gis-8971 fixes

nazargesyk · nazargesyk · commit fd38f39114be · 2024-11-04T11:16:41.000+02:00
diff --git a/uncoder-core/app/translator/core/mixins/tokens.py b/uncoder-core/app/translator/core/mixins/tokens.py
@@ -0,0 +1,17 @@
+from app.translator.core.custom_types.tokens import LogicalOperatorType, OperatorType
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.query_tokens.field_value import FieldValue
+from app.translator.core.models.query_tokens.identifier import Identifier
+
+
+class ExtraConditionMixin:
+    def generate_extra_conditions(self, source_mapping: SourceMapping) -> list:
+        extra_tokens = []
+        for field, value in source_mapping.conditions.items():
+            extra_tokens.extend(
+                [
+                    FieldValue(source_name=field, operator=Identifier(token_type=OperatorType.EQ), value=value),
+                    Identifier(token_type=LogicalOperatorType.AND),
+                ]
+            )
+        return extra_tokens
diff --git a/uncoder-core/app/translator/core/render.py b/uncoder-core/app/translator/core/render.py
@@ -403,8 +403,8 @@ def process_raw_log_field_prefix(self, field: str, source_mapping: SourceMapping
         if raw_log_field_type := source_mapping.raw_log_fields.get(field):
             return [self.process_raw_log_field(field=field, field_type=raw_log_field_type)]
 
-    def generate_extra_conditions(self, source_mapping: SourceMapping, tokens: list) -> list:  # noqa: ARG002
-        return tokens
+    def generate_extra_conditions(self, source_mapping: SourceMapping) -> list:  # noqa: ARG002
+        return []
 
     def generate_raw_log_fields(self, fields: list[Field], source_mapping: SourceMapping) -> str:
         if not self.raw_log_field_patterns_map:
@@ -446,9 +446,8 @@ def _generate_from_tokenized_query_container_by_source_mapping(
             )
             prefix += f"\n{defined_raw_log_fields}"
         if source_mapping.conditions:
-            query_container.tokens = self.generate_extra_conditions(
-                source_mapping=source_mapping, tokens=query_container.tokens
-            )
+            extra_tokens = self.generate_extra_conditions(source_mapping=source_mapping)
+            query_container.tokens = [*extra_tokens, *query_container.tokens]
         query = self.generate_query(tokens=query_container.tokens, source_mapping=source_mapping)
         not_supported_functions = query_container.functions.not_supported + rendered_functions.not_supported
         return self.finalize_query(
diff --git a/uncoder-core/app/translator/platforms/arcsight/const.py b/uncoder-core/app/translator/platforms/arcsight/const.py
@@ -9,4 +9,4 @@
     "alt_platform_name": "CEF",
 }
 
-arcsight_query_details =  PlatformDetails(**ARCSIGHT_QUERY_DETAILS)
+arcsight_query_details = PlatformDetails(**ARCSIGHT_QUERY_DETAILS)
diff --git a/uncoder-core/app/translator/platforms/arcsight/escape_manager.py b/uncoder-core/app/translator/platforms/arcsight/escape_manager.py
@@ -7,9 +7,7 @@
 
 class ArcSightEscapeManager(EscapeManager):
     escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {
-        ValueType.value: [
-            EscapeDetails(pattern='(["\\()])', escape_symbols="\\\\\g<1>")
-        ],
+        ValueType.value: [EscapeDetails(pattern='(["\\()])', escape_symbols="\\\\\g<1>")]
     }
 
 
diff --git a/uncoder-core/app/translator/platforms/arcsight/mapping.py b/uncoder-core/app/translator/platforms/arcsight/mapping.py
@@ -1,5 +1,4 @@
-from app.translator.core.mapping import LogSourceSignature, \
-    BaseStrictLogSourcesPlatformMappings
+from app.translator.core.mapping import BaseStrictLogSourcesPlatformMappings, LogSourceSignature
 from app.translator.platforms.arcsight.const import arcsight_query_details
 
 
diff --git a/uncoder-core/app/translator/platforms/arcsight/renders/arcsight.py b/uncoder-core/app/translator/platforms/arcsight/renders/arcsight.py
@@ -1,17 +1,15 @@
 from typing import Optional, Union
 
 from app.translator.const import DEFAULT_VALUE_TYPE
-from app.translator.core.custom_types.tokens import OperatorType, LogicalOperatorType
 from app.translator.core.custom_types.values import ValueType
-from app.translator.core.mapping import LogSourceSignature, SourceMapping
+from app.translator.core.mapping import LogSourceSignature
+from app.translator.core.mixins.tokens import ExtraConditionMixin
 from app.translator.core.models.platform_details import PlatformDetails
-from app.translator.core.models.query_tokens.field_value import FieldValue
-from app.translator.core.models.query_tokens.identifier import Identifier
 from app.translator.core.render import BaseFieldValueRender, PlatformQueryRender
-from app.translator.core.str_value_manager import StrValueManager, StrValue
+from app.translator.core.str_value_manager import StrValue, StrValueManager
 from app.translator.managers import render_manager
 from app.translator.platforms.arcsight.const import arcsight_query_details
-from app.translator.platforms.arcsight.mapping import arcsight_query_mappings, ArcSightMappings
+from app.translator.platforms.arcsight.mapping import ArcSightMappings, arcsight_query_mappings
 from app.translator.platforms.arcsight.str_value_manager import arcsight_str_value_manager
 
 
@@ -85,8 +83,9 @@ def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         value = self._wrap_str_value(value)
         return f"{field} CONTAINS {value}"
 
+
 @render_manager.register
-class ArcSightQueryRender(PlatformQueryRender):
+class ArcSightQueryRender(ExtraConditionMixin, PlatformQueryRender):
     details: PlatformDetails = arcsight_query_details
     mappings: ArcSightMappings = arcsight_query_mappings
 
@@ -100,12 +99,3 @@ class ArcSightQueryRender(PlatformQueryRender):
 
     def generate_prefix(self, log_source_signature: Optional[LogSourceSignature], functions_prefix: str = "") -> str:  # noqa: ARG002
         return ""
-
-    def generate_extra_conditions(self, source_mapping: SourceMapping, tokens: list) -> list:
-        extra_tokens = []
-        for field, value in source_mapping.conditions.items():
-            extra_tokens.extend([
-                FieldValue(source_name=field, operator=Identifier(token_type=OperatorType.EQ), value=value),
-                Identifier(token_type=LogicalOperatorType.AND)
-            ])
-        return [*extra_tokens, *tokens]
diff --git a/uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py b/uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py
@@ -1,7 +1,7 @@
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render_cti import RenderCTI
 from app.translator.managers import render_cti_manager
-from app.translator.platforms.arcsight.const import ARCSIGHT_QUERY_DETAILS, arcsight_query_details
+from app.translator.platforms.arcsight.const import arcsight_query_details
 from app.translator.platforms.arcsight.mappings.arcsight_cti import DEFAULT_ARCSIGHT_MAPPING
 
 
diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py
@@ -2,11 +2,11 @@
 
 from app.translator.const import DEFAULT_VALUE_TYPE
 from app.translator.core.const import QUERY_TOKEN_TYPE
-from app.translator.core.custom_types.tokens import GroupType, LogicalOperatorType, OperatorType
+from app.translator.core.custom_types.tokens import GroupType
 from app.translator.core.custom_types.values import ValueType
-from app.translator.core.mapping import LogSourceSignature, SourceMapping
+from app.translator.core.mapping import LogSourceSignature
+from app.translator.core.mixins.tokens import ExtraConditionMixin
 from app.translator.core.models.platform_details import PlatformDetails
-from app.translator.core.models.query_tokens.field_value import FieldValue
 from app.translator.core.models.query_tokens.identifier import Identifier
 from app.translator.core.render import BaseFieldValueRender, PlatformQueryRender
 from app.translator.core.str_value_manager import StrValueManager
@@ -119,7 +119,7 @@ def is_not_none(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:  # noqa: AR
 
 
 @render_manager.register
-class ElasticSearchEQLQueryRender(PlatformQueryRender):
+class ElasticSearchEQLQueryRender(ExtraConditionMixin, PlatformQueryRender):
     details: PlatformDetails = elastic_eql_query_details
     mappings: LuceneMappings = elastic_eql_query_mappings
     or_token = "or"
@@ -133,13 +133,3 @@ def generate_prefix(self, log_source_signature: Optional[LogSourceSignature], fu
 
     def in_brackets(self, raw_list: list[QUERY_TOKEN_TYPE]) -> list[QUERY_TOKEN_TYPE]:
         return [Identifier(token_type=GroupType.L_PAREN), *raw_list, Identifier(token_type=GroupType.R_PAREN)]
-
-    def generate_extra_conditions(self, source_mapping: SourceMapping, tokens: list) -> list:
-        for field, value in source_mapping.conditions.items():
-            tokens = self.in_brackets(tokens)
-            extra_tokens = [
-                FieldValue(source_name=field, operator=Identifier(token_type=OperatorType.EQ), value=value),
-                Identifier(token_type=LogicalOperatorType.AND),
-            ]
-            tokens = self.in_brackets([*extra_tokens, *tokens])
-        return tokens

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,4 @@`
`9`	`9`	`"alt_platform_name": "CEF",`
`10`	`10`	`}`
`11`	`11`
`12`		`-arcsight_query_details = PlatformDetails(**ARCSIGHT_QUERY_DETAILS)`
	`12`	`+arcsight_query_details = PlatformDetails(**ARCSIGHT_QUERY_DETAILS)`
Original file line number	Diff line number	Diff line change
`@@ -7,9 +7,7 @@`
`7`	`7`
`8`	`8`	`class ArcSightEscapeManager(EscapeManager):`
`9`	`9`	`escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {`
`10`		`- ValueType.value: [`
`11`		`- EscapeDetails(pattern='(["\\()])', escape_symbols="\\\\\g<1>")`
`12`		`- ],`
	`10`	`+ ValueType.value: [EscapeDetails(pattern='(["\\()])', escape_symbols="\\\\\g<1>")]`
`13`	`11`	`}`
`14`	`12`
`15`	`13`