0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add 'in File(...)' tests for parsers and leakybuckets

Browse source
This commit is contained in:
Thibault bui Koechlin 2020-05-27 17:04:54 +02:00 committed by AlteredCoder
parent 88f89279ad
commit ed44aea206
6 changed files with 47 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/leakybucket/buckets_test.go
View file

@ -76,7 +76,7 @@ func testOneBucket(t *testing.T, dir string) error {
for _, x := range stages {
files = append(files, x.Filename)
}
holders, response, err := LoadBuckets(files, dir+"/data")
holders, response, err := LoadBuckets(files, dir)
if err != nil {
t.Fatalf("failed loading bucket : %s", err)
}

12
pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml Normal file
View file

@ -0,0 +1,12 @@
type: trigger
debug: true
name: test/simple-trigger
data:
- source_url: https://invalid.com/test.list
dest_file: ./simple_patterns.txt
description: "Simple trigger with external data"
filter: "evt.Line.Labels.type =='testlog' && evt.Parsed.tainted_data in File('./simple_patterns.txt')"
groupby: evt.Meta.source_ip
labels:
type: overflow_1

2
pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml Normal file
View file

@ -0,0 +1,2 @@
- filename: {{.TestDirectory}}/bucket.yaml

3
pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt Normal file
View file

@ -0,0 +1,3 @@
BBBBBBBBBBB11111XXX
AAAABBBBBBB11111XXX
CCCCCCCCCC11111XXX

27
pkg/leakybucket/tests/simple-trigger-external-data/test.yaml Normal file
View file

@ -0,0 +1,27 @@
#this one will trigger a simple overflow
lines:
- Line:
Labels:
type: testlog
Raw: xxheader VALUE1 trailing stuff
MarshaledTime: 2020-01-01T10:00:00Z
Meta:
source_ip: 1.2.3.4
Parsed:
tainted_data: AAAABBBBBBB11111XXX
- Line:
Labels:
type: testlog
Raw: xxheader VALUE2 trailing stuff
MarshaledTime: 2020-01-01T10:00:00Z
Meta:
source_ip: 1.2.3.5
Parsed:
tainted_data: ZZZBBBBBBB11111XXX
results:
- Overflow:
scenario: test/simple-trigger
Source_ip: 1.2.3.4
Events_count: 1

4
pkg/parser/tests/base-grok-external-data/base-grok.yaml
View file

@ -4,7 +4,7 @@ onsuccess: next_stage
name: tests/base-grok
data:
- source_url: https://invalid.com/test.list
dest_file: ../pkg/parser/tests/sample_strings.txt
dest_file: ./sample_strings.txt
pattern_syntax:
MYCAP1: ".*"
@ -17,6 +17,6 @@ statics:
value: parsed_testlog
- meta: is_it_in_file
expression: |-
evt.Parsed.extracted_value in File("../pkg/parser/tests/sample_strings.txt") ? "true" : "false"
evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"