Skip to content

regex-transformation-only-for-re #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 29, 2024
Merged

regex-transformation-only-for-re #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions translator/app/translator/platforms/logrhythm_axon/const.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
from app.translator.core.custom_types.meta_info import SeverityType
from app.translator.core.models.platform_details import PlatformDetails

UNMAPPED_FIELD_DEFAULT_NAME = "general_information.raw_message"

DEFAULT_LOGRHYTHM_AXON_RULE = {
"title": "Default LogRhythm Axon rule",
"version": 3,
Expand Down
69 changes: 45 additions & 24 deletions translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
from typing import Union

from app.translator.const import DEFAULT_VALUE_TYPE
from app.translator.core.custom_types.tokens import LogicalOperatorType, OperatorType
from app.translator.core.custom_types.tokens import LogicalOperatorType
from app.translator.core.exceptions.core import StrictPlatformException
from app.translator.core.exceptions.render import BaseRenderException
from app.translator.core.mapping import LogSourceSignature, SourceMapping
Expand All @@ -29,7 +29,7 @@
from app.translator.core.models.parser_output import MetaInfoContainer
from app.translator.core.models.platform_details import PlatformDetails
from app.translator.core.render import BaseQueryFieldValue, BaseQueryRender
from app.translator.platforms.logrhythm_axon.const import logrhythm_axon_query_details
from app.translator.platforms.logrhythm_axon.const import UNMAPPED_FIELD_DEFAULT_NAME, logrhythm_axon_query_details
from app.translator.platforms.logrhythm_axon.mapping import LogRhythmAxonMappings, logrhythm_axon_mappings
from app.translator.platforms.microsoft.escape_manager import microsoft_escape_manager

Expand Down Expand Up @@ -90,11 +90,26 @@ def __regex_to_str_list(self, value: Union[int, str]) -> list[list[str]]: # noq

return joined_components

def __unmapped_regex_field_to_contains_string(self, field: str, value: str) -> str:
if self.__is_complex_regex(value):
raise LogRhythmRegexRenderException
values = self.__regex_to_str_list(value)
return (
"("
+ self.or_token.join(
" AND ".join(f'{field} CONTAINS "{self.__escape_value(value)}"' for value in value_list)
for value_list in values
)
+ ")"
)

@staticmethod
def __escape_value(value: Union[int, str]) -> Union[int, str]:
return value.replace("'", "''") if isinstance(value, str) else value

def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, str):
return f'{field} = "{self.__escape_value(value)}"'
if isinstance(value, list):
Expand All @@ -104,26 +119,36 @@ def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
return f'{field} = "{self.apply_value(value)}"'

def less_modifier(self, field: str, value: Union[int, str]) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, int):
return f"{field} < {value}"
return f"{field} < '{self.apply_value(value)}'"

def less_or_equal_modifier(self, field: str, value: Union[int, str]) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, int):
return f"{field} <= {value}"
return f"{field} <= {self.apply_value(value)}"

def greater_modifier(self, field: str, value: Union[int, str]) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, int):
return f"{field} > {value}"
return f"{field} > {self.apply_value(value)}"

def greater_or_equal_modifier(self, field: str, value: Union[int, str]) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, int):
return f"{field} >= {value}"
return f"{field} >= {self.apply_value(value)}"

def not_equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
if isinstance(value, list):
return f"({self.or_token.join([self.not_equal_modifier(field=field, value=v) for v in value])})"
if isinstance(value, int):
Expand All @@ -133,39 +158,37 @@ def not_equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
def contains_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return f"({self.or_token.join(self.contains_modifier(field=field, value=v) for v in value)})"
if isinstance(value, str) and self.__is_contain_regex_items(value):
if self.__is_complex_regex(value):
raise LogRhythmRegexRenderException
values = self.__regex_to_str_list(value)
return (
"("
+ self.or_token.join(
" AND ".join(f'{field} CONTAINS "{self.__escape_value(value)}"' for value in value_list)
for value_list in values
)
+ ")"
)
return f'{field} CONTAINS "{self.__escape_value(value)}"'

def endswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return f"({self.or_token.join(self.endswith_modifier(field=field, value=v) for v in value)})"
value = f".*{self.__escape_value(value)}" if not value.startswith(".*") else self.__escape_value(value)
if isinstance(value, str) and field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
value = f".*{self.__escape_value(value)}" if not str(value).startswith(".*") else self.__escape_value(value)
return f'{field} matches "{value}$"'

def startswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return f"({self.or_token.join(self.startswith_modifier(field=field, value=v) for v in value)})"
value = f"{self.__escape_value(value)}.*" if not value.endswith(".*") else self.__escape_value(value)
if isinstance(value, str) and field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
value = f"{self.__escape_value(value)}.*" if not str(value).endswith(".*") else self.__escape_value(value)
return f'{field} matches "^{self.__escape_value(value)}"'

def __regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
return f'{field} matches "{value}"'

def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if field == UNMAPPED_FIELD_DEFAULT_NAME and self.__is_contain_regex_items(value):
if isinstance(value, str):
return self.__unmapped_regex_field_to_contains_string(field, value)
if isinstance(value, list):
return self.or_token.join(
self.__unmapped_regex_field_to_contains_string(field=field, value=v) for v in value
)
if isinstance(value, list):
return f"({self.or_token.join(self.__regex_modifier(field=field, value=v) for v in value)})"
return self.__regex_modifier(field, value)
return f"({self.or_token.join(self.regex_modifier(field=field, value=v) for v in value)})"
if isinstance(value, str) and field == UNMAPPED_FIELD_DEFAULT_NAME:
return self.contains_modifier(field, value)
return f'{field} matches "{value}"'


class LogRhythmAxonQueryRender(BaseQueryRender):
Expand Down Expand Up @@ -193,9 +216,7 @@ def apply_token(self, token: Union[FieldValue, Keyword, Identifier], source_mapp
except StrictPlatformException:
try:
return self.field_value_map.apply_field_value(
field="general_information.raw_message",
operator=Identifier(token_type=OperatorType.CONTAINS),
value=token.value,
field=UNMAPPED_FIELD_DEFAULT_NAME, operator=token.operator, value=token.value
)
except LogRhythmRegexRenderException as exc:
raise LogRhythmRegexRenderException(
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy