From 25630bdba1971cf083843c1684c3aaeeb409f257 Mon Sep 17 00:00:00 2001
From: Naomi Kramer <naomi@activecountermeasures.com>
Date: Wed, 17 Jul 2024 10:41:08 -0400
Subject: [PATCH] Fix search filter test

---
 viewer/search_test.go | 80 +++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/viewer/search_test.go b/viewer/search_test.go
index 4f6fb65..b622688 100644
--- a/viewer/search_test.go
+++ b/viewer/search_test.go
@@ -72,14 +72,14 @@ func TestSearchFilters(t *testing.T) {
 		name      string
 		search    string
 		shouldErr bool
-		filter    viewer.Filter
+		filter    *viewer.Filter
 	}
 	cases := []testCase{
 		// threat category
-		{name: "Filter by critical severity", search: "severity:critical", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: ">", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}}}},
-		{name: "Filter by high severity", search: "severity:high", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<=", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}}}},
-		{name: "Filter by medium severity", search: "severity:medium", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}}}},
-		{name: "Filter by low severity", search: "severity:low", filter: viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.NONE_CATEGORY_SCORE)}}}},
+		{name: "Filter by critical severity", search: "severity:critical", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: ">", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}}}},
+		{name: "Filter by high severity", search: "severity:high", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<=", Value: fmt.Sprint(config.HIGH_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}}}},
+		{name: "Filter by medium severity", search: "severity:medium", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.MEDIUM_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}}}},
+		{name: "Filter by low severity", search: "severity:low", filter: &viewer.Filter{Severity: []viewer.OperatorFilter{{Operator: "<", Value: fmt.Sprint(config.LOW_CATEGORY_SCORE)}, {Operator: ">=", Value: fmt.Sprint(config.NONE_CATEGORY_SCORE)}}}},
 		// generic invalid entries
 		{name: "Filter by wrong severity", search: "severity:none", shouldErr: true},
 		{name: "Filter with no value after colon", search: "severity:", shouldErr: true},
@@ -87,74 +87,74 @@ func TestSearchFilters(t *testing.T) {
 		{name: "Invalid characters: comma", search: "src:10.55.100.100, dst:20.5.4.3", shouldErr: true},
 		{name: "Invalid characters: equals", search: "src=10.55.100.100 dst=20.5.4.3", shouldErr: true},
 		// ip
-		{name: "Filter by src IP", search: "src:10.55.100.100", filter: viewer.Filter{Src: "10.55.100.100"}},
-		{name: "Filter by src IPv6", search: "src:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: viewer.Filter{Src: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
+		{name: "Filter by src IP", search: "src:10.55.100.100", filter: &viewer.Filter{Src: "10.55.100.100"}},
+		{name: "Filter by src IPv6", search: "src:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: &viewer.Filter{Src: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
 		{name: "Filter by invalid src IP", search: "src:1000.5.03", shouldErr: true},
 		{name: "Filter by FQDN in src IP field (invalid)", search: "src:www.alexa.com", shouldErr: true},
 
-		{name: "Filter by dst IP", search: "dst:165.227.88.15", filter: viewer.Filter{Dst: "165.227.88.15"}},
-		{name: "Filter by dst IPv6", search: "dst:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: viewer.Filter{Dst: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
+		{name: "Filter by dst IP", search: "dst:165.227.88.15", filter: &viewer.Filter{Dst: "165.227.88.15"}},
+		{name: "Filter by dst IPv6", search: "dst:2001:0000:3238:DFE1:0063:0000:0000:FEFB", filter: &viewer.Filter{Dst: "2001:0000:3238:DFE1:0063:0000:0000:FEFB"}},
 		{name: "Filter by invalid dst IP", search: "dst:1000.5.03", shouldErr: true},
-		{name: "Filter by FQDN", search: "dst:www.alexa.com", filter: viewer.Filter{Fqdn: "www.alexa.com"}},
+		{name: "Filter by FQDN", search: "dst:www.alexa.com", filter: &viewer.Filter{Fqdn: "www.alexa.com"}},
 		{name: "Filter by invalid FQDN", search: "dst:ww?w.alex??a.com", shouldErr: true},
 		// beacon score
-		{name: "Filter by beacon score, equals", search: "beacon:90", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "=", Value: "0.90"}}},
-		{name: "Filter by beacon score, greater than", search: "beacon:>50", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">", Value: "0.50"}}},
-		{name: "Filter by beacon score, greater than or equal", search: "beacon:>=60", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">=", Value: "0.60"}}},
-		{name: "Filter by beacon score, less than", search: "beacon:<70", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<", Value: "0.70"}}},
-		{name: "Filter by beacon score, less than or equal", search: "beacon:<=34", filter: viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<=", Value: "0.34"}}},
+		{name: "Filter by beacon score, equals", search: "beacon:90", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "=", Value: "0.90"}}},
+		{name: "Filter by beacon score, greater than", search: "beacon:>50", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">", Value: "0.50"}}},
+		{name: "Filter by beacon score, greater than or equal", search: "beacon:>=60", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: ">=", Value: "0.60"}}},
+		{name: "Filter by beacon score, less than", search: "beacon:<70", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<", Value: "0.70"}}},
+		{name: "Filter by beacon score, less than or equal", search: "beacon:<=34", filter: &viewer.Filter{Beacon: viewer.OperatorFilter{Operator: "<=", Value: "0.34"}}},
 		{name: "Filter by beacon score greater than 100", search: "beacon:800", shouldErr: true},
 		{name: "Filter by beacon score, equal sign", search: "beacon:=80", shouldErr: true},
 		{name: "Filter by beacon score, percent sign", search: "beacon:80%", shouldErr: true},
 		{name: "Filter by beacon score, float", search: "beacon:0.8", shouldErr: true},
 		// duration
-		{name: "Filter by duration, equals", search: "duration:1.5h", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "=", Value: "5400"}}},
-		{name: "Filter by duration, greater than", search: "duration:>2h45m", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">", Value: "9900"}}},
-		{name: "Filter by duration, greater than or equal", search: "duration:>=10s", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">=", Value: "10"}}},
-		{name: "Filter by duration, less than", search: "duration:<20m", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<", Value: "1200"}}},
-		{name: "Filter by duration, less than or equal", search: "duration:<=30h", filter: viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<=", Value: "108000"}}},
+		{name: "Filter by duration, equals", search: "duration:1.5h", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "=", Value: "5400"}}},
+		{name: "Filter by duration, greater than", search: "duration:>2h45m", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">", Value: "9900"}}},
+		{name: "Filter by duration, greater than or equal", search: "duration:>=10s", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: ">=", Value: "10"}}},
+		{name: "Filter by duration, less than", search: "duration:<20m", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<", Value: "1200"}}},
+		{name: "Filter by duration, less than or equal", search: "duration:<=30h", filter: &viewer.Filter{Duration: viewer.OperatorFilter{Operator: "<=", Value: "108000"}}},
 		{name: "Filter by duration, equal sign", search: "duration:=80m", shouldErr: true},
 		{name: "Filter by duration, days", search: "duration:5d", shouldErr: true},
 		{name: "Filter by duration, years", search: "duration:1y", shouldErr: true},
 		{name: "Filter by duration, no time unit", search: "duration:1000", shouldErr: true},
 		// subdomains
-		{name: "Filter by subdomains, equals", search: "subdomains:1000", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "=", Value: "1000"}}},
-		{name: "Filter by subdomains, greater than", search: "subdomains:>234", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">", Value: "234"}}},
-		{name: "Filter by subdomains, greater than or equal", search: "subdomains:>=112", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">=", Value: "112"}}},
-		{name: "Filter by subdomains, less than", search: "subdomains:<12", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<", Value: "12"}}},
-		{name: "Filter by subdomains, less than or equal", search: "subdomains:<=64", filter: viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<=", Value: "64"}}},
+		{name: "Filter by subdomains, equals", search: "subdomains:1000", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "=", Value: "1000"}}},
+		{name: "Filter by subdomains, greater than", search: "subdomains:>234", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">", Value: "234"}}},
+		{name: "Filter by subdomains, greater than or equal", search: "subdomains:>=112", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: ">=", Value: "112"}}},
+		{name: "Filter by subdomains, less than", search: "subdomains:<12", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<", Value: "12"}}},
+		{name: "Filter by subdomains, less than or equal", search: "subdomains:<=64", filter: &viewer.Filter{Subdomains: viewer.OperatorFilter{Operator: "<=", Value: "64"}}},
 		{name: "Filter by subdomains, equal sign", search: "subdomains:=98", shouldErr: true},
 		{name: "Filter by subdomains, float", search: "subdomains:1.6", shouldErr: true},
 		// threat intel
-		{name: "Filter by threat intel, true", search: "threat_intel:true", filter: viewer.Filter{ThreatIntel: "true"}},
-		{name: "Filter by threat intel, false", search: "threat_intel:false", filter: viewer.Filter{ThreatIntel: "false"}},
-		{name: "Filter by threat intel, numerical value, true", search: "threat_intel:1", filter: viewer.Filter{ThreatIntel: "true"}},
-		{name: "Filter by threat intel, numerical value, false", search: "threat_intel:0", filter: viewer.Filter{ThreatIntel: "false"}},
+		{name: "Filter by threat intel, true", search: "threat_intel:true", filter: &viewer.Filter{ThreatIntel: "true"}},
+		{name: "Filter by threat intel, false", search: "threat_intel:false", filter: &viewer.Filter{ThreatIntel: "false"}},
+		{name: "Filter by threat intel, numerical value, true", search: "threat_intel:1", filter: &viewer.Filter{ThreatIntel: "true"}},
+		{name: "Filter by threat intel, numerical value, false", search: "threat_intel:0", filter: &viewer.Filter{ThreatIntel: "false"}},
 		{name: "Filter by threat intel, invalid value", search: "threat_intel:ture", shouldErr: true},
 		// invalid sort criteria
 		{name: "Sort by invalid column, ascending", search: "sort:nugget-asc", shouldErr: true},
 		{name: "Sort by invalid column, descending", search: "sort:nugget-desc", shouldErr: true},
 		{name: "Sort by invalid column, no direction", search: "sort:nugget", shouldErr: true},
 		// sort beacon
-		{name: "Sort by beacon score, ascending", search: "sort:beacon-asc", filter: viewer.Filter{SortBeacon: "asc"}},
-		{name: "Sort by beacon score, descending", search: "sort:beacon-desc", filter: viewer.Filter{SortBeacon: "desc"}},
+		{name: "Sort by beacon score, ascending", search: "sort:beacon-asc", filter: &viewer.Filter{SortBeacon: "asc"}},
+		{name: "Sort by beacon score, descending", search: "sort:beacon-desc", filter: &viewer.Filter{SortBeacon: "desc"}},
 		{name: "Sort by beacon score, no direction", search: "sort:beacon", shouldErr: true},
 		// sort duration
-		{name: "Sort by duration, ascending", search: "sort:duration-asc", filter: viewer.Filter{SortDuration: "asc"}},
-		{name: "Sort by duration, descending", search: "sort:duration-desc", filter: viewer.Filter{SortDuration: "desc"}},
+		{name: "Sort by duration, ascending", search: "sort:duration-asc", filter: &viewer.Filter{SortDuration: "asc"}},
+		{name: "Sort by duration, descending", search: "sort:duration-desc", filter: &viewer.Filter{SortDuration: "desc"}},
 		{name: "Sort by duration, no direction", search: "sort:duration", shouldErr: true},
 		// sort severity
-		{name: "Sort by severity, ascending", search: "sort:severity-asc", filter: viewer.Filter{SortSeverity: "asc"}},
-		{name: "Sort by severity, descending", search: "sort:severity-desc", filter: viewer.Filter{SortSeverity: "desc"}},
+		{name: "Sort by severity, ascending", search: "sort:severity-asc", filter: &viewer.Filter{SortSeverity: "asc"}},
+		{name: "Sort by severity, descending", search: "sort:severity-desc", filter: &viewer.Filter{SortSeverity: "desc"}},
 		{name: "Sort by severity, no direction", search: "sort:severity", shouldErr: true},
 		// criteria combinations
-		{name: "Search by src IP, sort by beacon", search: "src:10.55.100.100 sort:beacon-desc", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
+		{name: "Search by src IP, sort by beacon", search: "src:10.55.100.100 sort:beacon-desc", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
 		{name: "Search by src IP, sort by beacon, !No Space!", search: "src:10.55.100.100sort:beacon-desc", shouldErr: true},
 		{name: "Search by src IP, sort by beacon, incomplete dst IP", search: "src:10.55.100.100 sort:beacon-desc dst:196.8", shouldErr: true},
-		{name: "Search by src IP, sort by beacon, trailing space", search: "src:10.55.100.100 sort:beacon-desc ", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
-		{name: "Search by src IP, sort by beacon, leading space", search: " src:10.55.100.100 sort:beacon-desc", filter: viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
-		{name: "Search by src IP, dst IP", search: " src:10.55.100.100 dst:165.227.88.15", filter: viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15"}},
-		{name: "Search by src IP, dst IP, sort by severity", search: " src:10.55.100.100 dst:165.227.88.15 sort:severity-asc", filter: viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15", SortSeverity: "asc"}},
+		{name: "Search by src IP, sort by beacon, trailing space", search: "src:10.55.100.100 sort:beacon-desc ", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
+		{name: "Search by src IP, sort by beacon, leading space", search: " src:10.55.100.100 sort:beacon-desc", filter: &viewer.Filter{Src: "10.55.100.100", SortBeacon: "desc"}},
+		{name: "Search by src IP, dst IP", search: " src:10.55.100.100 dst:165.227.88.15", filter: &viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15"}},
+		{name: "Search by src IP, dst IP, sort by severity", search: " src:10.55.100.100 dst:165.227.88.15 sort:severity-asc", filter: &viewer.Filter{Src: "10.55.100.100", Dst: "165.227.88.15", SortSeverity: "asc"}},
 	}
 
 	for _, test := range cases {