forked from 0xrawsec/whids
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathioc_test.go
114 lines (95 loc) · 2.31 KB
/
ioc_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package ioc
import (
"crypto/sha256"
"encoding/hex"
"fmt"
"math/rand"
"testing"
"github.com/0xrawsec/sod"
"github.com/0xrawsec/toast"
"github.com/0xrawsec/whids/utils"
)
const (
dbpath = "data/database"
)
var (
format = fmt.Sprintf
)
func uuidGen() string {
return utils.UnsafeUUIDGen().String()
}
func createIocDB(t *testing.T, size int) (db *sod.DB) {
tt := toast.FromT(t)
db = sod.Open(dbpath)
schema := sod.DefaultSchema
schema.Cache = true
tt.CheckErr(db.Create(&IOC{}, sod.DefaultSchema))
n, err := db.Count(&IOC{})
tt.CheckErr(err)
if n != size {
t.Logf("Dropping db n=%d size=%d", n, size)
db.DeleteAll(&IOC{})
} else {
t.Logf("Db size n=%d", n)
return
}
iocs := make([]sod.Object, 0)
for i := 0; i < size; i++ {
var ioc *IOC
switch rand.Int() % 3 {
case 0:
ioc = &IOC{
Uuid: uuidGen(),
GroupUuid: uuidGen(),
Source: "Whatever",
Value: fmt.Sprintf("%d.some.domain", i),
Type: "domain",
}
case 1:
mod := i % 256
ioc = &IOC{
Uuid: uuidGen(),
GroupUuid: uuidGen(),
Source: "Whatever",
Value: fmt.Sprintf("%d.%d.%d.%d", mod, mod, mod, mod),
Type: "ip-dst",
}
case 2:
s := sha256.New()
v := fmt.Sprintf("random-value-%d", i)
s.Write([]byte(v))
ioc = &IOC{
Uuid: uuidGen(),
GroupUuid: uuidGen(),
Source: "Whatever",
Value: hex.EncodeToString(s.Sum(nil)),
Type: "domain",
}
}
iocs = append(iocs, ioc)
}
_, err = db.InsertOrUpdateMany(iocs...)
tt.CheckErr(err)
return db
}
func TestIocs(t *testing.T) {
var db *sod.DB
tt := toast.FromT(t)
iocs := NewIocs()
tt.TimeIt("creating DB", func() { db = createIocDB(t, 5000) })
defer db.Drop()
tt.CheckErr(iocs.FromDB(db))
t.Logf("len(iocs)=%d", iocs.iocs.Len())
hashSlice := utils.Sha256StringArray(iocs.StringSlice())
tt.Assert(iocs.Hash() == hashSlice, format("hash is not stable: iocs.Hash=%s hashSlice=%s", iocs.Hash(), hashSlice))
del := make([]*IOC, 0)
for _, v := range iocs.StringSlice() {
if rand.Int()%2 == 0 {
del = append(del, &IOC{Value: v})
}
}
iocs.Del(del...)
t.Logf("len(iocs)=%d", iocs.iocs.Len())
hashSlice = utils.Sha256StringArray(iocs.StringSlice())
tt.Assert(iocs.Hash() == hashSlice, format("hash is not stable: iocs.Hash=%s hashSlice=%s", iocs.Hash(), hashSlice))
}