// Initializes logp if the verbose flag was set.
func configureLogp() {
	oneTimeLogpInit.Do(func() {
		if testing.Verbose() {
			logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"eventlog"})
			logp.Info("DEBUG enabled for eventlog.")
		} else {
			logp.LogInit(logp.LOG_WARNING, "", false, true, []string{})
		}
	})
}
func TestMySQLParser_simpleUpdateResponse(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"mysqldetailed"})
	}

	data := []byte("300000010001000100000028526f7773206d6174636865643a203120204368616e6765643a203120205761726e696e67733a2030")

	message, err := hex.DecodeString(string(data))
	if err != nil {
		t.Errorf("Failed to decode hex string")
	}

	stream := &MysqlStream{data: message, message: new(MysqlMessage)}

	ok, complete := mysqlMessageParser(stream)

	if !ok {
		t.Errorf("Parsing returned error")
	}
	if !complete {
		t.Errorf("Expecting a complete message")
	}
	if stream.message.IsRequest {
		t.Errorf("Failed to parse MySQL Query response")
	}
	if !stream.message.IsOK || stream.message.IsError {
		t.Errorf("Failed to true, true, parse MySQL Query response")
	}
	if stream.message.AffectedRows != 1 {
		t.Errorf("Failed to get the number of affected rows")
	}
	if stream.message.Size != 52 {
		t.Errorf("Wrong message size %d", stream.message.Size)
	}
}
Beispiel #3
0
func TestHttpParser_censorPasswordPOST(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"})
	}

	http := httpModForTests()
	http.HideKeywords = []string{"password"}
	http.parserConfig.SendHeaders = true
	http.parserConfig.SendAllHeaders = true

	data1 :=
		"POST /users/login HTTP/1.1\r\n" +
			"HOST: www.example.com\r\n" +
			"Content-Type: application/x-www-form-urlencoded\r\n" +
			"Content-Length: 28\r\n" +
			"\r\n" +
			"username=ME&password=secret\r\n"
	tp := newTestParser(http, data1)

	msg, ok, complete := tp.parse()
	assert.True(t, ok)
	assert.True(t, complete)

	rawMsg := tp.stream.data[tp.stream.message.start:tp.stream.message.end]
	path, params, err := http.extractParameters(msg, rawMsg)
	assert.Nil(t, err)
	assert.Equal(t, "/users/login", path)
	assert.False(t, strings.Contains(params, "secret"))
}
func TestOneHost500Resp(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	index := fmt.Sprintf("packetbeat-unittest-%d", os.Getpid())
	body := map[string]interface{}{
		"user":      "******",
		"post_date": "2009-11-15T14:12:12",
		"message":   "trying out",
	}

	server := ElasticsearchMock(http.StatusInternalServerError, []byte("Something wrong happened"))

	client := NewClient(server.URL, "", nil, nil, "", "")
	err := client.Connect(1 * time.Second)
	if err != nil {
		t.Fatalf("Failed to connect: %v", err)
	}

	params := map[string]string{
		"refresh": "true",
	}
	_, _, err = client.Index(index, "test", "1", params, body)

	if err == nil {
		t.Errorf("Index() should return error.")
	}

	if !strings.Contains(err.Error(), "500 Internal Server Error") {
		t.Errorf("Should return <500 Internal Server Error> instead of %v", err)
	}
}
Beispiel #5
0
func Test_Rotator_By_Bytes(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"rotator"})
	}

	dir, err := ioutil.TempDir("", "test_rotator_")
	if err != nil {
		t.Errorf("Error: %s", err.Error())
		return
	}

	logp.Debug("rotator", "Direcotry: %s", dir)

	rotator := FileRotator{
		Path:             dir,
		Name:             "packetbeat",
		RotateEveryBytes: 100,
		KeepFiles:        7,
	}

	for i := 0; i < 300; i++ {
		rotator.WriteLine([]byte("01234567890"))
	}
}
Beispiel #6
0
func TestThrift_Parse_OneWayCallWithFin(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)
	thrift.TransportType = ThriftTFramed

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	req := createTestPacket(t, "0000001080010001000000037a69700000000000")

	var private thriftPrivateData
	thrift.Parse(req, tcptuple, 0, private)
	thrift.ReceivedFin(tcptuple, 0, private)

	trans := expectThriftTransaction(t, thrift)
	if trans.Request.Method != "zip" ||
		trans.Request.Params != "()" ||
		trans.Reply != nil || trans.ResponseTime != 0 {

		t.Error("Bad result:", trans)
	}
}
Beispiel #7
0
func TestThrift_Parse_RequestReplyMismatch(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)
	thrift.TransportType = ThriftTFramed
	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	reqzip := createTestPacket(t, "0000001080010001000000037a69700000000000")
	repladd := createTestPacket(t, "000000178001000200000003616464000000000800000000000200")

	var private thriftPrivateData
	thrift.Parse(reqzip, tcptuple, 0, private)
	thrift.Parse(repladd, tcptuple, 1, private)

	// Nothing should be received at this point
	select {
	case trans := <-thrift.PublishQueue:
		t.Error("Bad result:", trans)
	default:
		// ok
	}
}
Beispiel #8
0
func TestThrift_ParseSimpleTFramedSplitInterleaved(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)
	thrift.TransportType = ThriftTFramed

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	req_half1 := createTestPacket(t, "0000001e8001000100")
	repl_half1 := createTestPacket(t, "000000178001000200000003")
	req_half2 := createTestPacket(t, "000003616464000000000800010000000108"+
		"00020000000100")
	repl_half2 := createTestPacket(t, "616464000000000800000000000200")

	var private thriftPrivateData
	private = thrift.Parse(req_half1, tcptuple, 0, private).(thriftPrivateData)
	private = thrift.Parse(req_half2, tcptuple, 0, private).(thriftPrivateData)
	private = thrift.Parse(repl_half1, tcptuple, 1, private).(thriftPrivateData)
	thrift.Parse(repl_half2, tcptuple, 1, private)

	trans := expectThriftTransaction(t, thrift)
	if trans.Request.Method != "add" ||
		trans.Request.Params != "(1: 1, 2: 1)" ||
		trans.Reply.ReturnValue != "2" {

		t.Error("Bad result:", trans)
	}
}
Beispiel #9
0
func TestThrift_ParseSimpleTBinary(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()
	req := createTestPacket(t, "800100010000000470696e670000000000")
	repl := createTestPacket(t, "800100020000000470696e670000000000")

	var private thriftPrivateData
	thrift.Parse(req, tcptuple, 0, private)
	thrift.Parse(repl, tcptuple, 1, private)

	trans := expectThriftTransaction(t, thrift)
	if trans.Request.Method != "ping" ||
		trans.Request.Params != "()" ||
		trans.Reply.ReturnValue != "" ||
		trans.Request.FrameSize == 0 ||
		trans.Reply.FrameSize == 0 {

		t.Error("Bad result:", trans)
	}
}
func TestDeadTimeout(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	var pool ConnectionPool

	urls := []string{"localhost:9200", "localhost:9201"}

	err := pool.SetConnections(urls, "test", "secret")
	if err != nil {
		t.Errorf("Fail to set the connections: %s", err)
	}
	pool.SetDeadTimeout(10)

	conn := pool.GetConnection()

	if conn.URL != "localhost:9200" {
		t.Errorf("Wrong connection returned: %s", conn.URL)
	}
	pool.MarkDead(conn)
	time.Sleep(10 * time.Second)

	conn = pool.GetConnection()
	if conn.URL != "localhost:9201" {
		t.Errorf("Wrong connection returned: %s", conn.URL)
	}

	conn = pool.GetConnection()
	if conn.URL != "localhost:9200" {
		t.Errorf("Wrong connection returned: %s", conn.URL)
	}
}
Beispiel #11
0
func TestThrift_ParseObfuscateStrings(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)
	thrift.TransportType = ThriftTFramed
	thrift.ObfuscateStrings = true

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	req := createTestPacket(t, "00000024800100010000000b6563686f5f737472696e670000"+
		"00000b00010000000568656c6c6f00")
	repl := createTestPacket(t, "00000024800100020000000b6563686f5f737472696e67000"+
		"000000b00000000000568656c6c6f00")

	var private thriftPrivateData
	thrift.Parse(req, tcptuple, 0, private)
	thrift.Parse(repl, tcptuple, 1, private)

	trans := expectThriftTransaction(t, thrift)
	if trans.Request.Method != "echo_string" ||
		trans.Request.Params != `(1: "*")` ||
		trans.Reply.ReturnValue != `"*"` {

		t.Error("Bad result:", trans)
	}
}
Beispiel #12
0
func TestThrift_Parse_Exception(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	req := createTestPacket(t, "800100010000000963616c63756c6174650000000008000"+
		"1000000010c00020800010000000108000200000000080003000000040000")
	repl := createTestPacket(t, "800100020000000963616c63756c617465000000000c00"+
		"01080001000000040b00020000001243616e6e6f742064697669646520627920300000")

	var private thriftPrivateData
	thrift.Parse(req, tcptuple, 0, private)
	thrift.Parse(repl, tcptuple, 1, private)

	trans := expectThriftTransaction(t, thrift)
	if trans.Request.Method != "calculate" ||
		trans.Request.Params != "(1: 1, 2: (1: 1, 2: 0, 3: 4))" ||
		trans.Reply.Exceptions != `(1: (1: 4, 2: "Cannot divide by 0"))` ||
		!trans.Reply.HasException {

		t.Error("Bad result:", trans)
	}
}
Beispiel #13
0
// Test parsing an incomplete pgsql response
func TestPgsqlParser_incomplete_response(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"pgsql", "pgsqldetailed"})
	}
	pgsql := PgsqlModForTests()

	data := []byte(
		"54000000420003610000004009000100000413ffffffffffff0000620000004009000200000413ffffffffffff0000630000004009000300000413ffffffffffff0000" +
			"440000001b0003000000036d6561000000036d6562000000036d6563" +
			"440000001e0003000000046d656131000000046d656231000000046d656331" +
			"440000001e0003000000046d")

	message, err := hex.DecodeString(string(data))
	if err != nil {
		t.Error("Failed to decode hex string")
	}

	stream := &PgsqlStream{data: message, message: new(PgsqlMessage)}

	ok, complete := pgsql.pgsqlMessageParser(stream)

	if !ok {
		t.Error("Parsing returned error")
	}
	if complete {
		t.Error("Expecting an incomplete message")
	}

}
Beispiel #14
0
func TestOneHost503Resp(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	index := fmt.Sprintf("packetbeat-unittest-%d", os.Getpid())
	body := map[string]interface{}{
		"user":      "******",
		"post_date": "2009-11-15T14:12:12",
		"message":   "trying out",
	}

	server := ElasticsearchMock(503, []byte("Something wrong happened"))

	es := NewElasticsearch([]string{server.URL}, nil, "", "")

	params := map[string]string{
		"refresh": "true",
	}
	_, err := es.Index(index, "test", "1", params, body)
	if err == nil {
		t.Errorf("Index() should return error.")
	}

	if !strings.Contains(err.Error(), "retries. Errors") {
		t.Errorf("Should return <Request fails after 3 retries. Errors: > instead of %v", err)
	}
}
Beispiel #15
0
func BenchmarkIcmpProcessICMPv4(b *testing.B) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"icmp", "icmpdetailed"})
	}

	results := publisher.ChanClient{make(chan common.MapStr, 10)}
	icmp, err := NewIcmp(true, results)
	if err != nil {
		b.Error("Failed to create ICMP processor")
		return
	}

	icmpRequestData := createICMPv4Layer(b, "08"+"00"+"0000"+"ffff"+"0001")
	packetRequestData := new(protos.Packet)

	icmpResponseData := createICMPv4Layer(b, "00"+"00"+"0000"+"ffff"+"0001")
	packetResponseData := new(protos.Packet)

	b.ResetTimer()

	for n := 0; n < b.N; n++ {
		icmp.ProcessICMPv4(icmpRequestData, packetRequestData)
		icmp.ProcessICMPv4(icmpResponseData, packetResponseData)

		client := icmp.results.(publisher.ChanClient)
		<-client.Channel
	}
}
Beispiel #16
0
func TestMultipleFailingHosts(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	index := fmt.Sprintf("packetbeat-unittest-%d", os.Getpid())
	body := map[string]interface{}{
		"user":      "******",
		"post_date": "2009-11-15T14:12:12",
		"message":   "trying out",
	}
	server1 := ElasticsearchMock(503, []byte("Something went wrong"))
	server2 := ElasticsearchMock(500, []byte("Something went wrong"))

	logp.Debug("elasticsearch", "%s, %s", server1.URL, server2.URL)
	es := NewElasticsearch([]string{server1.URL, server2.URL}, nil, "", "")

	params := map[string]string{
		"refresh": "true",
	}
	_, err := es.Index(index, "test", "1", params, body)
	if err == nil {
		t.Errorf("Index() should return error.")
	}

	if !strings.Contains(err.Error(), "500 Internal Server Error") {
		t.Errorf("Should return <500 Internal Server Error> instead of %v", err)
	}

}
Beispiel #17
0
func TestOneHostSuccessResp(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	index := fmt.Sprintf("packetbeat-unittest-%d", os.Getpid())
	body := map[string]interface{}{
		"user":      "******",
		"post_date": "2009-11-15T14:12:12",
		"message":   "trying out",
	}
	expectedResp, _ := json.Marshal(QueryResult{Ok: true, Index: index, Type: "test", ID: "1", Version: 1, Created: true})

	server := ElasticsearchMock(200, expectedResp)

	es := NewElasticsearch([]string{server.URL}, nil, "", "")

	params := map[string]string{
		"refresh": "true",
	}
	resp, err := es.Index(index, "test", "1", params, body)
	if err != nil {
		t.Errorf("Index() returns error: %s", err)
	}
	if !resp.Created {
		t.Errorf("Index() fails: %s", resp)
	}
}
func TestDeadTimeout(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}

	var pool ConnectionPool
	urls := []string{"localhost:9200", "localhost:9201"}
	err := pool.SetConnections(urls, "test", "secret")
	if err != nil {
		t.Errorf("Fail to set the connections: %s", err)
	}
	// Set dead timeout to zero so that dead connections are immediately
	// returned to the pool.
	pool.SetDeadTimeout(0)

	conn := pool.GetConnection()
	assertExpectedConnectionURL(t, conn.URL, urls[0])

	pool.MarkDead(conn)
	time.Sleep(10 * time.Millisecond)

	assertExpectedConnectionURL(t, pool.GetConnection().URL, urls[1])
	assertExpectedConnectionURL(t, pool.GetConnection().URL, urls[0])
}
Beispiel #19
0
func TestHttpParser_301_response(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http"})
	}

	data := "HTTP/1.1 301 Moved Permanently\r\n" +
		"Date: Sun, 29 Sep 2013 16:53:59 GMT\r\n" +
		"Server: Apache\r\n" +
		"Location: http://www.hotnews.ro/\r\n" +
		"Vary: Accept-Encoding\r\n" +
		"Content-Length: 290\r\n" +
		"Connection: close\r\n" +
		"Content-Type: text/html; charset=iso-8859-1\r\n" +
		"\r\n" +
		"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" +
		"<html><head>\r\n" +
		"<title>301 Moved Permanently</title>\r\n" +
		"</head><body>\r\n" +
		"<h1>Moved Permanently</h1>\r\n" +
		"<p>The document has moved <a href=\"http://www.hotnews.ro/\">here</a>.</p>\r\n" +
		"<hr>\r\n" +
		"<address>Apache Server at hotnews.ro Port 80</address>\r\n" +
		"</body></html>"

	msg, ok, complete := testParse(nil, data)
	assert.True(t, ok)
	assert.True(t, complete)
	assert.Equal(t, 290, msg.ContentLength)
}
Beispiel #20
0
func TestThriftIdl_thriftReadFiles(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	idl := thriftIdlForTesting(t, `
/* simple test */
service Test {
       i32 add(1:i32 num1, 2: i32 num2)
}
`)

	methods_map := idl.MethodsByName
	if len(methods_map) == 0 {
		t.Error("Empty methods_map")
	}
	m, exists := methods_map["add"]
	if !exists || m.Service == nil || m.Method == nil ||
		m.Service.Name != "Test" || m.Method.Name != "add" {

		t.Error("Bad data:", m)
	}
	if *m.Params[1] != "num1" || *m.Params[2] != "num2" {
		t.Error("Bad params", m.Params)
	}
	if len(m.Exceptions) != 0 {
		t.Error("Non empty exceptions", m.Exceptions)
	}
}
Beispiel #21
0
func TestHttpParser_RequestResponse(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"})
	}

	http := HttpModForTests()

	data := []byte(
		"GET / HTTP/1.1\r\n" +
			"Host: www.google.ro\r\n" +
			"Connection: keep-alive\r\n" +
			"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.75 Safari/537.1\r\n" +
			"Accept: */*\r\n" +
			"X-Chrome-Variations: CLa1yQEIj7bJAQiftskBCKS2yQEIp7bJAQiptskBCLSDygE=\r\n" +
			"Referer: http://www.google.ro/\r\n" +
			"Accept-Encoding: gzip,deflate,sdch\r\n" +
			"Accept-Language: en-US,en;q=0.8\r\n" +
			"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n" +
			"Cookie: PREF=ID=6b67d166417efec4:U=69097d4080ae0e15:FF=0:TM=1340891937:LM=1340891938:S=8t97UBiUwKbESvVX; NID=61=sf10OV-t02wu5PXrc09AhGagFrhSAB2C_98ZaI53-uH4jGiVG_yz9WmE3vjEBcmJyWUogB1ZF5puyDIIiB-UIdLd4OEgPR3x1LHNyuGmEDaNbQ_XaxWQqqQ59mX1qgLQ\r\n" +
			"\r\n" +
			"HTTP/1.1 200 OK\r\n" +
			"Date: Tue, 14 Aug 2012 22:31:45 GMT\r\n" +
			"Expires: -1\r\n" +
			"Cache-Control: private, max-age=0\r\n" +
			"Content-Type: text/html; charset=UTF-8\r\n" +
			"Content-Encoding: gzip\r\n" +
			"Server: gws\r\n" +
			"Content-Length: 0\r\n" +
			"X-XSS-Protection: 1; mode=block\r\n" +
			"X-Frame-Options: SAMEORIGIN\r\n" +
			"\r\n")

	stream := &HttpStream{data: data, message: &HttpMessage{Ts: time.Now()}}

	ok, complete := http.messageParser(stream)

	if !ok {
		t.Errorf("Parsing returned error")
	}

	if !complete {
		t.Errorf("Expecting a complete message")
	}

	stream.PrepareForNewMessage()
	stream.message = &HttpMessage{Ts: time.Now()}

	ok, complete = http.messageParser(stream)

	if !ok {
		t.Errorf("Parsing returned error")
	}

	if !complete {
		t.Errorf("Expecting a complete message")
	}
}
Beispiel #22
0
// max_docs option should be respected
func TestMaxDocs(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"mongodb", "mongodbdetailed"})
	}

	// more docs than configured
	trans := MongodbTransaction{
		documents: []interface{}{
			1, 2, 3, 4, 5, 6, 7, 8,
		},
	}

	mongodb := MongodbModForTests()
	mongodb.Send_response = true
	mongodb.Max_docs = 3

	mongodb.publishTransaction(&trans)

	res := expectTransaction(t, mongodb)

	assert.Equal(t, "1\n2\n3\n[...]", res["response"])

	// exactly the same number of docs
	trans = MongodbTransaction{
		documents: []interface{}{
			1, 2, 3,
		},
	}

	mongodb.publishTransaction(&trans)
	res = expectTransaction(t, mongodb)
	assert.Equal(t, "1\n2\n3", res["response"])

	// less docs
	trans = MongodbTransaction{
		documents: []interface{}{
			1, 2,
		},
	}

	mongodb.publishTransaction(&trans)
	res = expectTransaction(t, mongodb)
	assert.Equal(t, "1\n2", res["response"])

	// unlimited
	trans = MongodbTransaction{
		documents: []interface{}{
			1, 2, 3, 4,
		},
	}
	mongodb.Max_docs = 0
	mongodb.publishTransaction(&trans)
	res = expectTransaction(t, mongodb)
	assert.Equal(t, "1\n2\n3\n4", res["response"])
}
func Test_parseMysqlResponse_invalid(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"mysql", "mysqldetailed"})
	}

	mysql := MysqlModForTests()

	tests := [][]byte{
		[]byte{},
		[]byte{0x00, 0x00},
		[]byte{0x00, 0x00, 0x00},
		[]byte{0x05, 0x00, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0xff},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00},
		[]byte{0x05, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00,
			0x01, 0x00},
		[]byte{0x15, 0x00, 0x00, 0x01, 0x01, 0x05, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00,
			0x01, 0x00, 0x01},
		[]byte{0x15, 0x00, 0x00, 0x01, 0x01, 0x05, 0x15, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00,
			0x01, 0x00, 0x01, 0x00},
	}

	for _, input := range tests {
		fields, rows := mysql.parseMysqlResponse(input)
		assert.Equal(t, []string{}, fields)
		assert.Equal(t, [][]string{}, rows)
	}

	tests = [][]byte{
		[]byte{0x15, 0x00, 0x00, 0x01, 0x01,
			0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0xfe, 0x00, 0x01, //field
			0x01, 0x00, 0x00, 0x00, 0xfe, // EOF
		},
		[]byte{0x15, 0x00, 0x00, 0x01, 0x01,
			0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0xfe, 0x00, 0x01, //field
			0x01, 0x00, 0x00, 0x00, 0xfe, // EOF
			0x00, 0x00,
		},
	}

	for _, input := range tests {
		fields, rows := mysql.parseMysqlResponse(input)
		assert.Equal(t, []string{""}, fields)
		assert.Equal(t, [][]string{}, rows)
	}
}
Beispiel #24
0
func newDns(verbose bool) *Dns {
	if verbose {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
	} else {
		logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
	}

	dns := &Dns{}
	err := dns.Init(true, publisher.ChanClient{make(chan common.MapStr, 100)})
	if err != nil {
		return nil
	}

	dns.Ports = []int{ServerPort}
	dns.Include_authorities = true
	dns.Include_additionals = true
	dns.Send_request = true
	dns.Send_response = true
	return dns
}
Beispiel #25
0
func TestHttpParser_RedactAuthorization(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"})
	}

	http := HttpModForTests()
	http.Redact_authorization = true
	http.Send_headers = true
	http.Send_all_headers = true

	data := []byte("POST /services/ObjectControl?ID=client0 HTTP/1.1\r\n" +
		"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5472)\r\n" +
		"Content-Type: text/xml; charset=utf-8\r\n" +
		"SOAPAction: \"\"\r\n" +
		"Authorization: Basic ZHVtbXk6NmQlc1AwOC1XemZ3Cg\r\n" +
		"Proxy-Authorization: Basic cHJveHk6MWM3MGRjM2JhZDIwCg==\r\n" +
		"Host: production.example.com\r\n" +
		"Content-Length: 0\r\n" +
		"Expect: 100-continue\r\n" +
		"Accept-Encoding: gzip\r\n" +
		"X-Forwarded-For: 10.216.89.132\r\n" +
		"\r\n")

	stream := &HttpStream{data: data, message: new(HttpMessage)}

	ok, _ := http.messageParser(stream)

	msg := stream.data[stream.message.start:]
	http.hideHeaders(stream.message, msg)

	if !ok {
		t.Errorf("Parsing returned error")
	}

	if stream.message.Headers["authorization"] != "*" {
		t.Errorf("Failed to redact authorization header: " + stream.message.Headers["authorization"])
	}
	authPattern, _ := regexp.Compile(`(?m)^[Aa]uthorization:\*+`)
	authObscured := authPattern.Match(msg)
	if !authObscured {
		t.Errorf("Obscured authorization string not found: " + string(msg[:]))
	}

	if stream.message.Headers["proxy-authorization"] != "*" {
		t.Errorf("Failed to redact proxy authorization header: " + stream.message.Headers["proxy-authorization"])
	}
	proxyPattern, _ := regexp.Compile(`(?m)^[Pp]roxy-[Aa]uthorization:\*+`)
	proxyObscured := proxyPattern.Match(msg)
	if !proxyObscured {
		t.Errorf("Obscured proxy-authorization string not found: " + string(msg[:]))
	}

}
Beispiel #26
0
func TestHttpParser_censorPasswordURL(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"})
	}

	http := HttpModForTests()
	http.Hide_keywords = []string{"password", "pass"}
	http.Send_headers = true
	http.Send_all_headers = true

	data1 := []byte(
		"GET http://localhost:8080/test?password=secret HTTP/1.1\r\n" +
			"Host: www.google.com\r\n" +
			"Connection: keep-alive\r\n" +
			"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.75 Safari/537.1\r\n" +
			"Accept: */*\r\n" +
			"X-Chrome-Variations: CLa1yQEIj7bJAQiftskBCKS2yQEIp7bJAQiptskBCLSDygE=\r\n" +
			"Referer: http://www.google.com/\r\n" +
			"Accept-Encoding: gzip,deflate,sdch\r\n" +
			"Accept-Language: en-US,en;q=0.8\r\n" +
			"Content-Type: application/x-www-form-urlencoded\r\n" +
			"Content-Length: 23\r\n" +
			"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n" +
			"Cookie: PREF=ID=6b67d166417efec4:U=69097d4080ae0e15:FF=0:TM=1340891937:LM=1340891938:S=8t97UBiUwKbESvVX; NID=61=sf10OV-t02wu5PXrc09AhGagFrhSAB2C_98ZaI53-uH4jGiVG_yz9WmE3vjEBcmJyWUogB1ZF5puyDIIiB-UIdLd4OEgPR3x1LHNyuGmEDaNbQ_XaxWQqqQ59mX1qgLQ\r\n" +
			"\r\n" +
			"username=ME&pass=secret")

	stream := &HttpStream{data: data1, message: new(HttpMessage)}

	ok, complete := http.messageParser(stream)

	if !ok {
		t.Errorf("Parsing returned error")
	}

	if !complete {
		t.Errorf("Expecting a complete message")
	}

	msg := stream.data[stream.message.start:stream.message.end]
	path, params, err := http.extractParameters(stream.message, msg)
	if err != nil {
		t.Errorf("Fail to parse parameters")
	}

	if path != "/test" {
		t.Errorf("Wrong path: %s", path)
	}

	if strings.Contains(params, "secret") {
		t.Errorf("Failed to censor the password: %s", params)
	}
}
Beispiel #27
0
func TestBulk(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"elasticsearch"})
	}
	if testing.Short() {
		t.Skip("Skipping in short mode, because it requires Elasticsearch")
	}
	es := GetTestingElasticsearch()
	index := fmt.Sprintf("packetbeat-unittest-%d", os.Getpid())

	ops := []map[string]interface{}{
		map[string]interface{}{
			"index": map[string]interface{}{
				"_index": index,
				"_type":  "type1",
				"_id":    "1",
			},
		},
		map[string]interface{}{
			"field1": "value1",
		},
	}

	body := make(chan interface{}, 10)
	for _, op := range ops {
		body <- op
	}
	close(body)

	params := map[string]string{
		"refresh": "true",
	}
	_, err := es.Bulk(index, "type1", params, body)
	if err != nil {
		t.Errorf("Bulk() returned error: %s", err)
	}

	params = map[string]string{
		"q": "field1:value1",
	}
	result, err := es.SearchUri(index, "type1", params)
	if err != nil {
		t.Errorf("SearchUri() returns an error: %s", err)
	}
	if result.Hits.Total != 1 {
		t.Errorf("Wrong number of search results: %d", result.Hits.Total)
	}

	_, err = es.Delete(index, "", "", nil)
	if err != nil {
		t.Errorf("Delete() returns error: %s", err)
	}
}
Beispiel #28
0
func TestThrift_GapInStream_response(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"thrift", "thriftdetailed"})
	}

	var thrift Thrift
	thrift.Init(true, nil)
	thrift.Idl = thriftIdlForTesting(t, `
		exception InvalidOperation {
		  1: i32 what,
		  2: string why
		}
		service Test {
		   i32 calculate(1:i32 logid, 2:Work w) throws (1:InvalidOperation ouch),
		}
		`)

	thrift.PublishQueue = make(chan *ThriftTransaction, 10)

	tcptuple := testTcpTuple()

	req := createTestPacket(t, "800100010000000963616c63756c6174650000000008000"+
		"1000000010c00020800010000000108000200000000080003000000040000")
	// missing last few bytes
	repl := createTestPacket(t, "800100020000000963616c63756c617465000000000c00"+
		"01080001000000040b00020000001243616e6e6f742064697669646520")

	private := protos.ProtocolData(new(thriftPrivateData))
	private = thrift.Parse(req, tcptuple, 0, private)
	private = thrift.Parse(repl, tcptuple, 1, private)
	private, drop := thrift.GapInStream(tcptuple, 1, 5, private)

	if drop == false {
		t.Error("GapInStream returned drop=false")
	}

	trans := expectThriftTransaction(t, thrift)
	// The exception is not captured, but otherwise the values from the request
	// are correct
	if trans.Request.Method != "calculate" ||
		trans.Request.Params != "(logid: 1, w: (1: 1, 2: 0, 3: 4))" ||
		trans.Reply.ReturnValue != "" ||
		trans.Reply.Exceptions != `` ||
		trans.Reply.HasException ||
		trans.Request.Service != "Test" ||
		trans.Reply.Notes[0] != "Packet loss while capturing the response" {

		t.Error("trans.Reply.Exceptions", trans.Reply.Exceptions)
		t.Error("trans.Reply.HasException", trans.Reply.HasException)
	}
}
// Test that loss of data during the response (but not at the beginning)
// don't cause the whole transaction to be dropped.
func Test_gap_in_response(t *testing.T) {
	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"mysql", "mysqldetailed"})
	}

	mysql := MysqlModForTests()

	// request and response from tests/pcaps/mysql_result_long.pcap
	// select * from test
	req_data, err := hex.DecodeString(
		"130000000373656c656374202a20" +
			"66726f6d2074657374")
	assert.Nil(t, err)
	resp_data, err := hex.DecodeString(
		"0100000103240000020364656604" +
			"74657374047465737404746573740161" +
			"01610c3f000b00000003000000000024" +
			"00000303646566047465737404746573" +
			"740474657374016201620c3f000b0000" +
			"00030000000000240000040364656604" +
			"74657374047465737404746573740163" +
			"01630c2100fd020000fd000000000005" +
			"000005fe000022000a00000601310131" +
			"0548656c6c6f0a000007013201320548" +
			"656c6c6f0601000801330133fcff004c" +
			"6f72656d20497073756d206973207369" +
			"6d706c792064756d6d79207465787420" +
			"6f6620746865207072696e74696e6720" +
			"616e64207479706573657474696e6720" +
			"696e6475737472792e204c6f72656d20")
	assert.Nil(t, err)

	tcptuple := testTcpTuple()
	req := protos.Packet{Payload: req_data}
	resp := protos.Packet{Payload: resp_data}

	private := protos.ProtocolData(new(mysqlPrivateData))

	private = mysql.Parse(&req, tcptuple, 0, private)
	private = mysql.Parse(&resp, tcptuple, 1, private)

	logp.Debug("mysql", "Now sending gap..")

	private, drop := mysql.GapInStream(tcptuple, 1, 10, private)
	assert.Equal(t, true, drop)

	trans := expectTransaction(t, mysql)
	assert.NotNil(t, trans)
	assert.Equal(t, trans["notes"], []string{"Packet loss while capturing the response"})
}
Beispiel #30
0
func TestHttpParser_censorPasswordGET(t *testing.T) {

	if testing.Verbose() {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"http", "httpdetailed"})
	}

	http := HttpModForTests()
	http.Hide_keywords = []string{"password"}
	http.Send_headers = true
	http.Send_all_headers = true
	http.Send_request = false
	http.Send_response = false

	data1 := []byte(
		"GET /users/login HTTP/1.1\r\n" +
			"HOST: www.example.com\r\n" +
			"Content-Type: application/x-www-form-urlencoded\r\n" +
			"Content-Length: 53\r\n" +
			"\r\n" +
			"password=my_secret_pass&Password=my_secret_password_2\r\n")

	stream := &HttpStream{data: data1, message: new(HttpMessage)}

	ok, complete := http.messageParser(stream)

	if !ok {
		t.Errorf("Parsing returned error")
	}

	if !complete {
		t.Errorf("Expecting a complete message")
	}

	msg := stream.data[stream.message.start:stream.message.end]
	path, params, err := http.extractParameters(stream.message, msg)
	if err != nil {
		t.Errorf("Faile to parse parameters")
	}
	logp.Debug("httpdetailed", "parameters %s", params)

	if path != "/users/login" {
		t.Errorf("Wrong path: %s", path)
	}

	if strings.Contains(params, "secret") {
		t.Errorf("Failed to censor the password: %s", msg)
	}
}