Skip to content

Commit

Permalink
Code review: 308370043: Fixed syslog:ssh parser.
Browse files Browse the repository at this point in the history
  • Loading branch information
@vlejd @Onager
vlejd authored and Onager committed Sep 17, 2016
1 parent a29e6a8 commit 150cf20
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 5 deletions.
2 changes: 1 addition & 1 deletion config/dpkg/changelog
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ plaso (1.4.1-1) unstable; urgency=low

* Auto-generated

-- Log2Timeline <[email protected]> Sat, 17 Sep 2016 19:49:02 +0200
-- Log2Timeline <[email protected]> Sat, 17 Sep 2016 19:59:24 +0200
3 changes: 2 additions & 1 deletion plaso/parsers/syslog_plugins/ssh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,8 @@ class SSHPlugin(interface.SyslogPlugin):
pyparsing.Literal(u'from') + _PYPARSING_COMPONENTS[u'address'] +
pyparsing.Literal(u'port') + _PYPARSING_COMPONENTS[u'port'] +
_PYPARSING_COMPONENTS[u'protocol'] +
pyparsing.Literal(u':') + _PYPARSING_COMPONENTS[u'fingerprint'] +
pyparsing.Optional(
pyparsing.Literal(u':') + _PYPARSING_COMPONENTS[u'fingerprint']) +
pyparsing.StringEnd()
)

Expand Down
9 changes: 9 additions & 0 deletions tests/parsers/syslog_plugins/ssh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,15 @@ def testParse(self):
expected_address = u'188.124.3.41'
self.assertEqual(expected_address, event.address)

event = storage_writer.events[7]
expected_address = u'192.0.2.60'
self.assertEqual(expected_address, event.address)

expected_port = u'20042'
self.assertEqual(expected_port, event.port)

expected_username = u'fred'
self.assertEqual(expected_username, event.username)

if __name__ == '__main__':
unittest.main()
12 changes: 10 additions & 2 deletions tools/log2timeline_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,6 @@ def testListOutputModules(self):
test_tool.ListOutputModules()

output = output_writer.ReadOutput()

number_of_tables = 0
lines = []
for line in output.split(b'\n'):
Expand All @@ -114,9 +113,18 @@ def testListOutputModules(self):

self.assertIn(u'Output Modules', lines[1])

# pylint: disable=protected-access
lines = frozenset(lines)
disabled_outputs = list(test_tool._front_end.GetDisabledOutputClasses())
enabled_outputs = list(test_tool._front_end.GetOutputClasses())

expected_number_of_tables = 0
if disabled_outputs:
expected_number_of_tables += 1
if enabled_outputs:
expected_number_of_tables += 1

self.assertEqual(number_of_tables, 2)
self.assertEqual(number_of_tables, expected_number_of_tables)

expected_line = b'rawpy : "raw" (or native) Python output.'
self.assertIn(expected_line, lines)
Expand Down
10 changes: 9 additions & 1 deletion tools/psort_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,10 +376,18 @@ def testListOutputModules(self):

self.assertIn(u'Output Modules', lines[1])

# pylint: disable=protected-access
lines = frozenset(lines)
disabled_outputs = list(test_tool._front_end.GetDisabledOutputClasses())
enabled_outputs = list(test_tool._front_end.GetOutputClasses())

self.assertEqual(number_of_tables, 2)
expected_number_of_tables = 0
if disabled_outputs:
expected_number_of_tables += 1
if enabled_outputs:
expected_number_of_tables += 1

self.assertEqual(number_of_tables, expected_number_of_tables)
expected_line = b'rawpy : "raw" (or native) Python output.'
self.assertIn(expected_line, lines)

Expand Down

0 comments on commit 150cf20

Please sign in to comment.