From 699dcb2c0fd6109fc340a1ca87ed530dec8a0efd Mon Sep 17 00:00:00 2001 From: alteredCoder Date: Thu, 14 Apr 2022 14:11:00 +0200 Subject: [PATCH] add tests --- cmd/crowdsec-cli/console.go | 13 ++++++++ config/config.yaml | 1 + tests/bats/81_alerts-context.bats | 49 +++++++++++++++++++++++++++++++ tests/lib/config/config-local | 3 ++ 4 files changed, 66 insertions(+) create mode 100644 tests/bats/81_alerts-context.bats diff --git a/cmd/crowdsec-cli/console.go b/cmd/crowdsec-cli/console.go index ac5fdff04..cd5de970b 100644 --- a/cmd/crowdsec-cli/console.go +++ b/cmd/crowdsec-cli/console.go @@ -313,6 +313,19 @@ Disable given information push to the central API.`, } cmdLabel.AddCommand(cmdLabelStatus) + var detectAll bool + cmdLabelDetect := &cobra.Command{ + Use: "status", + Short: "List label to send with alerts", + DisableAutoGenTag: true, + Run: func(cmd *cobra.Command, args []string) { + // load all parsers + // + }, + } + cmdLabelAdd.Flags().BoolVarP(&detectAll, "all", "a", false, "Detect evt field for all installed parser") + cmdLabel.AddCommand(cmdLabelDetect) + var keysToDelete []string var valuesToDelete []string cmdLabelDelete := &cobra.Command{ diff --git a/config/config.yaml b/config/config.yaml index 79552a033..9fcaad1a9 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -14,6 +14,7 @@ config_paths: notification_dir: /etc/crowdsec/notifications/ plugin_dir: /usr/local/lib/crowdsec/plugins/ crowdsec_service: + console_labels_path: /etc/crowdsec/console/labels.yaml acquisition_path: /etc/crowdsec/acquis.yaml parser_routines: 1 cscli: diff --git a/tests/bats/81_alerts-context.bats b/tests/bats/81_alerts-context.bats new file mode 100644 index 000000000..8a7bf8013 --- /dev/null +++ b/tests/bats/81_alerts-context.bats @@ -0,0 +1,49 @@ +#!/usr/bin/env bats +# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si: + +set -u + +fake_log() { + for _ in $(seq 1 6); do + echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424' + done +} + +setup_file() { + load "../lib/setup_file.sh" + # we reset config and data, but run the daemon only in the tests that need it + ./instance-data load +} + +teardown_file() { + load "../lib/teardown_file.sh" +} + +setup() { + load "../lib/setup.sh" +} + +teardown() { + ./instance-crowdsec stop +} + +#---------- + +@test "$FILE 1.1.1.172 has context" { + skip + tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp) + touch "${tmpfile}" + ACQUIS_YAML=$(config_yq '.crowdsec_service.acquisition_path') + echo -e "---\nfilename: $tmpfile\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}" + + CONTEXT_YAML=$(config_yq '.crowdsec_service.console_labels_path') + echo -e "---\ntarget_user:\n- evt.Parsed.sshd_invalid_user\nsource_ip:\n- evt.Parsed.sshd_client_ip" >>"${CONTEXT_YAML}" + + ./instance-crowdsec start + sleep 2 + fake_log >>"${tmpfile}" + sleep 2 + rm -f -- "${tmpfile}" + run cscli alerts list + echo $output >&3 +} diff --git a/tests/lib/config/config-local b/tests/lib/config/config-local index 4e75b0f19..4a120446c 100755 --- a/tests/lib/config/config-local +++ b/tests/lib/config/config-local @@ -53,6 +53,8 @@ config_generate() { ../config/online_api_credentials.yaml \ "${CONFIG_DIR}/" + cp ../config/labels.yaml "${CONFIG_DIR}/console/" + cp ../plugins/notifications/*/{http,email,slack,splunk,dummy}.yaml \ "${CONFIG_DIR}/notifications/" @@ -84,6 +86,7 @@ make_init_data() { mkdir -p "${CONFIG_DIR}/notifications" mkdir -p "${CONFIG_DIR}/hub" mkdir -p "${CONFIG_DIR}/patterns" + mkdir -p "${CONFIG_DIR}/console" cp -ax "../config/patterns" "${CONFIG_DIR}/" config_generate # XXX errors from instance-db should be reported...