Skip to content

Commit

Permalink
fix auto_rule_tester
Browse files Browse the repository at this point in the history
- one test is still broken, needs further investigation why
  • Loading branch information
dtrai2 committed Nov 8, 2024
1 parent 4e31e14 commit 53b7ff9
Show file tree
Hide file tree
Showing 14 changed files with 41 additions and 16 deletions.
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
filter: message
clusterer:
id: clusterer-rule-2
source_fields: [message]
pattern: '(bytes|Bytes|Byte)'
repl: 'byte'
description: '...'
tests:
raw: 'Byte is a Bytes is a bytes is a byte'
result: 'byte is a byte is a byte is a byte'
result: 'byte is a byte is a byte is a byte'
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
filter: message
clusterer:
id: clusterer-rule-1
source_fields: [message]
pattern: '(bytes|Bytes|Byte)'
repl: 'byte'
description: '...'
tests:
raw: 'Byte is a Bytes is a bytes is a byte'
result: 'byte is a byte is a byte is a byte'
result: 'byte is a byte is a byte is a byte'
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
[{
"filter": "message",
"dissector": {
"id": "dissector-1",
"mapping": {
"message": "%{source}-%{target}"
}
},
"description": "Test-rule with matching auto-test"
}]
}]
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
[{
"filter": "message",
"dissector": {
"id": "dissector-2",
"mapping": {
"message": "%{source} %{target}"
}
},
"description": "Test-rule with matching auto-test"
}]
}]
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
{
"filter": "drop_me",
"dropper": {
"id": "dropper-1",
"drop": [
"drop_me"
]
}
}
]
]
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
{
"filter": "drop_me",
"dropper": {
"id": "dropper-2",
"drop": [
"drop_me"
]
}
}
]
]
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
{
"filter": "some_field: (stop OR end)",
"labeler": {
"id": "labeler-1",
"label": {
"action": [
"terminate"
Expand All @@ -10,4 +11,4 @@
},
"description": "Test-rule with matching auto-test"
}
]
]
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
{
"filter": "some_field: (stop OR end)",
"labeler": {
"id": "labeler-2",
"label": {
"action": [
"terminate"
Expand All @@ -10,4 +11,4 @@
},
"description": "Test-rule with matching auto-test"
}
]
]
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
[{
"filter": "some_field",
"pre_detector": {
"id": "SOME_TEST_RULE_ID",
"id": "SOME_TEST_RULE_ID_1",
"title": "SOME_TEST_RULE",
"severity": "critical",
"mitre": [],
"case_condition": "directly"
},
"sigma_fields": true,
"description": "Test-rule with mismatching auto-test"
}]
}]
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
[{
"filter": "some_field",
"pre_detector": {
"id": "SOME_TEST_RULE_ID",
"id": "SOME_TEST_RULE_ID_2",
"title": "SOME_TEST_RULE",
"severity": "critical",
"mitre": [],
"case_condition": "directly"
},
"sigma_fields": true,
"description": "Test-rule without auto-test"
}]
}]
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
[{
"filter": "winlog.provider_name: \"the provider\" AND winlog.event_id: 123",
"template_replacer": {},
"template_replacer": {
"id": "template-replacer-1"
},
"description": ""
}]
}]
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
[
{
"filter": "winlog.provider_name: \"the provider\" AND winlog.event_id: 123",
"template_replacer": {},
"template_replacer": {
"id": "template-replacer-2"
},
"description": ""
}
]
]
11 changes: 11 additions & 0 deletions tests/unit/processor/template_replacer/test_template_replacer.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,3 +163,14 @@ def _create_template_replacer(self, config):
template_replacer = Factory.create({"test instance": config})
template_replacer.setup()
return template_replacer

def test_replace_message_via_template(self):
document = {
"winlog": {"channel": "System", "provider_name": "Test", "event_id": 123},
"message": "foo",
}

self.object.process(document)

assert document.get("message")
assert document["message"] == "Test %1 Test %2"
2 changes: 2 additions & 0 deletions tests/unit/util/test_auto_rule_tester.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,15 @@
import pytest

from logprep.util.auto_rule_tester.auto_rule_tester import AutoRuleTester
from logprep.util.configuration import Configuration

LOGGER = logging.getLogger()


@pytest.fixture(name="auto_rule_tester")
def fixture_auto_rule_tester():
config_path = "tests/testdata/config/config-auto-tests.yml"
Configuration.from_source(config_path)._verify()
return AutoRuleTester(config_path)


Expand Down

0 comments on commit 53b7ff9

Please sign in to comment.