diff --git a/pkg/leakybucket/buckets_test.go b/pkg/leakybucket/buckets_test.go index 14843c9b7..be1119e5b 100644 --- a/pkg/leakybucket/buckets_test.go +++ b/pkg/leakybucket/buckets_test.go @@ -76,7 +76,7 @@ func testOneBucket(t *testing.T, dir string) error { for _, x := range stages { files = append(files, x.Filename) } - holders, response, err := LoadBuckets(files, dir+"/data") + holders, response, err := LoadBuckets(files, dir) if err != nil { t.Fatalf("failed loading bucket : %s", err) } diff --git a/pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml b/pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml new file mode 100644 index 000000000..6003d6a76 --- /dev/null +++ b/pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml @@ -0,0 +1,12 @@ +type: trigger +debug: true +name: test/simple-trigger +data: + - source_url: https://invalid.com/test.list + dest_file: ./simple_patterns.txt +description: "Simple trigger with external data" +filter: "evt.Line.Labels.type =='testlog' && evt.Parsed.tainted_data in File('./simple_patterns.txt')" +groupby: evt.Meta.source_ip +labels: + type: overflow_1 + diff --git a/pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml b/pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml new file mode 100644 index 000000000..f45f7be12 --- /dev/null +++ b/pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml @@ -0,0 +1,2 @@ + - filename: {{.TestDirectory}}/bucket.yaml + diff --git a/pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt b/pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt new file mode 100644 index 000000000..18459801e --- /dev/null +++ b/pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt @@ -0,0 +1,3 @@ +BBBBBBBBBBB11111XXX +AAAABBBBBBB11111XXX +CCCCCCCCCC11111XXX diff --git a/pkg/leakybucket/tests/simple-trigger-external-data/test.yaml b/pkg/leakybucket/tests/simple-trigger-external-data/test.yaml new file mode 100644 index 000000000..1a8025a84 --- /dev/null +++ b/pkg/leakybucket/tests/simple-trigger-external-data/test.yaml @@ -0,0 +1,27 @@ +#this one will trigger a simple overflow +lines: + - Line: + Labels: + type: testlog + Raw: xxheader VALUE1 trailing stuff + MarshaledTime: 2020-01-01T10:00:00Z + Meta: + source_ip: 1.2.3.4 + Parsed: + tainted_data: AAAABBBBBBB11111XXX + - Line: + Labels: + type: testlog + Raw: xxheader VALUE2 trailing stuff + MarshaledTime: 2020-01-01T10:00:00Z + Meta: + source_ip: 1.2.3.5 + Parsed: + tainted_data: ZZZBBBBBBB11111XXX +results: + - Overflow: + scenario: test/simple-trigger + Source_ip: 1.2.3.4 + Events_count: 1 + + diff --git a/pkg/parser/tests/base-grok-external-data/base-grok.yaml b/pkg/parser/tests/base-grok-external-data/base-grok.yaml index f8e9c456e..4b7974b72 100644 --- a/pkg/parser/tests/base-grok-external-data/base-grok.yaml +++ b/pkg/parser/tests/base-grok-external-data/base-grok.yaml @@ -4,7 +4,7 @@ onsuccess: next_stage name: tests/base-grok data: - source_url: https://invalid.com/test.list - dest_file: ../pkg/parser/tests/sample_strings.txt + dest_file: ./sample_strings.txt pattern_syntax: MYCAP1: ".*" @@ -17,6 +17,6 @@ statics: value: parsed_testlog - meta: is_it_in_file expression: |- - evt.Parsed.extracted_value in File("../pkg/parser/tests/sample_strings.txt") ? "true" : "false" + evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"