1 | <?php |
||
2 | /* |
||
3 | * FgTrapIpsTest.php |
||
4 | * |
||
5 | * This program is free software: you can redistribute it and/or modify |
||
6 | * it under the terms of the GNU General Public License as published by |
||
7 | * the Free Software Foundation, either version 3 of the License, or |
||
8 | * (at your option) any later version. |
||
9 | * |
||
10 | * This program is distributed in the hope that it will be useful, |
||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the |
||
13 | * GNU General Public License for more details. |
||
14 | * |
||
15 | * You should have received a copy of the GNU General Public License |
||
16 | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
||
17 | * |
||
18 | * Unit tests for Fortigate IPS SNMP trap handlers (FgTrapIps*) |
||
19 | * |
||
20 | * @package LibreNMS |
||
21 | * @link https://www.librenms.org |
||
22 | * @copyright 2019 KanREN, Inc |
||
23 | * @author Heath Barnhart <[email protected]> |
||
24 | */ |
||
25 | |||
26 | namespace LibreNMS\Tests\Feature\SnmpTraps; |
||
27 | |||
28 | use App\Models\Device; |
||
29 | use App\Models\Ipv4Address; |
||
30 | use LibreNMS\Snmptrap\Dispatcher; |
||
31 | use LibreNMS\Snmptrap\Trap; |
||
32 | |||
33 | class FgTrapIpsTest extends SnmpTrapTestCase |
||
34 | { |
||
35 | public function testIpsAnomaly() |
||
36 | { |
||
37 | $device = Device::factory()->create(); /** @var Device $device */ |
||
38 | $ipv4 = Ipv4Address::factory()->make(); /** @var Ipv4Address $ipv4 */ |
||
39 | $trapText = "$device->hostname |
||
40 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
41 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
42 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsAnomaly |
||
43 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
44 | SNMPv2-MIB::sysName.0 $device->hostname |
||
45 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigId.0 2 |
||
46 | FORTINET-FORTIGATE-MIB::fgIpsTrapSrcIp.0 $ipv4->ipv4_address |
||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||
47 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigMsg.0 tcp_src_session"; |
||
48 | |||
49 | $message = "DDoS prevention triggered. Source: $ipv4->ipv4_address Protocol: tcp_src_session"; |
||
50 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 4); |
||
51 | |||
52 | $trap = new Trap($trapText); |
||
53 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsAnomaly trap'); |
||
54 | } |
||
55 | |||
56 | public function testIpsPkgUdate() |
||
57 | { |
||
58 | $device = Device::factory()->create(); /** @var Device $device */ |
||
59 | $trapText = "$device->hostname |
||
60 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
61 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
62 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsPkgUpdate |
||
63 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
64 | SNMPv2-MIB::sysName.0 $device->hostname"; |
||
65 | |||
66 | $message = "IPS package updated on $device->hostname"; |
||
67 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 2); |
||
68 | |||
69 | $trap = new Trap($trapText); |
||
70 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsPkgUpdate trap'); |
||
71 | } |
||
72 | |||
73 | public function testIpsSignature() |
||
74 | { |
||
75 | $device = Device::factory()->create(); /** @var Device $device */ |
||
76 | $ipv4 = Ipv4Address::factory()->make(); /** @var Ipv4Address $ipv4 */ |
||
77 | $trapText = "$device->hostname |
||
78 | UDP: [$device->ip]:57602->[192.168.5.5]:162 |
||
79 | DISMAN-EVENT-MIB::sysUpTimeInstance 302:12:56:24.81 |
||
80 | SNMPv2-MIB::snmpTrapOID.0 FORTINET-FORTIGATE-MIB::fgTrapIpsSignature |
||
81 | FORTINET-CORE-MIB::fnSysSerial.0 $device->serial |
||
82 | SNMPv2-MIB::sysName.0 $device->hostname |
||
83 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigId.0 47173 |
||
84 | FORTINET-FORTIGATE-MIB::fgIpsTrapSrcIp.0 $ipv4->ipv4_address |
||
0 ignored issues
–
show
The property
ipv4_address does not exist on App\Models\Ipv4Address . Since you implemented __get , consider adding a @property annotation.
Loading history...
|
|||
85 | FORTINET-FORTIGATE-MIB::fgIpsTrapSigMsg.0 UPnP.SSDP.M.Search.Anomaly"; |
||
86 | |||
87 | $message = "IPS signature UPnP.SSDP.M.Search.Anomaly detected from $ipv4->ipv4_address with Fortiguard ID 47173"; |
||
88 | \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 4); |
||
89 | |||
90 | $trap = new Trap($trapText); |
||
91 | $this->assertTrue(Dispatcher::handle($trap), 'Could not handle fgTrapIpsSignature trap'); |
||
92 | } |
||
93 | } |
||
94 |