Example 1 with ParseException
use of org.apache.metron.stellar.dsl.ParseException in project metron by apache.
the class StellarServiceImpl method validateRules.
@Override
public Map<String, Boolean> validateRules(List<String> rules) {
Map<String, Boolean> results = new HashMap<>();
StellarProcessor stellarProcessor = new StellarProcessor();
for (String rule : rules) {
try {
boolean result = stellarProcessor.validate(rule, Context.EMPTY_CONTEXT());
results.put(rule, result);
} catch (ParseException e) {
results.put(rule, false);
}
}
return results;
}
Also used :
StellarProcessor(org.apache.metron.stellar.common.StellarProcessor)
HashMap(java.util.HashMap)
ParseException(org.apache.metron.stellar.dsl.ParseException)
Example 2 with ParseException
use of org.apache.metron.stellar.dsl.ParseException in project metron by apache.
the class DefaultProfileBuilder method execute.
/**
* Executes the expressions contained within the profile definition.
*
* @param expressions A list of expressions to execute.
* @param transientState Additional transient state provided to the expressions.
* @param expressionType The type of expression; init, update, result. Provides additional context if expression execution fails.
* @return The result of executing each expression.
*/
private List<Object> execute(List<String> expressions, Map<String, Object> transientState, String expressionType) {
List<Object> results = new ArrayList<>();
for (String expr : ListUtils.emptyIfNull(expressions)) {
try {
// execute an expression
Object result = executor.execute(expr, transientState, Object.class);
results.add(result);
} catch (Throwable e) {
// in-scope variables = persistent state maintained by the profiler + the transient state
Set<String> variablesInScope = new HashSet<>();
variablesInScope.addAll(transientState.keySet());
variablesInScope.addAll(executor.getState().keySet());
String msg = format("Bad '%s' expression: error='%s', expr='%s', profile='%s', entity='%s', variables-available='%s'", expressionType, e.getMessage(), expr, profileName, entity, variablesInScope);
LOG.error(msg, e);
throw new ParseException(msg, e);
}
}
return results;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ArrayList(java.util.ArrayList)
JSONObject(org.json.simple.JSONObject)
ParseException(org.apache.metron.stellar.dsl.ParseException)
Example 3 with ParseException
use of org.apache.metron.stellar.dsl.ParseException in project metron by apache.
the class BasicStellarTest method testLogicalFunctions.
@Test
public void testLogicalFunctions() throws Exception {
final Map<String, String> variableMap = new HashMap<String, String>() {
{
put("foo", "casey");
put("ip", "192.168.0.1");
put("ip_src_addr", "192.168.0.1");
put("ip_dst_addr", "10.0.0.1");
put("other_ip", "10.168.0.1");
put("empty", "");
put("spaced", "metron is great");
}
};
Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24') in [true]", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("true in IN_SUBNET(ip, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertFalse(runPredicate("IN_SUBNET(ip_dst_addr, '192.168.0.0/24', '11.0.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertFalse(runPredicate("IN_SUBNET(other_ip, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
boolean thrown = false;
try {
runPredicate("IN_SUBNET(blah, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v)));
} catch (ParseException pe) {
thrown = true;
}
Assert.assertTrue(thrown);
Assert.assertTrue(runPredicate("true and STARTS_WITH(foo, 'ca')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("true and STARTS_WITH(TO_UPPER(foo), 'CA')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("(true and STARTS_WITH(TO_UPPER(foo), 'CA')) || true", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("true and ENDS_WITH(foo, 'sey')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("not(IN_SUBNET(ip_src_addr, '192.168.0.0/24') and IN_SUBNET(ip_dst_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("IN_SUBNET(ip_src_addr, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertFalse(runPredicate("not(IN_SUBNET(ip_src_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertFalse(runPredicate("IN_SUBNET(ip_dst_addr, '192.168.0.0/24')", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
Assert.assertTrue(runPredicate("not(IN_SUBNET(ip_dst_addr, '192.168.0.0/24'))", new DefaultVariableResolver(v -> variableMap.get(v), v -> variableMap.containsKey(v))));
}
Also used :
StellarProcessorUtils.run(org.apache.metron.stellar.common.utils.StellarProcessorUtils.run)
java.util(java.util)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableMap(com.google.common.collect.ImmutableMap)
StellarProcessorUtils.runPredicate(org.apache.metron.stellar.common.utils.StellarProcessorUtils.runPredicate)
StellarProcessor(org.apache.metron.stellar.common.StellarProcessor)
StellarFunction(org.apache.metron.stellar.dsl.StellarFunction)
StellarProcessorUtils.validate(org.apache.metron.stellar.common.utils.StellarProcessorUtils.validate)
Test(org.junit.Test)
StringUtils(org.apache.commons.lang3.StringUtils)
DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)
Stellar(org.apache.metron.stellar.dsl.Stellar)
ClasspathFunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.ClasspathFunctionResolver)
Rule(org.junit.Rule)
Ignore(org.junit.Ignore)
Assert(org.junit.Assert)
ParseException(org.apache.metron.stellar.dsl.ParseException)
ExpectedException(org.junit.rules.ExpectedException)
Joiner(com.google.common.base.Joiner)
Context(org.apache.metron.stellar.dsl.Context)
DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)
ParseException(org.apache.metron.stellar.dsl.ParseException)
Test(org.junit.Test)
Example 4 with ParseException
use of org.apache.metron.stellar.dsl.ParseException in project metron by apache.
the class StringFunctionsTest method testLeftRightFills.
@Test
public void testLeftRightFills() throws Exception {
final Map<String, Object> variableMap = new HashMap<String, Object>() {
{
put("foo", null);
put("bar", null);
put("notInt", "oh my");
}
};
// LEFT
Object left = run("FILL_LEFT('123','X', 10)", new HashedMap());
Assert.assertNotNull(left);
Assert.assertEquals(10, ((String) left).length());
Assert.assertEquals("XXXXXXX123", (String) left);
// RIGHT
Object right = run("FILL_RIGHT('123','X', 10)", new HashedMap());
Assert.assertNotNull(right);
Assert.assertEquals(10, ((String) right).length());
Assert.assertEquals("123XXXXXXX", (String) right);
// INPUT ALREADY LENGTH
Object same = run("FILL_RIGHT('123','X', 3)", new HashedMap());
Assert.assertEquals(3, ((String) same).length());
Assert.assertEquals("123", (String) same);
// INPUT BIGGER THAN LENGTH
Object tooBig = run("FILL_RIGHT('1234567890','X', 3)", new HashedMap());
Assert.assertEquals(10, ((String) tooBig).length());
Assert.assertEquals("1234567890", (String) tooBig);
// NULL VARIABLES
boolean thrown = false;
try {
run("FILL_RIGHT('123',foo,bar)", variableMap);
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("are both required"));
}
Assert.assertTrue(thrown);
thrown = false;
// NULL LENGTH
try {
run("FILL_RIGHT('123','X',bar)", variableMap);
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("are both required"));
}
Assert.assertTrue(thrown);
thrown = false;
// NULL FILL
try {
run("FILL_RIGHT('123',foo, 7)", variableMap);
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("are both required"));
}
Assert.assertTrue(thrown);
thrown = false;
// NON INTEGER LENGTH
try {
run("FILL_RIGHT('123','X', 'z' )", new HashedMap());
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("not a valid Integer"));
}
Assert.assertTrue(thrown);
thrown = false;
// EMPTY STRING PAD
try {
Object returnValue = run("FILL_RIGHT('123','', 10 )", new HashedMap());
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("cannot be an empty"));
}
Assert.assertTrue(thrown);
thrown = false;
// MISSING LENGTH PARAMETER
try {
run("FILL_RIGHT('123',foo)", variableMap);
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("expects three"));
}
Assert.assertTrue(thrown);
}
Also used :
HashMap(java.util.HashMap)
ParseException(org.apache.metron.stellar.dsl.ParseException)
HashedMap(org.apache.commons.collections4.map.HashedMap)
Test(org.junit.Test)
Example 5 with ParseException
use of org.apache.metron.stellar.dsl.ParseException in project metron by apache.
the class StringFunctionsTest method testChomp.
/**
* CHOMP StringFunction
*
* @throws Exception
*/
@Test
public void testChomp() throws Exception {
Assert.assertEquals("abc", run("CHOMP('abc')", new HashedMap()));
Assert.assertEquals("abc", run("CHOMP(msg)", ImmutableMap.of("msg", "abc\r\n")));
Assert.assertEquals("", run("CHOMP(msg)", ImmutableMap.of("msg", "\n")));
Assert.assertEquals("", run("CHOMP('')", new HashedMap()));
Assert.assertEquals(null, run("CHOMP(null)", new HashedMap()));
// No input
boolean thrown = false;
try {
run("CHOMP()", Collections.emptyMap());
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("missing argument"));
}
Assert.assertTrue(thrown);
thrown = false;
// Variable missing
try {
run("CHOMP(msg)", new HashedMap());
} catch (ParseException pe) {
thrown = true;
}
thrown = false;
// Integer input
try {
run("CHOMP(123)", Collections.emptyMap());
} catch (ParseException pe) {
thrown = true;
Assert.assertTrue(pe.getMessage().contains("cannot be cast"));
}
Assert.assertTrue(thrown);
}
Also used :
ParseException(org.apache.metron.stellar.dsl.ParseException)
HashedMap(org.apache.commons.collections4.map.HashedMap)
Test(org.junit.Test)
Aggregations
ParseException (org.apache.metron.stellar.dsl.ParseException)12
Test (org.junit.Test)7
HashMap (java.util.HashMap)5
HashedMap (org.apache.commons.collections4.map.HashedMap)4
Joiner (com.google.common.base.Joiner)3
HashSet (java.util.HashSet)3
Map (java.util.Map)3
Set (java.util.Set)3
StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)3
StellarProcessorUtils.runPredicate (org.apache.metron.stellar.common.utils.StellarProcessorUtils.runPredicate)3
Context (org.apache.metron.stellar.dsl.Context)3
DefaultVariableResolver (org.apache.metron.stellar.dsl.DefaultVariableResolver)3
StellarFunction (org.apache.metron.stellar.dsl.StellarFunction)3
Assert (org.junit.Assert)3
ImmutableMap (com.google.common.collect.ImmutableMap)2
ImmutableSet (com.google.common.collect.ImmutableSet)2
java.util (java.util)2
ArrayList (java.util.ArrayList)2
StringUtils (org.apache.commons.lang3.StringUtils)2
StellarProcessorUtils.run (org.apache.metron.stellar.common.utils.StellarProcessorUtils.run)2
