From 30da8aa54e8e662a5a56b93a6534e4bba4aa08a2 Mon Sep 17 00:00:00 2001 From: bwhelan212 <123424127+bwhelan212@users.noreply.github.com> Date: Wed, 25 Oct 2023 03:28:40 -0700 Subject: [PATCH] Unit test to ensure invalid timestamp conversions do not occur (#2954) * Add new csv test file * Change the message values in validate_date_events_timestamp_manipulation.csv * Add test to make sure timestamp is converted correctly * added entries for more verification * Changed name of test_timestamp_conversion to current and fixed comparison between read entries and expectedoutputs * fixed fields for test_timestamp_is_ISOformat and csv. changed csv name to validate_timestamp_conversion.csv * format --------- Co-authored-by: Han K Ngo <100813911+hankngo@users.noreply.github.com> Co-authored-by: Isaac-G5900 <144189484+Isaac-G5900@users.noreply.github.com> Co-authored-by: Johan Berggren --- .../validate_timestamp_conversion.csv | 4 +++ timesketch/lib/utils_test.py | 36 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 test_tools/test_events/validate_timestamp_conversion.csv diff --git a/test_tools/test_events/validate_timestamp_conversion.csv b/test_tools/test_events/validate_timestamp_conversion.csv new file mode 100644 index 0000000000..845aa9ec6f --- /dev/null +++ b/test_tools/test_events/validate_timestamp_conversion.csv @@ -0,0 +1,4 @@ +"message","timestamp","datetime","timestamp_desc","data_type" +"Checking timestamp conversion","1331698658000000","2012-03-14T04:17:38+00:00","Time Logged","This event has timestamp" +"Checking timestamp conversion","1658689261000000","2022-07-24T19:01:01+0000","Time Logged","This event has timestamp" +"Make sure message is same","1437789661000000","2015-07-25 02:01:01+00:00","Logging","This data_type should stay the same" diff --git a/timesketch/lib/utils_test.py b/timesketch/lib/utils_test.py index 871f420486..8e7ca0e219 100644 --- a/timesketch/lib/utils_test.py +++ b/timesketch/lib/utils_test.py @@ -180,6 +180,7 @@ def test_missing_timestamp_csv_file(self): """Test for parsing datetime values in CSV file""" # Test that a timestamp is generated if missing. + expected_output = { "message": "No timestamp", "datetime": "2022-07-24T19:01:01+00:00", @@ -196,6 +197,41 @@ def test_missing_timestamp_csv_file(self): expected_output, ) + def test_timestamp_is_ISOformat(self): + """Test that timestamp values in CSV file are not altered""" + + # Make sure timestamp is processed correctly, and the format is not altered + expected_outputs = [ + { + "message": "Checking timestamp conversion", + "timestamp": 1331698658000000, + "datetime": "2012-03-14T04:17:38+00:00", + "timestamp_desc": "Time Logged", + "data_type": "This event has timestamp", + }, + { + "message": "Checking timestamp conversion", + "timestamp": 1658689261000000, + "datetime": "2022-07-24T19:01:01+00:00", + "timestamp_desc": "Time Logged", + "data_type": "This event has timestamp", + }, + { + "message": "Make sure message is same", + "timestamp": 1437789661000000, + "datetime": "2015-07-25T02:01:01+00:00", + "timestamp_desc": "Logging", + "data_type": "This data_type should stay the same", + }, + ] + results = iter( + read_and_validate_csv( + "test_tools/test_events/validate_timestamp_conversion.csv" + ) + ) + for output in expected_outputs: + self.assertDictEqual(next(results), output) + def test_invalid_JSONL_file(self): """Test for JSONL with missing keys in the dictionary wrt headers mapping""" linedict = {"DT": "2011-11-11", "MSG": "this is a test"}