def test_email_with_cc_and_bcc():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'cc': ['*****@*****.**', '*****@*****.**'],
'bcc': '*****@*****.**'
}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().sendmail(mock.ANY, [
'*****@*****.**', '*****@*****.**', '*****@*****.**',
'*****@*****.**', '*****@*****.**'
], mock.ANY),
mock.call().close()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'CC: [email protected],[email protected]' in body
assert 'From: [email protected]' in body
def test_email_query_key_in_subject():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'query_key': 'username'
}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{
'test_term': 'test_value',
'username': '******'
}])
body = mock_smtp.mock_calls[4][1][2]
lines = body.split('\n')
found_subject = False
for line in lines:
if line.startswith('Subject'):
assert 'werbenjagermanjensen' in line
found_subject = True
assert found_subject
def test_email_with_unicode_strings():
rule = {
'name': 'test alert',
'email': u'*****@*****.**',
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'owner': 'owner_value',
'alert_subject': 'Test alert for {0}, owned by {1}',
'alert_subject_args': ['test_term', 'owner'],
'snowman': u'☃'
}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().sendmail(mock.ANY, [u'*****@*****.**'], mock.ANY),
mock.call().close()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value, owned by owner_value' in body
def test_email_with_auth():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}',
'alert_subject_args': ['test_term'],
'smtp_auth_file': 'file.txt'
}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
with mock.patch('elastalert.alerts.yaml_loader') as mock_open:
mock_open.return_value = {'user': '******', 'password': '******'}
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().login('someone', 'hunter2'),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().close()
]
assert mock_smtp.mock_calls == expected
def test_email_with_cc_and_bcc():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'], 'from_addr': '*****@*****.**',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'cc': ['*****@*****.**', '*****@*****.**'], 'bcc': '*****@*****.**'}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().close()]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'CC: [email protected],[email protected]' in body
assert 'From: [email protected]' in body
def test_email_with_args():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'], 'from_addr': '*****@*****.**',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0} {1}', 'alert_subject_args': ['test_term', 'test.term'], 'alert_text': 'Test alert for {0} and {1} {2}',
'alert_text_args': ['test_arg1', 'test_arg2', 'test.arg3']}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value', 'test_arg1': 'testing', 'test': {'term': ':)', 'arg3': u'☃'}}])
expected = [mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().sendmail(mock.ANY, ['*****@*****.**', '*****@*****.**'], mock.ANY),
mock.call().close()]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
# Extract the MIME encoded message body
body_text = body.split('\n\n')[-1][:-1].decode('base64')
assert 'testing' in body_text
assert '<MISSING VALUE>' in body_text
assert '☃' in body_text
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value :)' in body
def test_email_with_args():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'], 'from_addr': '*****@*****.**',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}', 'alert_subject_args': ['test_term'], 'alert_text': 'Test alert for {0} and {1}',
'alert_text_args': ['test_arg1', 'test_arg2']}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value', 'test_arg1': 'testing'}])
expected = [mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(),
mock.call().sendmail(mock.ANY, ['*****@*****.**', '*****@*****.**'], mock.ANY),
mock.call().close()]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'testing' in body
assert '<MISSING VALUE>' in body
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value' in body
def test_email():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}',
'alert_subject_args': ['test_term']
}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().close()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[1][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'Subject: Test alert for test_value' in body
def test_email_with_auth():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'], 'from_addr': '*****@*****.**',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}', 'alert_subject_args': ['test_term'], 'smtp_auth_file': 'file.txt'}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
with mock.patch('elastalert.alerts.yaml_loader') as mock_open:
mock_open.return_value = {'user': '******', 'password': '******'}
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [mock.call('localhost'),
mock.call().login('someone', 'hunter2'),
mock.call().sendmail(mock.ANY, ['*****@*****.**', '*****@*****.**'], mock.ANY),
mock.call().close()]
assert mock_smtp.mock_calls == expected
def test_email_query_key_in_subject():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'],
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'query_key': 'username'}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value', 'username': '******'}])
body = mock_smtp.mock_calls[1][1][2]
lines = body.split('\n')
found_subject = False
for line in lines:
if line.startswith('Subject'):
assert 'werbenjagermanjensen' in line
found_subject = True
assert found_subject
def test_email():
rule = {'name': 'test alert', 'email': ['*****@*****.**', '*****@*****.**'],
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}', 'alert_subject_args': ['test_term']}
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [mock.call('localhost'),
mock.call().sendmail(mock.ANY, ['*****@*****.**', '*****@*****.**'], mock.ANY),
mock.call().close()]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[1][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'Subject: Test alert for test_value' in body
def test_email_from_field():
rule = {'name': 'test alert', 'email': ['*****@*****.**'], 'email_add_domain': 'example.com',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_from_field': 'data.user', 'owner': 'owner_value'}
# Found, without @
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': '******'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Found, with @
rule['email_add_domain'] = '@example.com'
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': '******'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Not found
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'foo': 'qlo'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Found, wrong type
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': 17}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
def test_email_from_field():
rule = {'name': 'test alert', 'email': ['*****@*****.**'], 'email_add_domain': 'example.com',
'type': mock_rule(), 'timestamp_field': '@timestamp', 'email_from_field': 'data.user', 'owner': 'owner_value'}
# Found, without @
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': '******'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Found, with @
rule['email_add_domain'] = '@example.com'
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': '******'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Not found
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'foo': 'qlo'}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']
# Found, wrong type
with mock.patch('elastalert.alerts.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'data': {'user': 17}}])
assert mock_smtp.mock_calls[4][1][1] == ['*****@*****.**']