Movatterモバイル変換

Skip to content

UncoderIO/Uncoder_IOPublic

NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit83c12c8

alexvolha

committed

render unmapped fields comment

1 parent14ec9a0 commit83c12c8Copy full SHA for 83c12c8

File tree

15 files changed

+30

-83

lines changed

uncoder-core/app/translator
- core
  - exceptions
    - core.py
  - mapping.py
  - render.py
- platforms
  - chronicle/renders
    - chronicle_rule.py
  - elasticsearch/renders
  - forti_siem/renders
    - forti_siem_rule.py
  - logrhythm_axon/renders
    - logrhythm_axon_rule.py
  - logscale/renders
    - logscale_alert.py
  - microsoft/renders
    - microsoft_sentinel_rule.py
  - opensearch/renders
    - opensearch_rule.py
  - palo_alto/renders
    - cortex_xsiam.py
  - splunk/renders
    - splunk_alert.py

15 files changed

+30

-83

lines changed

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

Lines changed: 2 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,19 +10,14 @@ class BasePlatformException(BaseException):`
`10`	`10`
`11`	`11`
`12`	`12`	`classStrictPlatformException(BasePlatformException):`
`13`		`-field_name:str=None`
`14`		`-`
`15`		`-def__init__(`
`16`		`-self,platform_name:str,field_name:str,mapping:Optional[str]=None,detected_fields:Optional[list]=None`
`17`		`- ):`
	`13`	`+def__init__(self,platform_name:str,fields:list[str],mapping:Optional[str]=None):`
`18`	`14`	`message= (`
`19`	`15`	`f"Platform{platform_name} has strict mapping. "`
`20`		`-f"Source fields:{', '.join(detected_fields)ifdetected_fieldselsefield_name} has no mapping."`
	`16`	`+f"Source fields:{', '.join(fields)} have no mapping."`
`21`	`17`	`f" Mapping file:{mapping}."`
`22`	`18`	`ifmapping`
`23`	`19`	`else""`
`24`	`20`	`)`
`25`		`-self.field_name=field_name`
`26`	`21`	`super().__init__(message)`
`27`	`22`
`28`	`23`

`‎uncoder-core/app/translator/core/mapping.py‎`

Lines changed: 8 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -158,17 +158,18 @@ def get_source_mapping(self, source_id: str) -> Optional[SourceMapping]:`
`158`	`158`	`defdefault_mapping(self)->SourceMapping:`
`159`	`159`	`returnself._source_mappings[DEFAULT_MAPPING_NAME]`
`160`	`160`
`161`		`-defcheck_fields_mapping_existence(self,field_tokens:list[Field],source_mapping:SourceMapping)->list[Field]:`
`162`		`-not_mapped= []`
	`161`	`+defcheck_fields_mapping_existence(self,field_tokens:list[Field],source_mapping:SourceMapping)->list[str]:`
	`162`	`+unmapped= []`
`163`	`163`	`forfieldinfield_tokens:`
`164`	`164`	`generic_field_name=field.get_generic_field_name(source_mapping.source_id)`
`165`	`165`	`mapped_field=source_mapping.fields_mapping.get_platform_field_name(generic_field_name=generic_field_name)`
`166`		`-ifnotmapped_field:`
`167`		`-ifself.is_strict_mapping:`
`168`		`-raiseStrictPlatformException(field_name=field.source_name,platform_name=self.details.name)`
`169`		`-not_mapped.append(field)`
	`166`	`+ifnotmapped_fieldandfield.source_namenotinunmapped:`
	`167`	`+unmapped.append(field.source_name)`
`170`	`168`
`171`		`-returnnot_mapped`
	`169`	`+ifself.is_strict_mappingandunmapped:`
	`170`	`+raiseStrictPlatformException(platform_name=self.details.name,fields=unmapped)`
	`171`	`+`
	`172`	`+returnunmapped`
`172`	`173`
`173`	`174`	`@staticmethod`
`174`	`175`	`defmap_field(field:Field,source_mapping:SourceMapping)->list[str]:`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 7 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -207,10 +207,9 @@ def wrap_with_not_supported_functions(self, query: str, not_supported_functions:`
`207`	`207`
`208`	`208`	`returnquery`
`209`	`209`
`210`		`-defwrap_with_unmapped_fields(self,query:str,fields:Optional[list[Field]])->str:`
	`210`	`+defwrap_with_unmapped_fields(self,query:str,fields:Optional[list[str]])->str:`
`211`	`211`	`iffields:`
`212`		`-joined=", ".join(field.source_nameforfieldinfields)`
`213`		`-returnquery+"\n\n"+self.wrap_with_comment(f"{self.unmapped_fields_text}{joined}")`
	`212`	`+returnquery+"\n\n"+self.wrap_with_comment(f"{self.unmapped_fields_text}{', '.join(fields)}")`
`214`	`213`	`returnquery`
`215`	`214`
`216`	`215`	`defwrap_with_comment(self,value:str)->str:`
`@@ -256,7 +255,7 @@ def generate_functions(self, functions: list[Function], source_mapping: SourceMa`
`256`	`255`	`defmap_predefined_field(self,predefined_field:PredefinedField)->str:`
`257`	`256`	`ifnot (mapped_predefined_field_name:=self.predefined_fields_map.get(predefined_field.name)):`
`258`	`257`	`ifself.mappings.is_strict_mapping:`
`259`		`-raiseStrictPlatformException(field_name=predefined_field.name,platform_name=self.details.name)`
	`258`	`+raiseStrictPlatformException(platform_name=self.details.name,fields=[predefined_field.name])`
`260`	`259`
`261`	`260`	`returnpredefined_field.name`
`262`	`261`
`@@ -309,14 +308,9 @@ def apply_token(self, token: QUERY_TOKEN_TYPE, source_mapping: SourceMapping) ->`
`309`	`308`
`310`	`309`	`defgenerate_query(self,tokens:list[QUERY_TOKEN_TYPE],source_mapping:SourceMapping)->str:`
`311`	`310`	`result_values= []`
`312`		`-unmapped_fields=set()`
`313`	`311`	`fortokenintokens:`
`314`		`-try:`
`315`		`-result_values.append(self.apply_token(token=token,source_mapping=source_mapping))`
`316`		`-exceptStrictPlatformExceptionaserr:`
`317`		`-unmapped_fields.add(err.field_name)`
`318`		`-ifunmapped_fields:`
`319`		`-raiseStrictPlatformException(self.details.name,"",source_mapping.source_id,sorted(unmapped_fields))`
	`312`	`+result_values.append(self.apply_token(token=token,source_mapping=source_mapping))`
	`313`	`+`
`320`	`314`	`return"".join(result_values)`
`321`	`315`
`322`	`316`	`defwrap_with_meta_info(self,query:str,meta_info:Optional[MetaInfoContainer])->str:`
`@@ -349,7 +343,7 @@ def finalize_query(`
`349`	`343`	`meta_info:Optional[MetaInfoContainer]=None,`
`350`	`344`	`source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
`351`	`345`	`not_supported_functions:Optional[list]=None,`
`352`		`-unmapped_fields:Optional[list[Field]]=None,`
	`346`	`+unmapped_fields:Optional[list[str]]=None,`
`353`	`347`	`*args,# noqa: ARG002`
`354`	`348`	`**kwargs,# noqa: ARG002`
`355`	`349`	`)->str:`
`@@ -418,7 +412,7 @@ def generate_raw_log_fields(self, fields: list[Field], source_mapping: SourceMap`
`418`	`412`	`generic_field_name=generic_field_name`
`419`	`413`	`)`
`420`	`414`	`ifnotmapped_fieldandself.mappings.is_strict_mapping:`
`421`		`-raiseStrictPlatformException(field_name=field.source_name,platform_name=self.details.name)`
	`415`	`+raiseStrictPlatformException(platform_name=self.details.name,fields=[field.source_name])`
`422`	`416`	`ifprefix_list:=self.process_raw_log_field_prefix(field=mapped_field,source_mapping=source_mapping):`
`423`	`417`	`forprefixinprefix_list:`
`424`	`418`	`ifprefixnotindefined_raw_log_fields:`

`‎uncoder-core/app/translator/platforms/chronicle/renders/chronicle_rule.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@`
`24`	`24`	`fromapp.translator.core.mappingimportSourceMapping`
`25`	`25`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`26`	`26`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`27`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`28`	`27`	`fromapp.translator.managersimportrender_manager`
`29`	`28`	`fromapp.translator.platforms.chronicle.constimportDEFAULT_CHRONICLE_SECURITY_RULE,chronicle_rule_details`
`30`	`29`	`fromapp.translator.platforms.chronicle.mappingimportChronicleMappings,chronicle_rule_mappings`
`@@ -112,7 +111,7 @@ def finalize_query(`
`112`	`111`	`meta_info:Optional[MetaInfoContainer]=None,`
`113`	`112`	`source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
`114`	`113`	`not_supported_functions:Optional[list]=None,# ,`
`115`		`-unmapped_fields:Optional[list[Field]]=None,`
	`114`	`+unmapped_fields:Optional[list[str]]=None,`
`116`	`115`	`*args,# noqa: ARG002`
`117`	`116`	`**kwargs,# noqa: ARG002`
`118`	`117`	`)->str:`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/detection_rule.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@`
`25`	`25`	`fromapp.translator.core.mitreimportMitreConfig`
`26`	`26`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`27`	`27`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`28`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`29`	`28`	`fromapp.translator.managersimportrender_manager`
`30`	`29`	`fromapp.translator.platforms.base.lucene.mappingimportLuceneMappings`
`31`	`30`	`fromapp.translator.platforms.elasticsearch.constimportELASTICSEARCH_DETECTION_RULE,elasticsearch_rule_details`
`@@ -88,7 +87,7 @@ def finalize_query(`
`88`	`87`	`meta_info:Optional[MetaInfoContainer]=None,`
`89`	`88`	`source_mapping:Optional[SourceMapping]=None,`
`90`	`89`	`not_supported_functions:Optional[list]=None,`
`91`		`-unmapped_fields:Optional[list[Field]]=None,`
	`90`	`+unmapped_fields:Optional[list[str]]=None,`
`92`	`91`	`*args,# noqa: ARG002`
`93`	`92`	`**kwargs,# noqa: ARG002`
`94`	`93`	`)->str:`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/elast_alert.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,6 @@`
`23`	`23`	`fromapp.translator.core.mappingimportSourceMapping`
`24`	`24`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`25`	`25`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`26`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`27`	`26`	`fromapp.translator.managersimportrender_manager`
`28`	`27`	`fromapp.translator.platforms.base.lucene.mappingimportLuceneMappings`
`29`	`28`	`fromapp.translator.platforms.elasticsearch.constimportELASTICSEARCH_ALERT,elastalert_details`
`@@ -61,7 +60,7 @@ def finalize_query(`
`61`	`60`	`meta_info:Optional[MetaInfoContainer]=None,`
`62`	`61`	`source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
`63`	`62`	`not_supported_functions:Optional[list]=None,`
`64`		`-unmapped_fields:Optional[list[Field]]=None,`
	`63`	`+unmapped_fields:Optional[list[str]]=None,`
`65`	`64`	`*args,# noqa: ARG002`
`66`	`65`	`**kwargs,# noqa: ARG002`
`67`	`66`	`)->str:`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/kibana.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@`
`24`	`24`	`fromapp.translator.core.mappingimportSourceMapping`
`25`	`25`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`26`	`26`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`27`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`28`	`27`	`fromapp.translator.managersimportrender_manager`
`29`	`28`	`fromapp.translator.platforms.base.lucene.mappingimportLuceneMappings`
`30`	`29`	`fromapp.translator.platforms.elasticsearch.constimportKIBANA_RULE,KIBANA_SEARCH_SOURCE_JSON,kibana_rule_details`
`@@ -57,7 +56,7 @@ def finalize_query(`
`57`	`56`	`meta_info:Optional[MetaInfoContainer]=None,`
`58`	`57`	`source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
`59`	`58`	`not_supported_functions:Optional[list]=None,`
`60`		`-unmapped_fields:Optional[list[Field]]=None,`
	`59`	`+unmapped_fields:Optional[list[str]]=None,`
`61`	`60`	`*args,# noqa: ARG002`
`62`	`61`	`**kwargs,# noqa: ARG002`
`63`	`62`	`)->str:`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/xpack_watcher.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@`
`24`	`24`	`fromapp.translator.core.mappingimportSourceMapping`
`25`	`25`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`26`	`26`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`27`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`28`	`27`	`fromapp.translator.managersimportrender_manager`
`29`	`28`	`fromapp.translator.platforms.base.lucene.mappingimportLuceneMappings`
`30`	`29`	`fromapp.translator.platforms.elasticsearch.constimportXPACK_WATCHER_RULE,xpack_watcher_details`
`@@ -57,7 +56,7 @@ def finalize_query(`
`57`	`56`	`meta_info:Optional[MetaInfoContainer]=None,`
`58`	`57`	`source_mapping:Optional[SourceMapping]=None,`
`59`	`58`	`not_supported_functions:Optional[list]=None,`
`60`		`-unmapped_fields:Optional[list[Field]]=None,`
	`59`	`+unmapped_fields:Optional[list[str]]=None,`
`61`	`60`	`*args,# noqa: ARG002`
`62`	`61`	`**kwargs,# noqa: ARG002`
`63`	`62`	`)->str:`

`‎uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,6 @@`
`26`	`26`	`fromapp.translator.core.mappingimportSourceMapping`
`27`	`27`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`28`	`28`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer,TokenizedQueryContainer`
`29`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`30`	`29`	`fromapp.translator.core.models.query_tokens.field_valueimportFieldValue`
`31`	`30`	`fromapp.translator.core.models.query_tokens.identifierimportIdentifier`
`32`	`31`	`fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender`
`@@ -304,7 +303,7 @@ def finalize_query(`
`304`	`303`	`meta_info:Optional[MetaInfoContainer]=None,`
`305`	`304`	`source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
`306`	`305`	`not_supported_functions:Optional[list]=None,`
`307`		`-unmapped_fields:Optional[list[Field]]=None,`
	`306`	`+unmapped_fields:Optional[list[str]]=None,`
`308`	`307`	`fields:Optional[set[str]]=None,`
`309`	`308`	`*args,# noqa: ARG002`
`310`	`309`	`**kwargs,# noqa: ARG002`

`‎uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@`
`25`	`25`	`fromapp.translator.core.mappingimportSourceMapping`
`26`	`26`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`27`	`27`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer`
`28`		`-fromapp.translator.core.models.query_tokens.fieldimportField`
`29`	`28`	`fromapp.translator.managersimportrender_manager`
`30`	`29`	`fromapp.translator.platforms.logrhythm_axon.constimportDEFAULT_LOGRHYTHM_AXON_RULE,logrhythm_axon_rule_details`
`31`	`30`	`fromapp.translator.platforms.logrhythm_axon.escape_managerimportlogrhythm_rule_escape_manager`
`@@ -66,7 +65,7 @@ def finalize_query(`
`66`	`65`	`meta_info:Optional[MetaInfoContainer]=None,`
`67`	`66`	`source_mapping:Optional[SourceMapping]=None,`
`68`	`67`	`not_supported_functions:Optional[list]=None,`
`69`		`-unmapped_fields:Optional[list[Field]]=None,`
	`68`	`+unmapped_fields:Optional[list[str]]=None,`
`70`	`69`	`*args,# noqa: ARG002`
`71`	`70`	`**kwargs,# noqa: ARG002`
`72`	`71`	`)->str:`

0 commit comments

Comments

(0)

[8]ページ先頭

©2009-2025 Movatter.jp