NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commitfd38f39

committed

gis-8971 fixes

1 parentf1fb03b commitfd38f39Copy full SHA for fd38f39

File tree

8 files changed

+35

-42

lines changed

uncoder-core/app/translator
- core
  - mixins
    - tokens.py
  - render.py
- platforms
  - arcsight
    - const.py
    - escape_manager.py
    - mapping.py
    - renders
      - arcsight.py
      - arcsight_cti.py
  - elasticsearch/renders
    - elasticsearch_eql.py

8 files changed

+35

-42

lines changed

`‎uncoder-core/app/translator/core/mixins/tokens.py‎`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,17 @@`
	`1`	`+fromapp.translator.core.custom_types.tokensimportLogicalOperatorType,OperatorType`
	`2`	`+fromapp.translator.core.mappingimportSourceMapping`
	`3`	`+fromapp.translator.core.models.query_tokens.field_valueimportFieldValue`
	`4`	`+fromapp.translator.core.models.query_tokens.identifierimportIdentifier`
	`5`	`+`
	`6`	`+`
	`7`	`+classExtraConditionMixin:`
	`8`	`+defgenerate_extra_conditions(self,source_mapping:SourceMapping)->list:`
	`9`	`+extra_tokens= []`
	`10`	`+forfield,valueinsource_mapping.conditions.items():`
	`11`	`+extra_tokens.extend(`
	`12`	`+ [`
	`13`	`+FieldValue(source_name=field,operator=Identifier(token_type=OperatorType.EQ),value=value),`
	`14`	`+Identifier(token_type=LogicalOperatorType.AND),`
	`15`	`+ ]`
	`16`	`+ )`
	`17`	`+returnextra_tokens`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 4 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -403,8 +403,8 @@ def process_raw_log_field_prefix(self, field: str, source_mapping: SourceMapping`
`403`	`403`	`ifraw_log_field_type:=source_mapping.raw_log_fields.get(field):`
`404`	`404`	`return [self.process_raw_log_field(field=field,field_type=raw_log_field_type)]`
`405`	`405`
`406`		`-defgenerate_extra_conditions(self,source_mapping:SourceMapping,tokens:list)->list:# noqa: ARG002`
`407`		`-returntokens`
	`406`	`+defgenerate_extra_conditions(self,source_mapping:SourceMapping)->list:# noqa: ARG002`
	`407`	`+return[]`
`408`	`408`
`409`	`409`	`defgenerate_raw_log_fields(self,fields:list[Field],source_mapping:SourceMapping)->str:`
`410`	`410`	`ifnotself.raw_log_field_patterns_map:`
`@@ -446,9 +446,8 @@ def _generate_from_tokenized_query_container_by_source_mapping(`
`446`	`446`	`)`
`447`	`447`	`prefix+=f"\n{defined_raw_log_fields}"`
`448`	`448`	`ifsource_mapping.conditions:`
`449`		`-query_container.tokens=self.generate_extra_conditions(`
`450`		`-source_mapping=source_mapping,tokens=query_container.tokens`
`451`		`- )`
	`449`	`+extra_tokens=self.generate_extra_conditions(source_mapping=source_mapping)`
	`450`	`+query_container.tokens= [extra_tokens,query_container.tokens]`
`452`	`451`	`query=self.generate_query(tokens=query_container.tokens,source_mapping=source_mapping)`
`453`	`452`	`not_supported_functions=query_container.functions.not_supported+rendered_functions.not_supported`
`454`	`453`	`returnself.finalize_query(`

`‎uncoder-core/app/translator/platforms/arcsight/const.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,4 @@`
`9`	`9`	`"alt_platform_name":"CEF",`
`10`	`10`	`}`
`11`	`11`
`12`		`-arcsight_query_details=PlatformDetails(**ARCSIGHT_QUERY_DETAILS)`
	`12`	`+arcsight_query_details=PlatformDetails(**ARCSIGHT_QUERY_DETAILS)`

`‎uncoder-core/app/translator/platforms/arcsight/escape_manager.py‎`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,9 +7,7 @@`
`7`	`7`
`8`	`8`	`classArcSightEscapeManager(EscapeManager):`
`9`	`9`	`escape_map:ClassVar[dict[str,list[EscapeDetails]]]= {`
`10`		`-ValueType.value: [`
`11`		`-EscapeDetails(pattern='(["\\()])',escape_symbols="\\\\\g<1>")`
`12`		`- ],`
	`10`	`+ValueType.value: [EscapeDetails(pattern='(["\\()])',escape_symbols="\\\\\g<1>")]`
`13`	`11`	`}`
`14`	`12`
`15`	`13`

`‎uncoder-core/app/translator/platforms/arcsight/mapping.py‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`		`-fromapp.translator.core.mappingimportLogSourceSignature, \`
`2`		`-BaseStrictLogSourcesPlatformMappings`
	`1`	`+fromapp.translator.core.mappingimportBaseStrictLogSourcesPlatformMappings,LogSourceSignature`
`3`	`2`	`fromapp.translator.platforms.arcsight.constimportarcsight_query_details`
`4`	`3`
`5`	`4`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight.py‎`

Lines changed: 6 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,17 +1,15 @@`
`1`	`1`	`fromtypingimportOptional,Union`
`2`	`2`
`3`	`3`	`fromapp.translator.constimportDEFAULT_VALUE_TYPE`
`4`		`-fromapp.translator.core.custom_types.tokensimportOperatorType,LogicalOperatorType`
`5`	`4`	`fromapp.translator.core.custom_types.valuesimportValueType`
`6`		`-fromapp.translator.core.mappingimportLogSourceSignature,SourceMapping`
	`5`	`+fromapp.translator.core.mappingimportLogSourceSignature`
	`6`	`+fromapp.translator.core.mixins.tokensimportExtraConditionMixin`
`7`	`7`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`8`		`-fromapp.translator.core.models.query_tokens.field_valueimportFieldValue`
`9`		`-fromapp.translator.core.models.query_tokens.identifierimportIdentifier`
`10`	`8`	`fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender`
`11`		`-fromapp.translator.core.str_value_managerimportStrValueManager,StrValue`
	`9`	`+fromapp.translator.core.str_value_managerimportStrValue,StrValueManager`
`12`	`10`	`fromapp.translator.managersimportrender_manager`
`13`	`11`	`fromapp.translator.platforms.arcsight.constimportarcsight_query_details`
`14`		`-fromapp.translator.platforms.arcsight.mappingimportarcsight_query_mappings,ArcSightMappings`
	`12`	`+fromapp.translator.platforms.arcsight.mappingimportArcSightMappings,arcsight_query_mappings`
`15`	`13`	`fromapp.translator.platforms.arcsight.str_value_managerimportarcsight_str_value_manager`
`16`	`14`
`17`	`15`
`@@ -85,8 +83,9 @@ def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:`
`85`	`83`	`value=self._wrap_str_value(value)`
`86`	`84`	`returnf"{field} CONTAINS{value}"`
`87`	`85`
	`86`	`+`
`88`	`87`	`@render_manager.register`
`89`		`-classArcSightQueryRender(PlatformQueryRender):`
	`88`	`+classArcSightQueryRender(ExtraConditionMixin,PlatformQueryRender):`
`90`	`89`	`details:PlatformDetails=arcsight_query_details`
`91`	`90`	`mappings:ArcSightMappings=arcsight_query_mappings`
`92`	`91`
`@@ -100,12 +99,3 @@ class ArcSightQueryRender(PlatformQueryRender):`
`100`	`99`
`101`	`100`	`defgenerate_prefix(self,log_source_signature:Optional[LogSourceSignature],functions_prefix:str="")->str:# noqa: ARG002`
`102`	`101`	`return""`
`103`		`-`
`104`		`-defgenerate_extra_conditions(self,source_mapping:SourceMapping,tokens:list)->list:`
`105`		`-extra_tokens= []`
`106`		`-forfield,valueinsource_mapping.conditions.items():`
`107`		`-extra_tokens.extend([`
`108`		`-FieldValue(source_name=field,operator=Identifier(token_type=OperatorType.EQ),value=value),`
`109`		`-Identifier(token_type=LogicalOperatorType.AND)`
`110`		`- ])`
`111`		`-return [extra_tokens,tokens]`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`2`	`2`	`fromapp.translator.core.render_ctiimportRenderCTI`
`3`	`3`	`fromapp.translator.managersimportrender_cti_manager`
`4`		`-fromapp.translator.platforms.arcsight.constimportARCSIGHT_QUERY_DETAILS,arcsight_query_details`
	`4`	`+fromapp.translator.platforms.arcsight.constimportarcsight_query_details`
`5`	`5`	`fromapp.translator.platforms.arcsight.mappings.arcsight_ctiimportDEFAULT_ARCSIGHT_MAPPING`
`6`	`6`
`7`	`7`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py‎`

Lines changed: 4 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,11 @@`
`2`	`2`
`3`	`3`	`fromapp.translator.constimportDEFAULT_VALUE_TYPE`
`4`	`4`	`fromapp.translator.core.constimportQUERY_TOKEN_TYPE`
`5`		`-fromapp.translator.core.custom_types.tokensimportGroupType,LogicalOperatorType,OperatorType`
	`5`	`+fromapp.translator.core.custom_types.tokensimportGroupType`
`6`	`6`	`fromapp.translator.core.custom_types.valuesimportValueType`
`7`		`-fromapp.translator.core.mappingimportLogSourceSignature,SourceMapping`
	`7`	`+fromapp.translator.core.mappingimportLogSourceSignature`
	`8`	`+fromapp.translator.core.mixins.tokensimportExtraConditionMixin`
`8`	`9`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`9`		`-fromapp.translator.core.models.query_tokens.field_valueimportFieldValue`
`10`	`10`	`fromapp.translator.core.models.query_tokens.identifierimportIdentifier`
`11`	`11`	`fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender`
`12`	`12`	`fromapp.translator.core.str_value_managerimportStrValueManager`
`@@ -119,7 +119,7 @@ def is_not_none(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: AR`
`119`	`119`
`120`	`120`
`121`	`121`	`@render_manager.register`
`122`		`-classElasticSearchEQLQueryRender(PlatformQueryRender):`
	`122`	`+classElasticSearchEQLQueryRender(ExtraConditionMixin,PlatformQueryRender):`
`123`	`123`	`details:PlatformDetails=elastic_eql_query_details`
`124`	`124`	`mappings:LuceneMappings=elastic_eql_query_mappings`
`125`	`125`	`or_token="or"`
`@@ -133,13 +133,3 @@ def generate_prefix(self, log_source_signature: Optional[LogSourceSignature], fu`
`133`	`133`
`134`	`134`	`defin_brackets(self,raw_list:list[QUERY_TOKEN_TYPE])->list[QUERY_TOKEN_TYPE]:`
`135`	`135`	`return [Identifier(token_type=GroupType.L_PAREN),*raw_list,Identifier(token_type=GroupType.R_PAREN)]`
`136`		`-`
`137`		`-defgenerate_extra_conditions(self,source_mapping:SourceMapping,tokens:list)->list:`
`138`		`-forfield,valueinsource_mapping.conditions.items():`
`139`		`-tokens=self.in_brackets(tokens)`
`140`		`-extra_tokens= [`
`141`		`-FieldValue(source_name=field,operator=Identifier(token_type=OperatorType.EQ),value=value),`
`142`		`-Identifier(token_type=LogicalOperatorType.AND),`
`143`		`- ]`
`144`		`-tokens=self.in_brackets([extra_tokens,tokens])`
`145`		`-returntokens`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfd38f39

File tree

8 files changed

8 files changed

`‎uncoder-core/app/translator/core/mixins/tokens.py‎`

`‎uncoder-core/app/translator/core/render.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/const.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/escape_manager.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/mapping.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py‎`

0 commit comments