def test_pcap_processing(self):
'''Tests uploading and processing a pcap message'''
alert_tester_cli = ["pcap_processor", "-k", "-c", self._ndr_config_file, TSHARK_PCAP]
with unittest.mock.patch.object(sys, 'argv', alert_tester_cli):
ndr.tools.pcap_to_traffic_report.main()
# Make sure there's only one file in the queue
outbound_queue = os.listdir(self._ncc.outgoing_upload_spool)
self.assertEqual(len(outbound_queue), 1)
this_msg = self._ncc.outgoing_upload_spool + "/" + outbound_queue[0]
loaded_msg = ndr.IngestMessage.verify_and_load_message(
self._ncc, this_msg, only_accept_cn="ndr_test_suite")
os.remove(this_msg)
self.assertEqual(loaded_msg.message_type, ndr.IngestMessageTypes.TRAFFIC_REPORT)
评论列表
文章目录
