dorothy2 0.0.3 → 1.0.0

data/lib/mu/xtractr/test/tc_flow.rb

@@ -0,0 +1,79 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Flow
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_Flow
+        assert(Flow.ancestors.include?(Enumerable), "Flow doesn't mixin Enumerable")
+    end
+    
+    def test_attributes
+        flow = xtractr.flows('flow.service:HTTP').first
+        assert_equal(2, flow.id)
+        assert_equal(0.264773, flow.time)
+        assert_equal(30.2019, flow.duration)
+        assert_kind_of(Host, flow.src)
+        assert_equal('192.168.1.10', flow.src.address)
+        assert_kind_of(Host, flow.dst)
+        assert_equal('8.18.65.67', flow.dst.address)
+        assert_equal(6, flow.proto)
+        assert_equal(49163, flow.sport)
+        assert_equal(80, flow.dport)
+        assert_kind_of(Service, flow.service)
+        assert_equal('HTTP', flow.service.name)
+        assert_equal('GET /WebObjects/MZStore.woa/wa/viewGrouping?id=39 HTTP/1.1 ', flow.title)
+        assert_equal(28, flow.packets)
+        assert_equal(19791, flow.bytes)
+        assert_equal(1, flow.cmsgs)
+        assert_equal(1, flow.smsgs)
+        assert_equal(3, flow.instance_variable_get(:@first_id))
+        assert_equal(300, flow.instance_variable_get(:@last_id))
+        assert_kind_of(Packet, flow.first)
+        assert_equal(3, flow.first.id)
+        assert_kind_of(Packet, flow.last)
+        assert_equal(300, flow.last.id)
+    end
+    
+    def test_each
+        flow = xtractr.flows('flow.service:HTTP').first
+        v = flow.each { |pkt| assert_kind_of(Packet, pkt) }
+        assert_equal(flow, v)
+        v = flow.each_packet { |pkt| assert_kind_of(Packet, pkt) }
+        assert_equal(flow, v)
+    end
+    
+    def test_contents
+        flow = xtractr.flows('flow.service:HTTP').first
+        contents = flow.contents
+        assert_equal(1, contents.size)
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.flows.inspect }
+    end
+end
+end # Flow
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_flows.rb

@@ -0,0 +1,94 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Flows
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_Flows
+        assert(Flows.ancestors.include?(Enumerable), "Flows doesn't mixin Enumerable")
+    end
+    
+    def test_q
+        flows = xtractr.flows
+        assert_equal('*', flows.q)
+        
+        flows = xtractr.flows 'flow.service:DNS'
+        assert_equal('flow.service:DNS', flows.q)        
+    end
+    
+    def test_each
+        flows = xtractr.flows 'flow.service:DNS'
+        v = flows.each { |f| assert_kind_of(Flow, f) }
+        assert_equal(flows, v)
+        
+        v = flows.each_flow { |f| assert_kind_of(Flow, f) }
+        assert_equal(flows, v)
+    end
+    
+    def test_first
+        flows = xtractr.flows 'flow.service:DNS'
+        flow = flows.first
+        assert_kind_of(Flow, flow)
+        
+        flow = xtractr.flows('flow.service:blah').first
+        assert_nil(flow)
+    end
+    
+    def test_count
+        flows = xtractr.flows 'flow.service:DNS'
+        counts = flows.count 'dns.qry.name'
+        assert_equal(4, counts.size)
+        counts.each { |c| assert_kind_of(Views::Count, c) }
+    end
+    
+    def test_values
+        flows = xtractr.flows 'flow.service:DNS'
+        values = flows.values 'dns.qry.name'
+        assert_equal(4, values.size)
+        values.each { |v| assert_kind_of(Field::Value, v) }
+    end
+    
+    def test_sum
+        flows = xtractr.flows 'flow.service:DNS'
+        sums = flows.sum 'dns.qry.name', 'flow.bytes'
+        assert_equal(4, sums.size)
+        sums.each { |s| assert_kind_of(Views::Sum, s) }
+    end
+    
+    def test_save
+        filename = '/tmp/foo.pcap'
+        xtractr.flows(1..3).save(filename)
+        assert_equal(true, File.exist?(filename))
+        assert_equal(20898, File.size(filename))
+    ensure
+        File.unlink filename
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.flows.inspect }
+    end
+end
+end # Flows
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_host.rb

@@ -0,0 +1,116 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Host
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_clients
+        host = xtractr.host('192.168.1.10')
+        assert_equal(true, host.clients.empty?)
+        
+        host = xtractr.host('8.18.65.32')
+        assert_equal(1, host.clients.size)
+        assert_equal('192.168.1.10', host.clients[0].value)
+    end
+    
+    def test_servers
+        host = xtractr.host('8.18.65.32')
+        assert_equal(true, host.servers.empty?)
+        
+        host = xtractr.host('192.168.1.10')
+        assert_equal(11, host.servers.size)
+        assert_equal('4.2.2.1', host.servers[0].value)
+    end
+    
+    def test_services
+        host = xtractr.host('192.168.1.10')
+        services = host.services
+        assert_equal(3, services.size)
+        assert_equal('HTTP', services[0].value)
+        assert_equal('DNS', services[1].value)
+        assert_equal('MDNS', services[2].value)
+        
+        services = host.services :client
+        assert_equal(3, services.size)
+        assert_equal('HTTP', services[0].value)
+        assert_equal('DNS', services[1].value)
+        assert_equal('MDNS', services[2].value)
+        
+        services = host.services :server
+        assert_equal(true, services.empty?)
+        
+        host = xtractr.host('4.2.2.1')
+        services = host.services
+        assert_equal(1, services.size)
+        assert_equal('DNS', services[0].value)
+        
+        services = host.services :client
+        assert_equal(true, services.empty?)
+        
+        services = host.services :server        
+        assert_equal(1, services.size)
+        assert_equal('DNS', services[0].value)
+    end
+    
+    def test_flows
+        host = xtractr.host('192.168.1.10')
+        flows = host.flows
+        assert_equal("flow.src|flow.dst:\"192.168.1.10\"", flows.q)
+        
+        flows = host.flows :any
+        assert_equal("flow.src|flow.dst:\"192.168.1.10\"", flows.q)
+        
+        flows = host.flows :client
+        assert_equal("flow.src:\"192.168.1.10\"", flows.q)
+        
+        flows = host.flows :server
+        assert_equal("flow.dst:\"192.168.1.10\"", flows.q)
+        
+        assert_raise(ArgumentError) { host.flows :blah }
+    end
+        
+    def test_packets
+        host = xtractr.host('192.168.1.10')
+        packets = host.packets
+        assert_equal("pkt.src|pkt.dst:\"192.168.1.10\"", packets.q)
+        
+        packets = host.packets :any
+        assert_equal("pkt.src|pkt.dst:\"192.168.1.10\"", packets.q)
+        
+        packets = host.packets :client
+        assert_equal("pkt.src:\"192.168.1.10\"", packets.q)
+        
+        packets = host.packets :server
+        assert_equal("pkt.dst:\"192.168.1.10\"", packets.q)
+        
+        assert_raise(ArgumentError) { host.packets :blah }
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.hosts.first.inspect }
+    end
+end
+end # Host
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_packet.rb

@@ -0,0 +1,110 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Packet
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_Packet
+        assert(Packet.ancestors.include?(Enumerable), "Packet doesn't mixin Enumerable")
+    end
+    
+    def test_attributes
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        assert_equal(6, pkt.id)
+        assert_equal(606, pkt.offset)
+        assert_equal(412, pkt.length)
+        assert_equal(0.313968, pkt.time)
+        assert_equal(0, pkt.dir)
+        assert_kind_of(Host, pkt.src)
+        assert_equal('192.168.1.10', pkt.src.address)
+        assert_kind_of(Host, pkt.dst)
+        assert_equal('8.18.65.67', pkt.dst.address)
+        assert_kind_of(Service, pkt.service)
+        assert_equal('HTTP', pkt.service.name)
+        assert_equal('GET /WebObjects/MZStore.woa/wa/viewGrouping?id=39 HTTP/1.1 ', pkt.title)
+        
+        assert_equal(2, pkt.instance_variable_get(:@flow_id))
+        assert_nil(pkt.instance_variable_get(:@flow))
+        flow = pkt.flow
+        assert_kind_of(Flow, flow)
+        assert_equal(2, flow.id)
+        assert_not_nil(pkt.instance_variable_get(:@flow))
+        flow2 = pkt.flow
+        assert_equal(flow.__id__, flow2.__id__)
+    end
+    
+    def test_bytes
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        bytes = pkt.bytes
+        assert_equal(412, bytes.size)
+        assert_match(/WebObjects/, bytes)
+    end
+    
+    def test_payload
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        payload = pkt.payload
+        assert_equal(346, payload.size)
+        assert_match(/^GET/, payload)
+    end
+    
+    def test_each
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        pkt.each { |fv| assert_kind_of(Field::Value, fv) }
+        pkt.each(/ip.ttl/) do |fv| 
+            assert_kind_of(Field::Value, fv)
+            assert_match(/ip\.ttl/, fv.field.name)
+        end
+        pkt.each_field { |fv| assert_kind_of(Field::Value, fv) }
+    end
+    
+    def test_field
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        values = pkt['http.request.method']
+        assert_kind_of(Array, values)
+        assert_equal(1, values.size)
+        assert_equal("GET", values[0])
+        
+        values = pkt.field 'http.request.method'
+        assert_kind_of(Array, values)
+        assert_equal(1, values.size)
+        assert_equal("GET", values[0])
+    end
+    
+    def test_save
+        filename = '/tmp/foo.pcap'
+        pkt = xtractr.packets('pkt.service:HTTP').first
+        pkt.save filename
+        assert_equal(true, File.exist?(filename))
+        assert_equal(452, File.size(filename))
+    ensure
+        File.unlink filename
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.packets('pkt.service:DNS').first.inspect }
+    end
+end
+end # Packet
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_packets.rb

@@ -0,0 +1,84 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Packets
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_Packets
+        assert(Packets.ancestors.include?(Enumerable), "Packets doesn't mixin Enumerable")
+    end
+    
+    def test_each
+        pkts = xtractr.packets(1..10)
+        pkts.each { |pkt| assert_kind_of(Packet, pkt) }
+        pkts.each_packet { |pkt| assert_kind_of(Packet, pkt) }
+        pkts.each_with_index { |pkt, i| assert_equal(i+1, pkt.id) }
+    end
+    
+    def test_first
+        pkt = xtractr.packets(1..10).first
+        assert_kind_of(Packet, pkt)
+        assert_equal(1, pkt.id)
+    end
+    
+    def test_count
+        counts = xtractr.packets(1..10).count('pkt.src')
+        assert_equal(3, counts.size)
+        counts.each { |c| assert_kind_of(Views::Count, c) }
+        assert_equal(true, counts[0].count > counts[-1].count)
+    end
+    
+    def test_values
+        values = xtractr.packets(1..10).values('pkt.src')
+        assert_equal(3, values.size)
+        values.each do |v| 
+            assert_kind_of(Field::Value, v)
+            assert_equal('pkt.src', v.field.name)
+        end
+    end
+    
+    def test_sum
+        sums = xtractr.packets(1..10).sum('pkt.src', 'pkt.length')
+        assert_equal(3, sums.size)
+        sums.each { |s| assert_kind_of(Views::Sum, s) }
+        assert_equal(true, sums[0].sum > sums[-1].sum)
+    end
+    
+    def test_save
+        filename = '/tmp/foo.pcap'
+        pkts = xtractr.packets('pkt.service:HTTP pkt.dir:0')
+        pkts.save filename
+        assert_equal(true, File.exist?(filename))
+        assert_equal(53015, File.size(filename))
+    ensure
+        File.unlink filename
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.packets(1..10).inspect }
+    end
+end
+end # Packets
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_service.rb

@@ -0,0 +1,66 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Service
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    
+    def setup
+        @xtractr = Xtractr.new
+    end
+    
+    def test_clients
+        service = xtractr.service('DNS')
+        clients = service.clients
+        assert_equal(1, clients.size)
+        assert_equal('192.168.1.10', clients[0].value)
+        
+        service = xtractr.service('DNS')
+        clients = service.clients 'flow.src:192.168.1.1'
+        assert_equal(0, clients.size)
+    end
+    
+    def test_servers
+        service = xtractr.service('HTTP')
+        servers = service.servers
+        assert_equal(9, servers.size)
+        
+        servers = service.servers 'flow.dst:8.18*'
+        assert_equal(8, servers.size)
+    end
+    
+    def test_flows
+        service = xtractr.service('HTTP')
+        flows = service.flows
+        assert_equal("flow.service:\"HTTP\"", flows.q)        
+    end
+        
+    def test_packets
+        service = xtractr.service('HTTP')
+        packets = service.packets
+        assert_equal("pkt.service:\"HTTP\"", packets.q)
+    end
+    
+    def test_inspect
+        assert_nothing_raised { xtractr.services.first.inspect }
+    end
+end
+end # Service
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_stream.rb

@@ -0,0 +1,56 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Stream
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    attr_reader :stream
+    
+    def setup
+        @xtractr = Xtractr.new
+        @stream = xtractr.flows('flow.service:HTTP').first.stream
+    end
+    
+    def test_Stream
+        assert(Stream.ancestors.include?(Enumerable), "Stream doesn't mixin Enumerable")
+    end
+    
+    def test_flow
+        assert_kind_of(Flow, stream.flow)
+    end
+    
+    def test_each
+        assert_equal(stream.method(:each), stream.method(:each_message))
+        assert_equal(2, stream.messages.size)
+        stream.each_with_index do |m, i|
+            assert_kind_of(Stream::Message, m)
+            assert_equal(i, m.index)
+            assert_equal(stream.__id__, m.stream.__id__)
+            assert_equal(true, m.dir == 0 || m.dir == 1)
+            assert_nothing_raised { m.inspect }
+        end
+    end
+    
+    def test_inspect
+        assert_nothing_raised { stream.inspect }
+    end
+end
+end # Stream
+end # Xtractr
+end # Mu

data/lib/mu/xtractr/test/tc_term.rb

@@ -0,0 +1,59 @@
+# "THE BEER-WARE LICENSE" (Revision 42):
+# Mu[http://www.mudynamics.com] wrote this file. As long as you retain this 
+# notice you can do whatever you want with this stuff. If we meet some day, 
+# and you think this stuff is worth it, you can buy us a beer in return. 
+#
+# All about pcapr
+# * http://www.pcapr.net
+# * http://groups.google.com/group/pcapr-forum
+# * http://twitter.com/pcapr
+#
+# Mu Dynamics
+# * http://www.mudynamics.com
+# * http://labs.mudynamics.com
+
+require 'mu/xtractr'
+require 'test/unit'
+
+module Mu
+class Xtractr
+class Term
+class Test < Test::Unit::TestCase
+    attr_reader :xtractr
+    attr_reader :term
+    
+    def setup
+        @xtractr = Xtractr.new
+        @term = xtractr.field('http.request.method').terms.first
+    end
+    
+    def test_Term
+        assert(Term.ancestors.include?(Enumerable), "Term doesn't mixin Enumerable")
+    end
+    
+    def test_attributes
+        assert_kind_of(Field, term.field)
+        assert_equal('get', term.value)
+        assert_equal(116, term.frequency)
+    end
+    
+    def test_each
+        assert_equal(term.method(:each), term.method(:each_packet))
+        term.each_with_index do |pkt, i|
+            assert_kind_of(Packet, pkt)
+            break if i < 16
+        end
+    end
+    
+    def test_packets
+        packets = term.packets
+        assert_equal("http.request.method:get", packets.q)
+    end
+    
+    def test_inspect
+        assert_nothing_raised { term.inspect }
+    end
+end
+end # Term
+end # Xtractr
+end # Mu