[ 
https://issues.apache.org/jira/browse/METRON-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15569016#comment-15569016
 ] 

ASF GitHub Bot commented on METRON-363:
---------------------------------------

Github user mmiklavc commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/276#discussion_r83029350
  
    --- Diff: 
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/asa/BasicAsaParserTest.java
 ---
    @@ -0,0 +1,149 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.metron.parsers.asa;
    +
    +import org.json.simple.JSONObject;
    +import org.junit.BeforeClass;
    +import org.junit.Test;
    +
    +import java.time.*;
    +import java.util.HashMap;
    +import java.util.Map;
    +
    +import static org.junit.Assert.*;
    +
    +public class BasicAsaParserTest {
    +
    +    private static BasicAsaParser asaParser;
    +
    +    @BeforeClass
    +    public static void setUpOnce() throws Exception {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        asaParser = new BasicAsaParser();
    +        asaParser.configure(parserConfig);
    +        asaParser.init();
    +    }
    +
    +    @Test
    +    public void testConfigureDefault() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        assertTrue(testParser.deviceTimeZone.equals(ZoneOffset.UTC));
    +    }
    +
    +    @Test
    +    public void testConfigureTimeZoneOffset() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        parserConfig.put("deviceTimeZone", "UTC-05:00");
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        ZonedDateTime deviceTime = 
ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), 
testParser.deviceTimeZone);
    +        ZonedDateTime referenceTime = 
ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), 
ZoneOffset.ofHours(-5));
    +        assertTrue(deviceTime.isEqual(referenceTime));
    +    }
    +
    +    @Test
    +    public void testConfigureTimeZoneText() {
    +        Map<String, Object> parserConfig = new HashMap<>();
    +        parserConfig.put("deviceTimeZone", "America/New_York");
    +        BasicAsaParser testParser = new BasicAsaParser();
    +        testParser.configure(parserConfig);
    +        testParser.init();
    +        ZonedDateTime deviceTime = 
ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), 
testParser.deviceTimeZone);
    +        ZonedDateTime referenceTime = 
ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), 
ZoneOffset.ofHours(-5));
    +        assertTrue(deviceTime.isEqual(referenceTime));
    +    }
    +
    +    @Test
    +    public void testCISCOFW106023() {
    +        String rawMessage = "<164>Aug 05 2016 01:01:34: %ASA-4-106023: 
Deny tcp src Inside:10.30.9.121/54580 dst Outside:192.168.135.51/42028 by 
access-group \"Inside_access_in\" [0x962df600, 0x0]";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.30.9.121"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("192.168.135.51"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(54580)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(42028)));
    +        assertTrue((long) asaJson.get("timestamp") == 1470358894000L);
    +    }
    +
    +    @Test
    +    public void testCISCOFW106006() {
    +        String rawMessage = "<162>Aug 05 2016 01:02:25: %ASA-2-106006: 
Deny inbound UDP from 10.25.177.164/63279 to 10.2.52.71/161 on interface 
Inside";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.25.177.164"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("10.2.52.71"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(63279)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(161)));
    +        assertTrue((long) asaJson.get("timestamp") == 1470358945000L);
    +    }
    +
    +    @Test
    +    public void testShortTimestamp() {
    +        String rawMessage = "<174>Jan  5 14:52:35 10.22.8.212 
%ASA-6-302015: Built inbound UDP connection 76245506 for 
outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.8/8612 
(192.111.72.8/8612) (user.name)";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue(asaJson.get("ip_src_addr").equals("10.22.8.110"));
    +        assertTrue(asaJson.get("ip_dst_addr").equals("192.111.72.8"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(49886)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(8612)));
    +        assertTrue((long) asaJson.get("timestamp") == 1452005555000L);
    +    }
    +
    +    @Test
    +    public void testNoPatternForTag() {
    +        String rawMessage = "<165>Aug 16 2016 04:08:36: %ASA-5-713049: 
Group = 172.22.136.20, IP = 172.22.136.20, Security negotiation complete for 
LAN-to-LAN Group (172.22.136.20)  Initiator, Inbound SPI = 0x891fb03f, Outbound 
SPI = 0xbe4b5d8d";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue((long) asaJson.get("timestamp") == 1471320516000L);
    +    }
    +
    +    @Test
    +    public void testInvalidIpAddr() {
    +        String rawMessage = "<164>Aug 05 2016 01:01:34: %ASA-4-106023: 
Deny tcp src Inside:10.30.9.121/54580 dst Outside:192.168.256.51/42028 by 
access-group \"Inside_access_in\" [0x962df600, 0x0]";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        assertTrue((long) asaJson.get("timestamp") == 1470358894000L);
    +        assertNull(asaJson.get("ip_dst_addr"));
    +    }
    +
    +    @Test
    +    public void testIp6Addr() {
    +        String rawMessage = "<174>Jan  5 14:52:35 10.22.8.212 
%ASA-6-302015: Built inbound UDP connection 76245506 for 
outside:2001:db8:85a3::8a2e:370:7334/49886 (10.22.8.110/49886) to 
inside:2001:0db8:85a3:0000:0000:8a2e:0370:7334/8612 (192.111.72.8/8612) 
(user.name)";
    +        JSONObject asaJson = asaParser.parse(rawMessage.getBytes()).get(0);
    +        assertEquals(asaJson.get("original_string"), rawMessage);
    +        
assertTrue(asaJson.get("ip_src_addr").equals("2001:db8:85a3::8a2e:370:7334"));
    +        
assertTrue(asaJson.get("ip_dst_addr").equals("2001:0db8:85a3:0000:0000:8a2e:0370:7334"));
    +        assertTrue(asaJson.get("ip_src_port").equals(new Integer(49886)));
    +        assertTrue(asaJson.get("ip_dst_port").equals(new Integer(8612)));
    +        assertTrue((long) asaJson.get("timestamp") == 1452005555000L);
    +    }
    +
    +    @Test
    +    public void testUnexpectedMessage() {
    +        String rawMessage = "-- MARK --";
    +        try {
    +            JSONObject asaJson = 
asaParser.parse(rawMessage.getBytes()).get(0);
    +        } catch (RuntimeException e) {
    +            assertTrue(true);
    --- End diff --
    
    In this case, I'd prefer using JUnit's Rules to test this. 
RuntimeExceptions are fairly generic, and Rules would allow the specific 
exception message to be verified.
    
    e.g.
    ```
    TestThing testThing = new TestThing();
    thrown.expect(NotFoundException.class);
    thrown.expectMessage(startsWith("some Message"));
    ```
    
    https://github.com/junit-team/junit4/wiki/exception-testing


> Fix Cisco ASA Parser
> --------------------
>
>                 Key: METRON-363
>                 URL: https://issues.apache.org/jira/browse/METRON-363
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Kyle Richardson
>            Priority: Minor
>
> The current ASA parser is broken. This effort is to rework the current parser 
> to support the variety of syslog messages produced by Cisco ASA devices as 
> well as provide the necessary support files/configs for easier deployment of 
> the Storm topology.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to