use assert_json_diff::assert_json_eq;
use es4forensics::{objects::PosixFile, TimelineObject};
use serde_json::{json, Value};
#[test]
pub fn test_bodyfile_single() {
let str_line = "0|/Users/Administrator ($FILE_NAME)|93552-48-2|d/drwxrwxrwx|0|0|92|1577092511|1577092511|1577092511|-1";
let pfile: PosixFile = str_line.try_into().unwrap();
let values: Vec<Value> = pfile.into_values().collect();
let actual = json!(values);
let expected = json!([{
"@timestamp":1577092511000_u64,
"ecs":{"version":"8.4"},
"message": "/Users/Administrator ($FILE_NAME)",
"tags": ["bodyfile"],
"file":{
"accessed":1577092511000_u64,
"ctime":1577092511000_u64,
"gid":0,
"inode":"93552-48-2",
"mtime":1577092511000_u64,
"path":"/Users/Administrator ($FILE_NAME)",
"name":"Administrator ($FILE_NAME)",
"directory":"/Users",
"mode": "",
"size":92,
"uid":0,
}
}]);
assert_json_eq!(actual, expected);
}
pub fn test_bodyfile_multiple() {
let str_line = "0|/Users/Administrator ($FILE_NAME)|93552-48-2|d/drwxrwxrwx|0|0|92|1577092511|1577092511|1577092511|1577092512";
let pfile: PosixFile = str_line.try_into().unwrap();
let values: Vec<Value> = pfile.into_values().collect();
let actual = json!(values);
let expected = json!([{
"@timestamp":1577092511000_u64,
"ecs":{"version":"8.4"},
"file":{
"accessed":1577092511000_u64,
"ctime":1577092511000_u64,
"created":1577092512000_u64,
"gid":0,
"inode":"93552-48-2",
"mtime":1577092511000_u64,
"path":"/Users/Administrator ($FILE_NAME)",
"size":92,
"uid":0}
},
{
"@timestamp":1577092512000_u64,
"ecs":{"version":"1.0.0"},
"file":{
"accessed":1577092511000_u64,
"ctime":1577092511000_u64,
"created":1577092512000_u64,
"gid":0,
"inode":"93552-48-2",
"mtime":1577092511000_u64,
"path":"/Users/Administrator ($FILE_NAME)",
"size":92,
"uid":0}
}]);
assert_json_eq!(actual, expected);
}