import pytest from datetime import datetime from SSHLogEntry import SSHLogEntry, SSHRejectedPassword, SSHOther, SSHAcceptedPassword, SSHError from SSHLogJournal import SSHLogJournal from ipaddress import IPv4Address, AddressValueError def test_extract_timestamp_rejected_password(): entry = SSHRejectedPassword("Dec 10 07:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") assert entry.timestamp_datetime == datetime.strptime("Dec 10 07:08:30", '%b %d %H:%M:%S') def test_extract_timestamp_other(): entry = SSHOther("Dec 10 07:08:28 LabSZ sshd[24208]: input_userauth_request: invalid user webmaster [preauth]") assert entry.timestamp_datetime == datetime.strptime("Dec 10 07:08:28", '%b %d %H:%M:%S') def test_extract_timestamp_accepted_password(): entry = SSHAcceptedPassword("Dec 10 09:32:20 LabSZ sshd[24680]: Accepted password for fztu from 119.137.62.142 port 49116 ssh2") assert entry.timestamp_datetime == datetime.strptime("Dec 10 09:32:20", '%b %d %H:%M:%S') def test_extract_timestamp_error(): entry = SSHError("Dec 10 07:51:15 LabSZ sshd[24324]: error: Received disconnect from 195.154.37.122: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]") assert entry.timestamp_datetime == datetime.strptime("Dec 10 07:51:15", '%b %d %H:%M:%S') def test_extract_timestamp_invalid_month(): with pytest.raises(ValueError) as exc_info: entry = SSHRejectedPassword("Dce 10 07:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") def test_extract_timestamp_invalid_day(): with pytest.raises(ValueError) as exc_info: entry = SSHRejectedPassword("Dec 32 07:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") def test_extract_timestamp_invalid_hour(): with pytest.raises(ValueError) as exc_info: entry = SSHRejectedPassword("Dec 10 25:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") def test_extract_timestamp_invalid_minute(): with pytest.raises(ValueError) as exc_info: entry = SSHRejectedPassword("Dec 10 07:60:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") def test_extract_timestamp_invalid_second(): with pytest.raises(ValueError) as exc_info: entry = SSHRejectedPassword("Dec 10 07:08:60 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2") def test_extract_ipv4_correct(): entry = SSHRejectedPassword("Dec 10 06:55:48 LabSZ sshd[24200]: Failed password for invalid user webmaster from 173.234.31.186 port 38926 ssh2") assert entry.ipv4() == IPv4Address("173.234.31.186") def test_extract_ipv4_incorrect(): with pytest.raises(AddressValueError) as exc_info: entry = SSHOther("Dec 10 06:55:48 LabSZ sshd[24200]: Failed password for invalid user webma ster from 666.777.88.213 port 38926 ssh2") entry.ipv4() def test_extract_ipv4_empty(): entry = SSHAcceptedPassword("Dec 10 07:07:38 LabSZ sshd[24206]: input_userauth_request: invalid user test9 [preauth]") assert entry.ipv4() is None @pytest.mark.parametrize("entry, expected_type", [ ("Dec 10 07:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2", SSHRejectedPassword), ("Dec 10 09:32:20 LabSZ sshd[24680]: Accepted password for fztu from 119.137.62.142 port 49116 ssh2", SSHAcceptedPassword), ("Dec 10 07:51:15 LabSZ sshd[24324]: error: Received disconnect from 195.154.37.122: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]", SSHError), ("Dec 10 07:08:28 LabSZ sshd[24208]: input_userauth_request: invalid user webmaster [preauth]", SSHOther) ]) def test_journal_append(entry, expected_type): journal = SSHLogJournal() journal.append(entry) assert isinstance(journal._entries[0], expected_type)