Skip to content

Commit

Permalink
check for from before annotating, fix test date
Browse files Browse the repository at this point in the history
Signed-off-by: Mason Fish <mason@brimsecurity.com>
  • Loading branch information
Mason Fish committed Sep 15, 2021
1 parent 0dcf10c commit 35a7ac6
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 8 deletions.
39 changes: 33 additions & 6 deletions app/search/flows/viewer-search.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,28 @@ beforeEach(() => {
store.dispatch(tabHistory.push(lakePath(pool.id, "1")))
})

const getQueryCallChecker = () => {
let callCount = 0
return async (query: string, expectAnnotation = false) => {
zealot.stubStream("query", dnsResp)
await dispatch(
viewerSearch({
query,
from,
to
})
)
callCount++
const calls = zealot.calls("query")
expect(calls.length).toBe(callCount)
console.log("from is: ", from.toISOString())
const expected = expectAnnotation
? `from '1' | ts >= ${from.toISOString()} | ts <= 1970-01-01T00:00:00.001Z | ${query}`
: query
expect(calls[callCount - 1].args).toEqual(expected)
}
}

const from = new Date()
const to = new Date(1)
const submit = () =>
Expand All @@ -55,13 +77,18 @@ describe("a normal response", () => {
})

test("zealot gets the request", async () => {
await submit()
const calls = zealot.calls("query")
expect(calls.length).toBe(1)
expect(calls[0].args).toEqual(
`from '1' | ts >= ${from.toISOString()} | ts <= 1970-01-01T00:00:00.001Z | dns query | head 500`
)
const checkQueryCall = getQueryCallChecker()
await checkQueryCall("dns query | head 500", true)
})

test("zealot does not annotate requests beginning with variations of 'from'", async () => {
const checkQueryCall = getQueryCallChecker()
await checkQueryCall("from 'test' | test")
await checkQueryCall("from('test') | test")
await checkQueryCall("from ('test') | test")
await checkQueryCall("from ('test') | test")
})

test("the table gets populated", async () => {
await submit()
expect(select(Viewer.getViewerRecords).length).toBe(2)
Expand Down
6 changes: 4 additions & 2 deletions src/js/flows/search/mod.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ type annotateArgs = {
}

export const annotateQuery = (query: string, args: annotateArgs) => {
// if query already starts with 'from', we do not annotate it further
if (/^from\s*\(?/i.test(query)) return query
const {
poolId,
from = new Date(new Date().getTime() - 30 * 24 * 60 * 60 * 1000), // 30 days
Expand All @@ -52,10 +54,10 @@ const isZeroDefaultSpan = (
)
}

const dateToNanoTs = (date: Date | Ts | bigint): string => {
export const dateToNanoTs = (date: Date | Ts | bigint): string => {
const NanoFormat = new DateTimeFormatterBuilder()
.appendPattern("yyyy-MM-dd'T'HH:mm:ss")
.appendFraction(ChronoField.NANO_OF_SECOND, 0, 9, true)
.appendFraction(ChronoField.NANO_OF_SECOND, 3, 9, true)
.appendLiteral("Z")
.toFormatter()

Expand Down

0 comments on commit 35a7ac6

Please sign in to comment.