def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
d = {
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "172.18.1.1"
}, {
"type": "ip",
"value": "172.18.1.2"
}],
"type":
"in",
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue("Src"), [IPValue("1.1.1.1")])
d = {
"left": {
"name": "Src",
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue("Src"), [IPValue("1.1.1.1")]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
d = {
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '172.18.1.1'
}, {
'type': 'ip',
'value': '172.18.1.2'
}],
'type':
'in'
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')])
d = {
'left': {
'name': 'Src',
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def name_with_fields(self):
query = LogQuery(fetch_size=100)
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue("192.168.4.84")])
query.format.field_format("name")
logquery = {
"format": {
"type": "texts",
"field_format": "name",
"resolving": {
"senders": True
}
},
"query": {
"type": "stored",
"end_ms": 0,
"start_ms": 0,
"filter": {
"type": "in",
"left": {
"type": "field",
"id": LogField.SRC
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
},
},
"fetch": {
"quantity": 100,
"backwards": True
},
}
self.assertDictEqual(query.request, logquery)
# beta=True)
session.login(url='http://172.18.1.150:8082',
api_key='EiGpKD4QxlLJ25dbBEp20001',
timeout=30,
api_version='6.4')
#session.login(url='https://172.18.1.151:8082', api_key='xJRo27kGja4JmPek9l3Nyxm4',
# verify=False)
pprint(session._get_log_schema())
#TODO: BLACKLISTQUERY fails when using format ID's due to CombinedFilter.
query = BlacklistQuery('ve-1')
query.add_in_filter(FieldValue(LogField.BLACKLISTENTRYSOURCEIP),
[IPValue('3.3.3.3/32')])
for record in query.fetch_as_element(
): # <-- must get as element to obtain delete() method
#for record in query.fetch_raw():
pprint(vars(record))
record.delete()
#print("Deleting!")
#print(prepared_request(href='http://172.18.1.150:8082/6.4/elements/virtual_fw/10677/blacklist/Nzg2NDMz').delete())
# query = LogQuery(http_proxy_host='1.1.1.1')
# for log in query.fetch_live():
# print(log)
class Foo(object):
def __init__(self, value):
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"and",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
])
d = {
"type":
"and",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 14,
"type": "field"
},
"right": [{
"type": "constant",
"value": 0
}, {
"type": "constant",
"value": 13
}],
"type":
"in",
},
],
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"or",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]),
])
d = {
"type":
"or",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/443"
}],
"type": "in",
},
],
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("TCP/443")]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'and',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
])
d = {
'type':
'and',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 14,
'type': 'field'
},
'right': [{
'type': 'constant',
'value': 0
}, {
'type': 'constant',
'value': 13
}],
'type':
'in'
}]
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'or',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')])
])
d = {
'type':
'or',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/443'
}],
'type': 'in'
}]
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('TCP/443')])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
timeout=30,
api_version="6.4",
)
# session.login(url='https://172.18.1.151:8082', api_key='xJRo27kGja4JmPek9l3Nyxm4',
# verify=False)
pprint(session._get_log_schema())
# TODO: BLACKLISTQUERY fails when using format ID's due to CombinedFilter.
query = BlacklistQuery("ve-1")
query.add_in_filter(
FieldValue(
LogField.BLACKLISTENTRYSOURCEIP), [
IPValue("3.3.3.3/32")])
for record in query.fetch_as_element(
): # <-- must get as element to obtain delete() method
# for record in query.fetch_raw():
pprint(vars(record))
record.delete()
# print("Deleting!")
# print(prepared_request(
# href='http://172.18.1.150:8082/6.4/elements/virtual_fw/10677/blacklist/Nzg2NDMz').delete())
# query = LogQuery(http_proxy_host='1.1.1.1')
# for log in query.fetch_live():
# print(log)
class Foo(object):