MCPcopy
hub / github.com/crowdsecurity/crowdsec / TestEventToContext

Function TestEventToContext

pkg/alertcontext/alertcontext_test.go:39–203  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

37}
38
39func TestEventToContext(t *testing.T) {
40 tests := []struct {
41 name string
42 contextToSend map[string][]string
43 valueLength int
44 events []pipeline.Event
45 expectedResult models.Meta
46 }{
47 {
48 name: "basic test",
49 contextToSend: map[string][]string{
50 "source_ip": {"evt.Parsed.source_ip"},
51 "nonexistent_field": {"evt.Parsed.nonexist"},
52 },
53 valueLength: 100,
54 events: []pipeline.Event{
55 {
56 Parsed: map[string]string{
57 "source_ip": "1.2.3.4",
58 "source_machine": "mymachine",
59 },
60 },
61 },
62 expectedResult: []*models.MetaItems0{
63 {
64 Key: "source_ip",
65 Value: "[\"1.2.3.4\"]",
66 },
67 },
68 },
69 {
70 name: "test many events",
71 contextToSend: map[string][]string{
72 "source_ip": {"evt.Parsed.source_ip"},
73 "source_machine": {"evt.Parsed.source_machine"},
74 "cve": {"evt.Parsed.cve"},
75 },
76 valueLength: 100,
77 events: []pipeline.Event{
78 {
79 Parsed: map[string]string{
80 "source_ip": "1.2.3.4",
81 "source_machine": "mymachine",
82 "cve": "CVE-2022-1234",
83 },
84 },
85 {
86 Parsed: map[string]string{
87 "source_ip": "1.2.3.4",
88 "source_machine": "mymachine",
89 "cve": "CVE-2022-1235",
90 },
91 },
92 {
93 Parsed: map[string]string{
94 "source_ip": "1.2.3.4",
95 "source_machine": "mymachine",
96 "cve": "CVE-2022-125",

Callers

nothing calls this directly

Calls 2

NewAlertContextFunction · 0.85
EventToContextFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…