def test_correlation_bait_session(self):
"""
Test if bait session is correctly identified as related to a specific honeypot session.
We expect the bait entity to be classified as a legit (successfully completed) 'bait_Session' and that the honeypot
session is deleted.
"""
#setup the honeypot session we expect to match the bait_session
db_session = database.get_session()
honeypot = db_session.query(Honeypot).filter(Honeypot.id == self.honeypot_id).one()
s_id = str(uuid.uuid4())
s = Session(id=s_id, source_ip='321', destination_ip='123',
received=datetime.now(), timestamp=self.bait_session_datetime - timedelta(seconds=2),
protocol='pop3', source_port=1, destination_port=1, honeypot=honeypot)
a = Authentication(id=str(uuid.uuid4()), username='******', password='******', successful=True,
timestamp=datetime.utcnow())
s.authentication.append(a)
db_session.add(s)
db_session.commit()
c = Classifier()
c.classify_bait_session(0)
bait_session = db_session.query(BaitSession).filter(BaitSession.id == self.bait_session_id).one()
session = db_session.query(Session).filter(Session.id == s_id).first()
#test that the bait session got classified
self.assertTrue(
bait_session.classification == db_session.query(Classification).filter(Classification.type == 'bait_session').one())
#test that the honeypot session got deleted
self.assertIsNone(session)
