NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit5fd269c

committed

predefined field class

1 parentc1dddc7 commit5fd269cCopy full SHA for 5fd269c

File tree

8 files changed

+75

-23

lines changed

uncoder-core/app/translator
- core
  - custom_types
    - predefined_fields.py
  - models
    - field.py
  - render.py
  - tokenizer.py
- platforms
  - logrhythm_axon/renders
    - logrhythm_axon_query.py
  - opensearch/renders
    - opensearch_rule.py
  - palo_alto
    - const.py
    - renders
      - cortex_xsiam.py

8 files changed

+75

-23

lines changed

`‎uncoder-core/app/translator/core/custom_types/predefined_fields.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,12 @@`
	`1`	`+fromapp.translator.tools.custom_enumimportCustomEnum`
	`2`	`+`
	`3`	`+`
	`4`	`+classIPLocationType(CustomEnum):`
	`5`	`+asn="ip_loc_asn"`
	`6`	`+asn_org="ip_loc_asn_org"`
	`7`	`+city="ip_loc_city"`
	`8`	`+continent="ip_loc_continent"`
	`9`	`+country="ip_loc_country"`
	`10`	`+lat_lon="ip_loc_lat_lon"`
	`11`	`+region="ip_loc_region"`
	`12`	`+timezone="ip_loc_timezone"`

`‎uncoder-core/app/translator/core/models/field.py‎`

Lines changed: 20 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,11 @@ def set_generic_names_map(self, source_mappings: list[SourceMapping], default_ma`
`37`	`37`	`self.__generic_names_map=generic_names_map`
`38`	`38`
`39`	`39`
	`40`	`+classPredefinedField:`
	`41`	`+def__init__(self,name:str):`
	`42`	`+self.name=name`
	`43`	`+`
	`44`	`+`
`40`	`45`	`classFieldField:`
`41`	`46`	`def__init__(`
`42`	`47`	`self,`
`@@ -46,10 +51,10 @@ def __init__(`
`46`	`51`	`is_alias_left:bool=False,`
`47`	`52`	`is_alias_right:bool=False,`
`48`	`53`	`):`
`49`		`-self.field_left=Field(source_name=source_name_left)`
	`54`	`+self.field_left=Field(source_name=source_name_left)ifnotis_alias_leftelseNone`
`50`	`55`	`self.alias_left=Alias(name=source_name_left)ifis_alias_leftelseNone`
`51`	`56`	`self.operator=operator`
`52`		`-self.field_right=Field(source_name=source_name_right)`
	`57`	`+self.field_right=Field(source_name=source_name_right)ifnotis_alias_rightelseNone`
`53`	`58`	`self.alias_right=Alias(name=source_name_right)ifis_alias_rightelseNone`
`54`	`59`
`55`	`60`
`@@ -60,11 +65,14 @@ def __init__(`
`60`	`65`	`operator:Identifier,`
`61`	`66`	`value:Union[int,str,StrValue,list,tuple],`
`62`	`67`	`is_alias:bool=False,`
	`68`	`+is_predefined_field:bool=False,`
`63`	`69`	`):`
`64`		`-self.field=Field(source_name=source_name)`
`65`		`-self.alias=None`
`66`		`-ifis_alias:`
`67`		`-self.alias=Alias(name=source_name)`
	`70`	`+# mapped by platform fields mapping`
	`71`	`+self.field=Field(source_name=source_name)ifnot (is_aliasoris_predefined_field)elseNone`
	`72`	`+# not mapped`
	`73`	`+self.alias=Alias(name=source_name)ifis_aliaselseNone`
	`74`	`+# mapped by platform predefined fields mapping`
	`75`	`+self.predefined_field=PredefinedField(name=source_name)ifis_predefined_fieldelseNone`
`68`	`76`
`69`	`77`	`self.operator=operator`
`70`	`78`	`self.values= []`
`@@ -96,10 +104,13 @@ def __add_value(self, value: Optional[Union[int, str, StrValue, list, tuple]]) -`
`96`	`104`	`self.values.append(value)`
`97`	`105`
`98`	`106`	`def__repr__(self):`
`99`		`-ifself.field:`
`100`		`-returnf"{self.field.source_name}{self.operator.token_type}{self.values}"`
	`107`	`+ifself.alias:`
	`108`	`+returnf"{self.alias.name}{self.operator.token_type}{self.values}"`
	`109`	`+`
	`110`	`+ifself.predefined_field:`
	`111`	`+returnf"{self.predefined_field.name}{self.operator.token_type}{self.values}"`
`101`	`112`
`102`		`-returnf"{self.alias.name}{self.operator.token_type}{self.values}"`
	`113`	`+returnf"{self.field.source_name}{self.operator.token_type}{self.values}"`
`103`	`114`
`104`	`115`
`105`	`116`	`classKeyword:`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 20 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@`
`31`	`31`	`fromapp.translator.core.exceptions.parserimportUnsupportedOperatorException`
`32`	`32`	`fromapp.translator.core.functionsimportPlatformFunctions`
`33`	`33`	`fromapp.translator.core.mappingimportDEFAULT_MAPPING_NAME,BasePlatformMappings,LogSourceSignature,SourceMapping`
`34`		`-fromapp.translator.core.models.fieldimportField,FieldField,FieldValue,Keyword`
	`34`	`+fromapp.translator.core.models.fieldimportField,FieldField,FieldValue,Keyword,PredefinedField`
`35`	`35`	`fromapp.translator.core.models.functions.baseimportFunction,RenderedFunctions`
`36`	`36`	`fromapp.translator.core.models.identifierimportIdentifier`
`37`	`37`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`@@ -218,7 +218,8 @@ class PlatformQueryRender(QueryRender):`
`218`	`218`	`field_field_render=BaseFieldFieldRender()`
`219`	`219`	`field_value_render=BaseFieldValueRender(or_token=or_token)`
`220`	`220`
`221`		`-raw_log_field_pattern_map:ClassVar[dict[str,str]]=None`
	`221`	`+predefined_fields_map:ClassVar[dict[str,str]]= {}`
	`222`	`+raw_log_field_patterns_map:ClassVar[dict[str,str]]= {}`
`222`	`223`
`223`	`224`	`def__init__(self):`
`224`	`225`	`super().__init__()`
`@@ -248,9 +249,23 @@ def map_field(self, field: Field, source_mapping: SourceMapping) -> list[str]:`
`248`	`249`
`249`	`250`	`returnmapped_fieldifmapped_fieldelse [generic_field_name]ifgeneric_field_nameelse [field.source_name]`
`250`	`251`
	`252`	`+defmap_predefined_field(self,predefined_field:PredefinedField)->str:`
	`253`	`+ifnot (mapped_predefined_field_name:=self.predefined_fields_map.get(predefined_field.name)):`
	`254`	`+ifself.is_strict_mapping:`
	`255`	`+raiseStrictPlatformException(field_name=predefined_field.name,platform_name=self.details.name)`
	`256`	`+`
	`257`	`+returnpredefined_field.name`
	`258`	`+`
	`259`	`+returnmapped_predefined_field_name`
	`260`	`+`
`251`	`261`	`defapply_token(self,token:Union[FieldValue,Keyword,Identifier],source_mapping:SourceMapping)->str:`
`252`	`262`	`ifisinstance(token,FieldValue):`
`253`		`-mapped_fields= [token.alias.name]iftoken.aliaselseself.map_field(token.field,source_mapping)`
	`263`	`+iftoken.alias:`
	`264`	`+mapped_fields= [token.alias.name]`
	`265`	`+eliftoken.predefined_field:`
	`266`	`+mapped_fields= [self.map_predefined_field(token.predefined_field)]`
	`267`	`+else:`
	`268`	`+mapped_fields=self.map_field(token.field,source_mapping)`
`254`	`269`	`joined=self.logical_operators_map[LogicalOperatorType.OR].join(`
`255`	`270`	`[`
`256`	`271`	`self.field_value_render.apply_field_value(field=field,operator=token.operator,value=token.value)`
`@@ -365,7 +380,7 @@ def generate_from_raw_query_container(self, query_container: RawQueryContainer)`
`365`	`380`	`)`
`366`	`381`
`367`	`382`	`defprocess_raw_log_field(self,field:str,field_type:str)->Optional[str]:`
`368`		`-ifraw_log_field_pattern:=self.raw_log_field_pattern_map.get(field_type):`
	`383`	`+ifraw_log_field_pattern:=self.raw_log_field_patterns_map.get(field_type):`
`369`	`384`	`returnraw_log_field_pattern.format(field=field)`
`370`	`385`
`371`	`386`	`defprocess_raw_log_field_prefix(self,field:str,source_mapping:SourceMapping)->Optional[list]:`
`@@ -379,7 +394,7 @@ def process_raw_log_field_prefix(self, field: str, source_mapping: SourceMapping`
`379`	`394`	`return [self.process_raw_log_field(field=field,field_type=raw_log_field_type)]`
`380`	`395`
`381`	`396`	`defgenerate_raw_log_fields(self,fields:list[Field],source_mapping:SourceMapping)->str:`
`382`		`-ifself.raw_log_field_pattern_mapisNone:`
	`397`	`+ifnotself.raw_log_field_patterns_map:`
`383`	`398`	`return""`
`384`	`399`	`defined_raw_log_fields= []`
`385`	`400`	`forfieldinfields:`

`‎uncoder-core/app/translator/core/tokenizer.py‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -332,12 +332,12 @@ def get_field_tokens_from_func_args( # noqa: PLR0912`
`332`	`332`	`ifisinstance(arg,Field):`
`333`	`333`	`result.append(arg)`
`334`	`334`	`elifisinstance(arg,FieldField):`
`335`		`-ifnotarg.alias_leftorarg.alias_left.name!=arg.field_left.source_name:`
	`335`	`+ifarg.field_left:`
`336`	`336`	`result.append(arg.field_left)`
`337`		`-ifnotarg.alias_rightorarg.alias_right.name!=arg.field_right.source_name:`
	`337`	`+ifarg.field_right:`
`338`	`338`	`result.append(arg.field_right)`
`339`	`339`	`elifisinstance(arg,FieldValue):`
`340`		`-ifnotarg.aliasorarg.alias.name!=arg.field.source_name:`
	`340`	`+ifarg.field:`
`341`	`341`	`result.append(arg.field)`
`342`	`342`	`elifisinstance(arg,GroupByFunction):`
`343`	`343`	`result.extend(self.get_field_tokens_from_func_args(args=arg.args))`

`‎uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,7 @@ def generate_prefix(self, log_source_signature: LogSourceSignature, functions_pr`
`219`	`219`	`returnstr(log_source_signature)`
`220`	`220`
`221`	`221`	`defapply_token(self,token:Union[FieldValue,Keyword,Identifier],source_mapping:SourceMapping)->str:`
`222`		`-ifisinstance(token,FieldValue):`
	`222`	`+ifisinstance(token,FieldValue)andtoken.field:`
`223`	`223`	`try:`
`224`	`224`	`mapped_fields=self.map_field(token.field,source_mapping)`
`225`	`225`	`exceptStrictPlatformException:`

`‎uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ def finalize_query(`
`79`	`79`	`returnself.wrap_with_not_supported_functions(rule_str,not_supported_functions)`
`80`	`80`
`81`	`81`	`defapply_token(self,token:Union[FieldValue,Keyword,Identifier],source_mapping:SourceMapping)->str:`
`82`		`-ifisinstance(token,FieldValue):`
	`82`	`+ifisinstance(token,FieldValue)andtoken.field:`
`83`	`83`	`forfieldinself.map_field(token.field,source_mapping):`
`84`	`84`	`self.fields.update({field:f"{{ctx.results.0.hits.hits.0._source.{field}}}"})`
`85`	`85`	`returnsuper().apply_token(token,source_mapping)`

`‎uncoder-core/app/translator/platforms/palo_alto/const.py‎`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+fromapp.translator.core.custom_types.predefined_fieldsimportIPLocationType`
`1`	`2`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`2`	`3`
`3`	`4`	`PLATFORM_DETAILS= {"group_id":"cortex","group_name":"Palo Alto Cortex XSIAM"}`
`@@ -10,3 +11,15 @@`
`10`	`11`	`}`
`11`	`12`
`12`	`13`	`cortex_xql_query_details=PlatformDetails(**CORTEX_XSIAM_XQL_QUERY_DETAILS)`
	`14`	`+`
	`15`	`+`
	`16`	`+PREDEFINED_FIELDS_MAP= {`
	`17`	`+IPLocationType.asn:"loc_asn",`
	`18`	`+IPLocationType.asn_org:"loc_asn_org",`
	`19`	`+IPLocationType.city:"loc_city",`
	`20`	`+IPLocationType.continent:"loc_continent",`
	`21`	`+IPLocationType.country:"loc_country",`
	`22`	`+IPLocationType.lat_lon:"loc_latlon",`
	`23`	`+IPLocationType.region:"loc_region",`
	`24`	`+IPLocationType.timezone:"loc_timezone",`
	`25`	`+}`

`‎uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py‎`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@`
`30`	`30`	`fromapp.translator.core.renderimportBaseFieldFieldRender,BaseFieldValueRender,PlatformQueryRender`
`31`	`31`	`fromapp.translator.core.str_value_managerimportStrValue`
`32`	`32`	`fromapp.translator.managersimportrender_manager`
`33`		`-fromapp.translator.platforms.palo_alto.constimportcortex_xql_query_details`
	`33`	`+fromapp.translator.platforms.palo_alto.constimportPREDEFINED_FIELDS_MAP,cortex_xql_query_details`
`34`	`34`	`fromapp.translator.platforms.palo_alto.functionsimportCortexXQLFunctions,cortex_xql_functions`
`35`	`35`	`fromapp.translator.platforms.palo_alto.mappingimport (`
`36`	`36`	`CortexXQLLogSourceSignature,`
`@@ -167,7 +167,8 @@ class CortexXQLQueryRender(PlatformQueryRender):`
`167`	`167`	`details:PlatformDetails=cortex_xql_query_details`
`168`	`168`	`mappings:CortexXQLMappings=cortex_xql_mappings`
`169`	`169`	`is_strict_mapping=True`
`170`		`-raw_log_field_pattern_map:ClassVar[dict[str,str]]= {`
	`170`	`+predefined_fields_map=PREDEFINED_FIELDS_MAP`
	`171`	`+raw_log_field_patterns_map:ClassVar[dict[str,str]]= {`
`171`	`172`	`"regex":'\| alter {field} = regextract(to_json_string(action_evtlog_data_fields)->{field}{{}}, "\\"(.*)\\"")',`
`172`	`173`	`"object":'\| alter {field_name} = json_extract_scalar({field_object} , "$.{field_path}")',`
`173`	`174`	`"list":'\| alter {field_name} = arraystring(json_extract_array({field_object} , "$.{field_path}")," ")',`
`@@ -189,7 +190,7 @@ def init_platform_functions(self) -> None:`
`189`	`190`	`self.platform_functions.platform_query_render=self`
`190`	`191`
`191`	`192`	`defprocess_raw_log_field(self,field:str,field_type:str)->Optional[str]:`
`192`		`-raw_log_field_pattern=self.raw_log_field_pattern_map.get(field_type)`
	`193`	`+raw_log_field_pattern=self.raw_log_field_patterns_map.get(field_type)`
`193`	`194`	`ifraw_log_field_patternisNone:`
`194`	`195`	`return`
`195`	`196`	`iffield_type=="regex":`
`@@ -206,7 +207,7 @@ def generate_prefix(self, log_source_signature: CortexXQLLogSourceSignature, fun`
`206`	`207`	`returnf"{functions_prefix}{log_source_str}"`
`207`	`208`
`208`	`209`	`defapply_token(self,token:Union[FieldValue,Keyword,Identifier],source_mapping:SourceMapping)->str:`
`209`		`-ifisinstance(token,FieldValue):`
	`210`	`+ifisinstance(token,FieldValue)andtoken.field:`
`210`	`211`	`field_name=token.field.source_name`
`211`	`212`	`ifvalues_map:=SOURCE_MAPPING_TO_FIELD_VALUE_MAP.get(source_mapping.source_id, {}).get(field_name):`
`212`	`213`	`values_to_update= []`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5fd269c

File tree

8 files changed

8 files changed

`‎uncoder-core/app/translator/core/custom_types/predefined_fields.py‎`

`‎uncoder-core/app/translator/core/models/field.py‎`

`‎uncoder-core/app/translator/core/render.py‎`

`‎uncoder-core/app/translator/core/tokenizer.py‎`

`‎uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py‎`

`‎uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py‎`

`‎uncoder-core/app/translator/platforms/palo_alto/const.py‎`

`‎uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py‎`

0 commit comments