Add LTSV tests.

tilfin · tilfin · commit 9e5f8e6691fb · 2013-12-19T19:57:59.000+09:00
diff --git a/detect_http_attack.rb b/detect_http_attack.rb
@@ -14,6 +14,9 @@
 require 'optparse'
 
 
+module DetectHttpAttack
+
+
 class LogParser
 
   def parse(line)
@@ -195,22 +198,22 @@ def  parse_value(value)
 
   def print_head(count, row)
     if @head
-      print_row(@head, STDOUT, count, row)
+      print_row(@head, $stdout, count, row)
     end
   end
 
   def print_body(row)
-    print_row(@body, STDOUT, "", row)
+    print_row(@body, $stdout, "", row)
   end
 
   def print_foot(count, row)
     if @foot
-      print_row(@foot, STDOUT, count, row)
+      print_row(@foot, $stdout, count, row)
     end
   end
 
   def print_serr(count, row)
-    print_row(@serr, STDERR, count, row)
+    print_row(@serr, $stderr, count, row)
   end
 
   def print_row(templ, ops, count, row)
@@ -260,7 +263,7 @@ def initialize(template)
     @realtime_notify = false
 
     @pre_access_map = Hash.new
-    @ops = STDOUT
+    @ops = $stdout
   end
 
   def proc(row)
@@ -319,8 +322,7 @@ def print_access(host, al)
 end
 
 
-
-def get_opts
+def self.get_opts(argv)
   # Settting from Arguments 
 
   opts = { :parser => 'combined', :max_interval => 3, :min_seq => 8, :notify => false }
@@ -344,13 +346,14 @@ def get_opts
     opts[:conf_file] = path
   end
   
-  opt.parse!(ARGV)
+  opt.parse!(argv)
 
   opts
-end 
-  
-def main
-  opts = get_opts
+end
+
+
+def self.main(argv)
+  opts = get_opts(argv)
 
   if opts[:parser] == "ltsv"
     parser = LtsvLogParser.new
@@ -387,7 +390,10 @@ def main
   # Parsing log line, detect attacks
   #
   begin
-    while line = STDIN.gets
+    while line = $stdin.gets
+      File.open("/tmp/filelog", "w+") do |f|
+        f.write("LINE:  #{line}")
+      end
       row = parser.parse(line)
       next unless row
     
@@ -399,5 +405,11 @@ def main
   processor.finalize
 end
 
-main
 
+end
+
+
+case $0
+when __FILE__
+  DetectHttpAttack.main ARGV
+end
diff --git a/spec/command_spec.rb b/spec/command_spec.rb
@@ -6,7 +6,7 @@
 
   describe 'command arguments' do
 
-    let(:fixture_file) { File.join(File.dirname(__FILE__), "fixtures", "1.txt") }
+    let(:fixture_file) { File.join(File.dirname(__FILE__), "fixtures", "command_spec.log") }
 
     context 'when args specified -h' do
       it "show usage" do
@@ -73,7 +73,7 @@
 
     context 'when args specified -f custom conf file' do
       let(:conf_file) { File.join(File.dirname(__FILE__), "fixtures", "command_spec.conf") }
-      it '' do
+      it 'should success without error' do
         output = <<EOS
 \e[36m\e[1m10.1.0.1\e[0m\t\e[35m1\e[0m\t\e[32mAgent/5.0\e[0m
 2013-12-18T06:25:01+09:00\t200\t/path2\t-
@@ -83,7 +83,53 @@
           DetectHttpAttack.main ["-f", conf_file, "-s", "1"]
         }.should eq(output)
       end
-    end    
+    end
+
+    let(:fixture_ltsv_file) { File.join(File.dirname(__FILE__), "fixtures", "command_spec.ltsv") }
+
+    context 'when args specified -ltsv -s 2 -i 2' do
+      it "detect attack minimum 2 times for each interval within 2 sec." do
+        output = <<EOS
+\e[36m\e[1m10.0.0.1\e[0m\t\e[35m2\e[0m\t\e[32mAgent/5.0\e[0m
+2013-12-18T06:25:00+09:00\t200\t/path1\t-
+2013-12-18T06:25:02+09:00\t200\t/path3\t-
+
+EOS
+        test(fixture_ltsv_file) {
+          DetectHttpAttack.main ["-ltsv", "-s", "2", "-i", "2"]
+        }.should eq(output)
+      end
+    end
+
+    context 'when args specified -s 2 -ltsv -i 4' do
+      it "detect attack minimum 2 times for each interval within 4 sec." do
+        output = <<EOS
+\e[36m\e[1m10.0.0.1\e[0m\t\e[35m3\e[0m\t\e[32mAgent/5.0\e[0m
+2013-12-18T06:25:00+09:00\t200\t/path1\t-
+2013-12-18T06:25:02+09:00\t200\t/path3\t-
+2013-12-18T06:25:06+09:00\t200\t/path4\t-
+
+EOS
+        test(fixture_ltsv_file) {
+          DetectHttpAttack.main ["-s", "2", "-ltsv", "-i", "4"]
+        }.should eq(output)
+      end
+    end
+
+    context 'when args specified -s 3 -i 4 -ltsv' do
+      it "detect attack minimum 3 times for each interval within 4 sec." do
+        output = <<EOS
+\e[36m\e[1m10.0.0.1\e[0m\t\e[35m3\e[0m\t\e[32mAgent/5.0\e[0m
+2013-12-18T06:25:00+09:00\t200\t/path1\t-
+2013-12-18T06:25:02+09:00\t200\t/path3\t-
+2013-12-18T06:25:06+09:00\t200\t/path4\t-
+
+EOS
+        test(fixture_ltsv_file) {
+          DetectHttpAttack.main ["-s", "3", "-i", "4", "-ltsv"]
+        }.should eq(output)
+      end
+    end
   end
 
 end
diff --git a/spec/fixtures/command_spec.log b/spec/fixtures/command_spec.log
diff --git a/spec/fixtures/command_spec.ltsv b/spec/fixtures/command_spec.ltsv
@@ -0,0 +1,4 @@
+host:10.0.0.1	ident:-	user:-	time:[18/Dec/2013:06:25:00 +0900]	req:GET /path1 HTTP/1.1	status:200	size:10000	referer:-	ua:Agent/5.0
+host:10.1.0.1	ident:-	user:-	time:[18/Dec/2013:06:25:01 +0900]	req:GET /path2 HTTP/1.1	status:200	size:20924	referer:-	ua:Agent/5.0
+host:10.0.0.1	ident:-	user:-	time:[18/Dec/2013:06:25:02 +0900]	req:GET /path3 HTTP/1.1	status:200	size:10000	referer:-	ua:Agent/5.0
+host:10.0.0.1	ident:-	user:-	time:[18/Dec/2013:06:25:06 +0900]	req:GET /path4 HTTP/1.1	status:200	size:10000	referer:-	ua:Agent/5.0
