From 83bef862e06b22278bcc462c8dea8b1177937fde Mon Sep 17 00:00:00 2001 From: Aleksandr Maus Date: Fri, 20 Mar 2020 10:39:35 -0400 Subject: [PATCH] EQL: Extract query folder tests definitions into resources (#53802) (#53869) --- .../xpack/eql/planner/QueryFolderOkTests.java | 112 ++++++++++-------- .../src/test/resources/queryfolder_tests.txt | 66 +++++++++++ 2 files changed, 129 insertions(+), 49 deletions(-) create mode 100644 x-pack/plugin/eql/src/test/resources/queryfolder_tests.txt diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/planner/QueryFolderOkTests.java b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/planner/QueryFolderOkTests.java index acbe328a474..0867c6e77c5 100644 --- a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/planner/QueryFolderOkTests.java +++ b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/planner/QueryFolderOkTests.java @@ -7,60 +7,19 @@ package org.elasticsearch.xpack.eql.planner; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; +import org.elasticsearch.common.Strings; import org.elasticsearch.xpack.eql.plan.physical.EsQueryExec; import org.elasticsearch.xpack.eql.plan.physical.PhysicalPlan; -import java.util.Arrays; +import java.io.BufferedReader; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; import static org.elasticsearch.xpack.ql.type.DataTypes.KEYWORD; import static org.hamcrest.Matchers.containsString; public class QueryFolderOkTests extends AbstractQueryFolderTestCase { - private static Object[][] specs = { - {"basic", "process where true", null}, - {"singleNumericFilterEquals", "process where serial_event_id = 1", "\"term\":{\"serial_event_id\":{\"value\":1"}, - {"singleNumericFilterLess", "process where serial_event_id < 4", - "\"range\":{\"serial_event_id\":{\"from\":null,\"to\":4,\"include_lower\":false,\"include_upper\":false" - }, - {"singleNumericFilterLessSymmetry", "process where 4 > serial_event_id", - "\"range\":{\"serial_event_id\":{\"from\":null,\"to\":4,\"include_lower\":false,\"include_upper\":false" - }, - {"singleNumericFilterLessEquals", "process where serial_event_id <= 4", - "\"range\":{\"serial_event_id\":{\"from\":null,\"to\":4,\"include_lower\":false,\"include_upper\":true" - }, - {"singleNumericFilterGreater", "process where serial_event_id > 4", - "\"range\":{\"serial_event_id\":{\"from\":4,\"to\":null,\"include_lower\":false,\"include_upper\":false" - }, - {"singleNumericFilterGreaterEquals", "process where serial_event_id >= 4", - "\"range\":{\"serial_event_id\":{\"from\":4,\"to\":null,\"include_lower\":true,\"include_upper\":false" - }, - {"mixedTypeFilter", "process where process_name == \"notepad.exe\" or (serial_event_id < 4.5 and serial_event_id >= 3.1)", - new Object[]{ - "\"term\":{\"process_name\":{\"value\":\"notepad.exe\"", - "\"range\":{\"serial_event_id\":{\"from\":3.1,\"to\":4.5,\"include_lower\":true,\"include_upper\":false" - } - }, - {"notFilter", "process where not (exit_code > -1)", - "\"range\":{\"exit_code\":{\"from\":null,\"to\":-1,\"include_lower\":false,\"include_upper\":true" - }, - {"inFilter", "process where process_name in (\"python.exe\", \"SMSS.exe\", \"explorer.exe\")", - new Object[]{ - "\"term\":{\"process_name\":{\"value\":\"python.exe\"", - "\"term\":{\"process_name\":{\"value\":\"SMSS.exe\"", - "\"term\":{\"process_name\":{\"value\":\"explorer.exe\"", - } - }, - {"equalsAndInFilter", "process where process_path == \"*\\\\red_ttp\\\\wininit.*\" and opcode in (0,1,2,3)", - new Object[]{ - "\"wildcard\":{\"process_path\":{\"wildcard\":\"*\\\\\\\\red_ttp\\\\\\\\wininit.*\"", - "\"term\":{\"opcode\":{\"value\":0", - "\"term\":{\"opcode\":{\"value\":1", - "\"term\":{\"opcode\":{\"value\":2", - "\"term\":{\"opcode\":{\"value\":3", - } - }, - }; - private final String name; private final String query; private final Object expect; @@ -71,9 +30,64 @@ public class QueryFolderOkTests extends AbstractQueryFolderTestCase { this.expect = expect; } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s.test") - public static Iterable parameters() { - return Arrays.asList(specs); + @ParametersFactory(shuffle = false, argumentFormatting = "%1$s") + public static Iterable parameters() throws Exception { + ArrayList arr = new ArrayList<>(); + try (BufferedReader reader = new BufferedReader(new InputStreamReader( + QueryFolderOkTests.class.getResourceAsStream("/queryfolder_tests.txt"), StandardCharsets.UTF_8))) { + String line; + String name = null; + String query = null; + ArrayList expectations = null; + int newLineCount = 0; + + while ((line = reader.readLine()) != null) { + if (line.startsWith("//")) { + continue; + } + + line = line.trim(); + if (Strings.isEmpty(line)) { + if (name != null) { + newLineCount++; + } + if (newLineCount >= 2) { + // Add and zero out for the next spec + addSpec(arr, name, query, expectations == null ? null : expectations.toArray()); + name = null; + query = null; + expectations = null; + newLineCount = 0; + } + continue; + } + + if (name == null) { + name = line; + continue; + } + + if (query == null) { + query = line; + continue; + } + + if (line.equals("null") == false) { // special case for no expectations + if (expectations == null) { + expectations = new ArrayList<>(); + } + expectations.add(line); + } + } + addSpec(arr, name, query, expectations.toArray()); + } + return arr; + } + + private static void addSpec(ArrayList arr, String name, String query, Object[] expectations) { + if ((Strings.isNullOrEmpty(name) == false) && (Strings.isNullOrEmpty(query) == false)) { + arr.add(new Object[]{name, query, expectations}); + } } public void test() { diff --git a/x-pack/plugin/eql/src/test/resources/queryfolder_tests.txt b/x-pack/plugin/eql/src/test/resources/queryfolder_tests.txt new file mode 100644 index 00000000000..8a2af74ab84 --- /dev/null +++ b/x-pack/plugin/eql/src/test/resources/queryfolder_tests.txt @@ -0,0 +1,66 @@ +// +// QueryFolder test +// Simple format of the following blocks, separated by two new lines +// +// +// +// +// ... +// + + +basic +process where true +null + + +singleNumericFilterEquals +process where serial_event_id = 1 +"term":{"serial_event_id":{"value":1 + + +singleNumericFilterLess +process where serial_event_id < 4 +"range":{"serial_event_id":{"from":null,"to":4,"include_lower":false,"include_upper":false + + +singleNumericFilterLessEquals +process where serial_event_id <= 4 +"range":{"serial_event_id":{"from":null,"to":4,"include_lower":false,"include_upper":true + + +singleNumericFilterGreater +process where serial_event_id > 4 +"range":{"serial_event_id":{"from":4,"to":null,"include_lower":false,"include_upper":false + + +singleNumericFilterGreaterEquals +process where serial_event_id >= 4 +"range":{"serial_event_id":{"from":4,"to":null,"include_lower":true,"include_upper":false + + +mixedTypeFilter +process where process_name == "notepad.exe" or (serial_event_id < 4.5 and serial_event_id >= 3.1) +"term":{"process_name":{"value":"notepad.exe" +"range":{"serial_event_id":{"from":3.1,"to":4.5,"include_lower":true,"include_upper":false + + +notFilter +process where not (exit_code > -1) +"range":{"exit_code":{"from":null,"to":-1,"include_lower":false,"include_upper":true + + +inFilter +process where process_name in ("python.exe", "SMSS.exe", "explorer.exe") +"term":{"process_name":{"value":"python.exe" +"term":{"process_name":{"value":"SMSS.exe" +"term":{"process_name":{"value":"explorer.exe" + + +equalsAndInFilter +process where process_path == "*\\red_ttp\\wininit.*" and opcode in (0,1,2,3) +"wildcard":{"process_path":{"wildcard":"*\\\\red_ttp\\\\wininit.*" +"term":{"opcode":{"value":0 +"term":{"opcode":{"value":1 +"term":{"opcode":{"value":2 +"term":{"opcode":{"value":3