rsigma_eval/event/
plain.rs1use std::borrow::Cow;
2
3use serde_json::Value;
4
5use super::{Event, EventValue};
6
7#[derive(Debug, Clone)]
11pub struct PlainEvent {
12 raw: String,
13}
14
15impl PlainEvent {
16 pub fn new(raw: String) -> Self {
17 Self { raw }
18 }
19
20 pub fn raw(&self) -> &str {
21 &self.raw
22 }
23}
24
25impl Event for PlainEvent {
26 fn get_field(&self, _path: &str) -> Option<EventValue<'_>> {
27 None
28 }
29
30 fn any_string_value(&self, pred: &dyn Fn(&str) -> bool) -> bool {
31 pred(&self.raw)
32 }
33
34 fn all_string_values(&self) -> Vec<Cow<'_, str>> {
35 vec![Cow::Borrowed(&self.raw)]
36 }
37
38 fn to_json(&self) -> Value {
39 serde_json::json!({ "_raw": self.raw })
40 }
41
42 fn field_keys(&self) -> Vec<Cow<'_, str>> {
46 Vec::new()
47 }
48}
49
50#[cfg(test)]
51mod tests {
52 use super::*;
53 use serde_json::json;
54
55 #[test]
56 fn plain_get_field_always_none() {
57 let event = PlainEvent::new("raw log line".into());
58 assert_eq!(event.get_field("anything"), None);
59 }
60
61 #[test]
62 fn plain_keyword_search() {
63 let event = PlainEvent::new("error: disk full".into());
64 assert!(event.any_string_value(&|s| s.contains("disk")));
65 assert!(!event.any_string_value(&|s| s.contains("memory")));
66 }
67
68 #[test]
69 fn plain_field_keys_is_empty() {
70 let event = PlainEvent::new("error: disk full".into());
71 assert!(event.field_keys().is_empty());
72 }
73
74 #[test]
75 fn plain_to_json() {
76 let event = PlainEvent::new("hello".into());
77 assert_eq!(event.to_json(), json!({"_raw": "hello"}));
78 }
79}