def testParse(self):
"""Tests the Parse function."""
parser = selinux.SELinuxParser()
knowledge_base_values = {'year': 2013}
storage_writer = self._ParseFile(
['selinux.log'],
parser,
knowledge_base_values=knowledge_base_values)
self.assertEqual(storage_writer.number_of_events, 7)
events = list(storage_writer.GetEvents())
# Test case: normal entry.
event = events[0]
self.CheckTimestamp(event.timestamp, '2012-05-24 07:40:01.174000')
expected_message = (
'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old '
'auid=4294967295 new auid=0 old ses=4294967295 new ses=1165')
expected_short_message = (
'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old '
'auid=4294967295 new auid=...')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
# Test case: short date.
event = events[1]
self.CheckTimestamp(event.timestamp, '2012-05-24 07:40:01.000000')
expected_string = '[audit_type: SHORTDATE] check rounding'
self._TestGetMessageStrings(event, expected_string, expected_string)
# Test case: no msg.
event = events[2]
self.CheckTimestamp(event.timestamp, '2012-05-24 07:40:22.174000')
expected_string = '[audit_type: NOMSG]'
self._TestGetMessageStrings(event, expected_string, expected_string)
# Test case: under score.
event = events[3]
self.CheckTimestamp(event.timestamp, '2012-05-24 07:47:46.174000')
expected_message = (
'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old '
'auid=4294967295 new auid=54321 old ses=4294967295 new ses=1166')
expected_short_message = (
'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old '
'auid=4294967295 new...')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._parser = selinux.SELinuxParser()
def setUp(self):
"""Makes preparations before running an individual test."""
self._parser = selinux.SELinuxParser()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
pre_obj = event.PreprocessObject()
pre_obj.year = 2013
self._parser = selinux.SELinuxParser(pre_obj, None)
def testParse(self):
"""Tests the Parse function."""
parser = selinux.SELinuxParser()
knowledge_base_values = {'year': 2013}
storage_writer = self._ParseFile(
['selinux.log'],
parser,
knowledge_base_values=knowledge_base_values)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 7)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 4)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
# Test case: normal entry.
expected_event_values = {
'audit_type':
'LOGIN',
'body':
('pid=25443 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 '
'new ses=1165'),
'date_time':
'2012-05-24 07:40:01.174000',
'data_type':
'selinux:line',
'pid':
'25443'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
# Test case: short date.
expected_event_values = {
'audit_type': 'SHORTDATE',
'body': 'check rounding',
'date_time': '2012-05-24 07:40:01.000000',
'data_type': 'selinux:line'
}
self.CheckEventValues(storage_writer, events[1], expected_event_values)
# Test case: no message.
expected_event_values = {
'audit_type': 'NOMSG',
'date_time': '2012-05-24 07:40:22.174000',
'data_type': 'selinux:line'
}
self.CheckEventValues(storage_writer, events[2], expected_event_values)
# Test case: under score.
expected_event_values = {
'audit_type':
'UNDER_SCORE',
'body': ('pid=25444 uid=0 old auid=4294967295 new auid=54321 old '
'ses=4294967295 new ses=1166'),
'date_time':
'2012-05-24 07:47:46.174000',
'data_type':
'selinux:line',
'pid':
'25444'
}
self.CheckEventValues(storage_writer, events[3], expected_event_values)
def testParse(self):
"""Tests the Parse function."""
parser_object = selinux.SELinuxParser()
knowledge_base_values = {u'year': 2013}
test_file = self._GetTestFilePath([u'selinux.log'])
event_queue_consumer = self._ParseFile(
parser_object,
test_file,
knowledge_base_values=knowledge_base_values)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 5)
# Test case: normal entry.
event_object = event_objects[0]
self.assertEqual(event_object.timestamp, 1337845201174000)
expected_msg = (
u'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old '
u'auid=4294967295 new auid=0 old ses=4294967295 new ses=1165')
expected_msg_short = (
u'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old '
u'auid=4294967295 new auid=...')
self._TestGetMessageStrings(event_object, expected_msg,
expected_msg_short)
# Test case: short date.
event_object = event_objects[1]
self.assertEqual(event_object.timestamp, 1337845201000000)
expected_string = u'[audit_type: SHORTDATE] check rounding'
self._TestGetMessageStrings(event_object, expected_string,
expected_string)
# Test case: no msg.
event_object = event_objects[2]
self.assertEqual(event_object.timestamp, 1337845222174000)
expected_string = u'[audit_type: NOMSG]'
self._TestGetMessageStrings(event_object, expected_string,
expected_string)
# Test case: under score.
event_object = event_objects[3]
self.assertEqual(event_object.timestamp, 1337845666174000)
expected_msg = (
u'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old '
u'auid=4294967295 new auid=54321 old ses=4294967295 new ses=1166')
expected_msg_short = (
u'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old '
u'auid=4294967295 new...')
self._TestGetMessageStrings(event_object, expected_msg,
expected_msg_short)