From 3209b2dc4475f4e772a0d7ab0ed0616dd1db0e32 Mon Sep 17 00:00:00 2001 From: blotus Date: Tue, 8 Oct 2024 18:15:04 +0200 Subject: [PATCH] up --- .../modules/wineventlog/wineventlog_test.go | 36 +++++++++++++++---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/pkg/acquisition/modules/wineventlog/wineventlog_test.go b/pkg/acquisition/modules/wineventlog/wineventlog_test.go index 1e6a1474d4b..e1517c3ba22 100644 --- a/pkg/acquisition/modules/wineventlog/wineventlog_test.go +++ b/pkg/acquisition/modules/wineventlog/wineventlog_test.go @@ -240,10 +240,11 @@ func TestOneShotAcquisition(t *testing.T) { } tests := []struct { - name string - dsn string - expectedCount int - expectedErr string + name string + dsn string + expectedCount int + expectedErr string + expectedConfigureErr string }{ { name: "non-existing file", @@ -251,12 +252,28 @@ func TestOneShotAcquisition(t *testing.T) { expectedCount: 0, expectedErr: "The system cannot find the file specified.", }, + { + name: "empty DSN", + dsn: `wineventlog://`, + expectedCount: 0, + expectedConfigureErr: "empty wineventlog:// DSN", + }, { name: "existing file", dsn: `wineventlog://test_files/Setup.evtx`, expectedCount: 24, expectedErr: "", }, + { + name: "filter on event_id", + dsn: `wineventlog://test_files/Setup.evtx?event_id=2`, + expectedCount: 1, + }, + { + name: "filter on event_id", + dsn: `wineventlog://test_files/Setup.evtx?event_id=2&event_id=3`, + expectedCount: 24, + }, } exprhelpers.Init(nil) @@ -267,7 +284,14 @@ func TestOneShotAcquisition(t *testing.T) { to := &tomb.Tomb{} c := make(chan types.Event) f := WinEventLogSource{} - f.ConfigureByDSN(test.dsn, map[string]string{"type": "wineventlog"}, log.WithField("type", "windowseventlog"), "") + err := f.ConfigureByDSN(test.dsn, map[string]string{"type": "wineventlog"}, log.WithField("type", "windowseventlog"), "") + + if test.expectedConfigureErr != "" { + assert.Contains(t, err.Error(), test.expectedConfigureErr) + return + } + + require.NoError(t, err) go func() { for { @@ -280,7 +304,7 @@ func TestOneShotAcquisition(t *testing.T) { } }() - err := f.OneShotAcquisition(c, to) + err = f.OneShotAcquisition(c, to) if test.expectedErr != "" { assert.Contains(t, err.Error(), test.expectedErr) } else {