TEST_F(QueryTests, test_add_and_get_current_results) {
// Test adding a "current" set of results to a scheduled query instance.
auto query = getOsqueryScheduledQuery();
auto cf = Query("foobar", query);
auto status = cf.addNewResults(getTestDBExpectedResults(), db_);
EXPECT_TRUE(status.ok());
EXPECT_EQ(status.toString(), "OK");
// Simulate results from several schedule runs, calculate differentials.
for (auto result : getTestDBResultStream()) {
// Get the results from the previous query execution (from RocksDB).
QueryData previous_qd;
auto status = cf.getPreviousQueryResults(previous_qd, db_);
EXPECT_TRUE(status.ok());
EXPECT_EQ(status.toString(), "OK");
// Add the "current" results and output the differentials.
DiffResults dr;
auto s = cf.addNewResults(result.second, dr, true, db_);
EXPECT_TRUE(s.ok());
// Call the diffing utility directly.
DiffResults expected = diff(previous_qd, result.second);
EXPECT_EQ(dr, expected);
// After Query::addNewResults the previous results are now current.
QueryData qd;
cf.getPreviousQueryResults(qd, db_);
EXPECT_EQ(qd, result.second);
}
}
TEST_F(SQLiteUtilTests, test_get_test_db_result_stream) {
auto dbc = getTestDBC();
auto results = getTestDBResultStream();
for (auto r : results) {
char* err_char = nullptr;
sqlite3_exec(dbc.db(), (r.first).c_str(), nullptr, nullptr, &err_char);
EXPECT_TRUE(err_char == nullptr);
if (err_char != nullptr) {
sqlite3_free(err_char);
ASSERT_TRUE(false);
}
QueryData expected;
auto status = queryInternal(kTestQuery, expected, dbc.db());
EXPECT_EQ(expected, r.second);
}
}
TEST_F(TestUtilTests, test_get_test_db_result_stream) {
auto db = createTestDB();
auto results = getTestDBResultStream();
for (auto r : results) {
char* err_char = nullptr;
sqlite3_exec(db, (r.first).c_str(), nullptr, nullptr, &err_char);
EXPECT_TRUE(err_char == nullptr);
if (err_char != nullptr) {
sqlite3_free(err_char);
ASSERT_TRUE(false);
}
int err_int;
auto expected = query(kTestQuery, err_int, db);
EXPECT_EQ(expected, r.second);
}
sqlite3_close(db);
}
TEST_F(QueryTests, test_add_and_get_current_results) {
auto query = getOsqueryScheduledQuery();
auto cf = Query(query);
auto s = cf.addNewResults(getTestDBExpectedResults(), std::time(0), db);
EXPECT_TRUE(s.ok());
EXPECT_EQ(s.toString(), "OK");
for (auto result : getTestDBResultStream()) {
DiffResults dr;
HistoricalQueryResults hQR;
auto hqr_status = cf.getHistoricalQueryResults(hQR, db);
EXPECT_TRUE(hqr_status.ok());
EXPECT_EQ(hqr_status.toString(), "OK");
auto s = cf.addNewResults(result.second, dr, true, std::time(0), db);
EXPECT_TRUE(s.ok());
DiffResults expected = diff(hQR.mostRecentResults.second, result.second);
EXPECT_EQ(dr, expected);
QueryData qd;
cf.getCurrentResults(qd, db);
EXPECT_EQ(qd, result.second);
}
}
