metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nickwallen <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #276: METRON-363 Fix Cisco ASA Parser
Date Wed, 12 Oct 2016 13:48:49 GMT
Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/276#discussion_r83000705
  
    --- Diff: metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/asa/BasicAsaParserTest.java
---
    @@ -0,0 +1,149 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.metron.parsers.asa;
    +
    +import org.json.simple.JSONObject;
    +import org.junit.BeforeClass;
    +import org.junit.Test;
    +
    +import java.time.*;
    +import java.util.HashMap;
    +import java.util.Map;
    +
    +import static org.junit.Assert.*;
    +
    +public class BasicAsaParserTest {
    +
    +    private static BasicAsaParser asaParser;
    +
    +    @BeforeClass
    +    public static void setUpOnce() throws Exception {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        asaParser = new BasicAsaParser();
    +        asaParser.configure(parserConfig);
    +        asaParser.init();
    +    }
    +
    +    @Test
    +    public void testConfigureDefault() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        assertTrue(testParser.deviceTimeZone.equals(ZoneOffset.UTC));
    +    }
    +
    +    @Test
    +    public void testConfigureTimeZoneOffset() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        parserConfig.put("deviceTimeZone", "UTC-05:00");
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200),
testParser.deviceTimeZone);
    +        ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200),
ZoneOffset.ofHours(-5));
    +        assertTrue(deviceTime.isEqual(referenceTime));
    +    }
    +
    +    @Test
    +    public void testConfigureTimeZoneText() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        parserConfig.put("deviceTimeZone", "America/New_York");
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200),
testParser.deviceTimeZone);
    +        ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200),
ZoneOffset.ofHours(-5));
    +        assertTrue(deviceTime.isEqual(referenceTime));
    +    }
    +
    +    @Test
    +    public void testCISCOFW106023() {
    +        String rawMessage = "<164>Aug 05 2016 01:01:34: %ASA-4-106023: Deny tcp
src Inside:10.30.9.121/54580 dst Outside:192.168.135.51/42028 by access-group \"Inside_access_in\"
[0x962df600, 0x0]";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.30.9.121"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("192.168.135.51"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(54580)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(42028)));
    +        assertTrue((long) asaJson.get("timestamp") == 1470358894000L);
    +    }
    +
    +    @Test
    +    public void testCISCOFW106006() {
    +        String rawMessage = "<162>Aug 05 2016 01:02:25: %ASA-2-106006: Deny inbound
UDP from 10.25.177.164/63279 to 10.2.52.71/161 on interface Inside";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.25.177.164"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("10.2.52.71"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(63279)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(161)));
    +        assertTrue((long) asaJson.get("timestamp") == 1470358945000L);
    +    }
    +
    +    @Test
    +    public void testShortTimestamp() {
    +        String rawMessage = "<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built
inbound UDP connection 76245506 for outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.8/8612
(192.111.72.8/8612) (user.name)";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.22.8.110"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("192.111.72.8"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(49886)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(8612)));
    +        assertTrue((long) asaJson.get("timestamp") == 1452005555000L);
    +    }
    +
    +    @Test
    +    public void testNoPatternForTag() {
    +        String rawMessage = "<165>Aug 16 2016 04:08:36: %ASA-5-713049: Group =
172.22.136.20, IP = 172.22.136.20, Security negotiation complete for LAN-to-LAN Group (172.22.136.20)
 Initiator, Inbound SPI = 0x891fb03f, Outbound SPI = 0xbe4b5d8d";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue((long) asaJson.get("timestamp") == 1471320516000L);
    +    }
    +
    +    @Test
    +    public void testInvalidIpAddr() {
    +        String rawMessage = "<164>Aug 05 2016 01:01:34: %ASA-4-106023: Deny tcp
src Inside:10.30.9.121/54580 dst Outside:192.168.256.51/42028 by access-group \"Inside_access_in\"
[0x962df600, 0x0]";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue((long) asaJson.get("timestamp") == 1470358894000L);
    +        assertNull(asaJson.get("ip_dst_addr"));
    +    }
    +
    +    @Test
    +    public void testIp6Addr() {
    +        String rawMessage = "<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built
inbound UDP connection 76245506 for outside:2001:db8:85a3::8a2e:370:7334/49886 (10.22.8.110/49886)
to inside:2001:0db8:85a3:0000:0000:8a2e:0370:7334/8612 (192.111.72.8/8612) (user.name)";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("2001:db8:85a3::8a2e:370:7334"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("2001:0db8:85a3:0000:0000:8a2e:0370:7334"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(49886)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(8612)));
    +        assertTrue((long) asaJson.get("timestamp") == 1452005555000L);
    +    }
    +
    +    @Test
    +    public void testUnexpectedMessage() {
    +        String rawMessage = "-- MARK --";
    +        try {
    +            JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        } catch (RuntimeException e) {
    +            assertTrue(true);
    --- End diff --
    
    I don't think this test will ever fail.  You can get rid of the try/catch and just change
the annotation.  That way the test will fail if a RunTimeException is not thrown.
    
    ```
    @Test (expected = RunTimeException.class)
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message