some work to trim back the size/list of PCAPs used for the test suite (…

…cisagov/Malcolm#526)
idaholab · Dec 19, 2024 · da5edc3 · da5edc3
1 parent f5bd0e3
commit da5edc3
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 26 deletions.
diff --git a/src/maltest/tests/test_common_protocols.py b/src/maltest/tests/test_common_protocols.py
@@ -9,34 +9,33 @@
 
 LOGGER = logging.getLogger(__name__)
 
+# You'll notice I don't use all the PCAPs in pcap/protocols here: I've opted to use some
+#   other PCAPs also in the repository which trigger the same parsers but which are smaller
+#   and thus faster to process.
 UPLOAD_ARTIFACTS = [
-    "pcap/protocols/DCERPC.pcap",
-    "pcap/protocols/DHCP.pcap",
-    "pcap/protocols/DNS.pcap",
-    "pcap/protocols/FTP.pcap",
-    "pcap/protocols/HTTP_1.pcap",
-    "pcap/protocols/HTTP_2.pcap",
+    "pcap/other/Digital Bond S4/WinXP.pcap",
+    "pcap/plugins/CVE-2021-1675/PrintNightmare.pcap",
+    "pcap/plugins/CVE-2021-41773/apache_exploit_success.pcap",
+    "pcap/plugins/cve-2021-44228/2021-12-11-thru-13-server-activity-with-log4j-attempts.pcap",
+    "pcap/plugins/cve-2021-44228/log4j-attack.pcap",
+    "pcap/plugins/smb_mimikatz_copy_to_host.pcap",
+    "pcap/plugins/zeek-agenttesla-detector/0e328ab7-12b2-4843-8717-a5b3ebef33a8.pcap",
+    "pcap/plugins/zeek-agenttesla-detector/a30789ce-1e1c-4f96-a097-78c34b9fb612.pcap",
+    "pcap/plugins/zeek-agenttesla-detector/f9421792-7d2c-47d3-90e0-07eb54ae12fa.pcap",
+    "pcap/plugins/zeek-EternalSafety/esteemedaudit-failed-XPSP2.pcap",
+    "pcap/plugins/zeek-EternalSafety/eternalchampion.pcap",
+    "pcap/protocols/HTTP_websocket.pcap",
     "pcap/protocols/IPsec.pcap",
     "pcap/protocols/IRC.pcap",
-    "pcap/protocols/KRB5.pcap",
-    "pcap/protocols/LDAP.pcap",
     "pcap/protocols/MySQL.pcap",
-    "pcap/protocols/NTLM.pcap",
-    "pcap/protocols/NTP.pcap",
     "pcap/protocols/OpenVPN.pcap",
     "pcap/protocols/OSPF.pcap",
     "pcap/protocols/QUIC.pcap",
     "pcap/protocols/RADIUS.pcap",
-    "pcap/protocols/RDP.pcap",
     "pcap/protocols/RFB.pcap",
-    "pcap/protocols/SIP.pcap",
-    "pcap/protocols/SMB.pcap",
-    "pcap/protocols/SMTP.pcap",
-    "pcap/protocols/SNMP.pcap",
     "pcap/protocols/SSH.pcap",
     "pcap/protocols/SSL.pcap",
     "pcap/protocols/STUN.pcap",
-    "pcap/protocols/Syslog.pcap",
     "pcap/protocols/Telnet.pcap",
     "pcap/protocols/TFTP.pcap",
     "pcap/protocols/Tunnels.pcap",
@@ -123,6 +122,7 @@ def test_common_protocols(
         item['key']: item['doc_count'] for item in mmguero.DeepGet(response.json(), ['event.dataset', 'buckets'], [])
     }
     LOGGER.debug(buckets)
+    LOGGER.debug([x for x in EXPECTED_DATASETS if (buckets.get(x, 0) == 0)])
     assert all([(buckets.get(x, 0) > 0) for x in EXPECTED_DATASETS])
 
 

diff --git a/src/maltest/tests/test_ot_protocols.py b/src/maltest/tests/test_ot_protocols.py
@@ -5,8 +5,19 @@
 
 LOGGER = logging.getLogger(__name__)
 
+# You'll notice I don't use all the PCAPs in pcap/protocols here: I've opted to use some
+#   other PCAPs also in the repository which trigger the same parsers but which are smaller
+#   and thus faster to process.
 UPLOAD_ARTIFACTS = [
-    "pcap/protocols/BACnet.pcap",
+    "pcap/other/Digital Bond S4/Advantech.pcap",
+    "pcap/other/Digital Bond S4/BACnet_FIU.pcap",
+    "pcap/other/Digital Bond S4/BACnet_Host.pcap",
+    "pcap/other/Digital Bond S4/iFix_Client86.pcap",
+    "pcap/other/Digital Bond S4/iFix_Server119.pcap",
+    "pcap/other/Digital Bond S4/MicroLogix56.pcap",
+    "pcap/other/Digital Bond S4/Modicon.pcap",
+    "pcap/other/Digital Bond S4/WinXP.pcap",
+    "pcap/protocols/BACnet_device_control.pcap",
     "pcap/protocols/BSAP.pcap",
     "pcap/protocols/DNP3.pcap",
     "pcap/protocols/ENIP.pcap",
@@ -20,14 +31,6 @@
     "pcap/protocols/S7comm.pcap",
     "pcap/protocols/Synchrophasor.pcap",
     "pcap/protocols/TDS.pcap",
-    "pcap/other/Digital Bond S4/Advantech.pcap",
-    "pcap/other/Digital Bond S4/BACnet_FIU.pcap",
-    "pcap/other/Digital Bond S4/BACnet_Host.pcap",
-    "pcap/other/Digital Bond S4/MicroLogix56.pcap",
-    "pcap/other/Digital Bond S4/Modicon.pcap",
-    "pcap/other/Digital Bond S4/WinXP.pcap",
-    "pcap/other/Digital Bond S4/iFix_Client86.pcap",
-    "pcap/other/Digital Bond S4/iFix_Server119.pcap",
 ]
 
 # TODO:
@@ -38,8 +41,8 @@
 # "genisys",
 EXPECTED_DATASETS = [
     "bacnet",
-    "bacnet_device_control",
     "bacnet_discovery",
+    "bacnet_device_control",
     "bacnet_property",
     "bestguess",
     "bsap_ip_header",
@@ -152,6 +155,7 @@ def test_ot_protocols(
         item['key']: item['doc_count'] for item in mmguero.DeepGet(response.json(), ['event.dataset', 'buckets'], [])
     }
     LOGGER.debug(buckets)
+    LOGGER.debug([x for x in EXPECTED_DATASETS if (buckets.get(x, 0) == 0)])
     assert all([(buckets.get(x, 0) > 0) for x in EXPECTED_DATASETS])