OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the Windows firewall log parser.""" | 3 """Tests for the Windows firewall log parser.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import winfirewall as _ # pylint: disable=unused-import | 9 from plaso.formatters import winfirewall as _ # pylint: disable=unused-import |
10 from plaso.lib import timelib | |
11 from plaso.parsers import winfirewall | 10 from plaso.parsers import winfirewall |
12 | 11 |
13 from tests import test_lib as shared_test_lib | 12 from tests import test_lib as shared_test_lib |
14 from tests.parsers import test_lib | 13 from tests.parsers import test_lib |
15 | 14 |
16 | 15 |
17 class WinFirewallParserTest(test_lib.ParserTestCase): | 16 class WinFirewallParserTest(test_lib.ParserTestCase): |
18 """Tests for the Windows firewall log parser.""" | 17 """Tests for the Windows firewall log parser.""" |
19 | 18 |
20 @shared_test_lib.skipUnlessHasTestFile(['firewall.log']) | 19 @shared_test_lib.skipUnlessHasTestFile(['firewall.log']) |
21 def testParse(self): | 20 def testParse(self): |
22 """Tests the Parse function.""" | 21 """Tests the Parse function.""" |
23 parser = winfirewall.WinFirewallParser() | 22 parser = winfirewall.WinFirewallParser() |
24 storage_writer = self._ParseFile(['firewall.log'], parser) | 23 storage_writer = self._ParseFile(['firewall.log'], parser) |
25 | 24 |
26 self.assertEqual(storage_writer.number_of_events, 15) | 25 self.assertEqual(storage_writer.number_of_events, 15) |
27 | 26 |
28 events = list(storage_writer.GetSortedEvents()) | 27 events = list(storage_writer.GetSortedEvents()) |
29 | 28 |
30 event = events[4] | 29 event = events[4] |
31 | 30 |
32 expected_timestamp = timelib.Timestamp.CopyFromString( | 31 self.CheckTimestamp(event.timestamp, '2005-04-11 08:06:02.000000') |
33 '2005-04-11 08:06:02') | |
34 self.assertEqual(event.timestamp, expected_timestamp) | |
35 | 32 |
36 self.assertEqual(event.source_ip, '123.45.78.90') | 33 self.assertEqual(event.source_ip, '123.45.78.90') |
37 self.assertEqual(event.dest_ip, '123.156.78.90') | 34 self.assertEqual(event.dest_ip, '123.156.78.90') |
38 | 35 |
39 event = events[7] | 36 event = events[7] |
40 | 37 |
41 expected_timestamp = timelib.Timestamp.CopyFromString( | 38 self.CheckTimestamp(event.timestamp, '2005-04-11 08:06:26.000000') |
42 '2005-04-11 08:06:26') | |
43 self.assertEqual(event.timestamp, expected_timestamp) | |
44 | 39 |
45 self.assertEqual(event.size, 576) | 40 self.assertEqual(event.size, 576) |
46 self.assertEqual(event.flags, 'A') | 41 self.assertEqual(event.flags, 'A') |
47 self.assertEqual(event.tcp_ack, 987654321) | 42 self.assertEqual(event.tcp_ack, 987654321) |
48 | 43 |
49 expected_message = ( | 44 expected_message = ( |
50 'DROP [ TCP RECEIVE ] ' | 45 'DROP [ TCP RECEIVE ] ' |
51 'From: 123.45.78.90 :80 > 123.156.78.90 :1774 ' | 46 'From: 123.45.78.90 :80 > 123.156.78.90 :1774 ' |
52 'Size (bytes): 576 ' | 47 'Size (bytes): 576 ' |
53 'Flags [A] ' | 48 'Flags [A] ' |
54 'TCP Seq Number: 123456789 ' | 49 'TCP Seq Number: 123456789 ' |
55 'TCP ACK Number: 987654321 ' | 50 'TCP ACK Number: 987654321 ' |
56 'TCP Window Size (bytes): 12345') | 51 'TCP Window Size (bytes): 12345') |
57 expected_short_message = ( | 52 expected_short_message = ( |
58 'DROP [TCP] 123.45.78.90 : 80 > 123.156.78.90 : 1774') | 53 'DROP [TCP] 123.45.78.90 : 80 > 123.156.78.90 : 1774') |
59 | 54 |
60 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 55 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
61 | 56 |
62 event = events[9] | 57 event = events[9] |
63 | 58 |
64 self.assertEqual(event.icmp_type, 8) | 59 self.assertEqual(event.icmp_type, 8) |
65 self.assertEqual(event.icmp_code, 0) | 60 self.assertEqual(event.icmp_code, 0) |
66 | 61 |
67 | 62 |
68 if __name__ == '__main__': | 63 if __name__ == '__main__': |
69 unittest.main() | 64 unittest.main() |
OLD | NEW |