crowdsec/tests/bats/80_alerts.bats

140 lines
5.4 KiB
Bash

#!/usr/bin/env bats
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
set -u
setup_file() {
load "../lib/setup_file.sh"
}
teardown_file() {
load "../lib/teardown_file.sh"
}
setup() {
load "../lib/setup.sh"
./instance-data load
./instance-crowdsec start
}
teardown() {
./instance-crowdsec stop
}
#----------
@test "cscli alerts list, with and without --machine" {
is_db_postgres && skip
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list
refute_output --partial 'MACHINE'
# machine name appears quoted in the "REASON" column
assert_output --regexp "\| 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' \|"
refute_output --regexp "\| githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? \|"
run -0 cscli alerts list -m
assert_output --partial 'MACHINE'
assert_output --regexp "\| 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' \|"
assert_output --regexp "\| githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? \|"
run -0 cscli alerts list --machine
assert_output --partial 'MACHINE'
assert_output --regexp "\| 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?' \|"
assert_output --regexp "\| githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})? \|"
}
@test "cscli alerts list, human/json/raw" {
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o human
assert_output --regexp ".* ID .* VALUE .* REASON .* COUNTRY .* AS .* DECISIONS .* CREATED AT .*"
assert_output --regexp ".*Ip:10.20.30.40.*manual 'ban' from.*ban:1.*"
run -0 cscli alerts list -o json
run -0 jq -c '.[].decisions[0] | [.origin, .scenario, .scope, .simulated, .type, .value]' <(output)
assert_line --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run -0 cscli alerts list -o raw
assert_line "id,scope,value,reason,country,as,decisions,created_at"
assert_line --regexp ".*,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,\" \",ban:1,.*"
run -0 cscli alerts list -o raw --machine
assert_line "id,scope,value,reason,country,as,decisions,created_at,machine"
assert_line --regexp "^[0-9]+,Ip,10.20.30.40,manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?',,\" \",ban:1,.*,githubciXXXXXXXXXXXXXXXXXXXXXXXX([a-zA-Z0-9]{16})?$"
}
@test "cscli alerts inspect" {
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -0 cscli alerts list -o raw <(output)
run -0 grep 10.20.30.40 <(output)
run -0 cut -d, -f1 <(output)
ALERT_ID="${output}"
run -0 cscli alerts inspect "${ALERT_ID}" -o human
assert_line --regexp '^#+$'
assert_line --regexp "^ - ID *: ${ALERT_ID}$"
assert_line --regexp "^ - Date *: .*$"
assert_line --regexp "^ - Machine *: githubciXXXXXXXXXXXXXXXXXXXXXXXX.*"
assert_line --regexp "^ - Simulation *: false$"
assert_line --regexp "^ - Reason *: manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'$"
assert_line --regexp "^ - Events Count *: 1$"
assert_line --regexp "^ - Scope:Value *: Ip:10.20.30.40$"
assert_line --regexp "^ - Country *: *$"
assert_line --regexp "^ - AS *: *$"
assert_line --regexp "^ - Begin *: .*$"
assert_line --regexp "^ - End *: .*$"
assert_line --regexp "^ - Active Decisions *:$"
assert_line --regexp "^.* ID .* SCOPE:VALUE .* ACTION .* EXPIRATION .* CREATED AT .*$"
assert_line --regexp "^.* Ip:10.20.30.40 .* ban .*$"
run -0 cscli alerts inspect "${ALERT_ID}" -o human --details
# XXX can we have something here?
run -0 cscli alerts inspect "${ALERT_ID}" -o raw
assert_line --regexp "^ *capacity: 0$"
assert_line --regexp "^ *id: ${ALERT_ID}$"
assert_line --regexp "^ *origin: cscli$"
assert_line --regexp "^ *scenario: manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'$"
assert_line --regexp "^ *scope: Ip$"
assert_line --regexp "^ *simulated: false$"
assert_line --regexp "^ *type: ban$"
assert_line --regexp "^ *value: 10.20.30.40$"
run -0 cscli alerts inspect "${ALERT_ID}" -o json
alert=${output}
run jq -c '.decisions[] | [.origin,.scenario,.scope,.simulated,.type,.value]' <<<"${alert}"
assert_output --regexp "\[\"cscli\",\"manual 'ban' from 'githubciXXXXXXXXXXXXXXXXXXXXXXXX.*'\",\"Ip\",false,\"ban\",\"10.20.30.40\"\]"
run jq -c '.source' <<<"${alert}"
assert_json '{ip:"10.20.30.40",scope:"Ip",value:"10.20.30.40"}'
}
@test "no active alerts" {
run -0 cscli alerts list --until 200d -o human
assert_output "No active alerts"
run -0 cscli alerts list --until 200d -o json
assert_output "null"
run -0 cscli alerts list --until 200d -o raw
assert_output "id,scope,value,reason,country,as,decisions,created_at"
run -0 cscli alerts list --until 200d -o raw --machine
assert_output "id,scope,value,reason,country,as,decisions,created_at,machine"
}
@test "cscli alerts delete" {
run -0 --separate-stderr cscli alerts delete --all
assert_stderr --partial 'alert(s) deleted'
# XXX TODO: delete by scope, id, value, scenario, range..
}
@test "bad duration" {
skip 'TODO'
run -0 cscli decisions add -i 10.20.30.40 -t ban
run -9 cscli decisions list --ip 10.20.30.40 -o json
run -9 jq -r '.[].decisions[].id' <(output)
DECISION_ID="${output}"
./instance-crowdsec stop
run -0 ./instance-db exec_sql "UPDATE decisions SET ... WHERE id=${DECISION_ID}"
./instance-crowdsec start
}