add PortscanAttack tests

code/ID2TLib/StatsDatabase.py

@@ -169,7 +169,7 @@ class StatsDatabase:
         """
         # Definition of SQL queries associated to named queries
         named_queries = {
-            "most_used.ipaddress": "SELECT ipAddress FROM ip_statistics WHERE (pktsSent+pktsReceived) == (SELECT MAX(pktsSent+pktsReceived) from ip_statistics) LIMIT 1",
+            "most_used.ipaddress": "SELECT ipAddress FROM ip_statistics WHERE (pktsSent+pktsReceived) == (SELECT MAX(pktsSent+pktsReceived) from ip_statistics) ORDER BY ipAddress ASC LIMIT 1",
             "most_used.macaddress": "SELECT * FROM (SELECT macAddress, COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ DESC) WHERE occ=(SELECT COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ DESC LIMIT 1)",
             "most_used.portnumber": "SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber HAVING cntPort=(SELECT MAX(cntPort) from (SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber))",
             "most_used.protocolname": "SELECT protocolName, COUNT(protocolCount) as countProtocols FROM ip_protocols GROUP BY protocolName HAVING countProtocols=(SELECT COUNT(protocolCount) as cnt FROM ip_protocols GROUP BY protocolName ORDER BY cnt DESC LIMIT 1)",
@@ -177,6 +177,7 @@ class StatsDatabase:
             "most_used.mssvalue": "SELECT mssValue FROM tcp_mss GROUP BY mssValue ORDER BY SUM(mssCount) DESC LIMIT 1",
             "most_used.winsize": "SELECT winSize FROM tcp_win GROUP BY winSize ORDER BY SUM(winCount) DESC LIMIT 1",
             "most_used.ipclass": "SELECT ipClass FROM ip_statistics GROUP BY ipClass ORDER BY COUNT(*) DESC LIMIT 1",
+            #FIXME ORDER BY ASC ? check queries for os dependency!!
             "least_used.ipaddress": "SELECT ipAddress FROM ip_statistics WHERE (pktsSent+pktsReceived) == (SELECT MIN(pktsSent+pktsReceived) from ip_statistics)",
             "least_used.macaddress": "SELECT * FROM (SELECT macAddress, COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ ASC) WHERE occ=(SELECT COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ ASC LIMIT 1)",
             "least_used.portnumber": "SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber HAVING cntPort=(SELECT MIN(cntPort) from (SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber))",

code/Test/test_FTPWinaXeExploit.py

@@ -61,7 +61,7 @@ class UnitTestFTPWinaXeExploit(GenericTest):
     @mock.patch('ID2TLib.Utility.get_rnd_bytes', side_effect=get_bytes)
     @mock.patch('ID2TLib.Utility.get_rnd_x86_nop', side_effect=get_x86_nop)
     @mock.patch('Attack.BaseAttack.BaseAttack.is_valid_ip_address', return_values=[False, True])
-    def test_ftp_invalid_ip(self,mock_valid_ip_check, mock_get_rnd_x86_nop, mock_get_rnd_bytes):
+    def test_ftp_invalid_ip(self, mock_valid_ip_check, mock_get_rnd_x86_nop, mock_get_rnd_bytes):
         self.generic_test([['FTPWinaXeExploit']], sha_valid_ip)
 
 

code/Test/test_PortscanAttack.py

@@ -0,0 +1,58 @@
+import unittest
+import unittest.mock as mock
+
+from Test.GenericTest import GenericTest
+from Test.Lib import *
+
+sha_portscan_default = 'dd28509dcc55a722c57d6b462741581d7b48024cddb8b8c89fe138661fac2b07'
+sha_portscan_reverse_ports = '04f5cdab7ade15bde00f0fcf42278508da7104ac76eab543d9c4b1cbab4f67c7'
+sha_portscan_shuffle_dst_ports = 'a6ef8a714da52d7608a84f50fe9dc71a3714e8b78a62be07c4e3d5509fa03d95'
+sha_portscan_shuffle_src_ports = '218382e8feabea3c5a35834c9962034cdff6e0c90fafee899883a9a54bb38371'
+sha_portscan_mss_value_zero = 'c3847e0a3a5abf886506dc5402fbc9a3096db2fd1df16d276d6c60c6b4b4ca5f'
+sha_portscan_ttl_value_zero = 'c3847e0a3a5abf886506dc5402fbc9a3096db2fd1df16d276d6c60c6b4b4ca5f'
+sha_portscan_win_value_zero = 'c3847e0a3a5abf886506dc5402fbc9a3096db2fd1df16d276d6c60c6b4b4ca5f'
+sha_portscan_ip_src_random = 'c3939f30a40fa6e2164cc91dc4a7e823ca409492d44508e3edfc9d24748af0e5'
+sha_portscan_most_used_ip_in_list = 'c3939f30a40fa6e2164cc91dc4a7e823ca409492d44508e3edfc9d24748af0e5'
+"""
+CURRENT COVERAGE
+Name                             Stmts   Miss  Cover   Missing (lines)
+---------------------------------------------------------------------------
+Attack/PortscanAttack.py           146      6    96%   73, 108-109, 158, 211, 238
+"""
+# TODO: get 100% coverage
+
+
+class UnitTestPortscanAttack(GenericTest):
+
+    def test_portscan_default(self):
+        self.generic_test([['PortscanAttack']], sha_portscan_default)
+
+    def test_portscan_reverse_ports(self):
+        self.generic_test([['PortscanAttack', 'port.dst.order-desc=1']], sha_portscan_reverse_ports)
+
+    def test_portscan_shuffle_dst_ports(self):
+        self.generic_test([['PortscanAttack', 'port.dst.shuffle=1']], sha_portscan_shuffle_dst_ports)
+
+    def test_portscan_shuffle_src_ports(self):
+        self.generic_test([['PortscanAttack', 'port.src.shuffle=1']], sha_portscan_shuffle_src_ports)
+
+    @mock.patch('ID2TLib.Statistics.Statistics.get_mss_distribution', return_value='')
+    def test_portscan_mss_length_zero(self, mock_mss_dis):
+        self.generic_test([['PortscanAttack']], sha_portscan_mss_value_zero)
+
+    @mock.patch('ID2TLib.Statistics.Statistics.get_ttl_distribution', return_value='')
+    def test_portscan_ttl_length_zero(self, mock_ttl_dis):
+        self.generic_test([['PortscanAttack']], sha_portscan_ttl_value_zero)
+
+    @mock.patch('ID2TLib.Statistics.Statistics.get_win_distribution', return_value='')
+    def test_portscan_win_length_zero(self, mock_win_dis):
+        self.generic_test([['PortscanAttack']], sha_portscan_win_value_zero)
+
+    @mock.patch('ID2TLib.Statistics.Statistics.get_most_used_ip_address')
+    def test_portscan_most_used_ips(self, mock_most_used_ip_address):
+        mock_most_used_ip_address.return_value = test_pcap_ips
+        self.generic_test([['PortscanAttack']], sha_portscan_most_used_ip_in_list)
+
+
+if __name__ == '__main__':
+    unittest.main()