Skip to content

Commit

Permalink
Update JSON graph test
Browse files Browse the repository at this point in the history
  • Loading branch information
@remram44
remram44 committed Jul 6, 2017
1 parent 183d2bf commit 9a440ff
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 10 deletions.
42 changes: 36 additions & 6 deletions tests/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ def make_database(insert, path=None):
run_id INTEGER NOT NULL,
parent INTEGER,
timestamp INTEGER NOT NULL,
exit_timestamp INTEGER,
cpu_time INTEGER,
is_thread BOOLEAN NOT NULL,
exitcode INTEGER
);
Expand Down Expand Up @@ -70,36 +72,64 @@ def make_database(insert, path=None):
'''
CREATE INDEX exec_proc_idx ON executed_files(process);
''')
conn.execute(
'''
CREATE TABLE connections(
id INTEGER NOT NULL PRIMARY KEY,
run_id INTEGER NOT NULL,
timestamp INTEGER NOT NULL,
process INTEGER NOT NULL,
inbound INTEGER NOT NULL,
family TEXT NULL,
protocol TEXT NULL,
address TEXT NULL
);
''')
conn.execute(
'''
CREATE INDEX connections_proc_idx ON connections(process);
''')

run = -1
for timestamp, l in enumerate(insert):
if l[0] == 'proc':
ident, parent, is_thread = l[1:]
if parent is None:
run += 1
conn.execute(
'''
INSERT INTO processes(id, run_id, parent, timestamp,
is_thread, exitcode)
VALUES(?, 0, ?, ?, ?, 0);
VALUES(?, ?, ?, ?, ?, 0);
''',
(ident, run, parent, timestamp, is_thread))
elif l[0] == 'exit':
ident, = l[1:]
conn.execute(
'''
UPDATE processes SET exit_timestamp=?
WHERE id=?;
''',
(ident, parent, timestamp, is_thread))
(timestamp, ident))
elif l[0] == 'open':
process, name, is_dir, mode = l[1:]
conn.execute(
'''
INSERT INTO opened_files(run_id, name, timestamp, mode,
is_directory, process)
VALUES(0, ?, ?, ?, ?, ?);
VALUES(?, ?, ?, ?, ?, ?);
''',
(name, timestamp, mode, is_dir, process))
(run, name, timestamp, mode, is_dir, process))
elif l[0] == 'exec':
process, name, wdir, argv = l[1:]
conn.execute(
'''
INSERT INTO executed_files(run_id, name, timestamp,
process, argv, envp,
workingdir)
VALUES(0, ?, ?, ?, ?, "", ?);
VALUES(?, ?, ?, ?, ?, "", ?);
''',
(name, timestamp, process, argv, wdir))
(run, name, timestamp, process, argv, wdir))
else:
assert False

Expand Down
21 changes: 17 additions & 4 deletions tests/test_graph.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,20 +44,25 @@ def setUpClass(cls):
('open', 1, "/usr/lib/2_one.so", False, FILE_READ),
('open', 1, "/some/dir/two", False, FILE_WRITE),
('exec', 0, "/usr/bin/wc", "/some/dir", "wc\0out.txt\0"),
('exit', 1),
('open', 0, "/some/dir/two", False, FILE_READ),
('exit', 0),

('proc', 2, None, False),
('open', 2, "/some/dir", True, FILE_WDIR),
('exec', 2, "/bin/sh", "/some/dir", "sh\0script_2\0"),
('proc', 3, 2, True),
('exit', 3),
('proc', 4, 2, False),
('open', 4, "/some/dir", True, FILE_WDIR),
('exec', 4, "/usr/bin/python", "/some/dir", "python\0-\0"),
('open', 4, "/some/dir/one", False, FILE_READ),
('open', 4, "/some/dir/thing", False, FILE_WRITE),
('exec', 2, "/some/dir/report", "/some/dir", "./report\0-v\0"),
('open', 2, "/some/dir/thing", False, FILE_READ),
('exit', 4),
('open', 2, "/some/dir/result", False, FILE_WRITE),
('exit', 2),
], cls._trace / 'trace.sqlite3')
conn.close()
with (cls._trace / 'config.yml').open('w', encoding='utf-8') as fp:
Expand Down Expand Up @@ -277,6 +282,7 @@ def test_simple(self):
'description': '/bin/sh\n0',
'argv': ['sh', 'script_1'],
'start_time': 0,
'exit_time': 5,
'is_thread': False,
'parent': None,
'reads': ['/bin/sh', '/usr/share/1_one.pyc'],
Expand All @@ -286,6 +292,7 @@ def test_simple(self):
'description': '/usr/bin/python\n0',
'argv': ['python', 'drive.py'],
'start_time': 5,
'exit_time': 15,
'is_thread': False,
'parent': [0, 'exec'],
'reads': ['/usr/bin/python',
Expand All @@ -298,6 +305,7 @@ def test_simple(self):
'description': '/some/dir/experiment\n1',
'argv': ['experiment'],
'start_time': 9,
'exit_time': 16,
'is_thread': False,
'parent': [1, 'fork+exec'],
'reads': ['/some/dir/experiment',
Expand All @@ -308,6 +316,7 @@ def test_simple(self):
'description': '/usr/bin/wc\n0',
'argv': ['wc', 'out.txt'],
'start_time': 15,
'exit_time': 18,
'is_thread': False,
'parent': [1, 'exec'],
'reads': ['/usr/bin/wc', '/some/dir/two'],
Expand All @@ -319,7 +328,8 @@ def test_simple(self):
'long_name': 'sh (2)',
'description': '/bin/sh\n2',
'argv': ['sh', 'script_2'],
'start_time': 17,
'start_time': 19,
'exit_time': 29,
'is_thread': False,
'parent': None,
'reads': ['/bin/sh'],
Expand All @@ -328,7 +338,8 @@ def test_simple(self):
'long_name': 'sh (3)',
'description': '/bin/sh\n3',
'argv': ['sh', 'script_2'],
'start_time': 20,
'start_time': 22,
'exit_time': 23,
'is_thread': True,
'parent': [0, 'fork'],
'reads': [],
Expand All @@ -337,7 +348,8 @@ def test_simple(self):
'long_name': 'python (4)',
'description': '/usr/bin/python\n4',
'argv': ['python', '-'],
'start_time': 21,
'start_time': 24,
'exit_time': 31,
'is_thread': False,
'parent': [0, 'fork+exec'],
'reads': ['/usr/bin/python', '/some/dir/one'],
Expand All @@ -346,7 +358,8 @@ def test_simple(self):
'long_name': 'report (2)',
'description': '/some/dir/report\n2',
'argv': ['./report', '-v'],
'start_time': 26,
'start_time': 29,
'exit_time': 33,
'is_thread': False,
'parent': [0, 'exec'],
'reads': ['/some/dir/report', '/some/dir/thing'],
Expand Down

0 comments on commit 9a440ff

Please sign in to comment.