def testParseFile(self): """Test parsing of a Mac Wifi log file.""" parser = mac_appfirewall.MacAppFirewallParser() knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( ['appfirewall.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 47) events = list(storage_writer.GetEvents()) expected_event_values = { 'action': 'creating /var/log/appfirewall.log', 'agent': 'socketfilterfw[112]', 'computer_name': 'DarkTemplar-2.local', 'data_type': 'mac:appfirewall:line', 'process_name': 'Logging', 'status': 'Error', 'timestamp': '2013-11-02 04:07:35.000000'} self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'action': 'Allow TCP LISTEN (in:0 out:1)', 'agent': 'socketfilterfw[87]', 'computer_name': 'DarkTemplar-2.local', 'data_type': 'mac:appfirewall:line', 'process_name': 'Dropbox', 'status': 'Info', 'timestamp': '2013-11-03 13:25:15.000000'} self.CheckEventValues(storage_writer, events[9], expected_event_values) # Check repeated lines. event_data = self._GetEventDataOfEvent(storage_writer, events[38]) expected_event_values = { 'action': event_data.action, 'agent': event_data.agent, 'computer_name': event_data.computer_name, 'data_type': 'mac:appfirewall:line', 'process_name': event_data.process_name, 'status': event_data.status} self.CheckEventValues(storage_writer, events[39], expected_event_values) # Year changes. expected_event_values = { 'data_type': 'mac:appfirewall:line', 'timestamp': '2013-12-31 23:59:23.000000'} self.CheckEventValues(storage_writer, events[45], expected_event_values) expected_event_values = { 'data_type': 'mac:appfirewall:line', 'timestamp': '2014-01-01 01:13:23.000000'} self.CheckEventValues(storage_writer, events[46], expected_event_values)
def testParseFile(self): """Test parsing of a Mac Wifi log file.""" parser = mac_appfirewall.MacAppFirewallParser() knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( ['appfirewall.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 47) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2013-11-02 04:07:35.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.agent, 'socketfilterfw[112]') self.assertEqual(event_data.computer_name, 'DarkTemplar-2.local') self.assertEqual(event_data.status, 'Error') self.assertEqual(event_data.process_name, 'Logging') self.assertEqual(event_data.action, 'creating /var/log/appfirewall.log') expected_message = ('Computer: DarkTemplar-2.local ' 'Agent: socketfilterfw[112] ' 'Status: Error ' 'Process name: Logging ' 'Log: creating /var/log/appfirewall.log') expected_short_message = ('Process name: Logging ' 'Status: Error') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[9] self.CheckTimestamp(event.timestamp, '2013-11-03 13:25:15.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.agent, 'socketfilterfw[87]') self.assertEqual(event_data.computer_name, 'DarkTemplar-2.local') self.assertEqual(event_data.status, 'Info') self.assertEqual(event_data.process_name, 'Dropbox') self.assertEqual(event_data.action, 'Allow TCP LISTEN (in:0 out:1)') expected_message = ('Computer: DarkTemplar-2.local ' 'Agent: socketfilterfw[87] ' 'Status: Info ' 'Process name: Dropbox ' 'Log: Allow TCP LISTEN (in:0 out:1)') expected_short_message = ('Process name: Dropbox ' 'Status: Info') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) # Check repeated lines. event = events[38] event_data = self._GetEventDataOfEvent(storage_writer, event) repeated_event = events[39] repeated_event_data = self._GetEventDataOfEvent( storage_writer, repeated_event) self.assertEqual(event_data.agent, repeated_event_data.agent) self.assertEqual(event_data.computer_name, repeated_event_data.computer_name) self.assertEqual(event_data.status, repeated_event_data.status) self.assertEqual(event_data.process_name, repeated_event_data.process_name) self.assertEqual(event_data.action, repeated_event_data.action) # Year changes. event = events[45] self.CheckTimestamp(event.timestamp, '2013-12-31 23:59:23.000000') event = events[46] self.CheckTimestamp(event.timestamp, '2014-01-01 01:13:23.000000')
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = mac_appfirewall.MacAppFirewallParser()
def testParseFile(self): """Test parsing of a Mac Wifi log file.""" parser_object = mac_appfirewall.MacAppFirewallParser() knowledge_base_values = {u'year': 2013} test_file = self._GetTestFilePath([u'appfirewall.log']) event_queue_consumer = self._ParseFile( parser_object, test_file, knowledge_base_values=knowledge_base_values) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 47) event_object = event_objects[0] expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-11-02 04:07:35') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.agent, u'socketfilterfw[112]') self.assertEqual(event_object.computer_name, u'DarkTemplar-2.local') self.assertEqual(event_object.status, u'Error') self.assertEqual(event_object.process_name, u'Logging') self.assertEqual(event_object.action, u'creating /var/log/appfirewall.log') expected_msg = (u'Computer: DarkTemplar-2.local ' u'Agent: socketfilterfw[112] ' u'Status: Error ' u'Process name: Logging ' u'Log: creating /var/log/appfirewall.log') expected_msg_short = (u'Process name: Logging ' u'Status: Error') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[9] expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-11-03 13:25:15') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.agent, u'socketfilterfw[87]') self.assertEqual(event_object.computer_name, u'DarkTemplar-2.local') self.assertEqual(event_object.status, u'Info') self.assertEqual(event_object.process_name, u'Dropbox') self.assertEqual(event_object.action, u'Allow TCP LISTEN (in:0 out:1)') expected_msg = (u'Computer: DarkTemplar-2.local ' u'Agent: socketfilterfw[87] ' u'Status: Info ' u'Process name: Dropbox ' u'Log: Allow TCP LISTEN (in:0 out:1)') expected_msg_short = (u'Process name: Dropbox ' u'Status: Info') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) # Check repeated lines. event_object = event_objects[38] repeated_event_object = event_objects[39] self.assertEqual(event_object.agent, repeated_event_object.agent) self.assertEqual(event_object.computer_name, repeated_event_object.computer_name) self.assertEqual(event_object.status, repeated_event_object.status) self.assertEqual(event_object.process_name, repeated_event_object.process_name) self.assertEqual(event_object.action, repeated_event_object.action) # Year changes. event_object = event_objects[45] expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-12-31 23:59:23') self.assertEqual(event_object.timestamp, expected_timestamp) event_object = event_objects[46] expected_timestamp = timelib.Timestamp.CopyFromString( u'2014-01-01 01:13:23') self.assertEqual(event_object.timestamp, expected_timestamp)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = mac_appfirewall.MacAppFirewallParser()
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() pre_obj.year = 2013 pre_obj.zone = pytz.timezone('UTC') self._parser = mac_appfirewall.MacAppFirewallParser(pre_obj, None)