Skip to content

Commit

Permalink
test: added low-memory-mode test #1361
Browse files Browse the repository at this point in the history
  • Loading branch information
@hitenkoku
hitenkoku committed Jun 15, 2024
1 parent 5614774 commit f5fa7b9
Showing 1 changed file with 47 additions and 0 deletions.
47 changes: 47 additions & 0 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3271,4 +3271,51 @@ mod tests {
assert_eq!(actual.1, 2);
assert_eq!(actual.4.len(), 0);
}

#[test]
fn test_analysis_json_file_low_memory_mode() {
let mut app = App::new(None);
let mut stored_static = create_dummy_stored_static();
*STORED_EKEY_ALIAS.write().unwrap() = Some(stored_static.eventkey_alias.clone());
stored_static.include_eid = HashSet::from_iter(vec!["10".into()]);
stored_static.is_low_memory = true;
*STORED_STATIC.write().unwrap() = Some(stored_static.clone());

let rule_str = r#"
enabled: true
detection:
selection1:
Channel: 'Microsoft-Windows-Sysmon/Operational'
condition: selection1
details: testdata
"#;
let mut rule_yaml = YamlLoader::load_from_str(rule_str).unwrap().into_iter();
let test_yaml_data = rule_yaml.next().unwrap();
let mut rule = create_rule("testpath".to_string(), test_yaml_data);
let rule_init = rule.init(&stored_static);
assert!(rule_init.is_ok());
let rule_files = vec![rule];
app.rule_keys = app.get_all_keys(&rule_files);
let detection = detection::Detection::new(rule_files);
let target_time_filter = TargetEventTime::new(&stored_static);
let tl = Timeline::default();
let target_event_ids = TargetIds::default();
let mut afterfact_info = AfterfactInfo::default();
let mut afterfact_writer = afterfact::init_writer(&stored_static);

let actual = app.analysis_json_file(
(
Path::new("test_files/evtx/test.jsonl").to_path_buf(),
&target_time_filter,
&target_event_ids,
&stored_static,
),
detection,
tl,
&mut afterfact_writer,
&mut afterfact_info,
);
assert_eq!(actual.1, 2);
assert_eq!(actual.4.len(), 0);
}
}

0 comments on commit f5fa7b9

Please sign in to comment.