def test12or_match_rule(self): """This case unit the OrMatchRule.""" description = "Test12Rules" path_exists_match_rule = PathExistsMatchRule(self.match_ipv4, None) self.analysis_context.register_component(path_exists_match_rule, description) i_pv4_in_rfc1918_match_rule = IPv4InRFC1918MatchRule(self.match_ipv4) self.analysis_context.register_component(i_pv4_in_rfc1918_match_rule, description + "2") or_match_rule = OrMatchRule( [path_exists_match_rule, i_pv4_in_rfc1918_match_rule]) self.analysis_context.register_component(or_match_rule, description + "3") ip_address_data_model_element = IpAddressDataModelElement('IPv4') match_context = MatchContext(b'192.168.0.0') match_element = ip_address_data_model_element.get_match_element( 'match', match_context) log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), or_match_rule) self.assertTrue(or_match_rule.match(log_atom)) # changing to IPv6 path_exists_match_rule = PathExistsMatchRule('match/IPv6', None) or_match_rule = OrMatchRule( [path_exists_match_rule, i_pv4_in_rfc1918_match_rule]) match_context = MatchContext(b'192.168.0.0') match_element = ip_address_data_model_element.get_match_element( 'match', match_context) log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), time(), or_match_rule) self.assertTrue(or_match_rule.match(log_atom))
def test1match_found(self): """This test case checks if valid inputs are recognized.""" description = "Test1WhitelistViolationDetector" path_exists_match_rule = PathExistsMatchRule('match/s1', None) path_exists_match_rule2 = PathExistsMatchRule('match/s2', None) t = time.time() whitelist_violation_detector = WhitelistViolationDetector( self.aminer_config, [path_exists_match_rule, path_exists_match_rule2], [self.stream_printer_event_handler], output_log_line=False) self.analysis_context.register_component(whitelist_violation_detector, description) fixed_dme = FixedDataModelElement('s1', self.fixed_string) match_context = MatchContext(self.fixed_string) match_element = fixed_dme.get_match_element('match', match_context) log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), t, whitelist_violation_detector) self.assertTrue(whitelist_violation_detector.receive_atom(log_atom)) self.assertEqual(self.output_stream.getvalue(), '') fixed_dme = FixedDataModelElement('s2', self.fixed_string) match_context = MatchContext(self.fixed_string) match_element = fixed_dme.get_match_element('match', match_context) log_atom = LogAtom(match_element.match_object, ParserMatch(match_element), t, whitelist_violation_detector) self.assertTrue(whitelist_violation_detector.receive_atom(log_atom)) self.assertEqual(self.output_stream.getvalue(), '') fixed_dme = FixedDataModelElement('s3', self.fixed_string) match_context = MatchContext(self.fixed_string) match_element = fixed_dme.get_match_element('match', match_context) log_atom = LogAtom(match_element.match_object, ParserMatch(match_element), t, path_exists_match_rule) self.assertTrue( not whitelist_violation_detector.receive_atom(log_atom)) self.assertEqual( self.output_stream.getvalue(), self.__expected_string % (datetime.fromtimestamp(t).strftime("%Y-%m-%d %H:%M:%S"), whitelist_violation_detector.__class__.__name__, description, 1, "b'fixed String'"))
def test3path_exists_match_rule(self): """This case unit the PathExistsMatchRule.""" description = "Test3Rules" path_exists_match_rule = PathExistsMatchRule(self.match_s1, None) self.analysis_context.register_component(path_exists_match_rule, description) self.fixed_dme = FixedDataModelElement('s1', self.fixed_string) t = time() match_context = MatchContext(self.fixed_string) match_element = self.fixed_dme.get_match_element( 'match', match_context) log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), t, path_exists_match_rule) self.assertTrue(path_exists_match_rule.match(log_atom)) self.fixed_dme = FixedDataModelElement('s2', self.fixed_string) match_context = MatchContext(self.fixed_string) match_element = self.fixed_dme.get_match_element( 'match', match_context) log_atom = LogAtom(match_context.match_data, ParserMatch(match_element), t, path_exists_match_rule) self.assertTrue(not path_exists_match_rule.match(log_atom))
def run_whitelist_violation_detector(self, number_of_pathes, modulo_factor): results = [None] * self.iterations avg = 0 z = 0 while z < self.iterations: i = 0 rules = [] while i < number_of_pathes: rules.append( PathExistsMatchRule( self.integerd + str(i % number_of_pathes), None)) i = i + 1 whitelist_violation_detector = WhitelistViolationDetector( self.aminer_config, rules, [self.stream_printer_event_handler]) t = time.time() seconds = time.time() i = 0 while int(time.time() - seconds) < self.waiting_time: p = process_time() r = random.randint(1, 100) if r >= modulo_factor: r = 2 else: r = 1 seconds = seconds + process_time() - p decimal_integer_value_me = DecimalIntegerValueModelElement( 'd' + str(i % (number_of_pathes * r)), DecimalIntegerValueModelElement.SIGN_TYPE_NONE, DecimalIntegerValueModelElement.PAD_TYPE_NONE) match_context = MatchContext(str(i % 100).encode()) match_element = decimal_integer_value_me.get_match_element( 'integer', match_context) log_atom = LogAtom(match_element.match_string, ParserMatch(match_element), t, whitelist_violation_detector) whitelist_violation_detector.receive_atom(log_atom) i = i + 1 results[z] = i z = z + 1 avg = avg + i avg = avg / self.iterations type(self).result = self.result + self.result_string % ( whitelist_violation_detector.__class__.__name__, avg, results, '%d different PathExistsMatchRules and a moduloFactor of %d.' % (number_of_pathes, modulo_factor))