예제 #1
0
    def test_start_stop(self):
        collector = HunterCollector()
        collector.start_service(threaded=True)
        wait_for_log_count('started Hunt Manager(test_query)', 1)

        # verify the rule was loaded
        self.assertEquals(log_count('loading hunt from'), 1)
        self.assertEquals(log_count('loaded Hunt(query_test_1[test_query])'),
                          1)

        # wait for the hunt to execute
        wait_for_log_count('executing query', 1)

        # we should have sqlite update for both the last_executed_time and last_end_time fields
        with open_hunt_db('test_query') as db:
            c = db.cursor()
            c.execute(
                "SELECT last_executed_time, last_end_time FROM hunt WHERE hunt_name = ?",
                ('query_test_1', ))
            row = c.fetchone()
            self.assertIsNotNone(row)
            self.assertTrue(isinstance(
                row[0], datetime.datetime))  # last_executed_time
            self.assertTrue(isinstance(row[1],
                                       datetime.datetime))  # last_end_time

        collector.stop_service()
        collector.wait_service()
예제 #2
0
    def last_end_time(self, value):
        if value.tzinfo is None:
            value = pytz.utc.localize(value)

        value = value.astimezone(pytz.utc)

        with open_hunt_db(self.type) as db:
            c = db.cursor()
            c.execute("UPDATE hunt SET last_end_time = ? WHERE hunt_name = ?",
                     (value.replace(tzinfo=None), self.name))
                     # NOTE -- datetime with tzinfo not supported by default timestamp converter in 3.6
            db.commit()

        self._last_end_time = value
예제 #3
0
 def last_end_time(self):
     """The last end_time value we used as the ending point of our search range.
        Note that this is different than the last_execute_time, which was the last time we executed the search."""
     # if we don't already have this value then load it from the sqlite db
     if hasattr(self, '_last_end_time'):
         return self._last_end_time
     else:
         with open_hunt_db(self.type) as db:
             c = db.cursor()
             c.execute("SELECT last_end_time FROM hunt WHERE hunt_name = ?",
                      (self.name,))
             row = c.fetchone()
             if row is None:
                 self._last_end_time = None
                 return self._last_end_time
             else:
                 self._last_end_time = row[0]
                 if self._last_end_time is not None and self._last_end_time.tzinfo is None:
                     self._last_end_time = pytz.utc.localize(self._last_end_time)
                 return self._last_end_time
예제 #4
0
    def test_hunt_persistence(self):
        hunter = HuntManager(**manager_kwargs())
        hunter.add_hunt(default_hunt())
        hunter.hunts[0].last_executed_time = datetime.datetime(
            2019, 12, 10, 8, 21, 13)

        with open_hunt_db(hunter.hunts[0].type) as db:
            c = db.cursor()
            c.execute(
                """SELECT last_executed_time FROM hunt WHERE hunt_name = ?""",
                (hunter.hunts[0].name, ))
            row = c.fetchone()
            self.assertIsNotNone(row)
            last_executed_time = row[0]
            self.assertTrue(isinstance(last_executed_time, datetime.datetime))
            self.assertEquals(last_executed_time.year, 2019)
            self.assertEquals(last_executed_time.month, 12)
            self.assertEquals(last_executed_time.day, 10)
            self.assertEquals(last_executed_time.hour, 8)
            self.assertEquals(last_executed_time.minute, 21)
            self.assertEquals(last_executed_time.second, 13)