def testDefault(self): config = Config() self.assertEqual({}, config.ignoredVariableDict()) self.assertEqual(['host_name', 'request_file_name', 'payload_container', 'rule_id'], config.variableNameList()) self.assertEqual(0, config.minimumOccurrenceCountThreshold()) self.assertEqual(None, config.maximumValueCountThreshold())
def main(self, argumentList): # Disabling contracts solves some performance issues. contracts.disable_all() argumentParser = argparse.ArgumentParser( description=u"Make ModSecurity exceptions.") argumentParser.add_argument( u"-i", u"--input", metavar=u"MODSEC_AUDIT_LOG_FILE", dest='modsecurityAuditLogPath', type=unicode, default=None, help= u"Modsecurity audit log file path or '-' to read from standard input." ) argumentParser.add_argument( u"-d", u"--data-url", dest='dataURL', type=unicode, required=True, default=None, help=u"Example: 'sqlite:////tmp/modsecurity-exception-factory.db'") argumentParser.add_argument(u"-c", u"--config-file", dest='configFilePath', type=unicode, default=None) argumentObject = argumentParser.parse_args(argumentList) # Try to parse config. config = Config(argumentObject.configFilePath) variableNameList = config.variableNameList() ignoredVariableDict = config.ignoredVariableDict() minimumOccurrenceCountThreshold = config.minimumOccurrenceCountThreshold( ) maximumValueCountThreshold = config.maximumValueCountThreshold() # Initialize data source object. dataSource = ModsecurityAuditDataSourceSQL(argumentObject.dataURL) # Parse log if given. if argumentObject.modsecurityAuditLogPath is not None: self._parseFile(argumentObject.modsecurityAuditLogPath, dataSource) # Preparing correlation engine. correlationEngine = CorrelationEngine(variableNameList, ignoredVariableDict, minimumOccurrenceCountThreshold, maximumValueCountThreshold) correlationEngine.addProgressListener( CorrelationProgressListenerConsole(sys.stderr)) # Correlating and writing exceptions progressively using the power of Python generators. ModsecurityExceptionWriter(stream=sys.stdout).write( correlationEngine.correlate(dataSource)) return 0
def testOK(self): config = Config(self._TEST_CONFIG_OK) self.assertEqual({'rule_id': [u"111111", u"222222", u"333333"], 'host_name': [u"1.1.1.1"]}, config.ignoredVariableDict()) self.assertEqual(['aaa', 'bbb', 'ccc'], config.variableNameList()) self.assertEqual(10, config.minimumOccurrenceCountThreshold()) self.assertEqual(20, config.maximumValueCountThreshold())
def testDefault(self): config = Config() self.assertEqual({}, config.ignoredVariableDict()) self.assertEqual( ['host_name', 'request_file_name', 'payload_container', 'rule_id'], config.variableNameList()) self.assertEqual(0, config.minimumOccurrenceCountThreshold()) self.assertEqual(None, config.maximumValueCountThreshold())
def testOK(self): config = Config(self._TEST_CONFIG_OK) self.assertEqual( { 'rule_id': [u"111111", u"222222", u"333333"], 'host_name': [u"1.1.1.1"] }, config.ignoredVariableDict()) self.assertEqual(['aaa', 'bbb', 'ccc'], config.variableNameList()) self.assertEqual(10, config.minimumOccurrenceCountThreshold()) self.assertEqual(20, config.maximumValueCountThreshold())
def main(self, argumentList): # Disabling contracts solves some performance issues. contracts.disable_all() argumentParser = argparse.ArgumentParser(description = u"Make ModSecurity exceptions.") argumentParser.add_argument(u"-i", u"--input", metavar = u"MODSEC_AUDIT_LOG_FILE", dest = 'modsecurityAuditLogPath', type = unicode, default = None, help = u"Modsecurity audit log file path or '-' to read from standard input.") argumentParser.add_argument(u"-d", u"--data-url", dest = 'dataURL', type = unicode, required = True, default = None, help = u"Example: 'sqlite:////tmp/modsecurity-exception-factory.db'") argumentParser.add_argument(u"-c", u"--config-file", dest = 'configFilePath', type = unicode, default = None) argumentObject = argumentParser.parse_args(argumentList) # Try to parse config. config = Config(argumentObject.configFilePath) variableNameList = config.variableNameList() ignoredVariableDict = config.ignoredVariableDict() minimumOccurrenceCountThreshold = config.minimumOccurrenceCountThreshold() maximumValueCountThreshold = config.maximumValueCountThreshold() # Initialize data source object. dataSource = ModsecurityAuditDataSourceSQL(argumentObject.dataURL) # Parse log if given. if argumentObject.modsecurityAuditLogPath is not None: self._parseFile(argumentObject.modsecurityAuditLogPath, dataSource) # Preparing correlation engine. correlationEngine = CorrelationEngine(variableNameList, ignoredVariableDict, minimumOccurrenceCountThreshold, maximumValueCountThreshold) correlationEngine.addProgressListener(CorrelationProgressListenerConsole(sys.stderr)) # Correlating and writing exceptions progressively using the power of Python generators. ModsecurityExceptionWriter(stream = sys.stdout).write(correlationEngine.correlate(dataSource)) return 0