mentat.idea.test_internal module

Unit test module for testing the mentat.idea.internal module.

class mentat.idea.test_internal.TestIDEAFilterCompiler(methodName='runTest')[source]

Bases: TestCase

Unit test class for testing the mentat.idea.internal.IDEAFilterCompiler class.

setUp()[source]

Hook method for setting up the test fixture before exercising it.

test_01_basic_compilations()[source]

Perform basic compilation tests.

test_02_idea_time_compilations()[source]

Perform datetime compilation tests for mentat.idea.internal.Idea.

test_03_idea_ip_compilations()[source]

Perform IP address compilation tests for mentat.idea.internal.Idea.

test_04_idea_func_compilations()[source]

Perform function compilation tests for mentat.idea.internal.Idea.

class mentat.idea.test_internal.TestMentatIdeaInternal(methodName='runTest')[source]

Bases: TestCase

Unit test class for testing the mentat.idea.internal module.

idea_raw_1 = {'Attach': [{'Handle': 'att1', 'FileName': ['killemall'], 'Type': ['Malware'], 'ContentType': 'application/octet-stream', 'Hash': ['sha1:0c4a38c3569f0cc632e74f4c'], 'Size': 46, 'Ref': ['Trojan-Spy:W32/FinSpy.A'], 'ContentEncoding': 'base64', 'Content': 'TVpqdXN0a2lkZGluZwo='}], 'Category': ['Fraud.Phishing', 'Test'], 'CeaseTime': '2012-11-03T09:55:22Z', 'Confidence': 1.0, 'ConnCount': 20, 'CreateTime': '2012-11-03T10:00:02Z', 'Description': 'Synthetic example', 'DetectTime': '2012-11-03T10:00:07Z', 'EventTime': '2012-11-03T07:36:00Z', 'Format': 'IDEA0', 'ID': '4390fc3f-c753-4a3e-bc83-1b44f24baf75', 'Node': [{'Name': 'org.example.kippo_honey', 'Realm': 'cesnet.cz', 'Type': ['Protocol', 'Honeypot'], 'SW': ['Kippo'], 'AggrWin': '00:05:00'}], 'Ref': ['cve:CVE-1234-5678'], 'Source': [{'Type': ['Phishing'], 'IP4': ['192.168.0.2-192.168.0.5', '192.168.0.0/25', '192.168.1.1', '192.168.1.2', '192.168.1.4'], 'IP6': ['2001:db8::ff00:42:0/112', '2001:db8::ff00:42:50'], 'Hostname': ['example.com'], 'URL': ['http://example.com/cgi-bin/killemall'], 'Proto': ['tcp', 'http'], 'AttachHand': ['att1'], 'Netname': ['ripe:IANA-CBLK-RESERVED1']}], 'Target': [{'Type': ['Backscatter', 'OriginSpam'], 'Email': ['innocent@example.com'], 'IP6': ['2001:ffff::ff00:42:0/112'], 'Port': [22, 25, 443], 'Proto': ['tcp', 'http'], 'Spoofed': True}, {'Type': ['CasualIP'], 'IP4': ['10.2.2.0/24'], 'Port': [22, 25, 443], 'Proto': ['tcp', 'http'], 'Anonymised': True}], 'WinEndTime': '2012-11-03T10:00:00Z', 'WinStartTime': '2012-11-03T05:00:00Z', '_Mentat': {'EventClass': 'vulnerable-config-ssdp', 'EventTemplate': 'sserv-012', 'Impact': 'System provides SDDP service and can be misused for massive DDoS attack', 'ResolvedAbuses': ['abuse@cesnet.cz'], 'StorageTime': '2017-04-05T10:21:39Z'}}
idea_raw_2 = {'Category': ['Attempt.Login'], 'ConnCount': 2, 'Description': 'SSH login attempt', 'DetectTime': '2016-06-21T13:08:27Z', 'Format': 'IDEA0', 'ID': '4dd7cf5e-4a95-49f6-8f04-947de998012c', 'Node': [{'Type': ['Relay'], 'Name': 'cz.cesnet.mentat.warden_filer'}, {'SW': ['Kippo'], 'AggrWin': '00:05:00', 'Name': 'cz.uhk.apate.cowrie', 'Type': ['Connection', 'Honeypot', 'Recon']}], 'Source': [{'IP4': ['188.14.166.39']}], 'Target': [{'Proto': ['tcp', 'ssh'], 'IP4': ['195.113.165.128/25'], 'Port': [22], 'Anonymised': True}], 'WinEndTime': '2016-06-21T12:00:02Z', 'WinStartTime': '2016-06-21T11:55:02Z', '_Mentat': {'StorageTime': '2016-06-21T14:00:07Z'}}
test_01_idea_raw()[source]

Perform basic parsing and conversion tests from raw JSON.

test_02_idea_lite()[source]

Perform basic parsing and conversion tests from idea.lite.Idea. For the purposes of comparison, the idea.lite.Idea class is also tested here.

test_03_accessors()[source]

Perform tests of message convenience accessors.

test_04_to_and_from_string()[source]

Perform tests of message conversions to and from JSON string representation.

test_05_get_ranges()[source]

Perform tests of get_ranges function.

verbose = False