sensorToParserComponentMap.put(sensorType, new ParserComponent(parser, filter));
message.put(Constants.GUID, UUID.randomUUID().toString()); MessageFilter<JSONObject> filter = sensorToParserComponentMap.get(sensorType).getFilter(); if (filter == null || filter.emit(message, stellarContext)) { boolean isInvalid = !parser.validate(message);
SensorParserConfig sensorParserConfig = parserConfigurations.getSensorParserConfig(sensorType); if (sensorParserConfig != null) { MessageParser<JSONObject> parser = sensorToParserComponentMap.get(sensorType).getMessageParser(); Optional<MessageParserResult<JSONObject>> optionalMessageParserResult = parser.parseOptionalResult(rawMessage.getMessage()); if (optionalMessageParserResult.isPresent()) {
Assert.assertEquals(broParser, broComponent.getMessageParser()); Assert.assertEquals(stellarFilter, broComponent.getFilter()); verify(broParser, times(1)).init(); verify(broParser, times(1)).configure(broParserConfig); Assert.assertEquals(snortParser, snortComponent.getMessageParser()); Assert.assertNull(snortComponent.getFilter()); verify(snortParser, times(1)).init(); verify(snortParser, times(1)).configure(snortParserConfig);
@Test public void shouldPopulateMessagesOnProcessMessage() { JSONObject inputMessage = new JSONObject(); inputMessage.put("guid", "guid"); inputMessage.put("ip_src_addr", "192.168.1.1"); inputMessage.put("ip_dst_addr", "192.168.1.2"); inputMessage.put("field1", "value"); RawMessage rawMessage = new RawMessage("raw_message".getBytes(), new HashMap<>()); JSONObject expectedOutput = new JSONObject(); expectedOutput.put("guid", "guid"); expectedOutput.put("source.type", "bro"); expectedOutput.put("ip_src_addr", "192.168.1.1"); expectedOutput.put("ip_dst_addr", "192.168.1.2"); when(stellarFilter.emit(expectedOutput, parserRunner.getStellarContext())).thenReturn(true); when(broParser.validate(expectedOutput)).thenReturn(true); parserRunner.setSensorToParserComponentMap(new HashMap<String, ParserComponent>() {{ put("bro", new ParserComponent(broParser, stellarFilter)); }}); Optional<ParserRunnerImpl.ProcessResult> processResult = parserRunner.processMessage("bro", inputMessage, rawMessage, broParser, parserConfigurations); Assert.assertTrue(processResult.isPresent()); Assert.assertFalse(processResult.get().isError()); Assert.assertEquals(expectedOutput, processResult.get().getMessage()); }
@Test public void shouldExecuteWithMasterThrowable() { parserRunner = spy(parserRunner); RawMessage rawMessage = new RawMessage("raw_message".getBytes(), new HashMap<>()); Throwable masterThrowable = mock(Throwable.class); MessageParserResult<JSONObject> messageParserResult = new DefaultMessageParserResult<>(masterThrowable); when(broParser.parseOptionalResult(rawMessage.getMessage())).thenReturn(Optional.of(messageParserResult)); parserRunner.setSensorToParserComponentMap(new HashMap<String, ParserComponent>() {{ put("bro", new ParserComponent(broParser, stellarFilter)); }}); ParserRunnerResults<JSONObject> parserRunnerResults = parserRunner.execute("bro", rawMessage, parserConfigurations); verify(parserRunner, times(0)) .processMessage(any(), any(), any(), any(), any()); MetronError expectedError = new MetronError() .withErrorType(Constants.ErrorType.PARSER_ERROR) .withThrowable(masterThrowable) .withSensorType(Collections.singleton("bro")) .addRawMessage(rawMessage.getMessage()); Assert.assertEquals(1, parserRunnerResults.getErrors().size()); Assert.assertTrue(parserRunnerResults.getErrors().contains(expectedError)); }
put("bro", new ParserComponent(broParser, stellarFilter)); }});
@Test public void shouldReturnMetronErrorOnInvalidMessage() { JSONObject inputMessage = new JSONObject(); inputMessage.put("guid", "guid"); RawMessage rawMessage = new RawMessage("raw_message".getBytes(), new HashMap<>()); JSONObject expectedOutput = new JSONObject(); expectedOutput.put("guid", "guid"); expectedOutput.put("source.type", "bro"); MetronError expectedMetronError = new MetronError() .withErrorType(Constants.ErrorType.PARSER_INVALID) .withSensorType(Collections.singleton("bro")) .addRawMessage(inputMessage); when(stellarFilter.emit(expectedOutput, parserRunner.getStellarContext())).thenReturn(true); when(broParser.validate(expectedOutput)).thenReturn(false); parserRunner.setSensorToParserComponentMap(new HashMap<String, ParserComponent>() {{ put("bro", new ParserComponent(broParser, stellarFilter)); }}); Optional<ParserRunnerImpl.ProcessResult> processResult = parserRunner.processMessage("bro", inputMessage, rawMessage, broParser, parserConfigurations); Assert.assertTrue(processResult.isPresent()); Assert.assertTrue(processResult.get().isError()); Assert.assertEquals(expectedMetronError, processResult.get().getError()); }
put("bro", new ParserComponent(broParser, stellarFilter)); }}); ParserRunnerResults<JSONObject> parserRunnerResults = parserRunner.execute("bro", rawMessage, parserConfigurations);