def test_infilter(self): # Naked INFilter infilter = InFilter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) d = {'left': {'id': 7, 'type': 'field'}, 'right': [{'type': 'ip', 'value': '172.18.1.1'}, {'type': 'ip', 'value': '172.18.1.2'}], 'type': 'in'} self.assertDictEqual(infilter.filter, d) # Add to query using query method query = LogQuery() query.add_in_filter( FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter) # Update the original filter, validate update infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')]) d = {'left': {'name': 'Src', 'type': 'field'}, 'right': [{'type': 'ip', 'value': '1.1.1.1'}], 'type': 'in'} # Update filter on query self.assertDictEqual(infilter.filter, d) query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def test_infilter(self): # Naked INFilter infilter = InFilter(FieldValue(LogField.SRC), [IPValue("172.18.1.1", "172.18.1.2")]) d = { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "172.18.1.1" }, { "type": "ip", "value": "172.18.1.2" }], "type": "in", } self.assertDictEqual(infilter.filter, d) # Add to query using query method query = LogQuery() query.add_in_filter(FieldValue(LogField.SRC), [IPValue("172.18.1.1", "172.18.1.2")]) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter) # Update the original filter, validate update infilter.update_filter(FieldValue("Src"), [IPValue("1.1.1.1")]) d = { "left": { "name": "Src", "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", } # Update filter on query self.assertDictEqual(infilter.filter, d) query.update_filter(InFilter(FieldValue("Src"), [IPValue("1.1.1.1")])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_infilter(self): # Naked INFilter infilter = InFilter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) d = { 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '172.18.1.1' }, { 'type': 'ip', 'value': '172.18.1.2' }], 'type': 'in' } self.assertDictEqual(infilter.filter, d) # Add to query using query method query = LogQuery() query.add_in_filter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter) # Update the original filter, validate update infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')]) d = { 'left': { 'name': 'Src', 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' } # Update filter on query self.assertDictEqual(infilter.filter, d) query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def add_in_filter(self, *values): """ Add a filter using "IN" logic. This is typically the primary filter that will be used to find a match and generally combines other filters to get more granular. An example of usage would be searching for an IP address (or addresses) in a specific log field. Or looking for an IP address in multiple log fields. .. seealso:: :class:`smc_monitoring.models.filters.InFilter` for examples. :param values: optional constructor args for :class:`smc_monitoring.models.filters.InFilter` :rtype: InFilter """ filt = InFilter(*values) self.update_filter(filt) return filt
def test_and_filter(self): andfilter = AndFilter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) f = { "type": "and", "values": [ { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "192.168.4.84" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/80" }], "type": "in", }, ], } self.assertDictEqual(andfilter.filter, f) query = LogQuery() query.add_and_filter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) query_filter = query.request["query"]["filter"] self.assertDictEqual(f, query_filter) # Update the original filter andfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]), ]) d = { "type": "and", "values": [ { "left": { "id": 8, "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", }, { "left": { "id": 14, "type": "field" }, "right": [{ "type": "constant", "value": 0 }, { "type": "constant", "value": 13 }], "type": "in", }, ], } self.assertDictEqual(andfilter.filter, d) query.update_filter( AndFilter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]), ])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_or_filter(self): orfilter = OrFilter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) f = { "type": "or", "values": [ { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "192.168.4.84" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/80" }], "type": "in", }, ], } self.assertDictEqual(orfilter.filter, f) query = LogQuery() query.add_or_filter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) query_filter = query.request["query"]["filter"] self.assertDictEqual(f, query_filter) orfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]), ]) d = { "type": "or", "values": [ { "left": { "id": 8, "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/443" }], "type": "in", }, ], } self.assertDictEqual(d, orfilter.filter) query.update_filter( OrFilter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]), ])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_not_filter(self): notfilter = NotFilter([ InFilter(FieldValue(LogField.SERVICE), [ServiceValue("UDP/53", "TCP/80")]) ]) f = { "type": "not", "value": { "left": { "id": 27, "type": "field" }, "right": [ { "type": "service", "value": "UDP/53" }, { "type": "service", "value": "TCP/80" }, ], "type": "in", }, } self.assertDictEqual(notfilter.filter, f) query = LogQuery() query.add_not_filter([ InFilter(FieldValue(LogField.SERVICE), [ServiceValue("UDP/53", "TCP/80")]) ]) query_filter = query.request["query"]["filter"] self.assertDictEqual(f, query_filter) notfilter.update_filter([ InFilter(FieldValue(LogField.HTTPREQUESTHOST), [StringValue("play.googleapis.com")]) ]) d = { "type": "not", "value": { "left": { "id": 1586, "type": "field" }, "right": [{ "type": "string", "value": "play.googleapis.com" }], "type": "in", }, } self.assertDictEqual(d, notfilter.filter) query.update_filter( NotFilter([ InFilter(FieldValue(LogField.HTTPREQUESTHOST), [StringValue("play.googleapis.com")]) ])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_and_filter(self): andfilter = AndFilter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) f = { 'type': 'and', 'values': [{ 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '192.168.4.84' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/80' }], 'type': 'in' }] } self.assertDictEqual(andfilter.filter, f) query = LogQuery() query.add_and_filter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) query_filter = query.request['query']['filter'] self.assertDictEqual(f, query_filter) # Update the original filter andfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]) ]) d = { 'type': 'and', 'values': [{ 'left': { 'id': 8, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' }, { 'left': { 'id': 14, 'type': 'field' }, 'right': [{ 'type': 'constant', 'value': 0 }, { 'type': 'constant', 'value': 13 }], 'type': 'in' }] } self.assertDictEqual(andfilter.filter, d) query.update_filter( AndFilter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]) ])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def test_or_filter(self): orfilter = OrFilter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) f = { 'type': 'or', 'values': [{ 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '192.168.4.84' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/80' }], 'type': 'in' }] } self.assertDictEqual(orfilter.filter, f) query = LogQuery() query.add_or_filter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) query_filter = query.request['query']['filter'] self.assertDictEqual(f, query_filter) orfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')]) ]) d = { 'type': 'or', 'values': [{ 'left': { 'id': 8, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/443' }], 'type': 'in' }] } self.assertDictEqual(d, orfilter.filter) query.update_filter( OrFilter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')]) ])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def test_not_filter(self): notfilter = NotFilter([ InFilter(FieldValue(LogField.SERVICE), [ServiceValue('UDP/53', 'TCP/80')]) ]) f = { 'type': 'not', 'value': { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'UDP/53' }, { 'type': 'service', 'value': 'TCP/80' }], 'type': 'in' } } self.assertDictEqual(notfilter.filter, f) query = LogQuery() query.add_not_filter([ InFilter(FieldValue(LogField.SERVICE), [ServiceValue('UDP/53', 'TCP/80')]) ]) query_filter = query.request['query']['filter'] self.assertDictEqual(f, query_filter) notfilter.update_filter([ InFilter(FieldValue(LogField.HTTPREQUESTHOST), [StringValue('play.googleapis.com')]) ]) d = { 'type': 'not', 'value': { 'left': { 'id': 1586, 'type': 'field' }, 'right': [{ 'type': 'string', 'value': 'play.googleapis.com' }], 'type': 'in' } } self.assertDictEqual(d, notfilter.filter) query.update_filter( NotFilter([ InFilter(FieldValue(LogField.HTTPREQUESTHOST), [StringValue('play.googleapis.com')]) ])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)