def test_send_to_when_given_begin_and_end_date_and_times_uses_expected_query(
cli_state, alert_extractor, runner
):
begin_date = get_test_date_str(days_ago=89)
end_date = get_test_date_str(days_ago=1)
time = "15:33:02"
runner.invoke(
cli,
[
"alerts",
"search",
"--begin",
"{} {}".format(begin_date, time),
"--end",
"{} {}".format(end_date, time),
],
obj=cli_state,
)
filters = alert_extractor.extract.call_args[0][0]
actual_begin = get_filter_value_from_json(filters, filter_index=0)
expected_begin = "{}T{}.000Z".format(begin_date, time)
actual_end = get_filter_value_from_json(filters, filter_index=1)
expected_end = "{}T{}.000Z".format(end_date, time)
assert actual_begin == expected_begin
assert actual_end == expected_end
def test_command_when_given_begin_and_end_dates_uses_expected_query(
runner, cli_state, file_event_extractor, command):
begin_date = get_test_date_str(days_ago=89)
end_date = get_test_date_str(days_ago=1)
runner.invoke(
cli,
command,
obj=cli_state,
)
filters = file_event_extractor.extract.call_args[0][1]
actual_begin = get_filter_value_from_json(filters, filter_index=0)
expected_begin = "{}T00:00:00.000Z".format(begin_date)
actual_end = get_filter_value_from_json(filters, filter_index=1)
expected_end = "{}T23:59:59.999Z".format(end_date)
assert actual_begin == expected_begin
assert actual_end == expected_end
def test_search_and_send_to_when_given_begin_and_end_dates_uses_expected_query(
cli_state, alert_extractor, runner, command
):
begin_date = get_test_date_str(days_ago=89)
end_date = get_test_date_str(days_ago=1)
runner.invoke(
cli, [*command, "--begin", begin_date, "--end", end_date], obj=cli_state,
)
filters = alert_extractor.extract.call_args[0][0]
actual_begin = get_filter_value_from_json(filters, filter_index=0)
expected_begin = "{}T00:00:00.000Z".format(begin_date)
actual_end = get_filter_value_from_json(filters, filter_index=1)
expected_end = "{}T23:59:59.999Z".format(end_date)
assert actual_begin == expected_begin
assert actual_end == expected_end
def test_search_and_send_to_when_given_begin_date_and_not_use_checkpoint_and_cursor_exists_uses_begin_date(
cli_state, alert_extractor, runner, command):
begin_date = get_test_date_str(days_ago=1)
runner.invoke(cli, [*command, "--begin", begin_date], obj=cli_state)
actual_ts = get_filter_value_from_json(
alert_extractor.extract.call_args[0][0], filter_index=0)
expected_ts = f"{begin_date}T00:00:00.000Z"
assert actual_ts == expected_ts
assert filter_term_is_in_call_args(alert_extractor, f.DateObserved._term)
def test_search_when_given_begin_date_and_time_without_seconds_uses_expected_query(
cli_state, alert_extractor, runner, command):
date = get_test_date_str(days_ago=89)
time = "15:33"
runner.invoke(cli, [*command, "--begin", f"{date} {time}"], obj=cli_state)
actual = get_filter_value_from_json(
alert_extractor.extract.call_args[0][0], filter_index=0)
expected = f"{date}T{time}:00.000Z"
assert actual == expected
def test_search_and_send_to_when_given_begin_date_and_not_use_checkpoint_and_cursor_exists_uses_begin_date(
runner, cli_state, file_event_extractor, command):
begin_date = get_test_date_str(days_ago=1)
runner.invoke(cli, [*command, "--begin", begin_date], obj=cli_state)
actual_ts = get_filter_value_from_json(
file_event_extractor.extract.call_args[0][1], filter_index=0)
expected_ts = "{}T00:00:00.000Z".format(begin_date)
assert actual_ts == expected_ts
assert filter_term_is_in_call_args(file_event_extractor,
f.EventTimestamp._term)
def test_search_when_given_begin_and_end_date_and_times_uses_expected_query(
cli_state, alert_extractor, runner, command):
begin_date = get_test_date_str(days_ago=89)
end_date = get_test_date_str(days_ago=1)
time = "15:33:02"
runner.invoke(
cli,
[
*command, "--begin", f"{begin_date} {time}", "--end",
f"{end_date} {time}"
],
obj=cli_state,
)
filters = alert_extractor.extract.call_args[0][0]
actual_begin = get_filter_value_from_json(filters, filter_index=0)
expected_begin = f"{begin_date}T{time}.000Z"
actual_end = get_filter_value_from_json(filters, filter_index=1)
expected_end = f"{end_date}T{time}.000Z"
assert actual_begin == expected_begin
assert actual_end == expected_end
def test_search_when_given_begin_date_and_time_without_seconds_uses_expected_query(
runner, cli_state, file_event_extractor):
date = get_test_date_str(days_ago=89)
time = "15:33"
runner.invoke(
cli,
["security-data", "search", "--begin", "{} {}".format(date, time)],
obj=cli_state,
)
actual = get_filter_value_from_json(
file_event_extractor.extract.call_args[0][1], filter_index=0)
expected = "{}T{}:00.000Z".format(date, time)
assert actual == expected
def test_search_and_send_to_when_given_begin_and_end_dates_uses_expected_query(
runner, cli_state, file_event_extractor, command):
begin_date = get_test_date_str(days_ago=89)
end_date = get_test_date_str(days_ago=1)
runner.invoke(
cli,
[
*command,
"--begin",
get_test_date_str(days_ago=89),
"--end",
get_test_date_str(days_ago=1),
],
obj=cli_state,
)
filters = file_event_extractor.extract.call_args[0][1]
actual_begin = get_filter_value_from_json(filters, filter_index=0)
expected_begin = f"{begin_date}T00:00:00.000Z"
actual_end = get_filter_value_from_json(filters, filter_index=1)
expected_end = f"{end_date}T23:59:59.999Z"
assert actual_begin == expected_begin
assert actual_end == expected_end
def test_search_and_send_to_when_given_end_date_and_time_uses_expected_query(
runner, cli_state, file_event_extractor, command):
begin_date = get_test_date_str(days_ago=10)
end_date = get_test_date_str(days_ago=1)
time = "15:33"
runner.invoke(
cli,
[*command, "--begin", begin_date, "--end", f"{end_date} {time}"],
obj=cli_state,
)
actual = get_filter_value_from_json(
file_event_extractor.extract.call_args[0][1], filter_index=1)
expected = f"{end_date}T{time}:00.000Z"
assert actual == expected
def test_send_to_when_given_begin_date_and_time_without_seconds_uses_expected_query(
cli_state, alert_extractor, runner
):
date = get_test_date_str(days_ago=89)
time = "15:33"
runner.invoke(
cli,
["alerts", "send-to", "0.0.0.0", "--begin", "{} {}".format(date, time)],
obj=cli_state,
)
actual = get_filter_value_from_json(
alert_extractor.extract.call_args[0][0], filter_index=0
)
expected = "{}T{}:00.000Z".format(date, time)
assert actual == expected
def test_search_and_send_to_when_given_end_date_and_time_uses_expected_query(
cli_state, alert_extractor, runner, command
):
begin_date = get_test_date_str(days_ago=10)
end_date = get_test_date_str(days_ago=1)
time = "15:33"
runner.invoke(
cli,
[*command, "--begin", begin_date, "--end", "{} {}".format(end_date, time)],
obj=cli_state,
)
actual = get_filter_value_from_json(
alert_extractor.extract.call_args[0][0], filter_index=1
)
expected = "{}T{}:00.000Z".format(end_date, time)
assert actual == expected
