Skip to content

Commit b22c301

Browse files
antonmedvantonmedv
committed
Add crowdsec testdata
1 parent 06dd006 commit b22c301

File tree

4 files changed

+1271
-0
lines changed

4 files changed

+1271
-0
lines changed

test/crowdsec/crowdsec.go

Lines changed: 196 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,196 @@
1+
package crowdsec
2+
3+
import (
4+
"time"
5+
)
6+
7+
type Event struct {
8+
Type int `yaml:"Type,omitempty" json:"Type,omitempty"`
9+
ExpectMode int `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"`
10+
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
11+
WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
12+
Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
13+
Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
14+
Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
15+
Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
16+
Unmarshaled map[string]interface{} `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
17+
Overflow RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
18+
Time time.Time `yaml:"Time,omitempty" json:"Time,omitempty"`
19+
StrTime string `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
20+
StrTimeFormat string `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
21+
MarshaledTime string `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
22+
Process bool `yaml:"Process,omitempty" json:"Process,omitempty"`
23+
Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
24+
}
25+
26+
func (e *Event) GetType() string {
27+
return ""
28+
}
29+
30+
func (e *Event) GetMeta(key string) string {
31+
return ""
32+
}
33+
34+
type Alert struct {
35+
Capacity *int32 `json:"capacity"`
36+
CreatedAt string `json:"created_at,omitempty"`
37+
Decisions []*Decision `json:"decisions"`
38+
Events []*Event `json:"events"`
39+
EventsCount *int32 `json:"events_count"`
40+
ID int64 `json:"id,omitempty"`
41+
Labels []string `json:"labels"`
42+
Leakspeed *string `json:"leakspeed"`
43+
MachineID string `json:"machine_id,omitempty"`
44+
Message *string `json:"message"`
45+
Meta Meta `json:"meta,omitempty"`
46+
Remediation bool `json:"remediation,omitempty"`
47+
Scenario *string `json:"scenario"`
48+
ScenarioHash *string `json:"scenario_hash"`
49+
ScenarioVersion *string `json:"scenario_version"`
50+
Simulated *bool `json:"simulated"`
51+
Source *Source `json:"source"`
52+
StartAt *string `json:"start_at"`
53+
StopAt *string `json:"stop_at"`
54+
UUID string `json:"uuid,omitempty"`
55+
Edges AlertEdges `json:"edges"`
56+
}
57+
58+
func (a *Alert) HasRemediation() bool {
59+
return true
60+
}
61+
62+
func (a *Alert) GetScope() string {
63+
return ""
64+
}
65+
66+
func (a *Alert) GetValue() string {
67+
return ""
68+
}
69+
70+
func (a *Alert) GetScenario() string {
71+
return ""
72+
}
73+
74+
func (a *Alert) GetEventsCount() int32 {
75+
return 0
76+
}
77+
78+
func (a *Alert) GetMeta(_ string) string {
79+
return ""
80+
}
81+
82+
func (s Source) GetValue() string {
83+
return *s.Value
84+
}
85+
86+
func (s Source) GetScope() string {
87+
return *s.Scope
88+
}
89+
90+
func (s Source) GetAsNumberName() string {
91+
return ""
92+
}
93+
94+
type AlertEdges struct {
95+
Owner *Machine `json:"owner,omitempty"`
96+
Decisions []*Decision `json:"decisions,omitempty"`
97+
Events []*Event `json:"events,omitempty"`
98+
Metas []*Meta `json:"metas,omitempty"`
99+
}
100+
101+
func (e AlertEdges) OwnerOrErr() (*Machine, error) {
102+
return nil, nil
103+
}
104+
105+
func (e AlertEdges) DecisionsOrErr() ([]*Decision, error) {
106+
return nil, nil
107+
}
108+
109+
func (e AlertEdges) EventsOrErr() ([]*Event, error) {
110+
return nil, nil
111+
}
112+
113+
func (e AlertEdges) MetasOrErr() ([]*Meta, error) {
114+
return nil, nil
115+
}
116+
117+
type Machine struct {
118+
ID int `json:"id,omitempty"`
119+
CreatedAt *time.Time `json:"created_at,omitempty"`
120+
UpdatedAt *time.Time `json:"updated_at,omitempty"`
121+
LastPush *time.Time `json:"last_push,omitempty"`
122+
LastHeartbeat *time.Time `json:"last_heartbeat,omitempty"`
123+
MachineId string `json:"machineId,omitempty"`
124+
Password string `json:"-"`
125+
IpAddress string `json:"ipAddress,omitempty"`
126+
Scenarios string `json:"scenarios,omitempty"`
127+
Version string `json:"version,omitempty"`
128+
IsValidated bool `json:"isValidated,omitempty"`
129+
Status string `json:"status,omitempty"`
130+
AuthType string `json:"auth_type"`
131+
Edges MachineEdges `json:"edges"`
132+
}
133+
134+
type MachineEdges struct {
135+
Alerts []*Alert `json:"alerts,omitempty"`
136+
}
137+
138+
type Decision struct {
139+
Duration *string `json:"duration"`
140+
ID int64 `json:"id,omitempty"`
141+
Origin *string `json:"origin"`
142+
Scenario *string `json:"scenario"`
143+
Scope *string `json:"scope"`
144+
Simulated *bool `json:"simulated,omitempty"`
145+
Type *string `json:"type"`
146+
Until string `json:"until,omitempty"`
147+
UUID string `json:"uuid,omitempty"`
148+
Value *string `json:"value"`
149+
}
150+
151+
type Line struct {
152+
Raw string `yaml:"Raw,omitempty"`
153+
Src string `yaml:"Src,omitempty"`
154+
Time time.Time
155+
Labels map[string]string `yaml:"Labels,omitempty"`
156+
Process bool
157+
Module string `yaml:"Module,omitempty"`
158+
}
159+
160+
type ScopeType struct {
161+
Scope string `yaml:"type"`
162+
Filter string `yaml:"expression"`
163+
}
164+
165+
type RuntimeAlert struct {
166+
Mapkey string `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
167+
BucketId string `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
168+
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
169+
Reprocess bool `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
170+
Sources map[string]Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
171+
Alert *Alert `yaml:"Alert,omitempty" json:"Alert,omitempty"`
172+
APIAlerts []Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
173+
}
174+
175+
func (r RuntimeAlert) GetSources() []string {
176+
return nil
177+
}
178+
179+
type Source struct {
180+
AsName string `json:"as_name,omitempty"`
181+
AsNumber string `json:"as_number,omitempty"`
182+
Cn string `json:"cn,omitempty"`
183+
IP string `json:"ip,omitempty"`
184+
Latitude float32 `json:"latitude,omitempty"`
185+
Longitude float32 `json:"longitude,omitempty"`
186+
Range string `json:"range,omitempty"`
187+
Scope *string `json:"scope"`
188+
Value *string `json:"value"`
189+
}
190+
191+
type Meta []*MetaItems0
192+
193+
type MetaItems0 struct {
194+
Key string `json:"key,omitempty"`
195+
Value string `json:"value,omitempty"`
196+
}

test/crowdsec/crowdsec_test.go

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
package crowdsec_test
2+
3+
import (
4+
"encoding/json"
5+
"os"
6+
"testing"
7+
8+
"github.com/antonmedv/expr"
9+
"github.com/antonmedv/expr/test/crowdsec"
10+
"github.com/stretchr/testify/require"
11+
)
12+
13+
func TestCrowdsec(t *testing.T) {
14+
b, err := os.ReadFile("../../testdata/crowdsec.json")
15+
require.NoError(t, err)
16+
17+
var examples []string
18+
err = json.Unmarshal(b, &examples)
19+
require.NoError(t, err)
20+
21+
env := map[string]interface{}{
22+
"evt": &crowdsec.Event{},
23+
}
24+
25+
var opt = []expr.Option{
26+
expr.Env(env),
27+
}
28+
for _, fn := range crowdsec.CustomFunctions {
29+
opt = append(
30+
opt,
31+
expr.Function(
32+
fn.Name,
33+
func(params ...interface{}) (interface{}, error) {
34+
return nil, nil
35+
},
36+
fn.Func...,
37+
),
38+
)
39+
}
40+
41+
for _, line := range examples {
42+
t.Run(line, func(t *testing.T) {
43+
_, err = expr.Compile(line, opt...)
44+
require.NoError(t, err)
45+
})
46+
}
47+
}

0 commit comments

Comments
 (0)