nuclei/v2/pkg/protocols/dns/operators_test.go

package dns

import (
	"net"
	"strconv"
	"testing"

	"github.com/miekg/dns"
	"github.com/stretchr/testify/require"

	"github.com/projectdiscovery/nuclei/v2/pkg/model"
	"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
)

func TestResponseToDSLMap(t *testing.T) {
	options := testutils.DefaultOptions

	recursion := false
	testutils.Init(options)
	templateID := "testing-dns"
	request := &Request{
		RequestType: DNSRequestTypeHolder{DNSRequestType: A},
		Class:       "INET",
		Retries:     5,
		ID:          templateID,
		Recursion:   &recursion,
		Name:        "{{FQDN}}",
	}
	executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
		ID:   templateID,
		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
	})
	err := request.Compile(executerOpts)
	require.Nil(t, err, "could not compile dns request")

	req := new(dns.Msg)
	req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})

	resp := new(dns.Msg)
	resp.Rcode = dns.RcodeSuccess
	resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}}, &dns.A{A: net.ParseIP("2.2.2.2"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}}, &dns.A{A: net.ParseIP("3.3.3.3"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}})

	event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)
	require.Len(t, event, 15, "could not get correct number of items in dsl map")
	require.Equal(t, dns.RcodeSuccess, event["rcode"], "could not get correct rcode")
	require.ElementsMatch(t, []string{net.ParseIP("1.1.1.1").String(), net.ParseIP("2.2.2.2").String(), net.ParseIP("3.3.3.3").String()}, event["a"], "could not get correct a record")
}

func TestDNSOperatorMatch(t *testing.T) {
	options := testutils.DefaultOptions

	recursion := false
	testutils.Init(options)
	templateID := "testing-dns"
	request := &Request{
		RequestType: DNSRequestTypeHolder{DNSRequestType: A},
		Class:       "INET",
		Retries:     5,
		ID:          templateID,
		Recursion:   &recursion,
		Name:        "{{FQDN}}",
	}
	executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
		ID:   templateID,
		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
	})
	err := request.Compile(executerOpts)
	require.Nil(t, err, "could not compile dns request")

	req := new(dns.Msg)
	req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})

	resp := new(dns.Msg)
	resp.Rcode = dns.RcodeSuccess
	resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})

	event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)

	t.Run("valid", func(t *testing.T) {
		matcher := &matchers.Matcher{
			Part:  "raw",
			Type:  matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
			Words: []string{"1.1.1.1"},
		}
		err = matcher.CompileMatchers()
		require.Nil(t, err, "could not compile matcher")

		isMatch, matched := request.Match(event, matcher)
		require.True(t, isMatch, "could not match valid response")
		require.Equal(t, matcher.Words, matched)
	})

	t.Run("rcode", func(t *testing.T) {
		matcher := &matchers.Matcher{
			Part:   "rcode",
			Type:   matchers.MatcherTypeHolder{MatcherType: matchers.StatusMatcher},
			Status: []int{dns.RcodeSuccess},
		}
		err = matcher.CompileMatchers()
		require.Nil(t, err, "could not compile rcode matcher")

		isMatched, matched := request.Match(event, matcher)
		require.True(t, isMatched, "could not match valid rcode response")
		require.Equal(t, []string{}, matched)
	})

	t.Run("negative", func(t *testing.T) {
		matcher := &matchers.Matcher{
			Part:     "raw",
			Type:     matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
			Negative: true,
			Words:    []string{"random"},
		}
		err := matcher.CompileMatchers()
		require.Nil(t, err, "could not compile negative matcher")

		isMatched, matched := request.Match(event, matcher)
		require.True(t, isMatched, "could not match valid negative response matcher")
		require.Equal(t, []string{}, matched)
	})

	t.Run("invalid", func(t *testing.T) {
		matcher := &matchers.Matcher{
			Part:  "raw",
			Type:  matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
			Words: []string{"random"},
		}
		err := matcher.CompileMatchers()
		require.Nil(t, err, "could not compile matcher")

		isMatched, matched := request.Match(event, matcher)
		require.False(t, isMatched, "could match invalid response matcher")
		require.Equal(t, []string{}, matched)
	})

	t.Run("caseInsensitive", func(t *testing.T) {
		req := new(dns.Msg)
		req.Question = append(req.Question, dns.Question{Name: "ONE.ONE.ONE.ONE.", Qtype: dns.TypeA, Qclass: dns.ClassINET})

		resp := new(dns.Msg)
		resp.Rcode = dns.RcodeSuccess
		resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "ONE.ONE.ONE.ONE."}})

		event := request.responseToDSLMap(req, resp, "ONE.ONE.ONE.ONE", "ONE.ONE.ONE.ONE", nil)

		matcher := &matchers.Matcher{
			Part:            "raw",
			Type:            matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
			Words:           []string{"one.ONE.one.ONE"},
			CaseInsensitive: true,
		}
		err = matcher.CompileMatchers()
		require.Nil(t, err, "could not compile matcher")

		isMatch, matched := request.Match(event, matcher)
		require.True(t, isMatch, "could not match valid response")
		require.Equal(t, []string{"one.one.one.one"}, matched)
	})
}

func TestDNSOperatorExtract(t *testing.T) {
	options := testutils.DefaultOptions

	recursion := false
	testutils.Init(options)
	templateID := "testing-dns"
	request := &Request{
		RequestType: DNSRequestTypeHolder{DNSRequestType: A},
		Class:       "INET",
		Retries:     5,
		ID:          templateID,
		Recursion:   &recursion,
		Name:        "{{FQDN}}",
	}
	executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
		ID:   templateID,
		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
	})
	err := request.Compile(executerOpts)
	require.Nil(t, err, "could not compile dns request")

	req := new(dns.Msg)
	req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})

	resp := new(dns.Msg)
	resp.Rcode = dns.RcodeSuccess
	resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})

	event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)

	t.Run("extract", func(t *testing.T) {
		extractor := &extractors.Extractor{
			Part:  "raw",
			Type:  extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},
			Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},
		}
		err = extractor.CompileExtractors()
		require.Nil(t, err, "could not compile extractor")

		data := request.Extract(event, extractor)
		require.Greater(t, len(data), 0, "could not extractor valid response")
		require.Equal(t, map[string]struct{}{"1.1.1.1": {}}, data, "could not extract correct data")
	})

	t.Run("kval", func(t *testing.T) {
		extractor := &extractors.Extractor{
			Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.KValExtractor},
			KVal: []string{"rcode"},
		}
		err = extractor.CompileExtractors()
		require.Nil(t, err, "could not compile kval extractor")

		data := request.Extract(event, extractor)
		require.Greater(t, len(data), 0, "could not extractor kval valid response")
		require.Equal(t, map[string]struct{}{strconv.Itoa(dns.RcodeSuccess): {}}, data, "could not extract correct kval data")
	})
}

func TestDNSMakeResult(t *testing.T) {
	options := testutils.DefaultOptions

	recursion := false
	testutils.Init(options)
	templateID := "testing-dns"
	executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
		ID:   templateID,
		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
	})
	request := &Request{
		RequestType: DNSRequestTypeHolder{DNSRequestType: A},
		Class:       "INET",
		Retries:     5,
		ID:          templateID,
		Recursion:   &recursion,
		Name:        "{{FQDN}}",
		Operators: operators.Operators{
			Matchers: []*matchers.Matcher{{
				Name:  "test",
				Part:  "raw",
				Type:  matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
				Words: []string{"1.1.1.1"},
			}},
			Extractors: []*extractors.Extractor{{
				Part:  "raw",
				Type:  extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},
				Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},
			}},
		},
		options: executerOpts,
	}
	err := request.Compile(executerOpts)
	require.Nil(t, err, "could not compile dns request")

	req := new(dns.Msg)
	req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})

	resp := new(dns.Msg)
	resp.Rcode = dns.RcodeSuccess
	resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})

	event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)
	finalEvent := &output.InternalWrappedEvent{InternalEvent: event}
	if request.CompiledOperators != nil {
		result, ok := request.CompiledOperators.Execute(event, request.Match, request.Extract, false)
		if ok && result != nil {
			finalEvent.OperatorsResult = result
			finalEvent.Results = request.MakeResultEvent(finalEvent)
		}
	}
	require.Equal(t, 1, len(finalEvent.Results), "could not get correct number of results")
	resultEvent := finalEvent.Results[0]
	require.Equal(t, "test", resultEvent.MatcherName, "could not get correct matcher name of results")
	require.Equal(t, "1.1.1.1", resultEvent.ExtractedResults[0], "could not get correct extracted results")
	require.Equal(t, "one.one.one.one", resultEvent.Matched, "could not get matched value")
}
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`package dns`

			`import (`
			`"net"`
			`"strconv"`
			`"testing"`

			`"github.com/miekg/dns"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 21:04:08 +03:00			`"github.com/stretchr/testify/require"`

			`"github.com/projectdiscovery/nuclei/v2/pkg/model"`
YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/testutils"`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`)`

			`func TestResponseToDSLMap(t *testing.T) {`
			`options := testutils.DefaultOptions`

Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`recursion := false`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`testutils.Init(options)`
			`templateID := "testing-dns"`
			`request := &Request{`
struct to enum changes for Dns Type (#1245) * struct to enum changes for Dns Type 2021-11-18 07:47:34 -06:00			`RequestType: DNSRequestTypeHolder{DNSRequestType: A},`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Class: "INET",`
			`Retries: 5,`
			`ID: templateID,`
Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`Recursion: &recursion,`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Name: "{{FQDN}}",`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`
			`executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{`
			`ID: templateID,`
YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00			`Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`
			`err := request.Compile(executerOpts)`
			`require.Nil(t, err, "could not compile dns request")`

			`req := new(dns.Msg)`
			`req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})`

			`resp := new(dns.Msg)`
			`resp.Rcode = dns.RcodeSuccess`
fix memory leak in dns templates (#3676) * fix memory leak * update test to cover the string slice case 2023-05-12 17:29:37 +05:30			`resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}}, &dns.A{A: net.ParseIP("2.2.2.2"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}}, &dns.A{A: net.ParseIP("3.3.3.3"), Hdr: dns.RR_Header{Name: "one.one.one.one.", Rrtype: dns.TypeA}})`
Added tests for DNS package 2021-02-03 02:09:45 +05:30
Adding dns trace support in dns templates (#1236) * Adding dns trace support in dns templates + minor refactoring 2021-11-18 14:52:11 +01:00			`event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)`
Expose DNS fields for matchers and extractors (#3613) * Extend dns extractor to dns answer records * add test template * Ignore error for dns variables are not found * Add all the records of answer section * Fixed the wrong typecasting 2023-05-02 17:13:11 +05:30			`require.Len(t, event, 15, "could not get correct number of items in dsl map")`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`require.Equal(t, dns.RcodeSuccess, event["rcode"], "could not get correct rcode")`
fix memory leak in dns templates (#3676) * fix memory leak * update test to cover the string slice case 2023-05-12 17:29:37 +05:30			`require.ElementsMatch(t, []string{net.ParseIP("1.1.1.1").String(), net.ParseIP("2.2.2.2").String(), net.ParseIP("3.3.3.3").String()}, event["a"], "could not get correct a record")`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`

			`func TestDNSOperatorMatch(t *testing.T) {`
			`options := testutils.DefaultOptions`

Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`recursion := false`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`testutils.Init(options)`
			`templateID := "testing-dns"`
			`request := &Request{`
struct to enum changes for Dns Type (#1245) * struct to enum changes for Dns Type 2021-11-18 07:47:34 -06:00			`RequestType: DNSRequestTypeHolder{DNSRequestType: A},`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Class: "INET",`
			`Retries: 5,`
			`ID: templateID,`
Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`Recursion: &recursion,`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Name: "{{FQDN}}",`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`
			`executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{`
			`ID: templateID,`
YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00			`Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`
			`err := request.Compile(executerOpts)`
			`require.Nil(t, err, "could not compile dns request")`

			`req := new(dns.Msg)`
			`req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})`

			`resp := new(dns.Msg)`
			`resp.Rcode = dns.RcodeSuccess`
			`resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})`

Adding dns trace support in dns templates (#1236) * Adding dns trace support in dns templates + minor refactoring 2021-11-18 14:52:11 +01:00			`event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30
			`t.Run("valid", func(t *testing.T) {`
			`matcher := &matchers.Matcher{`
			`Part: "raw",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`Words: []string{"1.1.1.1"},`
			`}`
			`err = matcher.CompileMatchers()`
			`require.Nil(t, err, "could not compile matcher")`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`isMatch, matched := request.Match(event, matcher)`
			`require.True(t, isMatch, "could not match valid response")`
			`require.Equal(t, matcher.Words, matched)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`

			`t.Run("rcode", func(t *testing.T) {`
			`matcher := &matchers.Matcher{`
			`Part: "rcode",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.StatusMatcher},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`Status: []int{dns.RcodeSuccess},`
			`}`
			`err = matcher.CompileMatchers()`
			`require.Nil(t, err, "could not compile rcode matcher")`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`isMatched, matched := request.Match(event, matcher)`
			`require.True(t, isMatched, "could not match valid rcode response")`
			`require.Equal(t, []string{}, matched)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`

			`t.Run("negative", func(t *testing.T) {`
			`matcher := &matchers.Matcher{`
			`Part: "raw",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`Negative: true,`
			`Words: []string{"random"},`
			`}`
			`err := matcher.CompileMatchers()`
			`require.Nil(t, err, "could not compile negative matcher")`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`isMatched, matched := request.Match(event, matcher)`
			`require.True(t, isMatched, "could not match valid negative response matcher")`
			`require.Equal(t, []string{}, matched)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`
Added test cases for network protocol + misc 2021-02-03 13:07:24 +05:30
			`t.Run("invalid", func(t *testing.T) {`
			`matcher := &matchers.Matcher{`
			`Part: "raw",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},`
Added test cases for network protocol + misc 2021-02-03 13:07:24 +05:30			`Words: []string{"random"},`
			`}`
			`err := matcher.CompileMatchers()`
			`require.Nil(t, err, "could not compile matcher")`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`isMatched, matched := request.Match(event, matcher)`
			`require.False(t, isMatched, "could match invalid response matcher")`
			`require.Equal(t, []string{}, matched)`
Added test cases for network protocol + misc 2021-02-03 13:07:24 +05:30			`})`
Add unit tests for case-insensitive flag in protocols 2021-10-29 19:11:09 +03:00
			`t.Run("caseInsensitive", func(t *testing.T) {`
			`req := new(dns.Msg)`
			`req.Question = append(req.Question, dns.Question{Name: "ONE.ONE.ONE.ONE.", Qtype: dns.TypeA, Qclass: dns.ClassINET})`

			`resp := new(dns.Msg)`
			`resp.Rcode = dns.RcodeSuccess`
			`resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "ONE.ONE.ONE.ONE."}})`

Adding dns trace support in dns templates (#1236) * Adding dns trace support in dns templates + minor refactoring 2021-11-18 14:52:11 +01:00			`event := request.responseToDSLMap(req, resp, "ONE.ONE.ONE.ONE", "ONE.ONE.ONE.ONE", nil)`
Add unit tests for case-insensitive flag in protocols 2021-10-29 19:11:09 +03:00
			`matcher := &matchers.Matcher{`
			`Part: "raw",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},`
Add unit tests for case-insensitive flag in protocols 2021-10-29 19:11:09 +03:00			`Words: []string{"one.ONE.one.ONE"},`
			`CaseInsensitive: true,`
			`}`
			`err = matcher.CompileMatchers()`
			`require.Nil(t, err, "could not compile matcher")`

			`isMatch, matched := request.Match(event, matcher)`
			`require.True(t, isMatch, "could not match valid response")`
			`require.Equal(t, []string{"one.one.one.one"}, matched)`
			`})`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`

			`func TestDNSOperatorExtract(t *testing.T) {`
			`options := testutils.DefaultOptions`

Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`recursion := false`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`testutils.Init(options)`
			`templateID := "testing-dns"`
			`request := &Request{`
struct to enum changes for Dns Type (#1245) * struct to enum changes for Dns Type 2021-11-18 07:47:34 -06:00			`RequestType: DNSRequestTypeHolder{DNSRequestType: A},`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Class: "INET",`
			`Retries: 5,`
			`ID: templateID,`
Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`Recursion: &recursion,`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Name: "{{FQDN}}",`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`
			`executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{`
			`ID: templateID,`
YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00			`Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`})`
			`err := request.Compile(executerOpts)`
			`require.Nil(t, err, "could not compile dns request")`

			`req := new(dns.Msg)`
			`req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})`

			`resp := new(dns.Msg)`
			`resp.Rcode = dns.RcodeSuccess`
			`resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})`

Adding dns trace support in dns templates (#1236) * Adding dns trace support in dns templates + minor refactoring 2021-11-18 14:52:11 +01:00			`event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30
			`t.Run("extract", func(t *testing.T) {`
			`extractor := &extractors.Extractor{`
			`Part: "raw",`
Automatically generate docs for enum values 2021-11-25 19:34:01 +05:30			`Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},`
			`}`
			`err = extractor.CompileExtractors()`
			`require.Nil(t, err, "could not compile extractor")`

			`data := request.Extract(event, extractor)`
			`require.Greater(t, len(data), 0, "could not extractor valid response")`
			`require.Equal(t, map[string]struct{}{"1.1.1.1": {}}, data, "could not extract correct data")`
			`})`

			`t.Run("kval", func(t *testing.T) {`
			`extractor := &extractors.Extractor{`
Automatically generate docs for enum values 2021-11-25 19:34:01 +05:30			`Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.KValExtractor},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`KVal: []string{"rcode"},`
			`}`
			`err = extractor.CompileExtractors()`
			`require.Nil(t, err, "could not compile kval extractor")`

			`data := request.Extract(event, extractor)`
			`require.Greater(t, len(data), 0, "could not extractor kval valid response")`
			`require.Equal(t, map[string]struct{}{strconv.Itoa(dns.RcodeSuccess): {}}, data, "could not extract correct kval data")`
			`})`
			`}`

			`func TestDNSMakeResult(t *testing.T) {`
			`options := testutils.DefaultOptions`

Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`recursion := false`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`testutils.Init(options)`
			`templateID := "testing-dns"`
Added exclude-matchers support for template & matchers (#2218) * Added exclude-matchers support for template & matchers * Fixed panics due to typo * Added support for only template ID + misc cleanup 2022-06-24 23:09:27 +05:30			`executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{`
			`ID: templateID,`
			`Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},`
			`})`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`request := &Request{`
struct to enum changes for Dns Type (#1245) * struct to enum changes for Dns Type 2021-11-18 07:47:34 -06:00			`RequestType: DNSRequestTypeHolder{DNSRequestType: A},`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Class: "INET",`
			`Retries: 5,`
			`ID: templateID,`
Added default fields for DNS requests 2021-11-23 13:09:22 +05:30			`Recursion: &recursion,`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`Name: "{{FQDN}}",`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`Operators: operators.Operators{`
File protocol tests + misc fixes 2021-02-03 17:49:10 +05:30			`Matchers: []*matchers.Matcher{{`
			`Name: "test",`
			`Part: "raw",`
struct to enums changes for Matchers (#1246) * struct to enums changes for Matchers 2021-11-19 04:54:09 -06:00			`Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},`
File protocol tests + misc fixes 2021-02-03 17:49:10 +05:30			`Words: []string{"1.1.1.1"},`
			`}},`
			`Extractors: []*extractors.Extractor{{`
			`Part: "raw",`
Automatically generate docs for enum values 2021-11-25 19:34:01 +05:30			`Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},`
File protocol tests + misc fixes 2021-02-03 17:49:10 +05:30			`Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},`
			`}},`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`},`
Added exclude-matchers support for template & matchers (#2218) * Added exclude-matchers support for template & matchers * Fixed panics due to typo * Added support for only template ID + misc cleanup 2022-06-24 23:09:27 +05:30			`options: executerOpts,`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`
			`err := request.Compile(executerOpts)`
			`require.Nil(t, err, "could not compile dns request")`

			`req := new(dns.Msg)`
			`req.Question = append(req.Question, dns.Question{Name: "one.one.one.one.", Qtype: dns.TypeA, Qclass: dns.ClassINET})`

			`resp := new(dns.Msg)`
			`resp.Rcode = dns.RcodeSuccess`
			`resp.Answer = append(resp.Answer, &dns.A{A: net.ParseIP("1.1.1.1"), Hdr: dns.RR_Header{Name: "one.one.one.one."}})`

Adding dns trace support in dns templates (#1236) * Adding dns trace support in dns templates + minor refactoring 2021-11-18 14:52:11 +01:00			`event := request.responseToDSLMap(req, resp, "one.one.one.one", "one.one.one.one", nil)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`finalEvent := &output.InternalWrappedEvent{InternalEvent: event}`
			`if request.CompiledOperators != nil {`
Do not show AND matcher information in the command line output if debug is not enabled #1081 2021-10-12 20:06:55 +03:00			`result, ok := request.CompiledOperators.Execute(event, request.Match, request.Extract, false)`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`if ok && result != nil {`
			`finalEvent.OperatorsResult = result`
			`finalEvent.Results = request.MakeResultEvent(finalEvent)`
			`}`
			`}`
			`require.Equal(t, 1, len(finalEvent.Results), "could not get correct number of results")`
Do not show AND matcher information in the command line output if debug is not enabled #1081 2021-10-12 20:06:55 +03:00			`resultEvent := finalEvent.Results[0]`
			`require.Equal(t, "test", resultEvent.MatcherName, "could not get correct matcher name of results")`
			`require.Equal(t, "1.1.1.1", resultEvent.ExtractedResults[0], "could not get correct extracted results")`
			`require.Equal(t, "one.one.one.one", resultEvent.Matched, "could not get matched value")`
Added tests for DNS package 2021-02-03 02:09:45 +05:30			`}`