http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java index bbb4e88..50fdcd0 100644 --- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java +++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java @@ -17,145 +17,41 @@ */ package org.apache.metron.parsers.lancope; +import com.github.fge.jsonschema.core.exceptions.ProcessingException; import java.io.IOException; import java.net.URL; import java.util.Map; - +import org.apache.metron.parsers.AbstractParserConfigTest; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; - -import org.apache.metron.parsers.AbstractSchemaTest; import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; - /** - * <ul> - * <li>Title: Junit for LancopeParserTest</li> - * <li>Description: </li> - * <li>Created: Aug 25, 2014</li> - * </ul> - * @version $Revision: 1.1 $ - */ -public class BasicLancopeParserTest extends AbstractSchemaTest { - - /** - * The inputStrings. - */ - private static String[] inputStrings; +public class BasicLancopeParserTest extends AbstractParserConfigTest { + @Before + public void setUp() throws Exception { + inputStrings = super.readTestDataFromFile("src/test/resources/logData/LancopeParserTest.txt"); + parser = new BasicLancopeParser(); - /** - * The parser. - */ - private static BasicLancopeParser parser=null; + URL schema_url = getClass().getClassLoader().getResource( + "TestSchemas/LancopeSchema.json"); + super.setSchemaJsonString(super.readSchemaFromFile(schema_url)); + } - /** - * Constructs a new <code>BasicLancopeParserTest</code> instance. - * @param name - */ + @Test + public void testParse() throws ParseException, IOException, ProcessingException { + for (String inputString : inputStrings) { + JSONObject parsed = parser.parse(inputString.getBytes()).get(0); + Assert.assertNotNull(parsed); - public BasicLancopeParserTest(String name) { - super(name); - } + JSONParser parser = new JSONParser(); - /** - - * @throws java.lang.Exception - */ - protected static void setUpBeforeClass() throws Exception { + Map<?, ?> json = (Map<?, ?>) parser.parse(parsed.toJSONString()); + Assert.assertTrue(validateJsonData(getSchemaJsonString(), json.toString())); } - - /** - - * @throws java.lang.Exception - */ - protected static void tearDownAfterClass() throws Exception { - } - - /* - * (non-Javadoc) - * @see junit.framework.TestCase#setUp() - */ - @Override - protected void setUp() throws Exception { - super.setUp("org.apache.metron.parsers.lancope.BasicLancopeParserTest"); - setInputStrings(super.readTestDataFromFile(this.getConfig().getString("logFile"))); - BasicLancopeParserTest.setParser(new BasicLancopeParser()); - - URL schema_url = getClass().getClassLoader().getResource( - "TestSchemas/LancopeSchema.json"); - super.setSchemaJsonString(super.readSchemaFromFile(schema_url)); - } - - /* - * (non-Javadoc) - * @see junit.framework.TestCase#tearDown() - */ - @Override - protected void tearDown() throws Exception { - super.tearDown(); - } - - /** - * Test method for {@link BasicLancopeParser#parse(byte[])}. - * @throws Exception - * @throws IOException - */ - public void testParse() throws IOException, Exception { - - for (String inputString : getInputStrings()) { - JSONObject parsed = parser.parse(inputString.getBytes()).get(0); - assertNotNull(parsed); - - System.out.println(parsed); - JSONParser parser = new JSONParser(); - - Map<?, ?> json=null; - try { - json = (Map<?, ?>) parser.parse(parsed.toJSONString()); - Assert.assertEquals(true, validateJsonData(super.getSchemaJsonString(), json.toString())); - } catch (ParseException e) { - e.printStackTrace(); - } - } - } - - /** - * Returns the parser. - * @return the parser. - */ - - public static BasicLancopeParser getParser() { - return parser; - } - - /** - * Sets the parser. - * @param parser the parser. - */ - - public static void setParser(BasicLancopeParser parser) { - - BasicLancopeParserTest.parser = parser; - } - - /** - * Returns the inputStrings. - * @return the inputStrings. - */ - - public static String[] getInputStrings() { - return inputStrings; - } - - /** - * Sets the inputStrings. - * @param inputStrings the inputStrings. - */ - - public static void setInputStrings(String[] inputStrings) { - - BasicLancopeParserTest.inputStrings = inputStrings; - } + } }
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java index 6edd546..cf93c92 100644 --- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java +++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java @@ -17,141 +17,41 @@ */ package org.apache.metron.parsers.paloalto; -import java.util.Iterator; import java.util.Map; - -import org.apache.metron.parsers.sourcefire.BasicSourcefireParser; +import java.util.Map.Entry; +import org.apache.metron.parsers.AbstractParserConfigTest; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; - -import org.apache.metron.parsers.AbstractConfigTest; import org.junit.Assert; - -public class BasicPaloAltoFirewallParserTest extends AbstractConfigTest { - /** - * The inputStrings. - */ - private static String[] inputStrings; - - /** - * Constructs a new <code>BasicPaloAltoFirewallParserTest</code> instance. - * @throws Exception - */ - public BasicPaloAltoFirewallParserTest() throws Exception { - super(); +import org.junit.Before; +import org.junit.Test; + +public class BasicPaloAltoFirewallParserTest extends AbstractParserConfigTest { + + @Before + public void setUp() throws Exception { + inputStrings = readTestDataFromFile( + "src/test/resources/logData/PaloAltoFirewallParserTest.txt"); + parser = new BasicPaloAltoFirewallParser(); + } + + @SuppressWarnings({"rawtypes"}) + @Test + public void testParse() throws ParseException { + for (String inputString : inputStrings) { + JSONObject parsed = parser.parse(inputString.getBytes()).get(0); + Assert.assertNotNull(parsed); + + JSONParser parser = new JSONParser(); + Map json = (Map) parser.parse(parsed.toJSONString()); + + for (Object o : json.entrySet()) { + Entry entry = (Entry) o; + String key = (String) entry.getKey(); + String value = json.get(key).toString(); + Assert.assertNotNull(value); + } } - - /** - * Sets the inputStrings. - * @param inputStrings the inputStrings. - */ - - public static void setInputStrings(String[] inputStrings) { - - BasicPaloAltoFirewallParserTest.inputStrings = inputStrings; - } - - /** - * The paParser. - */ - private BasicPaloAltoFirewallParser paParser=null; - - /** - * @throws java.lang.Exception - */ - public static void setUpBeforeClass() throws Exception { - } - - /** - * @throws java.lang.Exception - */ - public static void tearDownAfterClass() throws Exception { - setPAStrings(null); - } - - /** - * @throws java.lang.Exception - */ - @Override - public void setUp() throws Exception { - super.setUp("org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParserTest"); - setPAStrings(super.readTestDataFromFile(this.getConfig().getString("logFile"))); - paParser = new BasicPaloAltoFirewallParser(); - } - - /** - * - * - * @throws java.lang.Exception - */ - @Override - public void tearDown() throws Exception { - paParser = null; - } - - /** - * Test method for - * {@link BasicSourcefireParser#parse(byte[])}. - */ - @SuppressWarnings({ "rawtypes" }) - public void testParse() { - for (String inputString : getInputStrings()) { - JSONObject parsed = paParser.parse(inputString.getBytes()).get(0); - Assert.assertNotNull(parsed); - - System.out.println(parsed); - JSONParser parser = new JSONParser(); - - Map json=null; - try { - json = (Map) parser.parse(parsed.toJSONString()); - } catch (ParseException e) { - e.printStackTrace(); - } - Iterator iter = json.entrySet().iterator(); - - - while (iter.hasNext()) { - Map.Entry entry = (Map.Entry) iter.next(); - String key = (String) entry.getKey(); - String value = (String) json.get(key).toString(); - Assert.assertNotNull(value); - } - } - } - - /** - * Returns Input String - */ - public static String[] getInputStrings() { - return inputStrings; - } - - - /** - * Sets Input String - */ - public static void setPAStrings(String[] strings) { - BasicPaloAltoFirewallParserTest.inputStrings = strings; - } - - /** - * Returns the paParser. - * @return the paParser. - */ - public BasicPaloAltoFirewallParser getPaParser() { - return paParser; - } - - /** - * Sets the paParser. - * @param paParser the paParser. - */ - - public void setPaParser(BasicPaloAltoFirewallParser paParser) { - - this.paParser = paParser; - } - - } + } +} http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java index f5056ba..dedd9db 100644 --- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java +++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java @@ -17,142 +17,42 @@ */ package org.apache.metron.parsers.sourcefire; - - -import java.util.Iterator; import java.util.Map; - +import java.util.Map.Entry; +import org.apache.metron.parsers.AbstractParserConfigTest; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; - -import org.apache.metron.parsers.AbstractConfigTest; import org.junit.Assert; - -/** - * <ul> - * <li>Title: Test For SourceFireParser</li> - * <li>Description: </li> - * <li>Created: July 8, 2014</li> - * </ul> - * @version $Revision: 1.0 $ - */ -public class BasicSourcefireParserTest extends AbstractConfigTest -{ - /** - * The sourceFireStrings. - */ - private static String[] sourceFireStrings; - - /** - * The sourceFireParser. - */ - private BasicSourcefireParser sourceFireParser=null; - - - /** - * Constructs a new <code>BasicSourcefireParserTest</code> instance. - * @throws Exception - */ - - public BasicSourcefireParserTest() throws Exception { - super(); +import org.junit.Before; +import org.junit.Test; + +public class BasicSourcefireParserTest extends AbstractParserConfigTest { + + @Before + public void setUp() throws Exception { + inputStrings = super + .readTestDataFromFile("src/test/resources/logData/SourcefireParserTest.txt"); + parser = new BasicSourcefireParser(); + } + + @SuppressWarnings({"rawtypes", "unused"}) + @Test + public void testParse() throws ParseException { + for (String inputString : inputStrings) { + byte[] srcBytes = inputString.getBytes(); + JSONObject parsed = parser.parse(inputString.getBytes()).get(0); + Assert.assertNotNull(parsed); + + JSONParser parser = new JSONParser(); + Map json = (Map) parser.parse(parsed.toJSONString()); + + for (Object o : json.entrySet()) { + Entry entry = (Entry) o; + String key = (String) entry.getKey(); + String value = json.get("original_string").toString(); + Assert.assertNotNull(value); + } } - - /** - * @throws java.lang.Exception - */ - public static void setUpBeforeClass() throws Exception { - } - - /** - * @throws java.lang.Exception - */ - public static void tearDownAfterClass() throws Exception { - setSourceFireStrings(null); - } - - /** - * @throws java.lang.Exception - */ - @Override - public void setUp() throws Exception { - super.setUp("org.apache.metron.parsing.test.BasicSoureceFireParserTest"); - setSourceFireStrings(super.readTestDataFromFile(this.getConfig().getString("logFile"))); - sourceFireParser = new BasicSourcefireParser(); - } - - /** - * - * - * @throws java.lang.Exception - */ - @Override - public void tearDown() throws Exception { - sourceFireParser = null; - } - - /** - * Test method for {@link BasicSourcefireParser#parse(byte[])}. - */ - @SuppressWarnings({ "rawtypes", "unused" }) - public void testParse() { - for (String sourceFireString : getSourceFireStrings()) { - byte[] srcBytes = sourceFireString.getBytes(); - JSONObject parsed = sourceFireParser.parse(sourceFireString.getBytes()).get(0); - Assert.assertNotNull(parsed); - - System.out.println(parsed); - JSONParser parser = new JSONParser(); - - Map json=null; - try { - json = (Map) parser.parse(parsed.toJSONString()); - } catch (ParseException e) { - e.printStackTrace(); - } - Iterator iter = json.entrySet().iterator(); - - - while (iter.hasNext()) { - Map.Entry entry = (Map.Entry) iter.next(); - String key = (String) entry.getKey(); - String value = (String) json.get("original_string").toString(); - Assert.assertNotNull(value); - } - } - } - - /** - * Returns SourceFire Input String - */ - public static String[] getSourceFireStrings() { - return sourceFireStrings; - } - - - /** - * Sets SourceFire Input String - */ - public static void setSourceFireStrings(String[] strings) { - BasicSourcefireParserTest.sourceFireStrings = strings; - } - /** - * Returns the sourceFireParser. - * @return the sourceFireParser. - */ - - public BasicSourcefireParser getSourceFireParser() { - return sourceFireParser; - } - - /** - * Sets the sourceFireParser. - * @param sourceFireParser the sourceFireParser. - */ - - public void setSourceFireParser(BasicSourcefireParser sourceFireParser) { - - this.sourceFireParser = sourceFireParser; - } + } } http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config ---------------------------------------------------------------------- diff --git a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config deleted file mode 100644 index 9dbc3b6..0000000 --- a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config +++ /dev/null @@ -1,20 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#GrokParserTestConfig -logFile=src/test/resources/GrokParserTest.log http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt ---------------------------------------------------------------------- diff --git a/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt new file mode 100644 index 0000000..f3be97a --- /dev/null +++ b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt @@ -0,0 +1,8 @@ +<164>Mar 19 05:24:39 10.220.15.15 fenotify-851983.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851983 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<164>Mar 19 05:24:39 10.220.15.15 fenotify-851987.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:33:41 UTC dvc=10.201.78.113 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=51218 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851987 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851987 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<164>Mar 19 05:24:39 10.220.15.15 fenotify-3483808.2.alert: 1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/mic roads/update/InjectScript.js HTTP +<164>Mar 19 05:24:39 10.220.15.15 fenotify-793972.2.alert: Control: no-cache::~~::~~ dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Exploit.Kit.Magnitude +<161>Apr 1 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS +fireeye[-]: <161>Mar 19 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS +fireeye[-]: <161>Apr 1 02:49:49 10.220.15.15 fenotify-900702.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Apr 01 2015 09:49:14 UTC src=10.1.97.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abcd0060xzy03.example.com proto=udp spt=63100 cs5Label=cncHost cs5=mfdclk001.org dvchost=DEV1FEYE1 dvc=10.220.15.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=900702 cs4Label=link cs4=https://ABCD0040CMS01.example.com/event_stream/events_for_bot?ev_id\=900702 act=notified dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<161>Apr 11 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS \ No newline at end of file
