-
Notifications
You must be signed in to change notification settings - Fork 1k
/
GeoIpResolverEngineTest.java
139 lines (115 loc) · 5.86 KB
/
GeoIpResolverEngineTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
/**
* This file is part of Graylog.
*
* Graylog is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Graylog is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Graylog. If not, see <http://www.gnu.org/licenses/>.
*/
package org.graylog.plugins.map.geoip;
import com.codahale.metrics.MetricFilter;
import com.codahale.metrics.MetricRegistry;
import com.eaio.uuid.UUID;
import com.google.common.collect.Maps;
import com.google.common.net.InetAddresses;
import org.graylog.plugins.map.config.GeoIpResolverConfig;
import org.graylog2.plugin.Message;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import static com.codahale.metrics.MetricRegistry.name;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
public class GeoIpResolverEngineTest {
private MetricRegistry metricRegistry;
private GeoIpResolverConfig config;
@BeforeMethod
public void setUp() {
config = GeoIpResolverConfig.defaultConfig().toBuilder().enabled(true).dbPath(this.getTestDatabasePath()).build();
metricRegistry = new MetricRegistry();
}
@AfterMethod
public void tearDown() {
metricRegistry.removeMatching(MetricFilter.ALL);
metricRegistry = null;
}
private String getTestDatabasePath() {
String path = "";
try {
path = this.getClass().getResource("/GeoLite2-City.mmdb").toURI().getPath();
} catch (URISyntaxException e) {
System.err.println("Could not get test geo location database: " + e);
}
return path;
}
@Test
public void getIpFromFieldValue() throws Exception {
final GeoIpResolverEngine resolver = new GeoIpResolverEngine(config, metricRegistry);
final String ip = "127.0.0.1";
assertEquals(resolver.getIpFromFieldValue(ip), InetAddresses.forString(ip));
assertNull(resolver.getIpFromFieldValue("Message from \"127.0.0.1\""));
assertNull(resolver.getIpFromFieldValue("Test message with no IP"));
}
@Test
public void trimFieldValueBeforeLookup() throws Exception {
final GeoIpResolverEngine resolver = new GeoIpResolverEngine(config, metricRegistry);
final String ip = " 2001:4860:4860::8888\t\n";
assertNotNull(resolver.getIpFromFieldValue(ip));
}
@Test
public void extractGeoLocationInformation() throws Exception {
final GeoIpResolverEngine resolver = new GeoIpResolverEngine(config, metricRegistry);
Optional<GeoIpResolverEngine.Coordinates> coordinates = resolver.extractGeoLocationInformation("1.2.3.4");
assertTrue(coordinates.isPresent(), "Should extract geo location information from public addresses");
Optional<GeoIpResolverEngine.Coordinates> coordinates2 = resolver.extractGeoLocationInformation("192.168.0.1");
assertFalse(coordinates2.isPresent(), "Should not extract geo location information from private addresses");
}
@Test
public void disabledFilterTest() throws Exception {
final GeoIpResolverEngine resolver = new GeoIpResolverEngine(config.toBuilder().enabled(false).build(), metricRegistry);
final Map<String, Object> messageFields = Maps.newHashMap();
messageFields.put("_id", (new UUID()).toString());
messageFields.put("source", "192.168.0.1");
messageFields.put("message", "Hello from 1.2.3.4");
messageFields.put("extracted_ip", "1.2.3.4");
messageFields.put("ipv6", "2001:4860:4860::8888");
final Message message = new Message(messageFields);
final boolean filtered = resolver.filter(message);
assertFalse(filtered, "Message should not be filtered out");
assertEquals(message.getFields().size(), messageFields.size(), "Filter should not add new message fields");
}
@Test
public void filterResolvesIpGeoLocation() throws Exception {
final GeoIpResolverEngine resolver = new GeoIpResolverEngine(config, metricRegistry);
final Map<String, Object> messageFields = Maps.newHashMap();
messageFields.put("_id", (new UUID()).toString());
messageFields.put("source", "192.168.0.1");
messageFields.put("message", "Hello from 1.2.3.4");
messageFields.put("extracted_ip", "1.2.3.4");
messageFields.put("ipv6", "2001:4860:4860::8888");
final Message message = new Message(messageFields);
final boolean filtered = resolver.filter(message);
assertFalse(filtered, "Message should not be filtered out");
assertEquals(message.getFields().size(), messageFields.size() + 2, "Filter should add new message fields");
assertEquals(metricRegistry.timer(name(GeoIpResolverEngine.class, "resolveTime")).getCount(), 3, "Should have looked up three IPs");
assertNull(message.getField("source_geolocation"), "Should not have resolved private IP");
assertNull(message.getField("message_geolocation"), "Should have resolved public IP inside message");
assertNotNull(message.getField("extracted_ip_geolocation"), "Should have resolved public IP inside extracted_ip");
assertNotNull(message.getField("ipv6_geolocation"), "Should have resolved public IPv6 inside ipv6");
}
}