def test_simple_not_string(json_dict): # for '=', a pattern can be interpreted as a number. pattern = '{ $.someInt = 123 }' assert match(pattern, json_dict) pattern = '{ $.someFloat = 12.34 }' assert match(pattern, json_dict) # False for matching non-number field pattern = '{ $.someObject = someString }' assert not match(pattern, json_dict) pattern = '{ $.someArray = someString }' assert not match(pattern, json_dict) # for '!=', a pattern can be interpreted as a number. pattern = '{ $.someInt != 123 }' assert not match(pattern, json_dict) pattern = '{ $.someFloat != 12.34 }' assert not match(pattern, json_dict) # target is not string or number then return unmatched pattern = '{ $.someObject != someString }' assert not match(pattern, json_dict) pattern = '{ $.someObject = someString }' assert not match(pattern, json_dict) pattern = '{ $.someArray != someString }' assert not match(pattern, json_dict) pattern = '{ $.someArray = someString }' assert not match(pattern, json_dict)
def test_numeric_unquoted_matched(json_data, client): patterns = [ '{ $.someString != 111 }', # '{ $.eventType >= 123 }', # len(matches)==0 # '{ $.someInt != 111 }', # '{ $.someInt != 111.0 }', # '{ $.someInt != "111" }', # '{ $.someInt != "abc" }', # '{ $.someInt >= 123.0 }', # '{ $.someInt >= someString }', # InvalidParameterException: Invalid # character(s) in term '"someString"' # '{ $.someInt >= "someString" }', # InvalidParameterException: # Invalid character(s) in term '"someString"' # '{ $.someInt >= "123" }', # InvalidParameterException: Invalid # character(s) in term '"someString"' # '{ $.someInt >= "123.0" }', # InvalidParameterException: Invalid # character(s) in term '"someString"' # len(matches) == 0 # '{ $.someArray != "someString" }', # '{ $.someArray = "someString" }', # '{ $.someObject != "someString" }', # '{ $.someObject = "someString" }', # '{ $.someInt = "123.00" }', # len(matches) == 0 # '{ $.someInt != 111 }', # '{ $.someInt != 123 }', # len(matches) == 0 # '{ $.someInt != "123" }', # len(matches) == 0 # r'{ $.someEscaped = "error \"message\"" }', # '{ $.eventType = "UpdateTrail" }', # '{ $.eventType != "NoTrail" }', # '{ $.someFloat != "12.34" }', # '{ $.someObject != "someString" }', # '{ $.someArray != "someString" }', # '{ $.sourceIPAddress = "111.111.*" }', # '{ $.sourceIPAddress != "123.123.*" }', # '{ $.sourceIPAddress = "*111.111" }', # '{ $.sourceIPAddress != "*123.123" }', # '{ $.sourceIPAddress = "*111*" }', # '{ $.eventType = UpdateTrail }', # '{ $.eventType != NoTrail }', # '{ $.someObject != someString }', # '{ $.someArray != someString }', # '{ $.sourceIPAddress = 111.111.* }', # '{ $.sourceIPAddress != 123.123.* }', # '{ $.sourceIPAddress = *111.111 }', # '{ $.sourceIPAddress != *123.123 }', # '{ $.sourceIPAddress = *111* }', ] for p in patterns: resp = client.test_metric_filter(filterPattern=p, logEventMessages=[json_data]) matches = resp.get('matches', []) assert matches and len(matches) == 1 assert matches[0]['eventMessage'] == json_data assert match(p, json.loads(json_data))
def test_unmatched(json_data, client): patterns = [ # number-like unquoted strings are valid but the matching result would be unmatched whatever. '{ $.someString > 123 }', '{ $.someString >= 123 }', '{ $.someString < 123 }', '{ $.someString <= 123 }', # number-like strings can do equality ops '{ $.someString = 123 }', '{ $.someString = "123" }', # if target is not string or number return unmatched '{ $.someObject = 123 }', '{ $.someObject != 123 }', '{ $.someObject > 123 }', '{ $.someObject >= 123 }', '{ $.someObject < 123 }', '{ $.someObject <= 123 }', '{ $.someObject = "123" }', '{ $.someObject != "123" }', '{ $.someObject = "non-number-like" }', '{ $.someObject != "non-number-like" }', ] for p in patterns: resp = client.test_metric_filter(filterPattern=p, logEventMessages=[json_data]) matches = resp.get('matches', []) assert not matches assert not match(p, json.loads(json_data))
def test_simple_numeric_op_raise(json_dict): with pytest.raises(VisitorException): pattern = '{ $.eventType > UpdateTrail }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType >= UpdateTrail }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType < UpdateTrail }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType <= UpdateTrail }' match(pattern, json_dict)
def test_quoted_numeric_op_raise(json_dict): with pytest.raises(VisitorException): pattern = '{ $.eventType > "UpdateTrail" }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType >= "UpdateTrail" }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType < "UpdateTrail" }' match(pattern, json_dict) with pytest.raises(VisitorException): pattern = '{ $.eventType <= "UpdateTrail" }' match(pattern, json_dict)
def test_invalid(json_data, client): patterns = [ # non number-like strings can't do numeric ops '{ $.someString > unquoted_string }', '{ $.someString >= unquoted_string }', '{ $.someString < unquoted_string }', '{ $.someString <= unquoted_string }', '{ $.someString > "quoted_string" }', '{ $.someString >= "quoted_string" }', '{ $.someString < "quoted_string" }', '{ $.someString <= "quoted_string" }', # number-like quoted strings can't do numeric ops either '{ $.someString > "123" }', '{ $.someString >= "123" }', '{ $.someString < "123" }', '{ $.someString <= "123" }', #'{ $.eventType > "UpdateTrail" }', #'{ $.eventType >= "UpdateTrail" }', #'{ $.eventType < "UpdateTrail" }', #'{ $.eventType <= "UpdateTrail" }', #'{ $.eventType > UpdateTrail }', #'{ $.eventType >= UpdateTrail }', #'{ $.eventType < UpdateTrail }', #'{ $.eventType <= UpdateTrail }', ] for p in patterns: try: client.test_metric_filter(filterPattern=p, logEventMessages=[json_data]) except client.exceptions.InvalidParameterException as e: with pytest.raises(VisitorException): match(p, json.loads(json_data)) else: assert False
def test_float(json_dict): pattern = '{ $.someFloat = 12.34 }' assert match(pattern, json_dict) pattern = '{ $.someFloat != 11.1 }' assert match(pattern, json_dict) pattern = '{ $.someFloat > 1.0 }' assert match(pattern, json_dict) pattern = '{ $.someFloat >= 1.0 }' assert match(pattern, json_dict) pattern = '{ $.someFloat < 100.0 }' assert match(pattern, json_dict) pattern = '{ $.someFloat <= 100.0 }' assert match(pattern, json_dict)
def test_int(json_dict): pattern = '{ $.someInt = 123 }' assert match(pattern, json_dict) pattern = '{ $.someInt != 111 }' assert match(pattern, json_dict) pattern = '{ $.someInt > 1 }' assert match(pattern, json_dict) pattern = '{ $.someInt >= 1 }' assert match(pattern, json_dict) pattern = '{ $.someInt < 1000 }' assert match(pattern, json_dict) pattern = '{ $.someInt <= 1000 }' assert match(pattern, json_dict)
def test_quoted_not_string(json_dict): # can still run if a quoted string can be coerced to a number pattern = '{ $.someInt = "123" }' assert match(pattern, json_dict) pattern = '{ $.someInt != "123" }' assert not match(pattern, json_dict) pattern = '{ $.someFloat = "12.34" }' assert match(pattern, json_dict) pattern = '{ $.someFloat != "12.34" }' assert not match(pattern, json_dict) # type mismatch gives False pattern = '{ $.someObject = "someString" }' assert not match(pattern, json_dict) pattern = '{ $.someObject != "someString" }' assert not match(pattern, json_dict) pattern = '{ $.someArray = "someString" }' assert not match(pattern, json_dict) pattern = '{ $.someArray != "someString" }' assert not match(pattern, json_dict)
def test_invalid_pattern(): with pytest.raises(ParsingException): pattern = '{ $.someInt }' match(pattern, json_dict)
def test_match_pattern2(json_dict): pattern = '{ ($.user.id = 2 && $.users[0].email = "nonmatch") || $.actions[2] = "GET" }' assert not match(pattern, json_dict)
def test_match_pattern6(json_dict): pattern = '{ $.objectList[1].id = 2 }' assert match(pattern, json_dict)
def test_match_pattern8(json_dict): pattern = '{ $.SomeObject IS NULL }' assert match(pattern, json_dict)
def test_quoted_escaped(json_dict): pattern = r'{ $.someEscaped = "error \"message\"" }' assert match(pattern, json_dict)
def test_simple_wildcard_useless(json_dict): pattern = '{ $.sourceIPAddress = 11*1 }' assert not match(pattern, json_dict)
def test_quoted_wildcard_begin_fail(json_dict): pattern = '{ $.sourceIPAddress != "*123.123" }' assert match(pattern, json_dict)
def test_equality_unquoted(json_data, client): patterns = [ # unquoted term '{ $.someString = 111.111.111.111 }', '{ $.someString != 111*111 }', '{ $.someString = * }', #'{ $.someString = *111.111.111 }', # [TODO] Should be True, aws bug? '{ $.someString = *.111.111.111 }', # but this passed '{ $.someString = 111* }', '{ $.someString != 222 }', '{ $.someString != 222* }', '{ $.someString != *222 }', '{ $.someInt = 123 }', '{ $.someInt = 123.0 }', '{ $.someInt = * }', #'{ $.someInt != 1*3 }', # [TODO] Should be True, aws bug? '{ $.someInt = 1* }', '{ $.someInt = 12* }', '{ $.someInt = 123* }', '{ $.someInt = *123 }', '{ $.someInt = *23 }', '{ $.someInt = *3 }', '{ $.someInt != 3* }', '{ $.someInt != 32* }', '{ $.someInt != 321* }', '{ $.someInt != *321 }', '{ $.someInt != *32 }', '{ $.someInt != *1 }', # float '{ $.someFloat = 12.34 }', '{ $.someFloat = *}', #'{ $.someFloat != 1*4 }', # [TODO] Should be True, aws bug? '{ $.someFloat2 = 12 }', '{ $.someFloat = 1* }', '{ $.someFloat = 12* }', '{ $.someFloat = 12.* }', '{ $.someFloat = 12.3* }', '{ $.someFloat = 12.34*}', '{ $.someFloat = *12.34}', '{ $.someFloat = *2.34}', '{ $.someFloat = *.34 }', '{ $.someFloat = *34 }', '{ $.someFloat = *4 }', '{ $.someFloat != 43.21 }', '{ $.someFloat != 4* }', '{ $.someFloat != 43* }', '{ $.someFloat != 43.* }', '{ $.someFloat != 43.2* }', '{ $.someFloat != 43.21*}', '{ $.someFloat != *43.21}', '{ $.someFloat != *3.21 }', '{ $.someFloat != *.21 }', '{ $.someFloat != *21 }', '{ $.someFloat != *1 }', ] for p in patterns: resp = client.test_metric_filter(filterPattern=p, logEventMessages=[json_data]) matches = resp.get('matches', []) assert matches and len(matches) == 1 assert matches[0]['eventMessage'] == json_data assert match(p, json.loads(json_data))
def test_quoted_wildcard_begin(json_dict): pattern = '{ $.sourceIPAddress = "*111.111" }' assert match(pattern, json_dict)
def test_quoted_wildcard_end(json_dict): pattern = '{ $.sourceIPAddress = "111.111.*" }' assert match(pattern, json_dict)
def test_quoted_eq(json_dict): pattern = '{ $.eventType = "UpdateTrail" }' assert match(pattern, json_dict) pattern = '{ $.eventType != "NoTrail" }' assert match(pattern, json_dict)
def test_match_pattern4(json_dict): pattern = '{ $.arrayKey[0] = "value" }' assert match(pattern, json_dict)
def test_simple_wildcard(json_dict): pattern = '{ $.sourceIPAddress = *111* }' assert match(pattern, json_dict)
def test_match_pattern5(json_dict): # ThisFlag is not an array pattern = '{ $.ThisFlag[0] = "value" }' assert not match(pattern, json_dict)
def test_equality_quoted(json_data, client): ## quoted term patterns = [ # string '{ $.someString = "111.111.111.111" }', '{ $.someString != 111*111 }', '{ $.someString = "*" }', '{ $.emptyString = "*" }', # '{ $.someString = "*111.111.111" }', // should be True, aws bug? '{ $.someString = "*.111.111.111" }', # but this passed '{ $.someString = "111*" }', '{ $.someString != "222" }', '{ $.someString != "222*" }', '{ $.someString != "*222" }', # int '{ $.someInt = "123" }', '{ $.someInt != "123.0" }', # different than unquoted '{ $.someInt = "*" }', #'{ $.someInt != "1*3" }', // # [TODO] Should be True, aws bug? '{ $.someInt = "1*" }', '{ $.someInt = "12*" }', '{ $.someInt = "123*" }', '{ $.someInt = "*123" }', '{ $.someInt = "*23" }', '{ $.someInt = "*3" }', '{ $.someInt != "3*" }', '{ $.someInt != "32*" }', '{ $.someInt != "321*" }', '{ $.someInt != "*321" }', '{ $.someInt != "*32" }', '{ $.someInt != "*1" }', # float '{ $.someFloat = "12.34" }', '{ $.someFloat = "*"}', #'{ $.someFloat != "1*4" }', # [TODO] Should be True, aws bug? '{ $.someFloat2 != "12" }', # different than unquoted '{ $.someFloat = "1*" }', '{ $.someFloat = "12*" }', '{ $.someFloat = "12.*" }', '{ $.someFloat = "12.3*" }', '{ $.someFloat = "12.34*"}', '{ $.someFloat = "*12.34"}', '{ $.someFloat = "*2.34"}', '{ $.someFloat = "*.34" }', '{ $.someFloat = "*34" }', '{ $.someFloat = "*4" }', '{ $.someFloat != "43.21" }', '{ $.someFloat != "4*1" }', '{ $.someFloat != "4*" }', '{ $.someFloat != "43*" }', '{ $.someFloat != "43.*" }', '{ $.someFloat != "43.2*" }', '{ $.someFloat != "43.21*"}', '{ $.someFloat != "*43.21"}', '{ $.someFloat != "*3.21" }', '{ $.someFloat != "*.21" }', '{ $.someFloat != "*21" }', '{ $.someFloat != "*1" }', ] for p in patterns: resp = client.test_metric_filter(filterPattern=p, logEventMessages=[json_data]) matches = resp.get('matches', []) assert matches and len(matches) == 1 assert matches[0]['eventMessage'] == json_data assert match(p, json.loads(json_data))
def test_match_pattern7(json_dict): # If objectList is not an array this will be false. If the items in # objectList are not objects or do not have an number property, # this will be false pattern = '{ $.objectList[1].number = 2 }' assert not match(pattern, json_dict)
def test_match_pattern9(json_dict): pattern = '{ $.SomeOtherObject NOT EXISTS}' assert match(pattern, json_dict)
def test_match_pattern1(json_dict): pattern = '{ ($.user.id = 1) && ($.users[0].email = "*****@*****.**") }' assert match(pattern, json_dict)
def test_match_pattern10(json_dict): pattern = '{$.ThisFlag IS TRUE}' assert match(pattern, json_dict)
def test_match_pattern4(json_dict): pattern = '{ ($.user.email = "*****@*****.**" || $.coordinates[0][1] = nonmatch) && $.actions[2] = nomatch }' assert not match(pattern, json_dict)
def test_quoted_not_existed(json_dict): pattern = '{ $.notExisted = "UpdateTrail" }' assert not match(pattern, json_dict) pattern = '{ $.notExisted != "UpdateTrail" }' assert not match(pattern, json_dict)