@SuppressWarnings("unchecked") @Override public Optional<MessageParserResult<JSONObject>> parseOptionalResult(byte[] rawMessage) { if (grok == null) { init(); } if (multiLine) { return parseMultiLine(rawMessage); } return parseSingleLine(rawMessage); }
@Override public void init(Supplier<ParserConfigurations> parserConfigSupplier, Context stellarContext) { if (parserConfigSupplier == null) { throw new IllegalStateException("A parser config supplier must be set before initializing the ParserRunner."); } if (stellarContext == null) { throw new IllegalStateException("A stellar context must be set before initializing the ParserRunner."); } this.stellarContext = stellarContext; initializeParsers(parserConfigSupplier); }
@Test public void shouldExecuteWithMasterThrowable() { parserRunner = spy(parserRunner); RawMessage rawMessage = new RawMessage("raw_message".getBytes(), new HashMap<>()); Throwable masterThrowable = mock(Throwable.class); MessageParserResult<JSONObject> messageParserResult = new DefaultMessageParserResult<>(masterThrowable); when(broParser.parseOptionalResult(rawMessage.getMessage())).thenReturn(Optional.of(messageParserResult)); parserRunner.setSensorToParserComponentMap(new HashMap<String, ParserComponent>() {{ put("bro", new ParserComponent(broParser, stellarFilter)); }}); ParserRunnerResults<JSONObject> parserRunnerResults = parserRunner.execute("bro", rawMessage, parserConfigurations); verify(parserRunner, times(0)) .processMessage(any(), any(), any(), any(), any()); MetronError expectedError = new MetronError() .withErrorType(Constants.ErrorType.PARSER_ERROR) .withThrowable(masterThrowable) .withSensorType(Collections.singleton("bro")) .addRawMessage(rawMessage.getMessage()); Assert.assertEquals(1, parserRunnerResults.getErrors().size()); Assert.assertTrue(parserRunnerResults.getErrors().contains(expectedError)); }
@Test public void shouldPopulateMessagesOnProcessMessage() { JSONObject inputMessage = new JSONObject(); inputMessage.put("guid", "guid"); inputMessage.put("ip_src_addr", "192.168.1.1"); inputMessage.put("ip_dst_addr", "192.168.1.2"); inputMessage.put("field1", "value"); RawMessage rawMessage = new RawMessage("raw_message".getBytes(), new HashMap<>()); JSONObject expectedOutput = new JSONObject(); expectedOutput.put("guid", "guid"); expectedOutput.put("source.type", "bro"); expectedOutput.put("ip_src_addr", "192.168.1.1"); expectedOutput.put("ip_dst_addr", "192.168.1.2"); when(stellarFilter.emit(expectedOutput, parserRunner.getStellarContext())).thenReturn(true); when(broParser.validate(expectedOutput)).thenReturn(true); parserRunner.setSensorToParserComponentMap(new HashMap<String, ParserComponent>() {{ put("bro", new ParserComponent(broParser, stellarFilter)); }}); Optional<ParserRunnerImpl.ProcessResult> processResult = parserRunner.processMessage("bro", inputMessage, rawMessage, broParser, parserConfigurations); Assert.assertTrue(processResult.isPresent()); Assert.assertFalse(processResult.get().isError()); Assert.assertEquals(expectedOutput, processResult.get().getMessage()); }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; ParserRunnerResults parserResult = (ParserRunnerResults) o; return Objects.equals(messages, parserResult.getMessages()) && Objects.equals(errors, parserResult.getErrors()); }
@Test public void executeShouldThrowExceptionOnMissingSensorParserConfig() { exception.expect(IllegalStateException.class); exception.expectMessage("Could not execute parser. Cannot find configuration for sensor test."); parserRunner = new ParserRunnerImpl(new HashSet<String>() {{ add("test"); }}); parserRunner.execute("test", mock(RawMessage.class), parserConfigurations); }
@Test public void initShouldThrowExceptionOnMissingSensorParserConfig() { exception.expect(IllegalStateException.class); exception.expectMessage("Could not initialize parsers. Cannot find configuration for sensor test."); parserRunner = new ParserRunnerImpl(new HashSet<String>() {{ add("test"); }}); parserRunner.init(() -> parserConfigurations, mock(Context.class)); }
@Override public ParserRunnerResults<JSONObject> execute(String sensorType, RawMessage rawMessage, ParserConfigurations parserConfigurations) { DefaultParserRunnerResults parserRunnerResults = new DefaultParserRunnerResults(); this.rawMessage = rawMessage; if (!isInvalid) { parserRunnerResults.addMessage(message); } else { MetronError error = new MetronError() .withErrorType(Constants.ErrorType.PARSER_INVALID) .withSensorType(Collections.singleton(sensorType)) .addRawMessage(message); parserRunnerResults.addError(error); } return parserRunnerResults; }
@Before public void setUp() throws Exception { inputStrings = super.readTestDataFromFile("src/test/resources/logData/IseParserTest.txt"); parser = new BasicIseParser(); URL schema_url = getClass().getClassLoader().getResource( "TestSchemas/IseSchema.json"); super.setSchemaJsonString(super.readSchemaFromFile(schema_url)); }
@Test public void shouldThrowExceptionOnEmptyStellarContext() { exception.expect(IllegalStateException.class); exception.expectMessage("A stellar context must be set before initializing the ParserRunner."); parserRunner.init(() -> parserConfigurations, null); }
public ParserDriver(String sensorType, String parserConfig, String globalConfig) throws IOException { SensorParserConfig sensorParserConfig = SensorParserConfig.fromBytes(parserConfig.getBytes()); this.sensorType = sensorType == null ? sensorParserConfig.getSensorTopic() : sensorType; config = new ParserConfigurations(); config.updateSensorParserConfig(this.sensorType, SensorParserConfig.fromBytes(parserConfig.getBytes())); config.updateGlobalConfig(JSONUtils.INSTANCE.load(globalConfig, JSONUtils.MAP_SUPPLIER)); parserRunner = new ParserRunnerImpl(new HashSet<String>() {{ add(sensorType); }}); }
/** * Take raw data and convert it to messages. Each raw message may produce multiple messages and therefore * multiple errors. A {@link MessageParserResult} is returned, which will have both the messages produced * and the errors. * @param parseMessage the raw bytes of the message * @return Optional of {@link MessageParserResult} */ default Optional<MessageParserResult<T>> parseOptionalResult(byte[] parseMessage) { Optional<MessageParserResult<T>> result = Optional.empty(); try { Optional<List<T>> optionalMessages = parseOptional(parseMessage); if (optionalMessages.isPresent()) { result = Optional.of(new DefaultMessageParserResult<>(optionalMessages.get())); } } catch (Throwable t) { return Optional.of(new DefaultMessageParserResult<>(t)); } return result; }
@Before public void setUp() throws Exception { inputStrings = super.readTestDataFromFile("src/test/resources/logData/FireEyeParserTest.txt"); parser = new BasicFireEyeParser(); }
@Before public void setUp() throws Exception { inputStrings = super .readTestDataFromFile("src/test/resources/logData/SourcefireParserTest.txt"); parser = new BasicSourcefireParser(); }
public List<String> getTimeFields() { return new ArrayList<String>() {{ add("timestamp"); }}; }
@Override public List<String> getTimeFields() { return new ArrayList<String>() {{ add("end_time"); }}; }
public List<String> getTimeFields() { return new ArrayList<String>() {{ add("timestamp"); }}; }
@SuppressWarnings("unchecked") @Test public void testParseInvalidLogTypeMessage() throws ParseException { final String unsupportedLogTypeMessage = "1,2017/08/11 12:37:58,008900008659,INVALIDlogType,0,1,2017/08/11 11:37:58,192.168.14.162,vsys1,edit,admin,Web,Succeeded, config shared log-settings config,1354,0x0"; List<JSONObject> actual = parser.parse(unsupportedLogTypeMessage.getBytes()); assertNull(actual); }
@Test public void shouldThrowExceptionOnEmptyParserSupplier() { exception.expect(IllegalStateException.class); exception.expectMessage("A parser config supplier must be set before initializing the ParserRunner."); parserRunner.init(null, null); }