-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…8019) * [SIEM] [Detections Engine] Import rules unit tests (#57466) * Added unit tests for detection engine import_rules_route and moved out small portion of import_rules_route into a util to be unit tested as well. Co-authored-by: Elastic Machine <[email protected]> * Updating tests to reflect state of 7.6. 7.7 and 8 include code from # 56814 that was not backported to 7.6 Co-authored-by: Elastic Machine <[email protected]>
- Loading branch information
1 parent
0a87f2d
commit d18b21b
Showing
8 changed files
with
669 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { OutputRuleAlertRest } from '../../types'; | ||
|
||
export const TEST_BOUNDARY = 'test_multipart_boundary'; | ||
|
||
// Not parsable due to extra colon following `name` property - name:: | ||
export const UNPARSABLE_LINE = | ||
'{"name"::"Simple Rule Query","description":"Simple Rule Query","risk_score":1,"rule_id":"rule-1","severity":"high","type":"query","query":"user.name: root or user.name: admin"}'; | ||
|
||
/** | ||
* This is a typical simple rule for testing that is easy for most basic testing | ||
* @param ruleId | ||
*/ | ||
export const getSimpleRule = (ruleId = 'rule-1'): Partial<OutputRuleAlertRest> => ({ | ||
name: 'Simple Rule Query', | ||
description: 'Simple Rule Query', | ||
risk_score: 1, | ||
rule_id: ruleId, | ||
severity: 'high', | ||
type: 'query', | ||
query: 'user.name: root or user.name: admin', | ||
}); | ||
|
||
/** | ||
* Given an array of rule_id strings this will return a ndjson buffer which is useful | ||
* for testing uploads. | ||
* @param ruleIds Array of strings of rule_ids | ||
* @param isNdjson Boolean to determine file extension | ||
*/ | ||
export const getSimpleRuleAsMultipartContent = (ruleIds: string[], isNdjson = true): Buffer => { | ||
const arrayOfRules = ruleIds.map(ruleId => { | ||
const simpleRule = getSimpleRule(ruleId); | ||
return JSON.stringify(simpleRule); | ||
}); | ||
const stringOfRules = arrayOfRules.join('\r\n'); | ||
|
||
const resultingPayload = | ||
`--${TEST_BOUNDARY}\r\n` + | ||
`Content-Disposition: form-data; name="file"; filename="rules.${ | ||
isNdjson ? 'ndjson' : 'json' | ||
}\r\n` + | ||
'Content-Type: application/octet-stream\r\n' + | ||
'\r\n' + | ||
`${stringOfRules}\r\n` + | ||
`--${TEST_BOUNDARY}--\r\n`; | ||
|
||
return Buffer.from(resultingPayload); | ||
}; |
Oops, something went wrong.