def test_update_ip_dict(self, mock_utils): """ Test update_ip_dict. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() self.port_scan_obj.update_ip_dict('121.18.238.114', 'Jan 11', 1) hashed_ip = '121.18.238.114' + self.port_scan_obj.SALT + "Jan 11" self.assertTrue(self.port_scan_obj.ip_dict.get(hashed_ip)) temp_dict = {"count": 1, "last_time": 1} self.assertEqual(self.port_scan_obj.ip_dict[hashed_ip], temp_dict)
def test_parse_log_file(self, mock_utils, mock_update): """ Test parse_log_file. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() mock_utils.open_file.return_value = ["Jan 11 12:34:24 ip-172-31-1-163 sshd[2598]: \ Received disconnect from 121.18.238.114: 11: \ [preauth]"] mock_utils.get_epoch_time.return_value = 1 self.port_scan_obj.parse_log_file() mock_update.assert_called_with('121.18.238.114', 'Jan 11', 1)
def test_detect_port_scan(self, mock_log, mock_time, mock_utils): """ Test detect_port_scan. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() self.port_scan_obj.update_ip_dict('121.18.238.114', 'Jan 11', 1) self.port_scan_obj.THRESHOLD = -10 # Set THRESHOLD to negative to trigger alarm mock_time.return_value = 2 self.port_scan_obj.detect_port_scan() mock_log.assert_called_with( 'Possible port scan detected from: 121.18.238.114 on Jan 11', logtype='warning')
class TestPortScan(unittest.TestCase): """ Test class for PortScan. """ def setUp(self): """ Setup class for PortScan. """ self.os = "debian" @patch.object(PortScan, "update_ip_dict") @patch('securetea.lib.log_monitor.system_log.port_scan.utils') def test_parse_log_file(self, mock_utils, mock_update): """ Test parse_log_file. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() mock_utils.open_file.return_value = [ "Jan 11 12:34:24 ip-172-31-1-163 sshd[2598]: \ Received disconnect from 121.18.238.114: 11: \ [preauth]" ] mock_utils.get_epoch_time.return_value = 1 self.port_scan_obj.parse_log_file() mock_update.assert_called_with('121.18.238.114', 'Jan 11', 1) @patch('securetea.lib.log_monitor.system_log.port_scan.utils') def test_update_ip_dict(self, mock_utils): """ Test update_ip_dict. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() self.port_scan_obj.update_ip_dict('121.18.238.114', 'Jan 11', 1) hashed_ip = '121.18.238.114' + self.port_scan_obj.SALT + "Jan 11" self.assertTrue(self.port_scan_obj.ip_dict.get(hashed_ip)) temp_dict = {"count": 1, "last_time": 1} self.assertEqual(self.port_scan_obj.ip_dict[hashed_ip], temp_dict) @patch('securetea.lib.log_monitor.system_log.port_scan.utils') @patch("securetea.lib.log_monitor.system_log.port_scan.time") @patch.object(SecureTeaLogger, "log") def test_detect_port_scan(self, mock_log, mock_time, mock_utils): """ Test detect_port_scan. """ mock_utils.categorize_os.return_value = self.os # Create PortScan object self.port_scan_obj = PortScan() self.port_scan_obj.update_ip_dict('121.18.238.114', 'Jan 11', 1) self.port_scan_obj.THRESHOLD = -10 # Set THRESHOLD to negative to trigger alarm mock_time.return_value = 2 self.port_scan_obj.detect_port_scan() mock_log.assert_called_with( 'Possible port scan detected from: 121.18.238.114 on Jan 11', logtype='warning')