diff --git a/userspace/libsinsp/test/events_fspath.ut.cpp b/userspace/libsinsp/test/events_fspath.ut.cpp index 03aa94bd83..fa6cc063d6 100644 --- a/userspace/libsinsp/test/events_fspath.ut.cpp +++ b/userspace/libsinsp/test/events_fspath.ut.cpp @@ -20,7 +20,6 @@ limitations under the License. #include -#include "filter_compiler.h" #include class fspath : public sinsp_with_test_input @@ -112,13 +111,13 @@ class fspath : public sinsp_with_test_input std::string fieldstr = field; std::string eq_filter_str = fieldstr + " = " + expected; - filter_run(evt, true, eq_filter_str); + EXPECT_TRUE(eval_filter(evt, eq_filter_str)); std::string in_filter_str = fieldstr + " in (" + expected + ")"; - filter_run(evt, true, in_filter_str); + EXPECT_TRUE(eval_filter(evt, in_filter_str)); std::string pmatch_filter_str = fieldstr + " pmatch (" + expected + ")"; - filter_run(evt, true, pmatch_filter_str); + EXPECT_TRUE(eval_filter(evt, pmatch_filter_str)); } void verify_fields(sinsp_evt *evt, diff --git a/userspace/libsinsp/test/filter_compiler.h b/userspace/libsinsp/test/filter_compiler.h deleted file mode 100644 index fb59722b7d..0000000000 --- a/userspace/libsinsp/test/filter_compiler.h +++ /dev/null @@ -1,62 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -*/ - -#include -#include -#include -#include - -// passing a NULL out pointer means expecting a failure -static void filter_compile(sinsp_filter **out, std::string filter) -{ - sinsp_filter_check_list flist; - auto factory = std::make_shared(nullptr, flist); - sinsp_filter_compiler compiler(factory, filter); - try - { - auto f = compiler.compile(); - if (!out) - { - FAIL() << "Unexpected successful compilation for: " << filter; - } - else - { - *out = f.release(); - } - } - catch(const sinsp_exception& e) - { - if (out) - { - FAIL() << "Can't compile: " << filter << " -> " << e.what(); - } - } -} - -static void filter_run(sinsp_evt* evt, bool result, std::string filter_str) -{ - sinsp_filter *filter = NULL; - filter_compile(&filter, filter_str); - auto f = std::unique_ptr(filter); - if (f && f->run(evt) != result) - { - FAIL() << filter_str - << " -> unexpected '" - << (result ? "false" : "true") << "' result"; - } -} diff --git a/userspace/libsinsp/test/filter_compiler.ut.cpp b/userspace/libsinsp/test/filter_compiler.ut.cpp index e08dae74a2..a489d0e3e5 100644 --- a/userspace/libsinsp/test/filter_compiler.ut.cpp +++ b/userspace/libsinsp/test/filter_compiler.ut.cpp @@ -567,22 +567,14 @@ TEST(sinsp_filter_compiler, complex_filter) // Test filter strings against real events. ////////////////////////////// -static bool evaluate_filter_str(sinsp* inspector, std::string filter_str, sinsp_evt* evt) -{ - sinsp_filter_check_list filter_list; - sinsp_filter_compiler compiler(std::make_shared(inspector, filter_list), filter_str); - auto filter = compiler.compile(); - return filter->run(evt); -} - TEST_F(sinsp_with_test_input, filter_simple_evaluation) { // Basic case just to assert that the basic setup works add_default_init_thread(); open_inspector(); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(evt.type = getcwd)", generate_getcwd_failed_entry_event())); - ASSERT_TRUE( - evaluate_filter_str(&m_inspector, "(evt.arg.res = val(evt.arg.res))", generate_getcwd_failed_entry_event())); + sinsp_evt * evt = generate_getcwd_failed_entry_event(); + ASSERT_TRUE(eval_filter(evt, "(evt.type = getcwd)")); + ASSERT_TRUE(eval_filter(evt, "(evt.arg.res = val(evt.arg.res))")); } TEST_F(sinsp_with_test_input, filter_val_transformer) @@ -591,22 +583,20 @@ TEST_F(sinsp_with_test_input, filter_val_transformer) open_inspector(); // Please note that with `evt.args = evt.args` we are evaluating the field `evt.args` against the const value // `evt.args`. - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(evt.args = evt.args)", generate_getcwd_failed_entry_event())); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(evt.args = val(evt.args))", generate_getcwd_failed_entry_event())); + + sinsp_evt * evt = generate_getcwd_failed_entry_event(); + + ASSERT_FALSE(eval_filter(evt, "(evt.args = evt.args)")); + ASSERT_TRUE(eval_filter(evt, "(evt.args = val(evt.args))")); // val() expects a field inside it is not a transformer - ASSERT_THROW(evaluate_filter_str(&m_inspector, "(syscall.type = val(tolower(toupper(syscall.type))))", - generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("(syscall.type = val(tolower(toupper(syscall.type))))")); // val() is not supported on the left - ASSERT_THROW(evaluate_filter_str(&m_inspector, "(val(evt.args) = val(evt.args))", generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("(val(evt.args) = val(evt.args))")); // val() cannot support a list - ASSERT_THROW(evaluate_filter_str(&m_inspector, "(syscall.type = val(syscall.type, evt.type))", - generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("(syscall.type = val(syscall.type, evt.type))")); } TEST_F(sinsp_with_test_input, filter_transformers_combination) @@ -614,22 +604,14 @@ TEST_F(sinsp_with_test_input, filter_transformers_combination) add_default_init_thread(); open_inspector(); - ASSERT_TRUE( - evaluate_filter_str(&m_inspector, "(tolower(syscall.type) = getcwd)", generate_getcwd_failed_entry_event())); - - ASSERT_TRUE( - evaluate_filter_str(&m_inspector, "(toupper(syscall.type) = GETCWD)", generate_getcwd_failed_entry_event())); - - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(tolower(toupper(syscall.type)) = getcwd)", - generate_getcwd_failed_entry_event())); + sinsp_evt * evt = generate_getcwd_failed_entry_event(); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(tolower(syscall.type) = tolower(syscall.type))", - generate_getcwd_failed_entry_event())); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(toupper(syscall.type) = toupper(syscall.type))", - generate_getcwd_failed_entry_event())); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, - "(tolower(toupper(syscall.type)) = tolower(toupper(syscall.type)))", - generate_getcwd_failed_entry_event())); + ASSERT_TRUE(eval_filter(evt, "(tolower(syscall.type) = getcwd)")); + ASSERT_TRUE(eval_filter(evt, "(toupper(syscall.type) = GETCWD)")); + ASSERT_TRUE(eval_filter(evt, "(tolower(toupper(syscall.type)) = getcwd)")); + ASSERT_TRUE(eval_filter(evt, "(tolower(syscall.type) = tolower(syscall.type))")); + ASSERT_TRUE(eval_filter(evt, "(toupper(syscall.type) = toupper(syscall.type))")); + ASSERT_TRUE(eval_filter(evt, "(tolower(toupper(syscall.type)) = tolower(toupper(syscall.type)))")); } TEST_F(sinsp_with_test_input, filter_different_types) @@ -637,9 +619,7 @@ TEST_F(sinsp_with_test_input, filter_different_types) add_default_init_thread(); open_inspector(); - // The 2 fields checks have different types - ASSERT_THROW(evaluate_filter_str(&m_inspector, "syscall.type = val(evt.is_wait)", generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("syscall.type = val(evt.is_wait)")); } TEST_F(sinsp_with_test_input, filter_not_supported_rhs_field) @@ -648,14 +628,10 @@ TEST_F(sinsp_with_test_input, filter_not_supported_rhs_field) open_inspector(); // `evt.around` cannot be used as a rhs filter check - ASSERT_THROW(evaluate_filter_str(&m_inspector, "evt.buflen.in = val(evt.around[1404996934793590564])", - generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("evt.buflen.in = val(evt.around[1404996934793590564])")); // `evt.around` cannot support a rhs filter check - ASSERT_THROW(evaluate_filter_str(&m_inspector, "evt.around[1404996934793590564] = val(evt.buflen.in)", - generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("evt.around[1404996934793590564] = val(evt.buflen.in)")); } TEST_F(sinsp_with_test_input, filter_not_supported_transformers) @@ -664,8 +640,7 @@ TEST_F(sinsp_with_test_input, filter_not_supported_transformers) open_inspector(); // `evt.rawarg` doesn't support a transformer - ASSERT_THROW(evaluate_filter_str(&m_inspector, "toupper(evt.rawarg.res) = -1", generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("toupper(evt.rawarg.res) = -1")); } TEST_F(sinsp_with_test_input, filter_transformers_wrong_input_type) @@ -673,11 +648,7 @@ TEST_F(sinsp_with_test_input, filter_transformers_wrong_input_type) add_default_init_thread(); open_inspector(); - // These transformers are not supported on `PT_INT64` type - ASSERT_THROW(evaluate_filter_str(&m_inspector, "toupper(evt.rawres) = -1", generate_getcwd_failed_entry_event()), - sinsp_exception); - ASSERT_THROW(evaluate_filter_str(&m_inspector, "tolower(evt.rawres) = -1", generate_getcwd_failed_entry_event()), - sinsp_exception); - ASSERT_THROW(evaluate_filter_str(&m_inspector, "b64(evt.rawres) = -1", generate_getcwd_failed_entry_event()), - sinsp_exception); + ASSERT_FALSE(filter_compiles("toupper(evt.rawres) = -1")); + ASSERT_FALSE(filter_compiles("tolower(evt.rawres) = -1")); + ASSERT_FALSE(filter_compiles("b64(evt.rawres) = -1")); } diff --git a/userspace/libsinsp/test/filter_op_bcontains.ut.cpp b/userspace/libsinsp/test/filter_op_bcontains.ut.cpp index e6685e8f1f..82ac99a7e6 100644 --- a/userspace/libsinsp/test/filter_op_bcontains.ut.cpp +++ b/userspace/libsinsp/test/filter_op_bcontains.ut.cpp @@ -19,44 +19,36 @@ limitations under the License. #include #include -#include "filter_compiler.h" +#include -TEST(sinsp_filter_check, bcontains_bstartswith) +TEST_F(sinsp_with_test_input, bcontains_bstartswith) { - // craft a fake read exit event containing the "hello" string - char scap_evt_err[2048]; + add_default_init_thread(); + + open_inspector(); + uint8_t read_buf[] = {'h', 'e', 'l', 'l', 'o'}; - uint8_t scap_evt_buf[2048]; - size_t evt_size; - scap_sized_buffer scap_evt; - scap_evt.buf = (void*) &scap_evt_buf[0]; - scap_evt.size = (size_t) sizeof(scap_evt_buf); - if (scap_event_encode_params( - scap_evt, &evt_size, scap_evt_err, PPME_SYSCALL_READ_X, 3, (int64_t) 0, - scap_const_sized_buffer{&read_buf[0],sizeof(read_buf)}) != SCAP_SUCCESS) - { - FAIL() << "could not create scap event"; - } - sinsp_evt evt; - evt.init((uint8_t*) scap_evt.buf, 0); // 68656c6c6f + sinsp_evt * evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_READ_X, 2, (int64_t) 0, scap_const_sized_buffer{read_buf, sizeof(read_buf)}); // test filters with bcontains - filter_compile(NULL, "evt.buffer bcontains"); - filter_compile(NULL, "evt.buffer bcontains 2"); - filter_compile(NULL, "evt.buffer bcontains 2g"); - filter_run(&evt, true, "evt.buffer bcontains 68656c6c6f"); - filter_run(&evt, true, "evt.buffer bcontains 656c6C"); - filter_run(&evt, false, "evt.buffer bcontains 20"); - filter_run(&evt, false, "evt.buffer bcontains 656c6cAA"); + EXPECT_FALSE(filter_compiles("evt.buffer bcontains")); + EXPECT_FALSE(filter_compiles("evt.buffer bcontains 2")); + EXPECT_FALSE(filter_compiles("evt.buffer bcontains 2g")); + + EXPECT_TRUE(eval_filter(evt, "evt.buffer bcontains 68656c6c6f")); + EXPECT_TRUE(eval_filter(evt, "evt.buffer bcontains 656c6C")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bcontains 20")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bcontains 656c6cAA")); // test filters with bstartswith - filter_compile(NULL, "evt.buffer bstartswith"); - filter_compile(NULL, "evt.buffer bstartswith 2"); - filter_compile(NULL, "evt.buffer bstartswith 2g"); - filter_run(&evt, true, "evt.buffer bstartswith 68"); - filter_run(&evt, true, "evt.buffer bstartswith 68656c6c6f"); - filter_run(&evt, false, "evt.buffer bstartswith 65"); - filter_run(&evt, false, "evt.buffer bstartswith 656c6C"); - filter_run(&evt, false, "evt.buffer bstartswith 20"); - filter_run(&evt, false, "evt.buffer bstartswith 656c6cAA"); + EXPECT_FALSE(filter_compiles("evt.buffer bstartswith")); + EXPECT_FALSE(filter_compiles("evt.buffer bstartswith 2")); + EXPECT_FALSE(filter_compiles("evt.buffer bstartswith 2g")); + + EXPECT_TRUE(eval_filter(evt, "evt.buffer bstartswith 68")); + EXPECT_TRUE(eval_filter(evt, "evt.buffer bstartswith 68656c6c6f")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bstartswith 65")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bstartswith 656c6C")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bstartswith 20")); + EXPECT_FALSE(eval_filter(evt, "evt.buffer bstartswith 656c6cAA")); } diff --git a/userspace/libsinsp/test/filter_op_pmatch.ut.cpp b/userspace/libsinsp/test/filter_op_pmatch.ut.cpp index 95e8b39fc5..7b8f92fbb1 100644 --- a/userspace/libsinsp/test/filter_op_pmatch.ut.cpp +++ b/userspace/libsinsp/test/filter_op_pmatch.ut.cpp @@ -20,7 +20,6 @@ limitations under the License. #include #include -#include "filter_compiler.h" TEST_F(sinsp_with_test_input, pmatch) @@ -32,27 +31,27 @@ TEST_F(sinsp_with_test_input, pmatch) int64_t fd = 1; sinsp_evt * evt = add_event_advance_ts(increasing_ts(), 3, PPME_SYSCALL_OPEN_X, 6, fd, "/opt/dir/subdir/file.txt", 0, 0, 0, (uint64_t) 0); - filter_run(evt, true, "fd.name pmatch (/opt/dir)"); - filter_run(evt, true, "fd.name pmatch (/opt/dir/subdir)"); - filter_run(evt, false, "fd.name pmatch (/opt/dir2)"); - filter_run(evt, true, "fd.name pmatch (/opt/dir, /opt/dir2)"); - filter_run(evt, false, "fd.name pmatch (/opt/dir3, /opt/dir2)"); - filter_run(evt, true, "fd.name pmatch (/opt/*)"); - filter_run(evt, true, "fd.name pmatch (/opt/*/subdir)"); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/dir)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/dir/subdir)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/dir2)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/dir, /opt/dir2)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/dir3, /opt/dir2)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/*)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/*/subdir)")); // In Windows systems, the function used to perform path matching differs // from linux and macos: instead of `fnmatch` is used `PathMatchSpecA` // (from the Windows API); this function reflects the Windows behaviour // in path matching (case insentive...). Given that we need to exclude // some tests. #if !defined(_WIN32) - filter_run(evt, true, "fd.name pmatch (/opt/di?/subdir)"); - filter_run(evt, false, "fd.name pmatch (/opt/dii?/subdir)"); - filter_run(evt, true, "fd.name pmatch (/opt/di[r]/subdir)"); - filter_run(evt, false, "fd.name pmatch (/opt/di[!r]/subdir)"); - filter_run(evt, false, "fd.name pmatch (/opt/di[t]/subdir)"); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/di?/subdir)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/dii?/subdir)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/di[r]/subdir)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/di[!r]/subdir)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/di[t]/subdir)")); #endif - filter_run(evt, false, "fd.name pmatch (/opt/di/subdir)"); - filter_run(evt, false, "fd.name pmatch (/opt/*/subdir2)"); - filter_run(evt, true, "fd.name pmatch (/opt/*/*)"); - filter_run(evt, false, "fd.name pmatch (/opt/*/*/subsubdir)"); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/di/subdir)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/*/subdir2)")); + EXPECT_TRUE(eval_filter(evt, "fd.name pmatch (/opt/*/*)")); + EXPECT_FALSE(eval_filter(evt, "fd.name pmatch (/opt/*/*/subsubdir)")); } diff --git a/userspace/libsinsp/test/plugins.ut.cpp b/userspace/libsinsp/test/plugins.ut.cpp index 314e3e614f..1821ddc35d 100644 --- a/userspace/libsinsp/test/plugins.ut.cpp +++ b/userspace/libsinsp/test/plugins.ut.cpp @@ -149,13 +149,6 @@ TEST(plugins, broken_async_capability) ASSERT_ANY_THROW(register_plugin_api(&inspector, api)); } -static bool evaluate_filter_str(sinsp* inspector, std::string filter_str, sinsp_evt* evt, filter_check_list& list) -{ - sinsp_filter_compiler compiler(std::make_shared(inspector, list), filter_str); - auto filter = compiler.compile(); - return filter->run(evt); -} - // scenario: a plugin with field extraction capability compatible with the // "syscall" event source should be able to extract filter values from // regular syscall events produced by any scap engine. @@ -195,24 +188,24 @@ TEST_F(sinsp_with_test_input, plugin_syscall_extract) // Check on strings ASSERT_EQ(get_field_as_string(evt, "sample.proc_name", pl_flist), "init"); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(sample.proc_name = init)", evt, pl_flist)); - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(sample.proc_name = sample.proc_name)", evt, pl_flist)); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(sample.proc_name = val(sample.proc_name))", evt, pl_flist)); - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(sample.proc_name = val(sample.tick))", evt, pl_flist)); - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(sample.proc_name = val(evt.pluginname))", evt, pl_flist)); - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(evt.pluginname = val(sample.proc_name))", evt, pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(sample.proc_name = init)", pl_flist)); + ASSERT_FALSE(eval_filter(evt, "(sample.proc_name = sample.proc_name)", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(sample.proc_name = val(sample.proc_name))", pl_flist)); + ASSERT_FALSE(eval_filter(evt, "(sample.proc_name = val(sample.tick))", pl_flist)); + ASSERT_FALSE(eval_filter(evt, "(sample.proc_name = val(evt.pluginname))", pl_flist)); + ASSERT_FALSE(eval_filter(evt, "(evt.pluginname = val(sample.proc_name))", pl_flist)); // Check on uin64_t - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(sample.is_open = 1)", evt, pl_flist)); - ASSERT_THROW(evaluate_filter_str(&m_inspector, "(sample.is_open = sample.is_open)", evt, pl_flist), sinsp_exception); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(sample.is_open = val(sample.is_open))", evt, pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(sample.is_open = 1)", pl_flist)); + ASSERT_FALSE(filter_compiles("(sample.is_open = sample.is_open)", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(sample.is_open = val(sample.is_open))", pl_flist)); // Check transformers on plugins filter checks - ASSERT_FALSE(evaluate_filter_str(&m_inspector, "(toupper(sample.proc_name) = init)", evt, pl_flist)); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(toupper(sample.proc_name) = INIT)", evt, pl_flist)); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(tolower(toupper(sample.proc_name)) = init)", evt, pl_flist)); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(tolower(toupper(sample.proc_name)) = tolower(toupper(sample.proc_name)))", evt, pl_flist)); - ASSERT_TRUE(evaluate_filter_str(&m_inspector, "(toupper(sample.proc_name) = toupper(sample.proc_name))", evt, pl_flist)); + ASSERT_FALSE(eval_filter(evt, "(toupper(sample.proc_name) = init)", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(toupper(sample.proc_name) = INIT)", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(tolower(toupper(sample.proc_name)) = init)", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(tolower(toupper(sample.proc_name)) = tolower(toupper(sample.proc_name)))", pl_flist)); + ASSERT_TRUE(eval_filter(evt, "(toupper(sample.proc_name) = toupper(sample.proc_name))", pl_flist)); // Here `sample.is_open` should be false evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT1_X, 2, (int64_t)12, (uint16_t)32); diff --git a/userspace/libsinsp/test/sinsp_with_test_input.cpp b/userspace/libsinsp/test/sinsp_with_test_input.cpp index a0b53f70af..78a0f49153 100644 --- a/userspace/libsinsp/test/sinsp_with_test_input.cpp +++ b/userspace/libsinsp/test/sinsp_with_test_input.cpp @@ -497,20 +497,41 @@ std::string sinsp_with_test_input::get_field_as_string(sinsp_evt* evt, std::stri return result; } -bool sinsp_with_test_input::eval_filter(sinsp_evt* evt, std::string filter_str) +bool sinsp_with_test_input::eval_filter(sinsp_evt* evt, std::string_view filter_str) { - auto factory = std::make_shared(&m_inspector, m_default_filterlist); - sinsp_filter_compiler compiler(factory, filter_str); + return eval_filter(evt, filter_str, m_default_filterlist); +} + +bool sinsp_with_test_input::eval_filter(sinsp_evt* evt, std::string_view filter_str, filter_check_list &flist) +{ + auto factory = std::make_shared(&m_inspector, flist); + sinsp_filter_compiler compiler(factory, std::string(filter_str)); auto filter = compiler.compile(); - if (!filter) - { - throw sinsp_exception(std::string("could not compile filter ") + filter_str); - } return filter->run(evt); } +bool sinsp_with_test_input::filter_compiles(std::string_view filter_str) +{ + return filter_compiles(filter_str, m_default_filterlist); +} + +bool sinsp_with_test_input::filter_compiles(std::string_view filter_str, filter_check_list &flist) +{ + auto factory = std::make_shared(&m_inspector, flist); + sinsp_filter_compiler compiler(factory, std::string(filter_str)); + try + { + auto f = compiler.compile(); + return true; + } + catch(const sinsp_exception& e) + { + return false; + } +} + sinsp_evt* sinsp_with_test_input::next_event() { sinsp_evt* evt; diff --git a/userspace/libsinsp/test/sinsp_with_test_input.h b/userspace/libsinsp/test/sinsp_with_test_input.h index cac743c436..9aad7cef01 100644 --- a/userspace/libsinsp/test/sinsp_with_test_input.h +++ b/userspace/libsinsp/test/sinsp_with_test_input.h @@ -199,7 +199,10 @@ class sinsp_with_test_input : public ::testing::Test bool field_has_value(sinsp_evt*, std::string_view field_name, filter_check_list&); std::string get_field_as_string(sinsp_evt*, std::string_view field_name); std::string get_field_as_string(sinsp_evt*, std::string_view field_name, filter_check_list&); - bool eval_filter(sinsp_evt* evt, std::string filter); + bool eval_filter(sinsp_evt* evt, std::string_view filter_str); + bool eval_filter(sinsp_evt* evt, std::string_view filter_str, filter_check_list&); + bool filter_compiles(std::string_view filter_str); + bool filter_compiles(std::string_view filter_str, filter_check_list&); sinsp_evt* next_event();