MCPcopy
hub / github.com/crowdsecurity/crowdsec / TestEvalAlertContextRules

Function TestEvalAlertContextRules

pkg/alertcontext/alertcontext_test.go:401–445  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

399}
400
401func TestEvalAlertContextRules(t *testing.T) {
402 tests := []struct {
403 name string
404 contextToSend map[string][]string
405 event pipeline.Event
406 match pipeline.MatchedRule
407 req *http.Request
408 expectedResult map[string][]string
409 expectedErrLen int
410 }{
411 {
412 name: "no appsec match",
413 contextToSend: map[string][]string{
414 "source_ip": {"evt.Parsed.source_ip"},
415 "id": {"match.id"},
416 },
417 event: pipeline.Event{
418 Parsed: map[string]string{
419 "source_ip": "1.2.3.4",
420 "source_machine": "mymachine",
421 "uri": "/test/test/test/../../../../../../../../",
422 },
423 },
424 expectedResult: map[string][]string{
425 "source_ip": {"1.2.3.4"},
426 "id": {},
427 },
428 },
429 }
430
431 for _, test := range tests {
432 t.Run(test.name, func(t *testing.T) {
433 contextDict := make(map[string][]string)
434
435 alertContext.Store(nil)
436 if err := NewAlertContext(test.contextToSend, 100); err != nil {
437 t.Fatalf("failed to compile %s: %s", test.name, err)
438 }
439
440 errs := EvalAlertContextRules(test.event, &test.match, test.req, contextDict)
441 assert.Len(t, errs, test.expectedErrLen)
442 assert.Equal(t, test.expectedResult, contextDict)
443 })
444 }
445}

Callers

nothing calls this directly

Calls 4

NewAlertContextFunction · 0.85
EvalAlertContextRulesFunction · 0.85
RunMethod · 0.65
LenMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…