Skip to content

Commit

Permalink
Fix search filter test
Browse files Browse the repository at this point in the history
  • Loading branch information
@caffeinatedpixel
caffeinatedpixel committed Jul 17, 2024
1 parent 1406ed2 commit 25630bd
Showing 1 changed file with 40 additions and 40 deletions.
80 changes: 40 additions & 40 deletions viewer/search_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,89 +72,89 @@ func TestSearchFilters(t *testing.T) {
name string
search string
shouldErr bool
filter viewer.Filter
filter *viewer.Filter
}
cases := []testCase{
// threat category
{name: "Filter by critical severity", search: "severity:critical", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: ">", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}}}},
{name: "Filter by high severity", search: "severity:high", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<=", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}}}},
{name: "Filter by medium severity", search: "severity:medium", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}}}},
{name: "Filter by low severity", search: "severity:low", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.NONE_CATEGORY_SCORE)}}}},
{name: "Filter by critical severity", search: "severity:critical", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: ">", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}}}},
{name: "Filter by high severity", search: "severity:high", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<=", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}}}},
{name: "Filter by medium severity", search: "severity:medium", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}}}},
{name: "Filter by low severity", search: "severity:low", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.NONE_CATEGORY_SCORE)}}}},
// generic invalid entries
{name: "Filter by wrong severity", search: "severity:none", shouldErr: true},
{name: "Filter with no value after colon", search: "severity:", shouldErr: true},
{name: "Invalid filtering column", search: "nugget:10.55.100.100", shouldErr: true},
{name: "Invalid characters: comma", search: "src:10.55.100.100, dst:20.5.4.3", shouldErr: true},
{name: "Invalid characters: equals", search: "src=10.55.100.100 dst=20.5.4.3", shouldErr: true},
// ip
{name: "Filter by src IP", search: "src:10.55.100.100", filter: viewer.Filter{Src: "10.55.100.100"}},
{name: "Filter by src IPv6", search: "src:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: viewer.Filter{Src: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
{name: "Filter by src IP", search: "src:10.55.100.100", filter: &viewer.Filter{Src: "10.55.100.100"}},
{name: "Filter by src IPv6", search: "src:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: &viewer.Filter{Src: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
{name: "Filter by invalid src IP", search: "src:1000.5.03", shouldErr: true},
{name: "Filter by FQDN in src IP field (invalid)", search: "src:www.alexa.com", shouldErr: true},

{name: "Filter by dst IP", search: "dst:165.227.88.15", filter: viewer.Filter{Dst: "165.227.88.15"}},
{name: "Filter by dst IPv6", search: "dst:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: viewer.Filter{Dst: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
{name: "Filter by dst IP", search: "dst:165.227.88.15", filter: &viewer.Filter{Dst: "165.227.88.15"}},
{name: "Filter by dst IPv6", search: "dst:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: &viewer.Filter{Dst: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
{name: "Filter by invalid dst IP", search: "dst:1000.5.03", shouldErr: true},
{name: "Filter by FQDN", search: "dst:www.alexa.com", filter: viewer.Filter{Fqdn: "www.alexa.com"}},
{name: "Filter by FQDN", search: "dst:www.alexa.com", filter: &viewer.Filter{Fqdn: "www.alexa.com"}},
{name: "Filter by invalid FQDN", search: "dst:ww?w.alex??a.com", shouldErr: true},
// beacon score
{name: "Filter by beacon score, equals", search: "beacon:90", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "=", Value: "0.90"}}},
{name: "Filter by beacon score, greater than", search: "beacon:>50", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">", Value: "0.50"}}},
{name: "Filter by beacon score, greater than or equal", search: "beacon:>=60", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">=", Value: "0.60"}}},
{name: "Filter by beacon score, less than", search: "beacon:<70", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<", Value: "0.70"}}},
{name: "Filter by beacon score, less than or equal", search: "beacon:<=34", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<=", Value: "0.34"}}},
{name: "Filter by beacon score, equals", search: "beacon:90", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "=", Value: "0.90"}}},
{name: "Filter by beacon score, greater than", search: "beacon:>50", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">", Value: "0.50"}}},
{name: "Filter by beacon score, greater than or equal", search: "beacon:>=60", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">=", Value: "0.60"}}},
{name: "Filter by beacon score, less than", search: "beacon:<70", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<", Value: "0.70"}}},
{name: "Filter by beacon score, less than or equal", search: "beacon:<=34", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<=", Value: "0.34"}}},
{name: "Filter by beacon score greater than 100", search: "beacon:800", shouldErr: true},
{name: "Filter by beacon score, equal sign", search: "beacon:=80", shouldErr: true},
{name: "Filter by beacon score, percent sign", search: "beacon:80%", shouldErr: true},
{name: "Filter by beacon score, float", search: "beacon:0.8", shouldErr: true},
// duration
{name: "Filter by duration, equals", search: "duration:1.5h", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "=", Value: "5400"}}},
{name: "Filter by duration, greater than", search: "duration:>2h45m", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">", Value: "9900"}}},
{name: "Filter by duration, greater than or equal", search: "duration:>=10s", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">=", Value: "10"}}},
{name: "Filter by duration, less than", search: "duration:<20m", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<", Value: "1200"}}},
{name: "Filter by duration, less than or equal", search: "duration:<=30h", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<=", Value: "108000"}}},
{name: "Filter by duration, equals", search: "duration:1.5h", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "=", Value: "5400"}}},
{name: "Filter by duration, greater than", search: "duration:>2h45m", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">", Value: "9900"}}},
{name: "Filter by duration, greater than or equal", search: "duration:>=10s", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">=", Value: "10"}}},
{name: "Filter by duration, less than", search: "duration:<20m", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<", Value: "1200"}}},
{name: "Filter by duration, less than or equal", search: "duration:<=30h", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<=", Value: "108000"}}},
{name: "Filter by duration, equal sign", search: "duration:=80m", shouldErr: true},
{name: "Filter by duration, days", search: "duration:5d", shouldErr: true},
{name: "Filter by duration, years", search: "duration:1y", shouldErr: true},
{name: "Filter by duration, no time unit", search: "duration:1000", shouldErr: true},
// subdomains
{name: "Filter by subdomains, equals", search: "subdomains:1000", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "=", Value: "1000"}}},
{name: "Filter by subdomains, greater than", search: "subdomains:>234", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">", Value: "234"}}},
{name: "Filter by subdomains, greater than or equal", search: "subdomains:>=112", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">=", Value: "112"}}},
{name: "Filter by subdomains, less than", search: "subdomains:<12", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<", Value: "12"}}},
{name: "Filter by subdomains, less than or equal", search: "subdomains:<=64", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<=", Value: "64"}}},
{name: "Filter by subdomains, equals", search: "subdomains:1000", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "=", Value: "1000"}}},
{name: "Filter by subdomains, greater than", search: "subdomains:>234", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">", Value: "234"}}},
{name: "Filter by subdomains, greater than or equal", search: "subdomains:>=112", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">=", Value: "112"}}},
{name: "Filter by subdomains, less than", search: "subdomains:<12", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<", Value: "12"}}},
{name: "Filter by subdomains, less than or equal", search: "subdomains:<=64", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<=", Value: "64"}}},
{name: "Filter by subdomains, equal sign", search: "subdomains:=98", shouldErr: true},
{name: "Filter by subdomains, float", search: "subdomains:1.6", shouldErr: true},
// threat intel
{name: "Filter by threat intel, true", search: "threat_intel:true", filter: viewer.Filter{ThreatIntel: "true"}},
{name: "Filter by threat intel, false", search: "threat_intel:false", filter: viewer.Filter{ThreatIntel: "false"}},
{name: "Filter by threat intel, numerical value, true", search: "threat_intel:1", filter: viewer.Filter{ThreatIntel: "true"}},
{name: "Filter by threat intel, numerical value, false", search: "threat_intel:0", filter: viewer.Filter{ThreatIntel: "false"}},
{name: "Filter by threat intel, true", search: "threat_intel:true", filter: &viewer.Filter{ThreatIntel: "true"}},
{name: "Filter by threat intel, false", search: "threat_intel:false", filter: &viewer.Filter{ThreatIntel: "false"}},
{name: "Filter by threat intel, numerical value, true", search: "threat_intel:1", filter: &viewer.Filter{ThreatIntel: "true"}},
{name: "Filter by threat intel, numerical value, false", search: "threat_intel:0", filter: &viewer.Filter{ThreatIntel: "false"}},
{name: "Filter by threat intel, invalid value", search: "threat_intel:ture", shouldErr: true},
// invalid sort criteria
{name: "Sort by invalid column, ascending", search: "sort:nugget-asc", shouldErr: true},
{name: "Sort by invalid column, descending", search: "sort:nugget-desc", shouldErr: true},
{name: "Sort by invalid column, no direction", search: "sort:nugget", shouldErr: true},
// sort beacon
{name: "Sort by beacon score, ascending", search: "sort:beacon-asc", filter: viewer.Filter{SortBeacon: "asc"}},
{name: "Sort by beacon score, descending", search: "sort:beacon-desc", filter: viewer.Filter{SortBeacon: "desc"}},
{name: "Sort by beacon score, ascending", search: "sort:beacon-asc", filter: &viewer.Filter{SortBeacon: "asc"}},
{name: "Sort by beacon score, descending", search: "sort:beacon-desc", filter: &viewer.Filter{SortBeacon: "desc"}},
{name: "Sort by beacon score, no direction", search: "sort:beacon", shouldErr: true},
// sort duration
{name: "Sort by duration, ascending", search: "sort:duration-asc", filter: viewer.Filter{SortDuration: "asc"}},
{name: "Sort by duration, descending", search: "sort:duration-desc", filter: viewer.Filter{SortDuration: "desc"}},
{name: "Sort by duration, ascending", search: "sort:duration-asc", filter: &viewer.Filter{SortDuration: "asc"}},
{name: "Sort by duration, descending", search: "sort:duration-desc", filter: &viewer.Filter{SortDuration: "desc"}},
{name: "Sort by duration, no direction", search: "sort:duration", shouldErr: true},
// sort severity
{name: "Sort by severity, ascending", search: "sort:severity-asc", filter: viewer.Filter{SortSeverity: "asc"}},
{name: "Sort by severity, descending", search: "sort:severity-desc", filter: viewer.Filter{SortSeverity: "desc"}},
{name: "Sort by severity, ascending", search: "sort:severity-asc", filter: &viewer.Filter{SortSeverity: "asc"}},
{name: "Sort by severity, descending", search: "sort:severity-desc", filter: &viewer.Filter{SortSeverity: "desc"}},
{name: "Sort by severity, no direction", search: "sort:severity", shouldErr: true},
// criteria combinations
{name: "Search by src IP, sort by beacon", search: "src:10.55.100.100 sort:beacon-desc", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, sort by beacon", search: "src:10.55.100.100 sort:beacon-desc", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, sort by beacon, !No Space!", search: "src:10.55.100.100sort:beacon-desc", shouldErr: true},
{name: "Search by src IP, sort by beacon, incomplete dst IP", search: "src:10.55.100.100 sort:beacon-desc dst:196.8", shouldErr: true},
{name: "Search by src IP, sort by beacon, trailing space", search: "src:10.55.100.100 sort:beacon-desc ", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, sort by beacon, leading space", search: " src:10.55.100.100 sort:beacon-desc", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, dst IP", search: " src:10.55.100.100 dst:165.227.88.15", filter: viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15"}},
{name: "Search by src IP, dst IP, sort by severity", search: " src:10.55.100.100 dst:165.227.88.15 sort:severity-asc", filter: viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15", SortSeverity: "asc"}},
{name: "Search by src IP, sort by beacon, trailing space", search: "src:10.55.100.100 sort:beacon-desc ", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, sort by beacon, leading space", search: " src:10.55.100.100 sort:beacon-desc", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
{name: "Search by src IP, dst IP", search: " src:10.55.100.100 dst:165.227.88.15", filter: &viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15"}},
{name: "Search by src IP, dst IP, sort by severity", search: " src:10.55.100.100 dst:165.227.88.15 sort:severity-asc", filter: &viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15", SortSeverity: "asc"}},
}

for _, test := range cases {
Expand Down

0 comments on commit 25630bd

Please sign in to comment.