def test_open_alert_file(self): ''' Testing the alert file open function. ''' logger = Logger() self.assertEqual(logger.open_alert_file(), 0)
def test_write_alert_to_file__no_json(self): ''' Testing the write alert to file function, without a json object. Requires - a file handle to be opened by the object. ''' logger = Logger() self.assertRaises(TypeError, logger.write_alert_to_file)
def test_write_flow_to_file__no_string(self): ''' Testing the write flow to file function, without a string. Requires - a file handle to be opened by the object. ''' logger = Logger() self.assertRaises(TypeError, logger.write_flow_to_file)
def test_init(self): ''' Testing the module's constructor. Input - none. Expected output - successful logger object instantiation. ''' logger = False logger = Logger() self.assertTrue(logger)
def test_write_alert_to_file__empty_json(self): ''' Testing the write alert to file function, with an empty json object. Requires - a file handle to be opened by the object. ''' logger = Logger() alert = {} ret = logger.write_alert_to_file(alert) self.assertEqual(ret, 0)
def test_write_alert_to_file(self): ''' Testing the write alert to file function, with a json object. Requires - a file handle to be opened by the object. ''' logger = Logger() alert = {"test1": {"0": 0, "1": 1}, "test2": {"2": 2, "3": 3}} ret = logger.write_alert_to_file(alert) self.assertEqual(ret, 0)
def test_write_flow_to_file__empty_string(self): ''' Testing the write flow to file function, with an empty string. Requires - a file handle to be opened by the object. ''' logger = Logger() flow = "" ret = logger.write_flow_to_file(flow) self.assertEqual(ret, 0)
def test_write_alert_to_file__alert_no_increment(self): ''' Ensuring the alert number is incremented correctly upon writing to file. Requires - an alert to be correctly processed and written to file. Input - valid json. Expected output: logger.write_alert_to_file(alert) == 0 logger.alert_no == 2 ''' logger = Logger() alert = {"test1": {"0": 0, "1": 1}, "test2": {"2": 2, "3": 3}} ret = logger.write_alert_to_file(alert) self.assertEqual(ret, 0) self.assertEqual(logger.alert_no, 2)
def test_init(self): ''' Testing the module's constructor - init variables and function calls. Expected output: logger.alert_no == 1 logger.flow_file == True logger.alert_file == True logger.flow_file_name == 'flows.binetflow' logger.alert_file_name == 'alerts.log' ''' logger = Logger() self.assertEqual(logger.alert_no, 1) self.assertTrue(logger.flow_file) self.assertTrue(logger.alert_file) self.assertEqual(logger.flow_file_name, 'flows.binetflow') self.assertEqual(logger.alert_file_name, 'alerts.log')
def __init__(self, args): """Constructor for the Detector. Takes in parsed command line argument data and sets up the Detector's mode accordingly. These modes include sniffing from the network, processing a local .pcap file or reading from a pre-processed network flow file. Also loads the relevent models into an object array to facilitate model prediciton. Args: args (dict): Parsed command line arguments to specify the Detector's mode of operation. Attributes: gui (bool): Specifies the GUI mode required. logging (bool): Specifies the logging mode required. debug (bool): Specifies the debugging mode required. read (None, string): Specifies the file read mode required. dataset_feature_columns (:obj:'list' of :obj:'str'): The required dataset feature column headings used in the Sniffer and Detector. models (:obj:'list' of :obj:'Model'): List to store successfully instantiated Model objects. sniffer (:obj':'Sniffer'): Sniffer object storage. ws_client (:obj':'Websocket_Client'): Websocket Client object storage. logger (:obj:'Logger'): Logger object storage. """ self.gui = args['no_gui'] self.logging = args['no_log'] self.debug = args['debug'] self.read = args['read'] self.dataset_feature_columns = [ 'SrcAddr', 'DstAddr', 'Proto', 'Sport', 'Dport', 'State', 'sTos', 'dTos', 'SrcWin', 'DstWin', 'sHops', 'dHops', 'StartTime', 'LastTime', 'sTtl', 'dTtl', 'TcpRtt', 'SynAck', 'AckDat', 'SrcPkts', 'DstPkts', 'SrcBytes', 'DstBytes', 'SAppBytes', 'DAppBytes', 'Dur', 'TotPkts', 'TotBytes', 'TotAppByte', 'Rate', 'SrcRate', 'DstRate' ] self.models = [] self.model_directory = 'Models' self.socket_addr = "ws://localhost:5566" if self.debug: print("[ Detector ] Debugging output enabled.") # De-serialise model objects into the model array self.models = self.load_models() # Sniffs raw data from a SPAN'd port, performs netflow feature extraction. # Mimics bash shell behaviour of: # $ TCPDUMP (interface) | ARGUS | RA CLIENT (CSV Formatted Network Flow Exporter). # Or, reads from a given file self.sniffer = Sniffer(self.read) if (self.gui == True): # Websocket_Client instantiation # Faciliates data transfer through a localhost socket to the backend electron # nodejs server self.ws_client = Websocket_Client() # And attempt to create a connection to the websocker server self.ws_client.connect(self.socket_addr) if (self.logging == True): # Flow and Alert file logging # Initialise Logger instance to handle alert and flow file logging operations self.logger = Logger()