def test_send_to_when_given_begin_and_end_date_and_times_uses_expected_query( cli_state, alert_extractor, runner ): begin_date = get_test_date_str(days_ago=89) end_date = get_test_date_str(days_ago=1) time = "15:33:02" runner.invoke( cli, [ "alerts", "search", "--begin", "{} {}".format(begin_date, time), "--end", "{} {}".format(end_date, time), ], obj=cli_state, ) filters = alert_extractor.extract.call_args[0][0] actual_begin = get_filter_value_from_json(filters, filter_index=0) expected_begin = "{}T{}.000Z".format(begin_date, time) actual_end = get_filter_value_from_json(filters, filter_index=1) expected_end = "{}T{}.000Z".format(end_date, time) assert actual_begin == expected_begin assert actual_end == expected_end
def test_command_when_given_begin_and_end_dates_uses_expected_query( runner, cli_state, file_event_extractor, command): begin_date = get_test_date_str(days_ago=89) end_date = get_test_date_str(days_ago=1) runner.invoke( cli, command, obj=cli_state, ) filters = file_event_extractor.extract.call_args[0][1] actual_begin = get_filter_value_from_json(filters, filter_index=0) expected_begin = "{}T00:00:00.000Z".format(begin_date) actual_end = get_filter_value_from_json(filters, filter_index=1) expected_end = "{}T23:59:59.999Z".format(end_date) assert actual_begin == expected_begin assert actual_end == expected_end
def test_search_and_send_to_when_given_begin_and_end_dates_uses_expected_query( cli_state, alert_extractor, runner, command ): begin_date = get_test_date_str(days_ago=89) end_date = get_test_date_str(days_ago=1) runner.invoke( cli, [*command, "--begin", begin_date, "--end", end_date], obj=cli_state, ) filters = alert_extractor.extract.call_args[0][0] actual_begin = get_filter_value_from_json(filters, filter_index=0) expected_begin = "{}T00:00:00.000Z".format(begin_date) actual_end = get_filter_value_from_json(filters, filter_index=1) expected_end = "{}T23:59:59.999Z".format(end_date) assert actual_begin == expected_begin assert actual_end == expected_end
def test_search_and_send_to_when_given_begin_date_and_not_use_checkpoint_and_cursor_exists_uses_begin_date( cli_state, alert_extractor, runner, command): begin_date = get_test_date_str(days_ago=1) runner.invoke(cli, [*command, "--begin", begin_date], obj=cli_state) actual_ts = get_filter_value_from_json( alert_extractor.extract.call_args[0][0], filter_index=0) expected_ts = f"{begin_date}T00:00:00.000Z" assert actual_ts == expected_ts assert filter_term_is_in_call_args(alert_extractor, f.DateObserved._term)
def test_search_when_given_begin_date_and_time_without_seconds_uses_expected_query( cli_state, alert_extractor, runner, command): date = get_test_date_str(days_ago=89) time = "15:33" runner.invoke(cli, [*command, "--begin", f"{date} {time}"], obj=cli_state) actual = get_filter_value_from_json( alert_extractor.extract.call_args[0][0], filter_index=0) expected = f"{date}T{time}:00.000Z" assert actual == expected
def test_search_and_send_to_when_given_begin_date_and_not_use_checkpoint_and_cursor_exists_uses_begin_date( runner, cli_state, file_event_extractor, command): begin_date = get_test_date_str(days_ago=1) runner.invoke(cli, [*command, "--begin", begin_date], obj=cli_state) actual_ts = get_filter_value_from_json( file_event_extractor.extract.call_args[0][1], filter_index=0) expected_ts = "{}T00:00:00.000Z".format(begin_date) assert actual_ts == expected_ts assert filter_term_is_in_call_args(file_event_extractor, f.EventTimestamp._term)
def test_search_when_given_begin_and_end_date_and_times_uses_expected_query( cli_state, alert_extractor, runner, command): begin_date = get_test_date_str(days_ago=89) end_date = get_test_date_str(days_ago=1) time = "15:33:02" runner.invoke( cli, [ *command, "--begin", f"{begin_date} {time}", "--end", f"{end_date} {time}" ], obj=cli_state, ) filters = alert_extractor.extract.call_args[0][0] actual_begin = get_filter_value_from_json(filters, filter_index=0) expected_begin = f"{begin_date}T{time}.000Z" actual_end = get_filter_value_from_json(filters, filter_index=1) expected_end = f"{end_date}T{time}.000Z" assert actual_begin == expected_begin assert actual_end == expected_end
def test_search_when_given_begin_date_and_time_without_seconds_uses_expected_query( runner, cli_state, file_event_extractor): date = get_test_date_str(days_ago=89) time = "15:33" runner.invoke( cli, ["security-data", "search", "--begin", "{} {}".format(date, time)], obj=cli_state, ) actual = get_filter_value_from_json( file_event_extractor.extract.call_args[0][1], filter_index=0) expected = "{}T{}:00.000Z".format(date, time) assert actual == expected
def test_search_and_send_to_when_given_begin_and_end_dates_uses_expected_query( runner, cli_state, file_event_extractor, command): begin_date = get_test_date_str(days_ago=89) end_date = get_test_date_str(days_ago=1) runner.invoke( cli, [ *command, "--begin", get_test_date_str(days_ago=89), "--end", get_test_date_str(days_ago=1), ], obj=cli_state, ) filters = file_event_extractor.extract.call_args[0][1] actual_begin = get_filter_value_from_json(filters, filter_index=0) expected_begin = f"{begin_date}T00:00:00.000Z" actual_end = get_filter_value_from_json(filters, filter_index=1) expected_end = f"{end_date}T23:59:59.999Z" assert actual_begin == expected_begin assert actual_end == expected_end
def test_search_and_send_to_when_given_end_date_and_time_uses_expected_query( runner, cli_state, file_event_extractor, command): begin_date = get_test_date_str(days_ago=10) end_date = get_test_date_str(days_ago=1) time = "15:33" runner.invoke( cli, [*command, "--begin", begin_date, "--end", f"{end_date} {time}"], obj=cli_state, ) actual = get_filter_value_from_json( file_event_extractor.extract.call_args[0][1], filter_index=1) expected = f"{end_date}T{time}:00.000Z" assert actual == expected
def test_send_to_when_given_begin_date_and_time_without_seconds_uses_expected_query( cli_state, alert_extractor, runner ): date = get_test_date_str(days_ago=89) time = "15:33" runner.invoke( cli, ["alerts", "send-to", "0.0.0.0", "--begin", "{} {}".format(date, time)], obj=cli_state, ) actual = get_filter_value_from_json( alert_extractor.extract.call_args[0][0], filter_index=0 ) expected = "{}T{}:00.000Z".format(date, time) assert actual == expected
def test_search_and_send_to_when_given_end_date_and_time_uses_expected_query( cli_state, alert_extractor, runner, command ): begin_date = get_test_date_str(days_ago=10) end_date = get_test_date_str(days_ago=1) time = "15:33" runner.invoke( cli, [*command, "--begin", begin_date, "--end", "{} {}".format(end_date, time)], obj=cli_state, ) actual = get_filter_value_from_json( alert_extractor.extract.call_args[0][0], filter_index=1 ) expected = "{}T{}:00.000Z".format(end_date, time) assert actual == expected