github.com/crowdsecurity/crowdsec@v1.6.1/pkg/alertcontext/alertcontext_test.go (about) 1 package alertcontext 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/crowdsecurity/crowdsec/pkg/models" 8 "github.com/crowdsecurity/crowdsec/pkg/types" 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestNewAlertContext(t *testing.T) { 14 tests := []struct { 15 name string 16 contextToSend map[string][]string 17 valueLength int 18 expectedErr error 19 }{ 20 { 21 name: "basic config test", 22 contextToSend: map[string][]string{ 23 "test": {"evt.Parsed.source_ip"}, 24 }, 25 valueLength: 100, 26 expectedErr: nil, 27 }, 28 } 29 30 for _, test := range tests { 31 fmt.Printf("Running test '%s'\n", test.name) 32 err := NewAlertContext(test.contextToSend, test.valueLength) 33 require.ErrorIs(t, err, test.expectedErr) 34 } 35 } 36 37 func TestEventToContext(t *testing.T) { 38 tests := []struct { 39 name string 40 contextToSend map[string][]string 41 valueLength int 42 events []types.Event 43 expectedResult models.Meta 44 }{ 45 { 46 name: "basic test", 47 contextToSend: map[string][]string{ 48 "source_ip": {"evt.Parsed.source_ip"}, 49 "nonexistent_field": {"evt.Parsed.nonexist"}, 50 }, 51 valueLength: 100, 52 events: []types.Event{ 53 { 54 Parsed: map[string]string{ 55 "source_ip": "1.2.3.4", 56 "source_machine": "mymachine", 57 }, 58 }, 59 }, 60 expectedResult: []*models.MetaItems0{ 61 { 62 Key: "source_ip", 63 Value: "[\"1.2.3.4\"]", 64 }, 65 }, 66 }, 67 { 68 name: "test many events", 69 contextToSend: map[string][]string{ 70 "source_ip": {"evt.Parsed.source_ip"}, 71 "source_machine": {"evt.Parsed.source_machine"}, 72 "cve": {"evt.Parsed.cve"}, 73 }, 74 valueLength: 100, 75 events: []types.Event{ 76 { 77 Parsed: map[string]string{ 78 "source_ip": "1.2.3.4", 79 "source_machine": "mymachine", 80 "cve": "CVE-2022-1234", 81 }, 82 }, 83 { 84 Parsed: map[string]string{ 85 "source_ip": "1.2.3.4", 86 "source_machine": "mymachine", 87 "cve": "CVE-2022-1235", 88 }, 89 }, 90 { 91 Parsed: map[string]string{ 92 "source_ip": "1.2.3.4", 93 "source_machine": "mymachine", 94 "cve": "CVE-2022-125", 95 }, 96 }, 97 }, 98 expectedResult: []*models.MetaItems0{ 99 { 100 Key: "source_ip", 101 Value: "[\"1.2.3.4\"]", 102 }, 103 { 104 Key: "source_machine", 105 Value: "[\"mymachine\"]", 106 }, 107 { 108 Key: "cve", 109 Value: "[\"CVE-2022-1234\",\"CVE-2022-1235\",\"CVE-2022-125\"]", 110 }, 111 }, 112 }, 113 { 114 name: "test many events with result above max length (need truncate, keep only 2 on 3 elements)", 115 contextToSend: map[string][]string{ 116 "source_ip": {"evt.Parsed.source_ip"}, 117 "source_machine": {"evt.Parsed.source_machine"}, 118 "uri": {"evt.Parsed.uri"}, 119 }, 120 valueLength: 100, 121 events: []types.Event{ 122 { 123 Parsed: map[string]string{ 124 "source_ip": "1.2.3.4", 125 "source_machine": "mymachine", 126 "uri": "/test/test/test/../../../../../../../../", 127 }, 128 }, 129 { 130 Parsed: map[string]string{ 131 "source_ip": "1.2.3.4", 132 "source_machine": "mymachine", 133 "uri": "/admin/admin/admin/../../../../../../../../", 134 }, 135 }, 136 { 137 Parsed: map[string]string{ 138 "source_ip": "1.2.3.4", 139 "source_machine": "mymachine", 140 "uri": "/login/login/login/../../../../../../../../../../../", 141 }, 142 }, 143 }, 144 expectedResult: []*models.MetaItems0{ 145 { 146 Key: "source_ip", 147 Value: "[\"1.2.3.4\"]", 148 }, 149 { 150 Key: "source_machine", 151 Value: "[\"mymachine\"]", 152 }, 153 { 154 Key: "uri", 155 Value: "[\"/test/test/test/../../../../../../../../\",\"/admin/admin/admin/../../../../../../../../\"]", 156 }, 157 }, 158 }, 159 { 160 name: "test one events with result above max length (need truncate on one element)", 161 contextToSend: map[string][]string{ 162 "source_ip": {"evt.Parsed.source_ip"}, 163 "source_machine": {"evt.Parsed.source_machine"}, 164 "uri": {"evt.Parsed.uri"}, 165 }, 166 valueLength: 100, 167 events: []types.Event{ 168 { 169 Parsed: map[string]string{ 170 "source_ip": "1.2.3.4", 171 "source_machine": "mymachine", 172 "uri": "/test/test/test/../../../../.should_truncate_just_after_this/../../../..../../../../../../../../../../../../../../../end", 173 }, 174 }, 175 }, 176 expectedResult: []*models.MetaItems0{ 177 { 178 Key: "source_machine", 179 Value: "[\"mymachine\"]", 180 }, 181 { 182 Key: "uri", 183 Value: "[\"/test/test/test/../../../../.should_truncate_just_after_this...\"]", 184 }, 185 { 186 Key: "source_ip", 187 Value: "[\"1.2.3.4\"]", 188 }, 189 }, 190 }, 191 } 192 193 for _, test := range tests { 194 fmt.Printf("Running test '%s'\n", test.name) 195 err := NewAlertContext(test.contextToSend, test.valueLength) 196 require.NoError(t, err) 197 198 metas, _ := EventToContext(test.events) 199 assert.ElementsMatch(t, test.expectedResult, metas) 200 } 201 }