def setUp(self):
self.stoq = Stoq(log_level="CRITICAL",
default_connector="test_connector")
# Use tests from installed $CWD/tests, otherwise, try to use the install stoQ tests
self.test_path = os.path.join(os.getcwd(), "tests")
if not os.path.isdir(self.test_path):
try:
import stoq
self.test_path = os.path.join(os.path.dirname(stoq.__file__),
"tests")
except ImportError:
print(
"Test suite not found. Is stoQ installed or are tests in {}?"
.format(self.test_path))
exit(1)
self.invalid_plugins = os.path.join(self.test_path, "invalid_plugins")
self.collect_plugins()
self.data_prefix = os.path.join(self.test_path, "data")
# Set stoQ variables for the test environment
self.stoq.source_base_tuple = (os.path.join(self.data_prefix, "get"))
# Variables used to get/read a file
self.get_text_file = os.path.join(self.data_prefix, "get/text_file")
# Dispatcher paths
self.dispatch_rules = os.path.join(self.test_path, "test_dispatch.yar")
self.get_dispatch_file = os.path.join(self.data_prefix,
"get/dispatch_test")
def test_load_config(self):
s = Stoq(log_level="CRITICAL")
s.config_file = self.config_file_test
s.load_config()
self.assertIsInstance(s.log_level, str)
self.assertIsInstance(s.url_prefix_tuple, tuple)
self.assertIsInstance(s.plugin_dir_list, list)
self.assertIsInstance(s.is_dict, dict)
def setUp(self):
self.stoq = Stoq()
# Use tests from installed $CWD/tests, otherwise, try to use the install stoQ tests
test_path = os.path.join(os.getcwd(), "tests")
if not os.path.isdir(test_path):
try:
import stoq
test_path = os.path.join(os.path.dirname(stoq.__file__),
"tests")
except ImportError:
print(
"Test suite not found. Is stoQ installed or are tests in {}?"
.format(test_path))
exit(1)
data_prefix = os.path.join(test_path, "data")
# Set stoQ variables for the test environment
self.stoq.source_base_tuple = (os.path.join(data_prefix, "get"),
os.path.join(data_prefix, "results"))
self.stoq.log.setLevel("CRITICAL")
# Variables used to get/read a file or url
self.get_text_file = os.path.join(data_prefix, "get/text_file")
self.get_text_file_none = os.path.join(data_prefix, "get/nonexistent")
self.get_text_file_nonauthorized = os.path.join(
data_prefix, "notauthorized")
self.get_text_url = "https://www.google.com/"
self.get_invalid_url = "http://{}".format(str(uuid.uuid4()))
# Variables used to write a file
self.write_path = os.path.join(self.stoq.temp_dir, "write")
self.write_path_nonexist = os.path.join(self.write_path, "newdir")
self.write_text_file = "text_file"
self.write_bin_file = "bin_file"
# stoQ Results
self.result_file_str = os.path.join(data_prefix,
"results/smtp-session-str.stoq")
self.result_file_bytes = os.path.join(
data_prefix, "results/smtp-session-bytes.stoq")
# See the License for the specific language governing permissions and
# limitations under the License.
import sys
from time import sleep
from argparse import RawDescriptionHelpFormatter, ArgumentParser
from stoq.core import Stoq
from stoq.shell import StoqShell
from stoq.logo import print_logo
if __name__ == '__main__':
stoq = Stoq(argv=sys.argv)
logo = print_logo()
parser = ArgumentParser(formatter_class=RawDescriptionHelpFormatter,
usage='''
{}
%(prog)s [command] [<args>]
Available Commands:
help Display help message
shell Launch an interactive shell
list List available plugins
worker Load specified worker plugin
install Install a stoQ plugin
'''.format(logo),
def test_base_dir(self):
base_dir = os.path.realpath(os.path.dirname(os.getcwd()))
temp_stoq = Stoq(base_dir=base_dir)
self.assertEqual(temp_stoq.base_dir, base_dir)
def test_argv(self):
argv = ['argv_test']
temp_stoq = Stoq(argv=argv)
self.assertEqual(temp_stoq.argv, argv)
def setUp(self):
self.stoq = Stoq()
self.stoq.log.setLevel("CRITICAL")
self.bloom_file = os.path.join(self.stoq.temp_dir, "stoq-test.bloom")
def main():
# If $STOQ_HOME exists, set our base directory to that, otherwise
# use ~/.stoq
homedir = os.getenv("STOQ_HOME", "{}/.stoq".format(str(Path.home())))
s = Stoq(argv=sys.argv, base_dir=homedir)
logo = print_logo()
parser = ArgumentParser(formatter_class=RawDescriptionHelpFormatter,
description='''
stoQ - an automated analysis framework
{}
Available Commands:
help Display help message
shell Launch an interactive shell
list List available plugins
worker Load specified worker plugin
install Install a stoQ plugin
test Run stoQ tests
'''.format(logo),
usage='%(prog)s [command] [<args>]',
epilog='''
Examples:
- Scan a file with yara:
$ %(prog)s yara -F mybadfile.exe
- Monitor a directory for newly created files in the new_files
directory, send them to workers, and archive the file into MongoDB:
$ %(prog)s publisher -I dirmon -F new_files/ -w yara -w trid -w exif -A mongodb
- Start workers, ingest from RabbitMQ, and save results to file:
$ %(prog)s yara -C file -I rabbitmq &
$ %(prog)s trid -C file -I rabbitmq &
$ %(prog)s exif -C file -I rabbitmq &
- Install a plugin from a directory
$ %(prog)s install path/to/plugin_directory
- Display worker specific command line arguments
$ %(prog)s yara -h
''')
parser.add_argument(dest="command", help="Commands")
options = parser.parse_args(s.argv[1:2])
if not options.command or options.command == 'help':
parser.print_help()
# Display a listing of valid plugins and their category
elif options.command == "list":
s.list_plugins()
elif options.command == "install":
installer = StoqPluginInstaller(s)
installer.install()
elif options.command == "shell":
StoqShell(s).cmdloop()
elif options.command == "test":
# We are going to manually parse the command line options here instead
# of using argparse.
try:
if s.argv[2] == "stoq":
run_stoq_tests(s)
elif s.argv[2] == "all":
run_plugin_tests(s)
else:
run_plugin_tests(s, plugin=s.argv[2:])
except IndexError:
parser.print_usage()
print(
"No test type provided. Valid options are: {stoq|all|plugin name ...}"
)
else:
# Initialize and load the worker plugin and make it an object of our
# stoq class
s.log.info("Starting stoQ v{}".format(__version__))
worker = s.load_plugin(options.command, 'worker')
if not worker:
exit(-1)
if worker.cron:
# Look liks a cron interval was provided, let's loop per the value provided
while True:
worker.run()
sleep(worker.cron)
else:
# No cron value was provided, let's run once and exit.
worker.run()
def setUp(self):
self.stoq = Stoq(log_level="CRITICAL")
self.bloom_file = os.path.join(self.stoq.temp_dir, "stoq-test.bloom")
def test_json_logger(self):
s = Stoq(log_level="CRITICAL")
s.log_syntax = 'json'
s.logger_init()
self.assertEqual(s.log_syntax, 'json')