1 | <?php |
||
2 | /* |
||
3 | * FgTrapIpsTest.php |
||
4 | * |
||
5 | * This program is free software: you can redistribute it and/or modify |
||
6 | * it under the terms of the GNU General Public License as published by |
||
7 | * the Free Software Foundation, either version 3 of the License, or |
||
8 | * (at your option) any later version. |
||
9 | * |
||
10 | * This program is distributed in the hope that it will be useful, |
||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the |
||
13 | * GNU General Public License for more details. |
||
14 | * |
||
15 | * You should have received a copy of the GNU General Public License |
||
16 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
17 | * |
||
18 | * Unit tests for Fortigate IPS SNMP trap handlers (FgTrapIps*) |
||
19 | * |
||
20 | * @package LibreNMS |
||
21 | * @link http://librenms.org |
||
22 | * @copyright 2019 KanREN, Inc |
||
23 | * @author Heath Barnhart <[email protected]> |
||
24 | */ |
||
25 | |||
26 | namespace LibreNMS\Tests\Feature\SnmpTraps; |
||
27 | |||
28 | use App\Models\Device; |
||
29 | use App\Models\Ipv4Address; |
||
30 | use Illuminate\Foundation\Testing\DatabaseTransactions; |
||
31 | use LibreNMS\Snmptrap\Dispatcher; |
||
32 | use LibreNMS\Snmptrap\Trap; |
||
33 | use LibreNMS\Tests\DBTestCase; |
||
34 | |||
35 | class FgTrapIpsTest extends DBTestCase |
||
36 | { |
||
37 | use DatabaseTransactions; |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
38 | |||
39 | public function testIpsAnomaly() |
||
40 | { |
||
41 | $device = factory(Device::class)->create(); |
||
42 | $ipv4 = factory(Ipv4Address::class)->make(); |
||
43 | |||
44 | $trapText = "$device->hostname |
||
45 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
46 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
47 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsAnomaly |
||
48 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
49 | SNMPv2-MIB::sysName.0 $device->hostname |
||
50 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigId.0 2 |
||
51 | FORTINET-FORTIGATE-MIB::fgIpsTrapSrcIp.0 $ipv4->ipv4_address |
||
52 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigMsg.0 tcp_src_session"; |
||
53 | |||
54 | $message = "DDoS prevention triggered. Source: $ipv4->ipv4_address Protocol: tcp_src_session"; |
||
55 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 4); |
||
56 | |||
57 | $trap = new Trap($trapText); |
||
58 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsAnomaly trap'); |
||
59 | } |
||
60 | |||
61 | public function testIpsPkgUdate() |
||
62 | { |
||
63 | $device = factory(Device::class)->create(); |
||
64 | |||
65 | $trapText = "$device->hostname |
||
66 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
67 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
68 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsPkgUpdate |
||
69 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
70 | SNMPv2-MIB::sysName.0 $device->hostname"; |
||
71 | |||
72 | $message = "IPS package updated on $device->hostname"; |
||
73 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 2); |
||
74 | |||
75 | $trap = new Trap($trapText); |
||
76 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsPkgUpdate trap'); |
||
77 | } |
||
78 | |||
79 | public function testIpsSignature() |
||
80 | { |
||
81 | $device = factory(Device::class)->create(); |
||
82 | $ipv4 = factory(Ipv4Address::class)->make(); |
||
83 | |||
84 | $trapText = "$device->hostname |
||
85 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
86 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
87 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsSignature |
||
88 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
89 | SNMPv2-MIB::sysName.0 $device->hostname |
||
90 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigId.0 47173 |
||
91 | FORTINET-FORTIGATE-MIB::fgIpsTrapSrcIp.0 $ipv4->ipv4_address |
||
92 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigMsg.0 UPnP.SSDP.M.Search.Anomaly"; |
||
93 | |||
94 | $message = "IPS signature UPnP.SSDP.M.Search.Anomaly detected from $ipv4->ipv4_address with Fortiguard ID 47173"; |
||
95 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 4); |
||
96 | |||
97 | $trap = new Trap($trapText); |
||
98 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsSignature trap'); |
||
99 | } |
||
100 | } |
||
101 |