add 'in File(...)' tests for parsers and leakybuckets

2020-05-27 17:04:54 +02:00 · 2020-05-27 17:04:54 +02:00 · 7557ce8156
parent 6cb5ec0460
commit 7557ce8156
6 changed files with 47 additions and 3 deletions
--- a/pkg/leakybucket/buckets_test.go
+++ b/pkg/leakybucket/buckets_test.go
@ -76,7 +76,7 @@ func testOneBucket(t *testing.T, dir string) error {
 	for _, x := range stages {
 		files = append(files, x.Filename)
 	}
-	holders, response, err := LoadBuckets(files, dir+"/data")
+	holders, response, err := LoadBuckets(files, dir)
 	if err != nil {
 		t.Fatalf("failed loading bucket : %s", err)
 	}
--- a/pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml
+++ b/pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml
@ -0,0 +1,12 @@
+type: trigger
+debug: true
+name: test/simple-trigger
+data:
+  - source_url: https://invalid.com/test.list
+    dest_file: ./simple_patterns.txt
+description: "Simple trigger with external data"
+filter: "evt.Line.Labels.type =='testlog' && evt.Parsed.tainted_data in File('./simple_patterns.txt')"
+groupby: evt.Meta.source_ip
+labels:
+ type: overflow_1
+
--- a/pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml
+++ b/pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml
@ -0,0 +1,2 @@
+ - filename: {{.TestDirectory}}/bucket.yaml
+
--- a/pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt
+++ b/pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt
@ -0,0 +1,3 @@
+BBBBBBBBBBB11111XXX
+AAAABBBBBBB11111XXX
+CCCCCCCCCC11111XXX
--- a/pkg/leakybucket/tests/simple-trigger-external-data/test.yaml
+++ b/pkg/leakybucket/tests/simple-trigger-external-data/test.yaml
@ -0,0 +1,27 @@
+#this one will trigger a simple overflow
+lines:
+  - Line:
+      Labels:
+        type: testlog
+      Raw: xxheader VALUE1 trailing stuff
+    MarshaledTime: 2020-01-01T10:00:00Z
+    Meta:
+      source_ip: 1.2.3.4
+    Parsed:
+      tainted_data: AAAABBBBBBB11111XXX
+  - Line:
+      Labels:
+        type: testlog
+      Raw: xxheader VALUE2 trailing stuff
+    MarshaledTime: 2020-01-01T10:00:00Z
+    Meta:
+      source_ip: 1.2.3.5
+    Parsed:
+      tainted_data: ZZZBBBBBBB11111XXX
+results:
+  - Overflow:
+      scenario: test/simple-trigger
+      Source_ip: 1.2.3.4
+      Events_count: 1
+
+
--- a/pkg/parser/tests/base-grok-external-data/base-grok.yaml
+++ b/pkg/parser/tests/base-grok-external-data/base-grok.yaml
@ -4,7 +4,7 @@ onsuccess: next_stage
 name: tests/base-grok
 data:
  - source_url: https://invalid.com/test.list
-    dest_file: ../pkg/parser/tests/sample_strings.txt
+    dest_file: ./sample_strings.txt

 pattern_syntax:
  MYCAP1: ".*"
@ -17,6 +17,6 @@ statics:
    value: parsed_testlog
  - meta: is_it_in_file
    expression: |-
-      evt.Parsed.extracted_value in File("../pkg/parser/tests/sample_strings.txt") ? "true" : "false"
+      evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"
				`@ -0,0 +1,2 @@`
				`- filename: {{.TestDirectory}}/bucket.yaml`