We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
crowdsec
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add 'in File(...)' tests for parsers and leakybuckets

Thibault bui Koechlin 5 years ago
parent
88f89279ad
commit
ed44aea206
6 changed files with 47 additions and 3 deletions
Split View Show Diff Stats
  1. 1 1
      pkg/leakybucket/buckets_test.go
  2. 12 0
      pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml
  3. 2 0
      pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml
  4. 3 0
      pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt
  5. 27 0
      pkg/leakybucket/tests/simple-trigger-external-data/test.yaml
  6. 2 2
      pkg/parser/tests/base-grok-external-data/base-grok.yaml

+ 1 - 1
pkg/leakybucket/buckets_test.go
View File 

@@ -76,7 +76,7 @@ func testOneBucket(t *testing.T, dir string) error {
 
 	for _, x := range stages {
 
 		files = append(files, x.Filename)
 
 	}
 
-	holders, response, err := LoadBuckets(files, dir+"/data")
 
+	holders, response, err := LoadBuckets(files, dir)
 
 	if err != nil {
 
 		t.Fatalf("failed loading bucket : %s", err)
 
 	}

+ 12 - 0
pkg/leakybucket/tests/simple-trigger-external-data/bucket.yaml
View File 

@@ -0,0 +1,12 @@
 
+type: trigger
 
+debug: true
 
+name: test/simple-trigger
 
+data:
 
+  - source_url: https://invalid.com/test.list
 
+    dest_file: ./simple_patterns.txt
 
+description: "Simple trigger with external data"
 
+filter: "evt.Line.Labels.type =='testlog' && evt.Parsed.tainted_data in File('./simple_patterns.txt')"
 
+groupby: evt.Meta.source_ip
 
+labels:
 
+ type: overflow_1
 
+

+ 2 - 0
pkg/leakybucket/tests/simple-trigger-external-data/scenarios.yaml
View File 

@@ -0,0 +1,2 @@
 
+ - filename: {{.TestDirectory}}/bucket.yaml
 
+

+ 3 - 0
pkg/leakybucket/tests/simple-trigger-external-data/simple_patterns.txt
View File 

@@ -0,0 +1,3 @@
 
+BBBBBBBBBBB11111XXX
 
+AAAABBBBBBB11111XXX
 
+CCCCCCCCCC11111XXX

+ 27 - 0
pkg/leakybucket/tests/simple-trigger-external-data/test.yaml
View File 

@@ -0,0 +1,27 @@
 
+#this one will trigger a simple overflow
 
+lines:
 
+  - Line:
 
+      Labels:
 
+        type: testlog
 
+      Raw: xxheader VALUE1 trailing stuff
 
+    MarshaledTime: 2020-01-01T10:00:00Z
 
+    Meta:
 
+      source_ip: 1.2.3.4
 
+    Parsed:
 
+      tainted_data: AAAABBBBBBB11111XXX
 
+  - Line:
 
+      Labels:
 
+        type: testlog
 
+      Raw: xxheader VALUE2 trailing stuff
 
+    MarshaledTime: 2020-01-01T10:00:00Z
 
+    Meta:
 
+      source_ip: 1.2.3.5
 
+    Parsed:
 
+      tainted_data: ZZZBBBBBBB11111XXX
 
+results:
 
+  - Overflow:
 
+      scenario: test/simple-trigger
 
+      Source_ip: 1.2.3.4
 
+      Events_count: 1
 
+
 
+

+ 2 - 2
pkg/parser/tests/base-grok-external-data/base-grok.yaml
View File 

@@ -4,7 +4,7 @@ onsuccess: next_stage
 
 name: tests/base-grok
 
 data:
 
   - source_url: https://invalid.com/test.list
 
-    dest_file: ../pkg/parser/tests/sample_strings.txt
 
+    dest_file: ./sample_strings.txt
 
 
 pattern_syntax:
 
   MYCAP1: ".*"
 
@@ -17,6 +17,6 @@ statics:
 
     value: parsed_testlog
 
   - meta: is_it_in_file
 
     expression: |-
 
-      evt.Parsed.extracted_value in File("../pkg/parser/tests/sample_strings.txt") ? "true" : "false"
 
+      evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5