[frontend/backend] stix filtering tests

Author: Archidoit

…jection/01-dataCount/filterGroup-test.js …on/01-dataCount/dynamicFiltering-test.jsopencti-platform/opencti-graphql/tests/02-dataInjection/01-dataCount/filterGroup-test.js renamed to opencti-platform/opencti-graphql/tests/02-dataInjection/01-dataCount/dynamicFiltering-test.js opencti-platform/opencti-graphql/tests/02-dataInjection/01-dataCount/filterGroup-test.js renamed to opencti-platform/opencti-graphql/tests/02-dataInjection/01-dataCount/dynamicFiltering-test.js

@@ -26,7 +26,8 @@ import { getFakeAuthUser } from '../../utils/domainQueryHelper';
 import { SETTINGS_SET_ACCESSES } from '../../../src/utils/access';
 import { ENTITY_TYPE_MALWARE_ANALYSIS } from '../../../src/modules/malwareAnalysis/malwareAnalysis-types';
 
-// File to test dynamic filtering with different keys, operators, modes, combinations
+// -- File to test dynamic filtering (filtering of data in elastic)
+// -- with different keys, operators, modes, combinations
 
 // test queries involving dynamic filters
 

…-integration/01-database/filters-test.js …ration/01-database/stixFiltering-test.jsopencti-platform/opencti-graphql/tests/03-integration/01-database/filters-test.js renamed to opencti-platform/opencti-graphql/tests/03-integration/01-database/stixFiltering-test.js opencti-platform/opencti-graphql/tests/03-integration/01-database/filters-test.js renamed to opencti-platform/opencti-graphql/tests/03-integration/01-database/stixFiltering-test.js

@@ -5,6 +5,9 @@ import { isEmptyField } from '../../../src/database/utils';
 import { ENTITY_TYPE_INTRUSION_SET } from '../../../src/schema/stixDomainObject';
 import { isStixMatchFilterGroup_MockableForUnitTests } from '../../../src/utils/filtering/filtering-stix/stix-filtering';
 
+// -- File to test stix filtering (filters on events: in the context of playbooks, streams, triggers)
+// -- with different keys, operators, modes, combinations
+
 const WHITE_TLP = { standard_id: 'marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', internal_id: null };
 
 const applyFilters = async (filters, user = ADMIN_USER) => {
@@ -131,7 +134,7 @@ describe('Filters testing', () => {
   // assignee_filter
 
   it('Should labels filters correctly applied', async () => {
-    // With eq on marking
+    // With eq
     const filters = {
       mode: 'and',
       filters: [{
@@ -144,7 +147,7 @@ describe('Filters testing', () => {
     };
     const filteredObjects = await applyFilters(filters);
     expect(filteredObjects.length).toBe(2);
-    // With _not_eq
+    // With not_eq
     const filtersNot = {
       mode: 'and',
       filters: [{
@@ -158,6 +161,73 @@ describe('Filters testing', () => {
     const filteredObjectsNot = await applyFilters(filtersNot);
     expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
   });
+  it('Should labels filters correctly applied with only_eq_to operator', async () => {
+    // With only_eq_to
+    let filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity'],
+        operator: 'only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    let filteredObjects = await applyFilters(filters);
+    expect(filteredObjects.length).toBe(10);
+    // With not_only_eq_to
+    let filtersNot = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['attack-pattern'],
+        operator: 'not_only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    let filteredObjectsNot = await applyFilters(filtersNot);
+    expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
+    // With only_eq_to & AND local mode
+    filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'only_eq_to',
+        mode: 'and',
+      }],
+      filterGroups: [],
+    };
+    filteredObjects = await applyFilters(filters);
+    // With not_only_eq_to & AND local mode
+    filtersNot = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'not_only_eq_to',
+        mode: 'and',
+      }],
+      filterGroups: [],
+    };
+    filteredObjectsNot = await applyFilters(filtersNot);
+    expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
+    expect(filteredObjects.map((n) => n.node.name).includes('ANSSI')).toBeFalsy();
+    // With only_eq_to & OR local mode
+    filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    filteredObjects = await applyFilters(filters);
+    expect(filteredObjects.length).toBe(10);
+  });
 
   // revoked
 

opencti-platform/opencti-graphql/tests/data/DATA-TEST-STIX2_v2.json

@@ -8,7 +8,7 @@
       "spec_version": "2.1",
       "name": "ANSSI",
       "identity_class": "organization",
-      "labels": ["identity"],
+      "labels": ["identity", "organization"],
       "created": "2020-02-23T23:40:53.575Z",
       "modified": "2020-02-27T08:45:39.351Z",
       "x_opencti_organization_type": "CSIRT",
@@ -57,7 +57,7 @@
       "id": "threat-actor--dfaa8d77-07e2-4e28-b2c8-92e9f7b04429",
       "created": "2018-11-19T23:39:03.893Z",
       "modified": "2018-11-19T23:39:03.893Z",
-      "name": "Jhon Threat Actor Individual",
+      "name": "John Threat Actor Individual",
       "description": "This organized threat actor individual.",
       "threat_actor_types": [
         "crime-syndicate"