def test_update_networkml(redis_my, redis_my_proc): logger = logging.getLogger('test') logger.setLevel(logging.DEBUG) prc = PoseidonRedisClient(logger, host='localhost', port=redis_my_proc.port) prc.connect() prc.r.flushall() source_mac = '00:00:00:00:00:00' ipv4 = '1.2.3.4' endpoint = endpoint_factory('foo') endpoint.endpoint_data = { 'tenant': 'foo', 'mac': source_mac, 'segment': 'foo', 'port': '1', 'ipv4': ipv4, 'ipv6': '1212::1' } endpoints = {endpoint.name: endpoint} prc.store_endpoints(endpoints) networkml_results = { 'id': '', 'type': 'metadata', 'results': { 'tool': 'networkml', 'version': 'aversion' }, 'file_path': '/files/trace_%s_05-06_23_50_49.pcap' % endpoint.name, 'data': { endpoint.name: { 'valid': 'true', 'pcap_labels': 'null', 'decisions': { 'investigate': 'false' }, 'classification': { 'labels': ['role1', 'role2', 'role3'], 'confidences': [0.9, 0.8, 0.7] }, 'timestamp': 999.123, 'source_ip': ipv4, 'source_mac': source_mac }, 'pcap': 'trace_%s_2020-05-06_23_50_49.pcap' % endpoint.name } } prc.store_tool_result(networkml_results, 'networkml') good_pof_results = { ipv4: { 'full_os': 'Linux 2.2.x-3.x', 'short_os': 'Linux', 'link': 'Ethernet or modem', 'raw_mtu': '1500', 'mac': source_mac } } prc.store_p0f_result(good_pof_results) prc.store_endpoints(endpoints) stored_endpoints = prc.get_stored_endpoints() stored_endpoint = stored_endpoints[endpoint.name] timestamp = list( stored_endpoint.metadata['mac_addresses'][source_mac].keys())[0] correlated_metadata = { 'mac_addresses': { source_mac: { timestamp: { 'labels': ['role1', 'role2', 'role3'], 'confidences': [0.9, 0.8, 0.7], 'pcap_labels': 'null' } } }, 'ipv4_addresses': { ipv4: { 'os': 'Linux' } }, 'ipv6_addresses': { '1212::1': {} } } assert endpoint.metadata == correlated_metadata bad_pof_results = { ipv4: { 'full_os': '', 'short_os': '', 'link': '', 'raw_mtu': '', 'mac': source_mac } } prc.store_p0f_result(bad_pof_results) prc.store_endpoints(endpoints) stored_endpoints = prc.get_stored_endpoints() stored_endpoint = stored_endpoints[endpoint.name] # empty p0f doesn't overwrite assert endpoint.metadata == correlated_metadata
def test_update_networkml(redis_my, redis_my_proc): logger = logging.getLogger('test') logger.setLevel(logging.DEBUG) prc = PoseidonRedisClient(logger, host='localhost', port=redis_my_proc.port) prc.connect() prc.r.flushall() source_mac = '00:00:00:00:00:00' ipv4 = '1.2.3.4' endpoint = endpoint_factory('foo') endpoint.endpoint_data = { 'tenant': 'foo', 'mac': source_mac, 'segment': 'foo', 'port': '1', 'ipv4': ipv4, 'ipv6': '1212::1' } endpoints = {endpoint.name: endpoint} prc.store_endpoints(endpoints) networkml_results = { "id": "", "type": "metadata", "results": { "tool": "networkml", "version": "aversion" }, "file_path": "/files/trace_%s_05-06_23_50_49.pcap" % endpoint.name, "data": { endpoint.name: { "valid": "true", "pcap_labels": "null", "decisions": { "behavior": "normal", "investigate": "false" }, "classification": { "labels": ["role1", "role2", "role3"], "confidences": [0.9, 0.8, 0.7] }, "timestamp": 999.123, "source_ip": ipv4, "source_mac": source_mac }, "pcap": "trace_%s_2020-05-06_23_50_49.pcap" % endpoint.name } } prc.store_tool_result(networkml_results, 'networkml') good_pof_results = { ipv4: { "full_os": "Linux 2.2.x-3.x", "short_os": "Linux", "link": "Ethernet or modem", "raw_mtu": "1500", "mac": source_mac } } prc.store_p0f_result(good_pof_results) prc.store_endpoints(endpoints) stored_endpoints = prc.get_stored_endpoints() stored_endpoint = stored_endpoints[endpoint.name] timestamp = list( stored_endpoint.metadata['mac_addresses'][source_mac].keys())[0] correlated_metadata = { 'mac_addresses': { source_mac: { timestamp: { 'labels': ['role1', 'role2', 'role3'], 'confidences': [0.9, 0.8, 0.7], 'behavior': 'normal', 'pcap_labels': 'null' } } }, 'ipv4_addresses': { ipv4: { 'os': 'Linux' } }, 'ipv6_addresses': { '1212::1': {} } } assert endpoint.metadata == correlated_metadata bad_pof_results = { ipv4: { "full_os": "", "short_os": "", "link": "", "raw_mtu": "", "mac": source_mac } } prc.store_p0f_result(bad_pof_results) prc.store_endpoints(endpoints) stored_endpoints = prc.get_stored_endpoints() stored_endpoint = stored_endpoints[endpoint.name] # empty p0f doesn't overwrite assert endpoint.metadata == correlated_metadata