[backend] add stix filtering tests

Author: Archidoit

opencti-platform/opencti-graphql/tests/03-integration/01-database/filters-test.js

@@ -5,6 +5,9 @@ import { isEmptyField } from '../../../src/database/utils';
 import { ENTITY_TYPE_INTRUSION_SET } from '../../../src/schema/stixDomainObject';
 import { isStixMatchFilterGroup_MockableForUnitTests } from '../../../src/utils/filtering/filtering-stix/stix-filtering';
 
+// -- File to test stix filtering (filters on events: in the context of playbooks, streams, triggers)
+// -- with different keys, operators, modes, combinations
+
 const WHITE_TLP = { standard_id: 'marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', internal_id: null };
 
 const applyFilters = async (filters, user = ADMIN_USER) => {
@@ -131,7 +134,7 @@ describe('Filters testing', () => {
   // assignee_filter
 
   it('Should labels filters correctly applied', async () => {
-    // With eq on marking
+    // With eq
     const filters = {
       mode: 'and',
       filters: [{
@@ -144,7 +147,7 @@ describe('Filters testing', () => {
     };
     const filteredObjects = await applyFilters(filters);
     expect(filteredObjects.length).toBe(2);
-    // With _not_eq
+    // With not_eq
     const filtersNot = {
       mode: 'and',
       filters: [{
@@ -158,6 +161,73 @@ describe('Filters testing', () => {
     const filteredObjectsNot = await applyFilters(filtersNot);
     expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
   });
+  it('Should labels filters correctly applied with only_eq_to operator', async () => {
+    // With only_eq_to
+    let filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity'],
+        operator: 'only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    let filteredObjects = await applyFilters(filters);
+    expect(filteredObjects.length).toBe(10);
+    // With not_only_eq_to
+    let filtersNot = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['attack-pattern'],
+        operator: 'not_only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    let filteredObjectsNot = await applyFilters(filtersNot);
+    expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
+    // With only_eq_to & AND local mode
+    filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'only_eq_to',
+        mode: 'and',
+      }],
+      filterGroups: [],
+    };
+    filteredObjects = await applyFilters(filters);
+    // With not_only_eq_to & AND local mode
+    filtersNot = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'not_only_eq_to',
+        mode: 'and',
+      }],
+      filterGroups: [],
+    };
+    filteredObjectsNot = await applyFilters(filtersNot);
+    expect(stixBundle.objects.length - filteredObjects.length).toBe(filteredObjectsNot.length);
+    expect(filteredObjects.map((n) => n.node.name).includes('ANSSI')).toBeFalsy();
+    // With only_eq_to & OR local mode
+    filters = {
+      mode: 'and',
+      filters: [{
+        key: ['objectLabel'],
+        values: ['identity', 'organization'],
+        operator: 'only_eq_to',
+        mode: 'or',
+      }],
+      filterGroups: [],
+    };
+    filteredObjects = await applyFilters(filters);
+    expect(filteredObjects.length).toBe(10);
+  });
 
   // revoked
 

opencti-platform/opencti-graphql/tests/data/DATA-TEST-STIX2_v2.json

@@ -8,7 +8,7 @@
       "spec_version": "2.1",
       "name": "ANSSI",
       "identity_class": "organization",
-      "labels": ["identity"],
+      "labels": ["identity", "organization"],
       "created": "2020-02-23T23:40:53.575Z",
       "modified": "2020-02-27T08:45:39.351Z",
       "x_opencti_organization_type": "CSIRT",