File: rdns_handler_test.go

package info (click to toggle)
fever 1.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 920 kB
  • sloc: sh: 41; makefile: 18
file content (106 lines) | stat: -rw-r--r-- 2,327 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
package processing

// DCSO FEVER
// Copyright (c) 2020, DCSO GmbH

import (
	"encoding/json"
	"math/rand"
	"testing"
	"time"

	"github.com/DCSO/fever/types"
	log "github.com/sirupsen/logrus"
)

type MockHostNamer struct{}

func (m *MockHostNamer) GetHostname(ipAddr string) ([]string, error) {
	return []string{"foo.bar", "foo.baz"}, nil
}

func (m *MockHostNamer) Flush() {}

func makeRDNSEvent() types.Entry {
	e := types.Entry{
		SrcIP:     "8.8.8.8",
		SrcPort:   int64(rand.Intn(60000) + 1025),
		DestIP:    "8.8.8.8",
		DestPort:  53,
		Timestamp: time.Now().Format(types.SuricataTimestampFormat),
		EventType: "http",
		Proto:     "TCP",
	}
	eve := types.EveEvent{
		Timestamp: &types.SuriTime{
			Time: time.Now(),
		},
		EventType: e.EventType,
		SrcIP:     e.SrcIP,
		SrcPort:   int(e.SrcPort),
		DestIP:    e.DestIP,
		DestPort:  int(e.DestPort),
		Proto:     e.Proto,
	}
	json, err := json.Marshal(eve)
	if err != nil {
		log.Warn(err)
	} else {
		e.JSONLine = string(json)
	}
	return e
}

type SrcHostResponse struct {
	Evidence []struct {
		Hostname string `json:"rdns"`
	} `json:"src_host"`
}

type DstHostResponse struct {
	Evidence []struct {
		Hostname string `json:"rdns"`
	} `json:"dest_host"`
}

func TestRDNSHandler(t *testing.T) {
	hn := MockHostNamer{}
	rdnsh := MakeRDNSHandler(&hn)

	e := makeRDNSEvent()

	err := rdnsh.Consume(&e)
	if err != nil {
		t.Fatal(err)
	}

	var srchosts SrcHostResponse
	err = json.Unmarshal([]byte(e.JSONLine), &srchosts)
	if err != nil {
		t.Fatal(err)
	}
	if len(srchosts.Evidence) != 2 {
		t.Fatalf("src hosts length is not 2: length %d", len(srchosts.Evidence))
	}
	if srchosts.Evidence[0].Hostname != "foo.bar" {
		t.Fatalf("wrong hostname:%s", srchosts.Evidence[0].Hostname)
	}
	if srchosts.Evidence[1].Hostname != "foo.baz" {
		t.Fatalf("wrong hostname:%s", srchosts.Evidence[1].Hostname)
	}

	var desthosts DstHostResponse
	err = json.Unmarshal([]byte(e.JSONLine), &desthosts)
	if err != nil {
		t.Fatal(err)
	}
	if len(desthosts.Evidence) != 2 {
		t.Fatalf("dest hosts length is not 2: length %d", len(desthosts.Evidence))
	}
	if desthosts.Evidence[0].Hostname != "foo.bar" {
		t.Fatalf("wrong hostname:%s", desthosts.Evidence[0].Hostname)
	}
	if desthosts.Evidence[1].Hostname != "foo.baz" {
		t.Fatalf("wrong hostname:%s", desthosts.Evidence[1].Hostname)
	}
}