/**
* Helper function to read the logfile and match the supplied pattern.
* It is expected that the supplied pattern contains a unique string to
* avoid false positives.
* Sets $msg with a descriptive message.
*
* @param $expected the string pattern for a preg_match().
* @param &$msg reference to a string message which will be set here.
*
* @return boolean true if the pattern is matched in the logfile, otherwise
* false.
*/
private function verifyLogEntry($expected, &$msg)
{
if ($this->logFileLoc === false) {
$msg = 'Cannot find the logfile!';
return false;
// another fail because we couldn't find the logfile.
}
// read the logfile
$result = fileContainsExpected($this->logFileLoc, $expected);
if ($result === null) {
$this->logFileLoc = false;
$msg = "Failed to read the log file from {$this->logFileLoc}. All" . ' further LoggerTest tests will fail!';
return false;
} elseif ($result === true) {
$msg = 'Log file contains the expected entry. Logging to file' . ' with the supplied parameters is verified.';
return true;
} else {
$msg = 'Log file does not contain the expected entry. Cannot verify' . ' that logging to file is working for the supplied parameters.';
return false;
}
}
/**
* This test will trigger IDS at a point which demonstrates the calculation
* of event intervals. Using a threshold that triggers after 5 events
* within 5 seconds, four events will occur at 1 second intervals, then a
* pause of 3 seconds and then 3 more events in quick succession. IDS
* should not trigger until the 7th event.
*
* *
* e e e e eee
* |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|
* 0 1 2 3 4 5 6 7 8
* |___________________|
* 5 second interval
*
* @return bool True on Pass.
*/
public function testSlidingInterval()
{
if ($this->_logFileLoc === false) {
$this->fail('Cannot perform this test because the log file cannot be found.');
}
$eventName = 'SlidingIntervalTestEvent';
$threshold = ESAPI::getSecurityConfiguration()->getQuota($eventName);
$date = new DateTime();
$find = "User exceeded quota of {$threshold->count} " . "per {$threshold->interval} seconds for event {$eventName}." . sprintf(' Taking the following %d action%s - ', count($threshold->actions), count($threshold->actions) > 1 ? 's' : '') . implode(', ', $threshold->actions) . '.';
$m = 'Test attempts to detect IntrusionDetector' . ' action log message in logfile - %s';
// Generate 4 events at 1 sec intervals
for ($i = 0; $i < 4; $i++) {
ESAPI::getIntrusionDetector()->addEvent($eventName, 'This is a Test Event for IntrusionDetectorTest.');
usleep(1000000);
}
// Sleep for a further 2 secs (for a total of 3 secs between this and
// the next event.
usleep(2000000);
// The following two events should not trigger...
ESAPI::getIntrusionDetector()->addEvent($eventName, 'This is a Test Event for IntrusionDetectorTest.');
$this->assertFalse(fileContainsExpected($this->_logFileLoc, $find, $date, 10, $this->_logDateFormat), $m);
ESAPI::getIntrusionDetector()->addEvent($eventName, 'This is a Test Event for IntrusionDetectorTest.');
$this->assertFalse(fileContainsExpected($this->_logFileLoc, $find, $date, 10, $this->_logDateFormat), $m);
// OK this event SHOULD trigger!
ESAPI::getIntrusionDetector()->addEvent($eventName, 'This is a Test Event for IntrusionDetectorTest.');
$this->assertTrue(fileContainsExpected($this->_logFileLoc, $find, $date, 10, $this->_logDateFormat), $m);
}
