Python ThresholdProcessor 예제들

프로그래밍 언어: Python

네임스페이스/패키지 이름: suricata.update.main

메소드/함수: ThresholdProcessor

hotexamples.com에서의 예제들: 2

Python ThresholdProcessor - 2개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 Python의 suricata.update.main.ThresholdProcessor에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

class ThresholdProcessorTestCase(unittest.TestCase):

    processor = main.ThresholdProcessor()

    def test_extract_regex(self):
        processor = main.ThresholdProcessor()

        line = "suppress re:java"
        self.assertEqual("java", processor.extract_regex(line))
        
        line = 'suppress re:"vulnerable java version"'
        self.assertEqual(
            "vulnerable java version", processor.extract_regex(line))

        line = "suppress re:java, track <by_src|by_dst>, ip <ip|subnet>"
        self.assertEqual("java", processor.extract_regex(line))
    
        line = 'suppress re:"vulnerable java version", track <by_src|by_dst>, ip <ip|subnet>'
        self.assertEqual(
            "vulnerable java version", processor.extract_regex(line))

        line = 'threshold re:"vulnerable java version", type threshold, track by_dst, count 1, seconds 10'
        self.assertEqual(
            "vulnerable java version", processor.extract_regex(line))

    def test_replace(self):
        rule_string = """alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send an image 2"; flow: established,from_server; content:"|0d 0a|Content-Type|3a| image/jpeg|0d 0a 0d 0a|MZ"; fast_pattern:12,20; classtype:trojan-activity; sid:2020757; rev:2;)"""
        rule = suricata.update.rule.parse(rule_string)

        line = "suppress re:windows"
        self.assertEqual(
            "suppress gen_id 1, sig_id 2020757",
            self.processor.replace(line, rule))

        bad_line = "nothing to match"
        self.assertEqual(
            "nothing to match",
            self.processor.replace(bad_line, rule)
        )

        line = 'threshold re:"ET MALWARE Windows", type threshold, ' \
               'track by_dst, count 1, seconds 10'
        self.assertEqual("threshold gen_id 1, sig_id 2020757, type threshold, track by_dst, count 1, seconds 10", self.processor.replace(line, rule))

        line = 'threshold re:malware, type threshold, track by_dst, count 1, ' \
               'seconds 10'
        self.assertEqual(
            "threshold gen_id 1, sig_id 2020757, type threshold, "
            "track by_dst, count 1, seconds 10",
            self.processor.replace(line, rule))

예제 #2

파일 보기

파일: test_main.py 프로젝트: shivan1b/suricata-update

    def test_extract_regex(self):
        processor = main.ThresholdProcessor()

        line = "suppress re:java"
        self.assertEqual("java", processor.extract_regex(line))

        line = 'suppress re:"vulnerable java version"'
        self.assertEqual("vulnerable java version",
                         processor.extract_regex(line))

        line = "suppress re:java, track <by_src|by_dst>, ip <ip|subnet>"
        self.assertEqual("java", processor.extract_regex(line))

        line = 'suppress re:"vulnerable java version", track <by_src|by_dst>, ip <ip|subnet>'
        self.assertEqual("vulnerable java version",
                         processor.extract_regex(line))

        line = 'threshold re:"vulnerable java version", type threshold, track by_dst, count 1, seconds 10'
        self.assertEqual("vulnerable java version",
                         processor.extract_regex(line))