From a56f74c2b4dfcbdcb22b716d549399a5a6adf31a Mon Sep 17 00:00:00 2001
From: rabbitstack <rabbitstack7@gmail.com>
Date: Wed, 9 Jul 2025 20:14:33 +0200
Subject: [PATCH] refactor(bitset): Introduce IsInitalized method

---
 pkg/event/bitset.go           | 15 ++++++++++++---
 pkg/filter/ql/literal_test.go | 36 +++++++++++++++++------------------
 2 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/pkg/event/bitset.go b/pkg/event/bitset.go
index 2a87e3a17..abfb0a157 100644
--- a/pkg/event/bitset.go
+++ b/pkg/event/bitset.go
@@ -89,6 +89,15 @@ func (b *BitSets) IsBitSet(evt *Event) bool {
 		(b.cats != nil && b.cats.Test(uint(evt.Category.Index())))
 }
 
-func (b *BitSets) IsBitmaskInitialized() bool  { return b.bitmask != nil }
-func (b *BitSets) IsTypesInitialized() bool    { return b.types != nil }
-func (b *BitSets) IsCategoryInitialized() bool { return b.cats != nil }
+// IsInitialized checks if the given bitset type is initialized.
+func (b *BitSets) IsInitialized(bs BitSetType) bool {
+	switch bs {
+	case BitmaskBitSet:
+		return b.bitmask != nil
+	case TypeBitSet:
+		return b.types != nil
+	case CategoryBitSet:
+		return b.cats != nil
+	}
+	return false
+}
diff --git a/pkg/filter/ql/literal_test.go b/pkg/filter/ql/literal_test.go
index 92269d2e9..3c978cbf5 100644
--- a/pkg/filter/ql/literal_test.go
+++ b/pkg/filter/ql/literal_test.go
@@ -34,9 +34,9 @@ func TestSequenceExprIsEvaluable(t *testing.T) {
 	}{
 		{"evt.name = 'CreateProcess'", &event.Event{Type: event.CreateProcess, Category: event.Process}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.True(t, sexpr.bitsets.IsTypesInitialized())
-				assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.False(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 		{"evt.name = 'CreateProcess'", &event.Event{Type: event.TerminateProcess, Category: event.Process}, false, nil},
@@ -44,37 +44,37 @@ func TestSequenceExprIsEvaluable(t *testing.T) {
 		{"evt.name = 'CreateProcess' or evt.category = 'object'", &event.Event{Type: event.TerminateProcess, Category: event.Process}, false, nil},
 		{"evt.name = 'CreateProcess' or evt.name = 'OpenProcess'", &event.Event{Type: event.OpenProcess, Category: event.Process}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.True(t, sexpr.bitsets.IsTypesInitialized())
-				assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.False(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 		{"evt.name = 'CreateProcess' or evt.name = 'CreateThread'", &event.Event{Type: event.CreateThread, Category: event.Thread}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.False(t, sexpr.bitsets.IsTypesInitialized())
-				assert.True(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.False(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.False(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.True(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 		{"evt.name = 'CreateProcess' or evt.category = 'registry'", &event.Event{Type: event.RegSetValue, Category: event.Registry}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.True(t, sexpr.bitsets.IsTypesInitialized())
-				assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.True(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 		{"evt.name = 'CreateProcess' or evt.name = 'OpenProcess' or evt.category = 'registry'", &event.Event{Type: event.OpenProcess, Category: event.Process}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.True(t, sexpr.bitsets.IsTypesInitialized())
-				assert.False(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.True(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.True(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.False(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 		{"evt.name = 'CreateProcess' or evt.name = 'SetThreadContext' or evt.category = 'registry'", &event.Event{Type: event.CreateProcess, Category: event.Process}, true,
 			func(t *testing.T, sexpr *SequenceExpr) {
-				assert.False(t, sexpr.bitsets.IsTypesInitialized())
-				assert.True(t, sexpr.bitsets.IsBitmaskInitialized())
-				assert.True(t, sexpr.bitsets.IsCategoryInitialized())
+				assert.False(t, sexpr.bitsets.IsInitialized(event.TypeBitSet))
+				assert.True(t, sexpr.bitsets.IsInitialized(event.BitmaskBitSet))
+				assert.True(t, sexpr.bitsets.IsInitialized(event.CategoryBitSet))
 			},
 		},
 	}