You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2019/12/15 14:51:15 UTC

[GitHub] [drill] cgivre commented on a change in pull request #1934: DRILL-7484: Malware found in the Drill test folder

cgivre commented on a change in pull request #1934: DRILL-7484: Malware found in the Drill test folder
URL: https://github.com/apache/drill/pull/1934#discussion_r357983929
 
 

 ##########
 File path: exec/java-exec/src/test/java/org/apache/drill/exec/store/pcap/TestSessionizePCAP.java
 ##########
 @@ -47,61 +55,129 @@ public static void setup() throws Exception {
 
   @Test
   public void testSessionizedStarQuery() throws Exception {
-    String sql = "SELECT * FROM cp.`/store/pcap/attack-trace.pcap` WHERE src_port=1821 AND dst_port=445";
-
-    testBuilder()
-      .sqlQuery(sql)
-      .ordered()
-      .baselineColumns("session_start_time", "session_end_time", "session_duration", "total_packet_count", "connection_time", "src_ip", "dst_ip", "src_port", "dst_port",
-        "src_mac_address", "dst_mac_address", "tcp_session", "is_corrupt", "data_from_originator", "data_from_remote", "data_volume_from_origin",
-        "data_volume_from_remote", "packet_count_from_origin", "packet_count_from_remote")
-      .baselineValues(LocalDateTime.parse("2009-04-20T03:28:28.374", formatter),
-        LocalDateTime.parse("2009-04-20T03:28:28.508", formatter),
-        Period.parse("PT0.134S"), 4,
-        Period.parse("PT0.119S"),
-        "98.114.205.102",
-        "192.150.11.111",
-        1821, 445,
-        "00:08:E2:3B:56:01",
-        "00:30:48:62:4E:4A",
-        -8791568836279708938L,
-        false,
-        "........I....>...>..........Ib...<...<..........I....>...>", "", 62,0, 3, 1)
-      .go();
+    String sql = "SELECT * FROM cp.`/store/pcap/http.pcap`";
+    String dataFromRemote = readAFileIntoString(dirTestWatcher.getRootDir().getAbsolutePath() + "/store/pcap/dataFromRemote.txt");
+
+    QueryBuilder q = client.queryBuilder().sql(sql);
+    RowSet results = q.rowSet();
+
+    TupleMetadata expectedSchema = new SchemaBuilder()
+      .addNullable("src_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("src_port", TypeProtos.MinorType.INT)
+      .addNullable("dst_port", TypeProtos.MinorType.INT)
+      .addNullable("src_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("session_start_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_end_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_duration", TypeProtos.MinorType.INTERVAL)
+      .addNullable("total_packet_count", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("connection_time", TypeProtos.MinorType.INTERVAL)
+      .addNullable("tcp_session", TypeProtos.MinorType.BIGINT)
+      .addNullable("is_corrupt", TypeProtos.MinorType.BIT)
+      .addNullable("data_from_originator", TypeProtos.MinorType.VARCHAR)
+      .addNullable("data_from_remote", TypeProtos.MinorType.VARCHAR)
+      .buildSchema();
+
+    RowSet expected = new RowSetBuilder(client.allocator(), expectedSchema)
+      .addRow(
+        "145.254.160.237",
+        "65.208.228.223",
+        3372, 80,
+        "00:00:01:00:00:00",
+        "FE:FF:20:00:01:00",
+        1084443427311L,
+        1084443445216L,
+        Period.parse("PT17.905S"), 31,
+        437,18000,14, 17,
+        Period.parse("PT0.911S"),
+        -789689725566200012L, false,
+        "r-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://www.ethereal.com/development.html....$K.@....6...6",
+        dataFromRemote
+        )
+      .build();
+
+    new RowSetComparison(expected).verifyAndClearAll(results);
   }
 
   @Test
   public void testSessionizedSpecificQuery() throws Exception {
-    String sql = "SELECT session_start_time, session_end_time,session_duration, total_packet_count, connection_time, src_ip, dst_ip, src_port, dst_port, src_mac_address, dst_mac_address, tcp_session, " +
-      "is_corrupt, data_from_originator, data_from_remote, data_volume_from_origin, data_volume_from_remote, packet_count_from_origin, packet_count_from_remote " +
-      "FROM cp.`/store/pcap/attack-trace.pcap` WHERE src_port=1821 AND dst_port=445";
-
-    testBuilder()
-      .sqlQuery(sql)
-      .ordered()
-      .baselineColumns("session_start_time", "session_end_time", "session_duration", "total_packet_count", "connection_time", "src_ip", "dst_ip", "src_port", "dst_port",
-        "src_mac_address", "dst_mac_address", "tcp_session", "is_corrupt", "data_from_originator", "data_from_remote", "data_volume_from_origin",
-        "data_volume_from_remote", "packet_count_from_origin", "packet_count_from_remote")
-      .baselineValues(LocalDateTime.parse("2009-04-20T03:28:28.374", formatter),
-        LocalDateTime.parse("2009-04-20T03:28:28.508", formatter),
-        Period.parse("PT0.134S"), 4,
-        Period.parse("PT0.119S"),
-        "98.114.205.102",
-        "192.150.11.111",
-        1821, 445,
-        "00:08:E2:3B:56:01",
-        "00:30:48:62:4E:4A",
-        -8791568836279708938L,
-        false,
-        "........I....>...>..........Ib...<...<..........I....>...>", "", 62,0, 3, 1)
-      .go();
+    String sql = "SELECT src_ip, dst_ip, src_port, dst_port, src_mac_address, dst_mac_address," +
+      "session_start_time, session_end_time, session_duration, total_packet_count, data_volume_from_origin, data_volume_from_remote," +
+      "packet_count_from_origin, packet_count_from_remote, connection_time, tcp_session, is_corrupt, data_from_originator, data_from_remote " +
+      "FROM cp.`/store/pcap/http.pcap`";
+
+    String dataFromRemote = readAFileIntoString(dirTestWatcher.getRootDir().getAbsolutePath() + "/store/pcap/dataFromRemote.txt");
+
+    QueryBuilder q = client.queryBuilder().sql(sql);
+    RowSet results = q.rowSet();
+
+    TupleMetadata expectedSchema = new SchemaBuilder()
+      .addNullable("src_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_ip", TypeProtos.MinorType.VARCHAR)
+      .addNullable("src_port", TypeProtos.MinorType.INT)
+      .addNullable("dst_port", TypeProtos.MinorType.INT)
+      .addNullable("src_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("dst_mac_address", TypeProtos.MinorType.VARCHAR)
+      .addNullable("session_start_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_end_time", TypeProtos.MinorType.TIMESTAMP)
+      .addNullable("session_duration", TypeProtos.MinorType.INTERVAL)
+      .addNullable("total_packet_count", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("data_volume_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_origin", TypeProtos.MinorType.INT)
+      .addNullable("packet_count_from_remote", TypeProtos.MinorType.INT)
+      .addNullable("connection_time", TypeProtos.MinorType.INTERVAL)
+      .addNullable("tcp_session", TypeProtos.MinorType.BIGINT)
+      .addNullable("is_corrupt", TypeProtos.MinorType.BIT)
+      .addNullable("data_from_originator", TypeProtos.MinorType.VARCHAR)
+      .addNullable("data_from_remote", TypeProtos.MinorType.VARCHAR)
+      .buildSchema();
+
+    RowSet expected = new RowSetBuilder(client.allocator(), expectedSchema)
+      .addRow(
+        "145.254.160.237",
+        "65.208.228.223",
+        3372, 80,
+        "00:00:01:00:00:00",
+        "FE:FF:20:00:01:00",
+        1084443427311L,
+        1084443445216L,
+        Period.parse("PT17.905S"), 31,
+        437,18000,14, 17,
+        Period.parse("PT0.911S"),
+        -789689725566200012L, false,
+        "r-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://www.ethereal.com/development.html....$K.@....6...6",
+        dataFromRemote
+      )
+      .build();
+
+    new RowSetComparison(expected).verifyAndClearAll(results);
   }
 
   @Test
   public void testSerDe() throws Exception {
-    String sql = "SELECT COUNT(*) FROM cp.`/store/pcap/attack-trace.pcap`";
+    String sql = "SELECT COUNT(*) FROM cp.`/store/pcap/http.pcap`";
     String plan = queryBuilder().sql(sql).explainJson();
     long cnt = queryBuilder().physical(plan).singletonLong();
-    assertEquals("Counts should match", 5L, cnt);
+    assertEquals("Counts should match", 1L, cnt);
+  }
+
+
+  private static String readAFileIntoString(String filePath)
 
 Review comment:
   Cleaned up this function.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services