def setUp(self): self.stoq = Stoq(log_level="CRITICAL", default_connector="test_connector") # Use tests from installed $CWD/tests, otherwise, try to use the install stoQ tests self.test_path = os.path.join(os.getcwd(), "tests") if not os.path.isdir(self.test_path): try: import stoq self.test_path = os.path.join(os.path.dirname(stoq.__file__), "tests") except ImportError: print( "Test suite not found. Is stoQ installed or are tests in {}?" .format(self.test_path)) exit(1) self.invalid_plugins = os.path.join(self.test_path, "invalid_plugins") self.collect_plugins() self.data_prefix = os.path.join(self.test_path, "data") # Set stoQ variables for the test environment self.stoq.source_base_tuple = (os.path.join(self.data_prefix, "get")) # Variables used to get/read a file self.get_text_file = os.path.join(self.data_prefix, "get/text_file") # Dispatcher paths self.dispatch_rules = os.path.join(self.test_path, "test_dispatch.yar") self.get_dispatch_file = os.path.join(self.data_prefix, "get/dispatch_test")
def test_load_config(self): s = Stoq(log_level="CRITICAL") s.config_file = self.config_file_test s.load_config() self.assertIsInstance(s.log_level, str) self.assertIsInstance(s.url_prefix_tuple, tuple) self.assertIsInstance(s.plugin_dir_list, list) self.assertIsInstance(s.is_dict, dict)
def setUp(self): self.stoq = Stoq() # Use tests from installed $CWD/tests, otherwise, try to use the install stoQ tests test_path = os.path.join(os.getcwd(), "tests") if not os.path.isdir(test_path): try: import stoq test_path = os.path.join(os.path.dirname(stoq.__file__), "tests") except ImportError: print( "Test suite not found. Is stoQ installed or are tests in {}?" .format(test_path)) exit(1) data_prefix = os.path.join(test_path, "data") # Set stoQ variables for the test environment self.stoq.source_base_tuple = (os.path.join(data_prefix, "get"), os.path.join(data_prefix, "results")) self.stoq.log.setLevel("CRITICAL") # Variables used to get/read a file or url self.get_text_file = os.path.join(data_prefix, "get/text_file") self.get_text_file_none = os.path.join(data_prefix, "get/nonexistent") self.get_text_file_nonauthorized = os.path.join( data_prefix, "notauthorized") self.get_text_url = "https://www.google.com/" self.get_invalid_url = "http://{}".format(str(uuid.uuid4())) # Variables used to write a file self.write_path = os.path.join(self.stoq.temp_dir, "write") self.write_path_nonexist = os.path.join(self.write_path, "newdir") self.write_text_file = "text_file" self.write_bin_file = "bin_file" # stoQ Results self.result_file_str = os.path.join(data_prefix, "results/smtp-session-str.stoq") self.result_file_bytes = os.path.join( data_prefix, "results/smtp-session-bytes.stoq")
# See the License for the specific language governing permissions and # limitations under the License. import sys from time import sleep from argparse import RawDescriptionHelpFormatter, ArgumentParser from stoq.core import Stoq from stoq.shell import StoqShell from stoq.logo import print_logo if __name__ == '__main__': stoq = Stoq(argv=sys.argv) logo = print_logo() parser = ArgumentParser(formatter_class=RawDescriptionHelpFormatter, usage=''' {} %(prog)s [command] [<args>] Available Commands: help Display help message shell Launch an interactive shell list List available plugins worker Load specified worker plugin install Install a stoQ plugin '''.format(logo),
def test_base_dir(self): base_dir = os.path.realpath(os.path.dirname(os.getcwd())) temp_stoq = Stoq(base_dir=base_dir) self.assertEqual(temp_stoq.base_dir, base_dir)
def test_argv(self): argv = ['argv_test'] temp_stoq = Stoq(argv=argv) self.assertEqual(temp_stoq.argv, argv)
def setUp(self): self.stoq = Stoq() self.stoq.log.setLevel("CRITICAL") self.bloom_file = os.path.join(self.stoq.temp_dir, "stoq-test.bloom")
def main(): # If $STOQ_HOME exists, set our base directory to that, otherwise # use ~/.stoq homedir = os.getenv("STOQ_HOME", "{}/.stoq".format(str(Path.home()))) s = Stoq(argv=sys.argv, base_dir=homedir) logo = print_logo() parser = ArgumentParser(formatter_class=RawDescriptionHelpFormatter, description=''' stoQ - an automated analysis framework {} Available Commands: help Display help message shell Launch an interactive shell list List available plugins worker Load specified worker plugin install Install a stoQ plugin test Run stoQ tests '''.format(logo), usage='%(prog)s [command] [<args>]', epilog=''' Examples: - Scan a file with yara: $ %(prog)s yara -F mybadfile.exe - Monitor a directory for newly created files in the new_files directory, send them to workers, and archive the file into MongoDB: $ %(prog)s publisher -I dirmon -F new_files/ -w yara -w trid -w exif -A mongodb - Start workers, ingest from RabbitMQ, and save results to file: $ %(prog)s yara -C file -I rabbitmq & $ %(prog)s trid -C file -I rabbitmq & $ %(prog)s exif -C file -I rabbitmq & - Install a plugin from a directory $ %(prog)s install path/to/plugin_directory - Display worker specific command line arguments $ %(prog)s yara -h ''') parser.add_argument(dest="command", help="Commands") options = parser.parse_args(s.argv[1:2]) if not options.command or options.command == 'help': parser.print_help() # Display a listing of valid plugins and their category elif options.command == "list": s.list_plugins() elif options.command == "install": installer = StoqPluginInstaller(s) installer.install() elif options.command == "shell": StoqShell(s).cmdloop() elif options.command == "test": # We are going to manually parse the command line options here instead # of using argparse. try: if s.argv[2] == "stoq": run_stoq_tests(s) elif s.argv[2] == "all": run_plugin_tests(s) else: run_plugin_tests(s, plugin=s.argv[2:]) except IndexError: parser.print_usage() print( "No test type provided. Valid options are: {stoq|all|plugin name ...}" ) else: # Initialize and load the worker plugin and make it an object of our # stoq class s.log.info("Starting stoQ v{}".format(__version__)) worker = s.load_plugin(options.command, 'worker') if not worker: exit(-1) if worker.cron: # Look liks a cron interval was provided, let's loop per the value provided while True: worker.run() sleep(worker.cron) else: # No cron value was provided, let's run once and exit. worker.run()
def setUp(self): self.stoq = Stoq(log_level="CRITICAL") self.bloom_file = os.path.join(self.stoq.temp_dir, "stoq-test.bloom")
def test_json_logger(self): s = Stoq(log_level="CRITICAL") s.log_syntax = 'json' s.logger_init() self.assertEqual(s.log_syntax, 'json')