From c82c6a88f8c3c388796d36d22f6eb3ce1a32c281 Mon Sep 17 00:00:00 2001
From: Kelly Brazil <kellyjonbrazil@gmail.com>
Date: Mon, 15 Aug 2022 18:10:48 -0700
Subject: [PATCH] add tests

---
 tests/fixtures/generic/syslog-3164.json |  1 +
 tests/fixtures/generic/syslog-3164.out  | 34 ++++++++++++++++++++++++
 tests/test_syslog_bsd.py                | 35 +++++++++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100644 tests/fixtures/generic/syslog-3164.json
 create mode 100644 tests/fixtures/generic/syslog-3164.out
 create mode 100644 tests/test_syslog_bsd.py

diff --git a/tests/fixtures/generic/syslog-3164.json b/tests/fixtures/generic/syslog-3164.json
new file mode 100644
index 00000000..378843c7
--- /dev/null
+++ b/tests/fixtures/generic/syslog-3164.json
@@ -0,0 +1 @@
+[{"priority":34,"date":"Oct 11 22:14:15","hostname":"mymachine","tag":"su","content":"'su root' failed for lonvick on /dev/pts/8"},{"priority":null,"date":"Oct 11 22:14:15","hostname":"mymachine","tag":"su","content":"'su root' failed for lonvick on /dev/pts/8"},{"priority":35,"date":"Oct 12 22:14:15","hostname":"client_machine","tag":"su","content":"'su root' failed for joe on /dev/pts/2"},{"priority":35,"date":"Mar  7 04:02:16","hostname":"avas","tag":"clamd","content":"[11165]: /var/amavis/amavis-20040307T033734-10329/parts/part-00003: Worm.Mydoom.F FOUND"},{"priority":null,"date":"Mar  7 04:05:55","hostname":"avas","tag":"clamd","content":"[11240]: /var/amavis/amavis-20040307T035901-10615/parts/part-00002: Worm.SomeFool.Gen-1 FOUND"},{"priority":5,"date":"Mar  7 09:00:51","hostname":"avas","tag":"clamd","content":"[27173]: SelfCheck: Database status OK."},{"priority":null,"date":"Mar  7 05:59:02","hostname":"avas","tag":"clamd","content":"[27173]: Database correctly reloaded (20400 viruses)"},{"priority":null,"date":"Mar  7 04:02:16","hostname":"avas","tag":"clamd","content":"[11165]: /var/amavis/amavis-20040307T033734-10329/parts/part-00003: Worm.Mydoom.F FOUND"},{"priority":null,"date":"Mar  7 04:05:55","hostname":"avas","tag":"clamd","content":"[11240]: /var/amavis/amavis-20040307T035901-10615/parts/part-00002: Worm.SomeFool.Gen-1 FOUND"},{"priority":null,"date":"Mar  7 09:00:51","hostname":"avas","tag":"clamd","content":"[27173]: SelfCheck: Database status OK."},{"priority":null,"date":"Mar  7 05:59:02","hostname":"avas","tag":"clamd","content":"[27173]: Database correctly reloaded (20400 viruses)"},{"priority":null,"date":"Mar  7 11:14:35","hostname":"avas","tag":"dccd","content":"[13284]: 21 requests/sec are too many from anonymous 205.201.1.56,2246"},{"priority":null,"date":"Mar  8 00:22:57","hostname":"avas","tag":"dccifd","content":"[9933]: write(MTA socket,4): Broken pipe"},{"priority":null,"date":"Mar  7 21:23:22","hostname":"avas","tag":"dccifd","content":"[6191]: missing message body"},{"priority":null,"date":"Mar  9 16:05:17","hostname":"avas","tag":"named","content":"[12045]: zone PLNet/IN: refresh: non-authoritative answer from master 10.0.0.253#53"},{"priority":null,"date":"Mar 10 00:38:16","hostname":"avas","tag":"dccifd","content":"[23069]: continue not asking DCC 17 seconds after failure"},{"priority":null,"date":"Mar 10 09:42:11","hostname":"avas","tag":"named","content":"client 127.0.0.1#55524: query: 23.68.27.142.sa-trusted.bondedsender.org IN TXT"},{"priority":null,"date":"Mar  9 03:48:07","hostname":"avas","tag":"dccd","content":"[145]: automatic dbclean; starting `dbclean -DPq -i 1189 -L info,local5.notice -L error,local5.err`"},{"priority":null,"date":"Mar  9 11:58:18","hostname":"avas","tag":"kernel","content":"i810_audio: Connection 0 with codec id 2"},{"priority":null,"date":"Mar  9 19:41:13","hostname":"avas","tag":"dccd","content":"[3004]: \"packet length 44 too small for REPORT\" sent to client 1 at 194.63.250.215,47577"},{"priority":null,"date":"Mar  8 09:01:07","hostname":"avas","tag":"sshd","content":"(pam_unix)[21839]: session opened for user tom by (uid=35567)"},{"priority":null,"date":"Mar  8 03:52:04","hostname":"avas","tag":"dccd","content":"[13284]: 1.2.32 database /home/dcc/dcc_db reopened with 997 MByte window"},{"priority":null,"date":"Mar  8 16:05:26","hostname":"avas","tag":"arpwatch","content":"listening on eth0"},{"priority":null,"date":"Mar 10 10:00:06","hostname":"avas","tag":"named","content":"[6986]: zone PLNet/IN: refresh: non-authoritative answer from master 192.75.26.21#53"},{"priority":null,"date":"Mar 10 10:00:10","hostname":"avas","tag":"named","content":"[6986]: client 127.0.0.1#55867: query: mail.canfor.ca IN MX"},{"priority":null,"date":"Mar  8 15:18:40","hostname":"avas:","tag":"last","content":"message repeated 11 times"},{"priority":null,"date":"Mar  8 15:18:40","hostname":"127:0:ab::1","tag":"sshd","content":"unauthorized request"},{"priority":null,"date":"Mar  8 15:18:40","hostname":"server.example.com","tag":"sshd","content":"unauthorized request"},{"priority":null,"date":"Mar  8 15:18:40","hostname":"192.168.1.1","tag":"sshd","content":"unauthorized request"},{"priority":35,"date":"Mar  8 15:18:40","hostname":"server.example.com","tag":"sshd","content":"unauthorized request"},{"unparsable":"<7>unparsable line"}]
diff --git a/tests/fixtures/generic/syslog-3164.out b/tests/fixtures/generic/syslog-3164.out
new file mode 100644
index 00000000..d14de487
--- /dev/null
+++ b/tests/fixtures/generic/syslog-3164.out
@@ -0,0 +1,34 @@
+<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
+Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
+<35>Oct 12 22:14:15 client_machine su: 'su root' failed for joe on /dev/pts/2
+<35>Mar  7 04:02:16 avas clamd[11165]: /var/amavis/amavis-20040307T033734-10329/parts/part-00003: Worm.Mydoom.F FOUND 
+Mar  7 04:05:55 avas clamd[11240]: /var/amavis/amavis-20040307T035901-10615/parts/part-00002: Worm.SomeFool.Gen-1 FOUND 
+<5>Mar  7 09:00:51 avas clamd[27173]: SelfCheck: Database status OK.
+Mar  7 05:59:02 avas clamd[27173]: Database correctly reloaded (20400 viruses) 
+Mar  7 04:02:16 avas clamd[11165]: /var/amavis/amavis-20040307T033734-10329/parts/part-00003: Worm.Mydoom.F FOUND 
+Mar  7 04:05:55 avas clamd[11240]: /var/amavis/amavis-20040307T035901-10615/parts/part-00002: Worm.SomeFool.Gen-1 FOUND 
+Mar  7 09:00:51 avas clamd[27173]: SelfCheck: Database status OK.
+Mar  7 05:59:02 avas clamd[27173]: Database correctly reloaded (20400 viruses) 
+Mar  7 11:14:35 avas dccd[13284]: 21 requests/sec are too many from anonymous 205.201.1.56,2246
+Mar  8 00:22:57 avas dccifd[9933]: write(MTA socket,4): Broken pipe
+Mar  7 21:23:22 avas dccifd[6191]: missing message body
+Mar  9 16:05:17 avas named[12045]: zone PLNet/IN: refresh: non-authoritative answer from master 10.0.0.253#53
+Mar 10 00:38:16 avas dccifd[23069]: continue not asking DCC 17 seconds after failure
+
+
+Mar 10 09:42:11 avas named: client 127.0.0.1#55524: query: 23.68.27.142.sa-trusted.bondedsender.org IN TXT
+Mar  9 03:48:07 avas dccd[145]: automatic dbclean; starting `dbclean -DPq -i 1189 -L info,local5.notice -L error,local5.err`
+Mar  9 11:58:18 avas kernel: i810_audio: Connection 0 with codec id 2
+Mar  9 19:41:13 avas dccd[3004]: "packet length 44 too small for REPORT" sent to client 1 at 194.63.250.215,47577
+Mar  8 09:01:07 avas sshd(pam_unix)[21839]: session opened for user tom by (uid=35567)
+
+Mar  8 03:52:04 avas dccd[13284]: 1.2.32 database /home/dcc/dcc_db reopened with 997 MByte window
+Mar  8 16:05:26 avas arpwatch: listening on eth0
+Mar 10 10:00:06 avas named[6986]: zone PLNet/IN: refresh: non-authoritative answer from master 192.75.26.21#53
+Mar 10 10:00:10 avas named[6986]: client 127.0.0.1#55867: query: mail.canfor.ca IN MX
+Mar  8 15:18:40 avas: last message repeated 11 times
+Mar  8 15:18:40 127:0:ab::1 sshd: unauthorized request
+Mar  8 15:18:40 server.example.com sshd: unauthorized request
+Mar  8 15:18:40 192.168.1.1 sshd: unauthorized request
+<35>Mar  8 15:18:40 server.example.com sshd: unauthorized request
+<7>unparsable line
diff --git a/tests/test_syslog_bsd.py b/tests/test_syslog_bsd.py
new file mode 100644
index 00000000..ff0516c9
--- /dev/null
+++ b/tests/test_syslog_bsd.py
@@ -0,0 +1,35 @@
+import os
+import unittest
+import json
+import jc.parsers.syslog_bsd
+
+THIS_DIR = os.path.dirname(os.path.abspath(__file__))
+
+
+class MyTests(unittest.TestCase):
+
+    def setUp(self):
+        # input
+        with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/syslog-3164.out'), 'r', encoding='utf-8') as f:
+            self.syslog = f.read()
+
+        # output
+        with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/syslog-3164.json'), 'r', encoding='utf-8') as f:
+            self.syslog_json = json.loads(f.read())
+
+
+    def test_syslog_bsd_nodata(self):
+        """
+        Test 'syslog_bsd' with no data
+        """
+        self.assertEqual(jc.parsers.syslog_bsd.parse('', quiet=True), [])
+
+    def test_syslog_bsd_sample(self):
+        """
+        Test 'syslog_bsd' with sample data
+        """
+        self.assertEqual(jc.parsers.syslog_bsd.parse(self.syslog, quiet=True), self.syslog_json)
+
+
+if __name__ == '__main__':
+    unittest.main()