19de3a8a77
* Improve whitelist parsing * Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist * No point passing clog as an argument since it is just a pointer to node we already know about * We should break instead of returning false, false as it may have been whitelisted by ips/cidrs * reimplement early return if expr errors * Fix lint and dont need to parse ip back to string just loop over sources * Log error with node logger as it provides context * Move getsource to a function cleanup some code * Change func name * Split out compile to a function so we can use in tests. Add a bunch of tests * spell correction * Use node logger so it has context * alternative solution * quick fixes * Use containswls * Change whitelist test to use parseipsource and only events * Make it simpler * Postoverflow tests, some basic ones to make sure it works * Use official pkg * Add @mmetc reco * Add @mmetc reco * Change if if to a switch to only evaluate once * simplify assertions --------- Co-authored-by: bui <thibault@crowdsec.net> Co-authored-by: Marco Mariani <marco@crowdsec.net>
80 lines
1.3 KiB
Go
80 lines
1.3 KiB
Go
package types
|
|
|
|
import (
|
|
"net"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/models"
|
|
)
|
|
|
|
func TestParseIPSources(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
evt Event
|
|
expected []net.IP
|
|
}{
|
|
{
|
|
name: "ParseIPSources: Valid Log Sources",
|
|
evt: Event{
|
|
Type: LOG,
|
|
Meta: map[string]string{
|
|
"source_ip": "127.0.0.1",
|
|
},
|
|
},
|
|
expected: []net.IP{
|
|
net.ParseIP("127.0.0.1"),
|
|
},
|
|
},
|
|
{
|
|
name: "ParseIPSources: Valid Overflow Sources",
|
|
evt: Event{
|
|
Type: OVFLW,
|
|
Overflow: RuntimeAlert{
|
|
Sources: map[string]models.Source{
|
|
"127.0.0.1": {},
|
|
},
|
|
},
|
|
},
|
|
expected: []net.IP{
|
|
net.ParseIP("127.0.0.1"),
|
|
},
|
|
},
|
|
{
|
|
name: "ParseIPSources: Invalid Log Sources",
|
|
evt: Event{
|
|
Type: LOG,
|
|
Meta: map[string]string{
|
|
"source_ip": "IAMNOTANIP",
|
|
},
|
|
},
|
|
expected: []net.IP{
|
|
nil,
|
|
},
|
|
},
|
|
{
|
|
name: "ParseIPSources: Invalid Overflow Sources",
|
|
evt: Event{
|
|
Type: OVFLW,
|
|
Overflow: RuntimeAlert{
|
|
Sources: map[string]models.Source{
|
|
"IAMNOTANIP": {},
|
|
},
|
|
},
|
|
},
|
|
expected: []net.IP{
|
|
nil,
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
tt := tt
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
ips := tt.evt.ParseIPSources()
|
|
assert.Equal(t, ips, tt.expected)
|
|
})
|
|
}
|
|
}
|