Skip to content

Commit 161de80

Browse files
rabbitstackrabbitstack
committed
refactor(bitset): Introduce IsInitalized method
1 parent 743753b commit 161de80

File tree

2 files changed

+30
-21
lines changed

2 files changed

+30
-21
lines changed

pkg/event/bitset.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,15 @@ func (b *BitSets) IsBitSet(evt *Event) bool {
8989
(b.cats != nil && b.cats.Test(uint(evt.Category.Index())))
9090
}
9191

92-
func (b *BitSets) IsBitmaskInitialized() bool { return b.bitmask != nil }
93-
func (b *BitSets) IsTypesInitialized() bool { return b.types != nil }
94-
func (b *BitSets) IsCategoryInitialized() bool { return b.cats != nil }
92+
// IsInitialized checks if the given bitset type is initialized.
93+
func (b *BitSets) IsInitialized(bs BitSetType) bool {
94+
switch bs {
95+
case BitmaskBitSet:
96+
return b.bitmask != nil
97+
case TypeBitSet:
98+
return b.types != nil
99+
case CategoryBitSet:
100+
return b.cats != nil
101+
}
102+
return false
103+
}

pkg/filter/ql/literal_test.go

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -34,47 +34,47 @@ func TestSequenceExprIsEvaluable(t *testing.T) {
3434
}{
3535
{"evt.name = 'CreateProcess'", &event.Event{Type: event.CreateProcess, Category: event.Process}, true,
3636
func(t *testing.T, sexpr *SequenceExpr) {
37-
assert.True(t, sexpr.bitsets.IsTypesInitialized())
38-
assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
39-
assert.False(t, sexpr.bitsets.IsCategoryInitialized())
37+
assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
38+
assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
39+
assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
4040
},
4141
},
4242
{"evt.name = 'CreateProcess'", &event.Event{Type: event.TerminateProcess, Category: event.Process}, false, nil},
4343
{"evt.name = 'CreateProcess' or evt.name = 'TerminateThread'", &event.Event{Type: event.TerminateProcess, Category: event.Process}, false, nil},
4444
{"evt.name = 'CreateProcess' or evt.category = 'object'", &event.Event{Type: event.TerminateProcess, Category: event.Process}, false, nil},
4545
{"evt.name = 'CreateProcess' or evt.name = 'OpenProcess'", &event.Event{Type: event.OpenProcess, Category: event.Process}, true,
4646
func(t *testing.T, sexpr *SequenceExpr) {
47-
assert.True(t, sexpr.bitsets.IsTypesInitialized())
48-
assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
49-
assert.False(t, sexpr.bitsets.IsCategoryInitialized())
47+
assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
48+
assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
49+
assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
5050
},
5151
},
5252
{"evt.name = 'CreateProcess' or evt.name = 'CreateThread'", &event.Event{Type: event.CreateThread, Category: event.Thread}, true,
5353
func(t *testing.T, sexpr *SequenceExpr) {
54-
assert.False(t, sexpr.bitsets.IsTypesInitialized())
55-
assert.True(t, sexpr.bitsets.IsBitmaskInitialized())
56-
assert.False(t, sexpr.bitsets.IsCategoryInitialized())
54+
assert.False(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
55+
assert.True(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
56+
assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
5757
},
5858
},
5959
{"evt.name = 'CreateProcess' or evt.category = 'registry'", &event.Event{Type: event.RegSetValue, Category: event.Registry}, true,
6060
func(t *testing.T, sexpr *SequenceExpr) {
61-
assert.True(t, sexpr.bitsets.IsTypesInitialized())
62-
assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
63-
assert.True(t, sexpr.bitsets.IsCategoryInitialized())
61+
assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
62+
assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
63+
assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
6464
},
6565
},
6666
{"evt.name = 'CreateProcess' or evt.name = 'OpenProcess' or evt.category = 'registry'", &event.Event{Type: event.OpenProcess, Category: event.Process}, true,
6767
func(t *testing.T, sexpr *SequenceExpr) {
68-
assert.True(t, sexpr.bitsets.IsTypesInitialized())
69-
assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
70-
assert.True(t, sexpr.bitsets.IsCategoryInitialized())
68+
assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
69+
assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
70+
assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
7171
},
7272
},
7373
{"evt.name = 'CreateProcess' or evt.name = 'SetThreadContext' or evt.category = 'registry'", &event.Event{Type: event.CreateProcess, Category: event.Process}, true,
7474
func(t *testing.T, sexpr *SequenceExpr) {
75-
assert.False(t, sexpr.bitsets.IsTypesInitialized())
76-
assert.True(t, sexpr.bitsets.IsBitmaskInitialized())
77-
assert.True(t, sexpr.bitsets.IsCategoryInitialized())
75+
assert.False(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
76+
assert.True(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
77+
assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
7878
},
7979
},
8080
}

0 commit comments

Comments
 (0)