Examples with DefaultVariableResolver org.apache.metron.stellar.dsl.DefaultVariableResolver used on opensource projects

Search in sources :

Example 11 with DefaultVariableResolver

use of org.apache.metron.stellar.dsl.DefaultVariableResolver in project metron by apache.

the class BasicStellarTest method testLogicalFunctions.

@Test
public void testLogicalFunctions() throws Exception {
    final Map<String, String> variableMap = new HashMap<String, String>() {

        {
            put("foo", "casey");
            put("ip", "192.168.0.1");
            put("ip_src_addr", "192.168.0.1");
            put("ip_dst_addr", "10.0.0.1");
            put("other_ip", "10.168.0.1");
            put("empty", "");
            put("spaced", "metron is great");
        }
    };
    Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24') in [true]", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("true in IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertFalse(runPredicate("IN_SUBNET(ip_dst_addr, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertFalse(runPredicate("IN_SUBNET(other_ip, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    boolean thrown = false;
    try {
        runPredicate("IN_SUBNET(blah, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v)));
    } catch (ParseException pe) {
        thrown = true;
    }
    Assert.assertTrue(thrown);
    Assert.assertTrue(runPredicate("true and STARTS_WITH(foo, 'ca')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("true and STARTS_WITH(TO_UPPER(foo), 'CA')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("(true and STARTS_WITH(TO_UPPER(foo), 'CA')) || true", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("true and ENDS_WITH(foo, 'sey')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("not(IN_SUBNET(ip_src_addr, '192.168.0.0/24') and IN_SUBNET(ip_dst_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("IN_SUBNET(ip_src_addr, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertFalse(runPredicate("not(IN_SUBNET(ip_src_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertFalse(runPredicate("IN_SUBNET(ip_dst_addr, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
    Assert.assertTrue(runPredicate("not(IN_SUBNET(ip_dst_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
}
Also used : StellarProcessorUtils.run(org.apache.metron.stellar.common.utils.StellarProcessorUtils.run) java.util(java.util) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) StellarProcessorUtils.runPredicate(org.apache.metron.stellar.common.utils.StellarProcessorUtils.runPredicate) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) StellarFunction(org.apache.metron.stellar.dsl.StellarFunction) StellarProcessorUtils.validate(org.apache.metron.stellar.common.utils.StellarProcessorUtils.validate) Test(org.junit.Test) StringUtils(org.apache.commons.lang3.StringUtils) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) Stellar(org.apache.metron.stellar.dsl.Stellar) ClasspathFunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.ClasspathFunctionResolver) Rule(org.junit.Rule) Ignore(org.junit.Ignore) Assert(org.junit.Assert) ParseException(org.apache.metron.stellar.dsl.ParseException) ExpectedException(org.junit.rules.ExpectedException) Joiner(com.google.common.base.Joiner) Context(org.apache.metron.stellar.dsl.Context) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) ParseException(org.apache.metron.stellar.dsl.ParseException) Test(org.junit.Test)

Example 12 with DefaultVariableResolver

use of org.apache.metron.stellar.dsl.DefaultVariableResolver in project metron by apache.

the class DateFunctionsTest method run.

/**
 * Runs a Stellar expression.
 * @param expr The expression to run.
 */
private Object run(String expr) {
    StellarProcessor processor = new StellarProcessor();
    assertTrue(processor.validate(expr));
    return processor.parse(expr, new DefaultVariableResolver(x -> variables.get(x), x -> variables.containsKey(x)), StellarFunctions.FUNCTION_RESOLVER(), Context.EMPTY_CONTEXT());
}
Also used : StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) Calendar(java.util.Calendar) Map(java.util.Map) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) StellarFunctions(org.apache.metron.stellar.dsl.StellarFunctions) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) HashMap(java.util.HashMap) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) ParseException(org.apache.metron.stellar.dsl.ParseException) Assert.assertEquals(org.junit.Assert.assertEquals) Context(org.apache.metron.stellar.dsl.Context) Before(org.junit.Before) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)

Example 13 with DefaultVariableResolver

use of org.apache.metron.stellar.dsl.DefaultVariableResolver in project metron by apache.

the class MathFunctionsTest method run.

public static Object run(String rule, Map<String, Object> variables) {
    Context context = Context.EMPTY_CONTEXT();
    StellarProcessor processor = new StellarProcessor();
    Assert.assertTrue(rule + " not valid.", processor.validate(rule, context));
    return processor.parse(rule, new DefaultVariableResolver(v -> variables.get(v), v -> variables.containsKey(v)), StellarFunctions.FUNCTION_RESOLVER(), context);
}
Also used : Context(org.apache.metron.stellar.dsl.Context) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) ImmutableList(com.google.common.collect.ImmutableList) ImmutableMap(com.google.common.collect.ImmutableMap) StellarProcessorUtils.runPredicate(org.apache.metron.stellar.common.utils.StellarProcessorUtils.runPredicate) Map(java.util.Map) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) StellarFunctions(org.apache.metron.stellar.dsl.StellarFunctions) Test(org.junit.Test) HashMap(java.util.HashMap) Assert(org.junit.Assert) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) ParseException(org.apache.metron.stellar.dsl.ParseException) Context(org.apache.metron.stellar.dsl.Context) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)

Example 14 with DefaultVariableResolver

use of org.apache.metron.stellar.dsl.DefaultVariableResolver in project metron by apache.

the class LambdaExpression method apply.

public Object apply(List<Object> variableArgs) {
    Map<String, Object> lambdaVariables = new HashMap<>();
    int i = 0;
    for (; i < Math.min(variables.size(), variableArgs.size()); ++i) {
        lambdaVariables.put(variables.get(i), variableArgs.get(i));
    }
    for (; i < variables.size(); ++i) {
        lambdaVariables.put(variables.get(i), null);
    }
    VariableResolver variableResolver = new DefaultVariableResolver(variable -> lambdaVariables.getOrDefault(variable, state.variableResolver.resolve(variable)), variable -> true);
    StellarCompiler.ExpressionState localState = new StellarCompiler.ExpressionState(state.context, state.functionResolver, variableResolver);
    return apply(localState);
}
Also used : HashMap(java.util.HashMap) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)

Example 15 with DefaultVariableResolver

use of org.apache.metron.stellar.dsl.DefaultVariableResolver in project metron by apache.

the class StellarStatisticsFunctionsTest method run.

/**
 * Runs a Stellar expression.
 * @param expr The expression to run.
 * @param variables The variables available to the expression.
 */
private static Object run(String expr, Map<String, Object> variables) {
    StellarProcessor processor = new StellarProcessor();
    Object ret = processor.parse(expr, new DefaultVariableResolver(x -> variables.get(x), x -> variables.containsKey(x)), StellarFunctions.FUNCTION_RESOLVER(), Context.EMPTY_CONTEXT());
    byte[] raw = SerDeUtils.toBytes(ret);
    Object actual = SerDeUtils.fromBytes(raw, Object.class);
    if (ret instanceof StatisticsProvider) {
        StatisticsProvider left = (StatisticsProvider) ret;
        StatisticsProvider right = (StatisticsProvider) actual;
        // N
        tolerantAssertEquals(prov -> prov.getCount(), left, right);
        // sum
        tolerantAssertEquals(prov -> prov.getSum(), left, right, 1e-3);
        // sum of squares
        tolerantAssertEquals(prov -> prov.getSumSquares(), left, right, 1e-3);
        // sum of squares
        tolerantAssertEquals(prov -> prov.getSumLogs(), left, right, 1e-3);
        // Mean
        tolerantAssertEquals(prov -> prov.getMean(), left, right, 1e-3);
        // Quadratic Mean
        tolerantAssertEquals(prov -> prov.getQuadraticMean(), left, right, 1e-3);
        // SD
        tolerantAssertEquals(prov -> prov.getStandardDeviation(), left, right, 1e-3);
        // Variance
        tolerantAssertEquals(prov -> prov.getVariance(), left, right, 1e-3);
        // Min
        tolerantAssertEquals(prov -> prov.getMin(), left, right, 1e-3);
        // Max
        tolerantAssertEquals(prov -> prov.getMax(), left, right, 1e-3);
        // Kurtosis
        tolerantAssertEquals(prov -> prov.getKurtosis(), left, right, 1e-3);
        // Skewness
        tolerantAssertEquals(prov -> prov.getSkewness(), left, right, 1e-3);
        for (double d = 10.0; d < 100.0; d += 10) {
            final double pctile = d;
            // This is a sketch, so we're a bit more forgiving here in our choice of \epsilon.
            tolerantAssertEquals(prov -> prov.getPercentile(pctile), left, right, 1e-2);
        }
    }
    return ret;
}
Also used : StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) java.util(java.util) Assert.assertNotNull(org.junit.Assert.assertNotNull) SerDeUtils(org.apache.metron.common.utils.SerDeUtils) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) RunWith(org.junit.runner.RunWith) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) GaussianRandomGenerator(org.apache.commons.math3.random.GaussianRandomGenerator) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) Function(java.util.function.Function) String.format(java.lang.String.format) SummaryStatistics(org.apache.commons.math3.stat.descriptive.SummaryStatistics) ImmutableList(com.google.common.collect.ImmutableList) MersenneTwister(org.apache.commons.math3.random.MersenneTwister) DescriptiveStatistics(org.apache.commons.math3.stat.descriptive.DescriptiveStatistics) StellarFunctions(org.apache.metron.stellar.dsl.StellarFunctions) Assert(org.junit.Assert) Parameterized(org.junit.runners.Parameterized) Assert.assertEquals(org.junit.Assert.assertEquals) Joiner(com.google.common.base.Joiner) Context(org.apache.metron.stellar.dsl.Context) Before(org.junit.Before) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)

Aggregations

DefaultVariableResolver (org.apache.metron.stellar.dsl.DefaultVariableResolver)21 Test (org.junit.Test)18 StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)14 HashMap (java.util.HashMap)12 Context (org.apache.metron.stellar.dsl.Context)12 Assert (org.junit.Assert)11 Map (java.util.Map)9 ImmutableMap (com.google.common.collect.ImmutableMap)8 StellarFunctions (org.apache.metron.stellar.dsl.StellarFunctions)8 ParseException (org.apache.metron.stellar.dsl.ParseException)7 StellarProcessorUtils.runPredicate (org.apache.metron.stellar.common.utils.StellarProcessorUtils.runPredicate)5 Joiner (com.google.common.base.Joiner)4 ImmutableList (com.google.common.collect.ImmutableList)4 java.util (java.util)4 List (java.util.List)4 Before (org.junit.Before)4 ImmutableSet (com.google.common.collect.ImmutableSet)3 ArrayList (java.util.ArrayList)3 StringUtils (org.apache.commons.lang3.StringUtils)3 GaussianRandomGenerator (org.apache.commons.math3.random.GaussianRandomGenerator)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial