def test_delete_success(self, mock_exists, mock_delete_rule): rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' mock_exists.return_value = True mock_delete_rule.return_value = {} rulemodel = RuleModel() rulemodel.delete(rule)
def test_update(self, mock_create_rules, mock_delete_rule, mock_rule_exists): """ Unittest to update a rule. :param mock_create_rules: :param mock_delete_rule: :param mock_rule_exists: :return: """ param = { "type": "System Rule", "rule_info": { "action": "always", "filter": "exit", "systemcall": "init_module,delete_module" ",finit_module", "field": ["arch=b32", "arch=b64"], "key": "abcde" } } old_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' new_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abcde' mock_rule_exists.return_value = True mock_delete_rule.return_value = {} mock_create_rules.return_value = new_rule ruleModel = RuleModel() out_rule = ruleModel.update(old_rule, param) self.assertEquals(out_rule, new_rule)
def test_get_audit_rule_info(self, mock_system_info, mock_load_persist, mock_type): rule_type = 'System Call Rule' name = 'a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' mock_type.return_value = rule_type audit_info = { 'rule': 'a always,exit -F arch=b32 -F ' 'arch=b64 -S init_module,' 'delete_module,finit_module -F key=abc99', 'type': 'System Call Rule' } mock_load_persist.return_value = {} expected_out = { 'type': 'System Call Rule', 'rule': 'a always,exit -F arch=b32 -F' ' arch=b64 -S init_module,delete_module,' 'finit_module -F key=abc99' } mock_system_info.return_value = {} rulemodel = RuleModel() actualout = rulemodel.get_audit_rule_info(name) mock_system_info.assert_called_with(audit_info, name) self.assertEquals(actualout, expected_out)
def test_update(self, mock_create_rules, mock_delete_rule, mock_rule_exists): """ Unittest to update a rule. :param mock_create_rules: :param mock_delete_rule: :param mock_rule_exists: :return: """ param = {"type": "System Rule", "rule_info": {"action": "always", "filter": "exit", "systemcall": "init_module,delete_module" ",finit_module", "field": ["arch=b32", "arch=b64"], "key": "abcde"}} old_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' new_rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abcde' mock_rule_exists.return_value = True mock_delete_rule.return_value = {} mock_create_rules.return_value = new_rule ruleModel = RuleModel() out_rule = ruleModel.update(old_rule, param) self.assertEquals(out_rule, new_rule)
def test_unload_loaded_unpersisted(self, mock_reload, mock_get_audit_info): """ Unnitest to unload a loaded and unpersisted rule. :param mock_reload: :param mock_delete: :param mock_get_audit_info: :return: """ rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' audit_info = {'loaded': 'yes', 'persisted': 'no', 'type': 'System Call Rule', 'rule_info': {'action': u'always', 'filter': u'exit', 'systemcall': u'init_module,' u'delete_module,' u'finit_module', 'key': u'abc99', 'field': [u'arch=b32', u'arch=b64', u'key=abc99'] }, 'rule': u'-a always,exit -F arch=b32 ' u'-F arch=b64 -S init_module,' u'delete_module,finit_module' u' -F key=abc99' } mock_get_audit_info.return_value = audit_info mock_reload.return_value = {} rulemodel = RuleModel() rulemodel.unload(rule) mock_get_audit_info.assert_called_with(rule)
def test_persist(self, mock_exist, mock_write, mock_get_audit_info): """ Unittest to persist the rule in the rules file :param mock_write: :param mock_get_audit_info: :return: """ rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' audit_info = {'loaded': 'yes', 'persisted': 'no', 'type': 'System Call Rule', 'rule_info': {'action': u'always', 'filter': u'exit', 'systemcall': u'init_module,' u'delete_module,' u'finit_module', 'key': u'abc99', 'field': [u'arch=b32', u'arch=b64', u'key=abc99'] }, 'rule': u'-a always,exit -F arch=b32 ' u'-F arch=b64 -S init_module,' u'delete_module,finit_module' u' -F key=abc99' } mock_exist.return_value = False mock_get_audit_info.return_value = audit_info mock_write.return_value = {} ruleModel = RuleModel() ruleModel.persist(rule) mock_get_audit_info.assert_called_with(rule)
def test_audit_rule_type(self): """ Unittest to get rule type. :return: """ rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' rule_type = "System Call Rule" ruleModel = RuleModel() out_type = ruleModel.get_auditrule_type(rule) self.assertEquals(out_type, rule_type)
def test_load(self, mock_load): """ Unittest to load a rule. :param mock_write: :param mock_get_audit_info: :return: """ rule = '-a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' mock_load.return_value = {} ruleModel = RuleModel() ruleModel.load(rule) mock_load.assert_called_with(rule)
def test_get_audit_rule_info(self, mock_system_info, mock_load_persist, mock_type): rule_type = 'System Call Rule' name = 'a always,exit -F arch=b32 -F arch=b64 -S init_module,' \ 'delete_module,finit_module -F key=abc99' mock_type.return_value = rule_type audit_info = {'rule': 'a always,exit -F arch=b32 -F ' 'arch=b64 -S init_module,' 'delete_module,finit_module -F key=abc99', 'type': 'System Call Rule'} mock_load_persist.return_value = {} expected_out = {'type': 'System Call Rule', 'rule': 'a always,exit -F arch=b32 -F' ' arch=b64 -S init_module,delete_module,' 'finit_module -F key=abc99'} mock_system_info.return_value = {} rulemodel = RuleModel() actualout = rulemodel.get_audit_rule_info(name) mock_system_info.assert_called_with(audit_info, name) self.assertEquals(actualout, expected_out)