def test4_allowlist_event_with_known_and_unknown_paths(self):
"""This test case checks in which cases an event is triggered and compares with expected results."""
description = "Test4EnhancedNewMatchPathValueComboDetector"
enhanced_new_match_path_value_combo_detector = EnhancedNewMatchPathValueComboDetector(
self.aminer_config, [self.first_seq_s1, self.first_seq_d1],
[self.stream_printer_event_handler],
'Default',
False,
True,
output_log_line=False)
self.analysis_context.register_component(
enhanced_new_match_path_value_combo_detector, description)
t = time.time()
self.assertEqual(
enhanced_new_match_path_value_combo_detector.allowlist_event(
'Analysis.%s' % enhanced_new_match_path_value_combo_detector.
__class__.__name__, self.match_element_sequence_me.get_path(),
None), self.__expected_allowlisting_string %
(', '.join(
enhanced_new_match_path_value_combo_detector.target_path_list),
self.match_element_sequence_me.get_path()))
log_atom_sequence_me2 = LogAtom(
self.match_element_sequence_me2.get_match_string(),
ParserMatch(self.match_element_sequence_me2), t,
enhanced_new_match_path_value_combo_detector)
enhanced_new_match_path_value_combo_detector.auto_include_flag = False
self.assertEqual(
enhanced_new_match_path_value_combo_detector.allowlist_event(
'Analysis.%s' % enhanced_new_match_path_value_combo_detector.
__class__.__name__, [
log_atom_sequence_me2.get_timestamp(),
self.match_element_sequence_me2.get_path()
], None), self.__expected_allowlisting_string %
(', '.join(
enhanced_new_match_path_value_combo_detector.target_path_list),
[
log_atom_sequence_me2.get_timestamp(),
self.match_element_sequence_me2.path
]))
def test4has_idle_source(self):
"""In this test case a source becomes idle and expires."""
description = "Test4SimpleMultisourceAtomSync"
sync_wait_time = 3
any_byte_data_model_element = AnyByteDataModelElement('a1')
new_match_path_detector1 = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'Default',
False,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector1,
description)
new_match_path_detector2 = NewMatchPathDetector(
self.aminer_config, [self.stream_printer_event_handler],
'Default',
False,
output_log_line=False)
self.analysis_context.register_component(new_match_path_detector2,
description + "2")
simple_multisource_atom_sync = SimpleMultisourceAtomSync(
[new_match_path_detector1], sync_wait_time)
t = time()
match_context = MatchContext(self.calculation)
match_element = any_byte_data_model_element.get_match_element(
'match', match_context)
log_atom1 = LogAtom(match_element.match_object,
ParserMatch(match_element), t,
new_match_path_detector1)
log_atom2 = LogAtom(match_element.match_object,
ParserMatch(match_element), t,
new_match_path_detector2)
self.assertTrue(
not simple_multisource_atom_sync.receive_atom(log_atom1))
self.assertTrue(
not simple_multisource_atom_sync.receive_atom(log_atom2))
sleep(sync_wait_time + 1)
self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))
# log_atom1 is handled now, so new_match_path_detector1 should be deleted after waiting the sync_wait_time.
self.assertTrue(
not simple_multisource_atom_sync.receive_atom(log_atom2))
sleep(sync_wait_time + 1)
self.assertTrue(
not simple_multisource_atom_sync.receive_atom(log_atom2))
self.assertEqual(
simple_multisource_atom_sync.sources_dict, {
new_match_path_detector1: [log_atom1.get_timestamp(), None],
new_match_path_detector2:
[log_atom2.get_timestamp(), log_atom2]
})
self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))
self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))
sleep(sync_wait_time + 1)
self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))
self.assertEqual(
simple_multisource_atom_sync.sources_dict, {
new_match_path_detector1: [log_atom1.get_timestamp(), None],
new_match_path_detector2:
[log_atom2.get_timestamp(), log_atom2]
})
log_atom1 = LogAtom(match_element.match_object,
ParserMatch(match_element), t + 1,
new_match_path_detector1)
self.assertTrue(
not simple_multisource_atom_sync.receive_atom(log_atom1))
self.assertEqual(
simple_multisource_atom_sync.sources_dict, {
new_match_path_detector1:
[log_atom1.get_timestamp() - 1, log_atom1],
new_match_path_detector2:
[log_atom2.get_timestamp(), log_atom2]
})
log_atom1 = LogAtom(match_element.match_object,
ParserMatch(match_element), t - 1,
new_match_path_detector1)
self.assertTrue(simple_multisource_atom_sync.receive_atom(log_atom1))
