[GitHub] [drill] cgivre commented on a change in pull request #1934: DRILL-7484: Malware found in the Drill test folder

GitBox Sun, 15 Dec 2019 06:51:21 -0800

cgivre commented on a change in pull request #1934: DRILL-7484: Malware found 
in the Drill test folder
URL: https://github.com/apache/drill/pull/1934#discussion_r357983929


 ##########
 File path: 
exec/java-exec/src/test/java/org/apache/drill/exec/store/pcap/TestSessionizePCAP.java
 ##########
 @@ -47,61 +55,129 @@ public static void setup() throws Exception {
 
   @Test
   public void testSessionizedStarQuery() throws Exception {
-    String sql = "SELECT * FROM cp.`/store/pcap/attack-trace.pcap` WHERE 
src_port=1821 AND dst_port=445";
-
-    testBuilder()
-      .sqlQuery(sql)
-      .ordered()
-      .baselineColumns("session_start_time", "session_end_time", 
"session_duration", "total_packet_count", "connection_time", "src_ip", 
"dst_ip", "src_port", "dst_port",
-        "src_mac_address", "dst_mac_address", "tcp_session", "is_corrupt", 
"data_from_originator", "data_from_remote", "data_volume_from_origin",
-        "data_volume_from_remote", "packet_count_from_origin", 
"packet_count_from_remote")
-      .baselineValues(LocalDateTime.parse("2009-04-20T03:28:28.374", 
formatter),
-        LocalDateTime.parse("2009-04-20T03:28:28.508", formatter),
-        Period.parse("PT0.134S"), 4,
-        Period.parse("PT0.119S"),
-        "98.114.205.102",
-        "192.150.11.111",
-        1821, 445,
-        "00:08:E2:3B:56:01",
-        "00:30:48:62:4E:4A",
-        -8791568836279708938L,
-        false,
-        "........I....>...>..........Ib...<...<..........I....>...>", "", 
62,0, 3, 1)
-      .go();
+    String sql = "SELECT * FROM cp.`/store/pcap/http.pcap`";
+    String dataFromRemote = 
readAFileIntoString(dirTestWatcher.getRootDir().getAbsolutePath() + 
"/store/pcap/dataFromRemote.txt");
+
+    QueryBuilder q = client.queryBuilder().sql(sql);
+    RowSet results = q.rowSet();
+
+    TupleMetadata expectedSchema = new SchemaBuilder()
+      .addNullable("src_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("src_port", TypeProtos.MinorType.INT)
+      .addNullable("dst_port", TypeProtos.MinorType.INT)
+      .addNullable("src_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("session_start_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_end_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_duration", TypeProtos.MinorType.INTERVAL)
+      .addNullable("total_packet_count", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("connection_time", TypeProtos.MinorType.INTERVAL)
+      .addNullable("tcp_session", TypeProtos.MinorType.BIGINT)
+      .addNullable("is_corrupt", TypeProtos.MinorType.BIT)
+      .addNullable("data_from_originator", TypeProtos.MinorType.VARCHAR)
+      .addNullable("data_from_remote", TypeProtos.MinorType.VARCHAR)
+      .buildSchema();
+
+    RowSet expected = new RowSetBuilder(client.allocator(), expectedSchema)
+      .addRow(
+        "145.254.160.237",
+        "65.208.228.223",
+        3372, 80,
+        "00:00:01:00:00:00",
+        "FE:FF:20:00:01:00",
+        1084443427311L,
+        1084443445216L,
+        Period.parse("PT17.905S"), 31,
+        437,18000,14, 17,
+        Period.parse("PT0.911S"),
+        -789689725566200012L, false,
+        "r-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) 
Gecko/20040113..Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1..Accept-Language:
 en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 300..Connection: 
keep-alive..Referer: http://www.ethereal.com/[email protected]";,
+        dataFromRemote
+        )
+      .build();
+
+    new RowSetComparison(expected).verifyAndClearAll(results);
   }
 
   @Test
   public void testSessionizedSpecificQuery() throws Exception {
-    String sql = "SELECT session_start_time, 
session_end_time,session_duration, total_packet_count, connection_time, src_ip, 
dst_ip, src_port, dst_port, src_mac_address, dst_mac_address, tcp_session, " +
-      "is_corrupt, data_from_originator, data_from_remote, 
data_volume_from_origin, data_volume_from_remote, packet_count_from_origin, 
packet_count_from_remote " +
-      "FROM cp.`/store/pcap/attack-trace.pcap` WHERE src_port=1821 AND 
dst_port=445";
-
-    testBuilder()
-      .sqlQuery(sql)
-      .ordered()
-      .baselineColumns("session_start_time", "session_end_time", 
"session_duration", "total_packet_count", "connection_time", "src_ip", 
"dst_ip", "src_port", "dst_port",
-        "src_mac_address", "dst_mac_address", "tcp_session", "is_corrupt", 
"data_from_originator", "data_from_remote", "data_volume_from_origin",
-        "data_volume_from_remote", "packet_count_from_origin", 
"packet_count_from_remote")
-      .baselineValues(LocalDateTime.parse("2009-04-20T03:28:28.374", 
formatter),
-        LocalDateTime.parse("2009-04-20T03:28:28.508", formatter),
-        Period.parse("PT0.134S"), 4,
-        Period.parse("PT0.119S"),
-        "98.114.205.102",
-        "192.150.11.111",
-        1821, 445,
-        "00:08:E2:3B:56:01",
-        "00:30:48:62:4E:4A",
-        -8791568836279708938L,
-        false,
-        "........I....>...>..........Ib...<...<..........I....>...>", "", 
62,0, 3, 1)
-      .go();
+    String sql = "SELECT src_ip, dst_ip, src_port, dst_port, src_mac_address, 
dst_mac_address," +
+      "session_start_time, session_end_time, session_duration, 
total_packet_count, data_volume_from_origin, data_volume_from_remote," +
+      "packet_count_from_origin, packet_count_from_remote, connection_time, 
tcp_session, is_corrupt, data_from_originator, data_from_remote " +
+      "FROM cp.`/store/pcap/http.pcap`";
+
+    String dataFromRemote = 
readAFileIntoString(dirTestWatcher.getRootDir().getAbsolutePath() + 
"/store/pcap/dataFromRemote.txt");
+
+    QueryBuilder q = client.queryBuilder().sql(sql);
+    RowSet results = q.rowSet();
+
+    TupleMetadata expectedSchema = new SchemaBuilder()
+      .addNullable("src_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("src_port", TypeProtos.MinorType.INT)
+      .addNullable("dst_port", TypeProtos.MinorType.INT)
+      .addNullable("src_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("session_start_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_end_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_duration", TypeProtos.MinorType.INTERVAL)
+      .addNullable("total_packet_count", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("connection_time", TypeProtos.MinorType.INTERVAL)
+      .addNullable("tcp_session", TypeProtos.MinorType.BIGINT)
+      .addNullable("is_corrupt", TypeProtos.MinorType.BIT)
+      .addNullable("data_from_originator", TypeProtos.MinorType.VARCHAR)
+      .addNullable("data_from_remote", TypeProtos.MinorType.VARCHAR)
+      .buildSchema();
+
+    RowSet expected = new RowSetBuilder(client.allocator(), expectedSchema)
+      .addRow(
+        "145.254.160.237",
+        "65.208.228.223",
+        3372, 80,
+        "00:00:01:00:00:00",
+        "FE:FF:20:00:01:00",
+        1084443427311L,
+        1084443445216L,
+        Period.parse("PT17.905S"), 31,
+        437,18000,14, 17,
+        Period.parse("PT0.911S"),
+        -789689725566200012L, false,
+        "r-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) 
Gecko/20040113..Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1..Accept-Language:
 en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 300..Connection: 
keep-alive..Referer: http://www.ethereal.com/[email protected]";,
+        dataFromRemote
+      )
+      .build();
+
+    new RowSetComparison(expected).verifyAndClearAll(results);
   }
 
   @Test
   public void testSerDe() throws Exception {
-    String sql = "SELECT COUNT(*) FROM cp.`/store/pcap/attack-trace.pcap`";
+    String sql = "SELECT COUNT(*) FROM cp.`/store/pcap/http.pcap`";
     String plan = queryBuilder().sql(sql).explainJson();
     long cnt = queryBuilder().physical(plan).singletonLong();
-    assertEquals("Counts should match", 5L, cnt);
+    assertEquals("Counts should match", 1L, cnt);
+  }
+
+
+  private static String readAFileIntoString(String filePath)
 
 Review comment:
   Cleaned up this function.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

[GitHub] [drill] cgivre commented on a change in pull request #1934: DRILL-7484: Malware found in the Drill test folder

Reply via email to