrue(value_dependent_delegated_match_rule.match(log_atom))
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), 1,
value_dependent_delegated_match_rule)
self.assertTrue(value_dependent_delegated_match_rule.match(log_atom))
# not matching values
match_context = MatchContext(
b'.There are 26 letters in the english alphabet')
match_element = any_byte_date_me.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), 1,
value_dependent_delegated_match_rule)
self.assertTrue(
not value_dependent_delegated_match_rule.match(log_atom))
match_context = MatchContext(b'192.168.0.1')
match_element = ip_address_data_model_element.get_match_element(
'match', match_context)
log_atom = LogAtom(match_context.match_data,
ParserMatch(match_element), 1,
value_dependent_delegated_match_rule)
self.assertTrue(
not value_dependent_delegated_match_rule.match(log_atom))
def test3starts_with_digit(self):
"""This test case checks if the ip address starts with a digit. Hexadecimal ip addresses are not allowed."""
match_context = MatchContext(b'\xc0\xa8\x00\x9b')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element, None, self.match_element_unexpected)
self.assertEqual(match_context.match_data, b'\xc0\xa8\x00\x9b',
self.match_context_unexpected)
def test2wrong_ip_address(self):
"""This test case checks if wrong formats are determined. Boundary values are exceeded."""
match_context = MatchContext(b'192. 168.0.155 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element, None, self.match_element_unexpected)
self.assertEqual(match_context.match_data,
b'192. 168.0.155 followed by some text',
self.match_context_unexpected)
match_context = MatchContext(b'256.168.0.155 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element, None, self.match_element_unexpected)
self.assertEqual(match_context.match_data,
b'256.168.0.155 followed by some text',
self.match_context_unexpected)
def test4get_match_element_no_match_ipv4(self):
"""
Test if wrong formats are determined and boundary values are checked.
Also check if hexadecimal ip addresses are not parsed as these are not allowed.
Test if ip addresses are found, even if they are followed by other numbers.
"""
ip_addr_dme = IpAddressDataModelElement(self.id_)
data = b"192. 168.0.155 followed by some text"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
data = b"256.168.0.155 followed by some text"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
data = b"\xc0\xa8\x00\x9b"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
def test1real_ip_address(self):
"""This test case checks the functionality by parsing a real IP-addresses. The boundary values for IP-addresses is 0.0.0.0 -
255.255.255.255"""
match_context = MatchContext(b'192.168.0.155 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element.get_match_string(), b'192.168.0.155',
self.wrong_ip_address)
self.assertEqual(
match_element.get_match_object().to_bytes(4, byteorder='big'),
b'\xc0\xa8\x00\x9b', self.ip_address_bytes_wrong)
self.assertEqual(match_context.match_data, self.followed_by,
self.match_context_unexpected)
match_context = MatchContext(b'0.0.0.0 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element.get_match_string(), b'0.0.0.0',
self.wrong_ip_address)
self.assertEqual(
match_element.get_match_object().to_bytes(4, byteorder='big'),
b'\x00\x00\x00\x00', self.ip_address_bytes_wrong)
self.assertEqual(match_context.match_data, self.followed_by,
self.match_context_unexpected)
match_context = MatchContext(b'255.255.255.255 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element.get_match_string(), b'255.255.255.255',
self.wrong_ip_address)
self.assertEqual(
match_element.get_match_object().to_bytes(4, byteorder='big'),
b'\xff\xff\xff\xff', self.ip_address_bytes_wrong)
self.assertEqual(match_context.match_data, self.followed_by,
self.match_context_unexpected)
def test4longer_ip_address(self):
"""This test case checks if valid ip addresses are found, even if it is followed by other numbers."""
match_context = MatchContext(b'192.168.0.155.22 followed by some text')
ip_address_data_model_element = IpAddressDataModelElement('dest')
match_element = ip_address_data_model_element.get_match_element(
None, match_context)
self.assertEqual(match_element.get_match_string(), b'192.168.0.155',
self.wrong_ip_address)
self.assertEqual(
match_element.get_match_object().to_bytes(4, byteorder='big'),
b'\xc0\xa8\x00\x9b', self.ip_address_bytes_wrong)
self.assertEqual(match_context.match_data,
b'.22 followed by some text',
self.match_context_unexpected)
def test3get_match_element_valid_ipv4_match(self):
"""
This test case checks the functionality by parsing a real IP-addresses.
The boundary values for IP-addresses is 0.0.0.0 - 255.255.255.255
The numerical representation of the ip address was calculated with the help of http://www.aboutmyip.com/AboutMyXApp/IP2Integer.jsp.
"""
ip_addr_dme = IpAddressDataModelElement(self.id_)
data = b"192.168.0.155 followed by some text"
value = b"192.168.0.155"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, 3232235675,
None)
data = b"0.0.0.0."
value = b"0.0.0.0"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, 0, None)
data = b"255.255.255.255."
value = b"255.255.255.255"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, 4294967295,
None)
data = b"192.168.0.155.22 followed by some text"
value = b"192.168.0.155"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, 3232235675,
None)
def test6get_match_element_no_match_ipv6(self):
"""Test if wrong formats are determined and boundary values are checked."""
ip_addr_dme = IpAddressDataModelElement(self.id_, True)
# IPv4 dotted quad at the end
data = b"fe80:0000:0000:0000:0204:61ff:254.157.241.86"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
# drop leading zeroes, IPv4 dotted quad at the end
data = b"fe80:0:0:0:0204:61ff:254.157.241.86"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
# dotted quad at the end, multiple zeroes collapsed
data = b"fe80::204:61ff:254.157.241.86"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
# multiple :: in the IPv6 address
data = b"fe80::204:61ff::fe9d:f156"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
# IPv4 address with ipv6 being True
data = b"254.157.241.86"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
# g in ip address
data = b"2001:4860:48g0::8888 followed by some text"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_no_match_results(data, match_element, match_context)
def test10ipv4_in_rfc1918_match_rule(self):
"""This case unit the ValueDependentModuloTimeMatchRule."""
description = "Test10Rules"
i_pv4_in_rfc1918_match_rule = IPv4InRFC1918MatchRule(self.match_ipv4)
self.analysis_context.register_component(i_pv4_in_rfc1918_match_rule, description)
ip_address_data_model_element = IpAddressDataModelElement('IPv4')
# private addresses
match_context = MatchContext(b'192.168.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'192.168.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'172.16.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'172.31.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'10.0.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'10.255.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(i_pv4_in_rfc1918_match_rule.match(log_atom))
# public addresses
match_context = MatchContext(b'192.167.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'192.169.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'172.15.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(not match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'172.32.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'9.255.255.255')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
match_context = MatchContext(b'11.0.0.0')
match_element = ip_address_data_model_element.get_match_element('match', match_context)
log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), i_pv4_in_rfc1918_match_rule)
self.assertTrue(not i_pv4_in_rfc1918_match_rule.match(log_atom))
def test5get_match_element_valid_ipv6_match(self):
"""
This test case checks the functionality by parsing a real IP-addresses.
The numerical representation of the ip address was calculated with the help of https://www.ipaddressguide.com/ipv6-to-decimal.
"""
ip_addr_dme = IpAddressDataModelElement(self.id_, True)
data = b"2001:4860:4860::8888 followed by some text"
value = b"2001:4860:4860::8888"
number = 42541956123769884636017138956568135816
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# full form of IPv6
data = b"fe80:0000:0000:0000:0204:61ff:fe9d:f156."
value = b"fe80:0000:0000:0000:0204:61ff:fe9d:f156"
number = 338288524927261089654164245681446711638
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# drop leading zeroes
data = b"fe80:0:0:0:204:61ff:fe9d:f156."
value = b"fe80:0:0:0:204:61ff:fe9d:f156"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# collapse multiple zeroes to :: in the IPv6 address
data = b"fe80::204:61ff:fe9d:f156 followed by some text"
value = b"fe80::204:61ff:fe9d:f156"
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# localhost
data = b"::1 followed by some text"
value = b"::1"
number = 1
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# link-local prefix
data = b"fe80:: followed by some text"
value = b"fe80::"
number = 338288524927261089654018896841347694592
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)
# global unicast prefix
data = b"2001:: followed by some text"
value = b"2001::"
number = 42540488161975842760550356425300246528
match_context = DummyMatchContext(data)
match_element = ip_addr_dme.get_match_element(self.path, match_context)
self.compare_match_results(data, match_element, match_context,
self.id_, self.path, value, number, None)