-
Notifications
You must be signed in to change notification settings - Fork 5.6k
/
win_eventlog_test.go
136 lines (131 loc) · 3.65 KB
/
win_eventlog_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
//go:build windows
// Package win_eventlog Input plugin to collect Windows Event Log messages
//
//revive:disable-next-line:var-naming
package win_eventlog
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestWinEventLog_shouldExcludeEmptyField(t *testing.T) {
type args struct {
field string
fieldType string
fieldValue interface{}
}
tests := []struct {
name string
w *WinEventLog
args args
expected bool
}{
{
name: "Not in list",
args: args{field: "qq", fieldType: "string", fieldValue: ""},
expected: false,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Empty string",
args: args{field: "test", fieldType: "string", fieldValue: ""},
expected: true,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Non-empty string",
args: args{field: "test", fieldType: "string", fieldValue: "qq"},
expected: false,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Zero int",
args: args{field: "test", fieldType: "int", fieldValue: int(0)},
expected: true,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Non-zero int",
args: args{field: "test", fieldType: "int", fieldValue: int(-1)},
expected: false,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Zero uint32",
args: args{field: "test", fieldType: "uint32", fieldValue: uint32(0)},
expected: true,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
{
name: "Non-zero uint32",
args: args{field: "test", fieldType: "uint32", fieldValue: uint32(0xc0fefeed)},
expected: false,
w: &WinEventLog{ExcludeEmpty: []string{"te*"}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
require.NoError(t, tt.w.Init())
actual := tt.w.shouldExcludeEmptyField(tt.args.field, tt.args.fieldType, tt.args.fieldValue)
require.Equal(t, tt.expected, actual)
})
}
}
func TestWinEventLog_shouldProcessField(t *testing.T) {
tags := []string{"Source", "Level*"}
fields := []string{"EventID", "Message*"}
excluded := []string{"Message*"}
type args struct {
field string
}
tests := []struct {
name string
w *WinEventLog
args args
wantShould bool
wantList string
}{
{
name: "Not in tags",
args: args{field: "test"},
wantShould: false,
wantList: "excluded",
w: &WinEventLog{EventTags: tags, EventFields: fields, ExcludeFields: excluded},
},
{
name: "In Tags",
args: args{field: "LevelText"},
wantShould: true,
wantList: "tags",
w: &WinEventLog{EventTags: tags, EventFields: fields, ExcludeFields: excluded},
},
{
name: "Not in Fields",
args: args{field: "EventId"},
wantShould: false,
wantList: "excluded",
w: &WinEventLog{EventTags: tags, EventFields: fields, ExcludeFields: excluded},
},
{
name: "In Fields",
args: args{field: "EventID"},
wantShould: true,
wantList: "fields",
w: &WinEventLog{EventTags: tags, EventFields: fields, ExcludeFields: excluded},
},
{
name: "In Fields and Excluded",
args: args{field: "Messages"},
wantShould: false,
wantList: "excluded",
w: &WinEventLog{EventTags: tags, EventFields: fields, ExcludeFields: excluded},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
require.NoError(t, tt.w.Init())
should, list := tt.w.shouldProcessField(tt.args.field)
require.Equal(t, tt.wantShould, should)
require.Equal(t, tt.wantList, list)
})
}
}