Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit66fcaa7

Browse files
committed
add alt mapping to microsoft_sentinel parser
1 parente4602e0 commit66fcaa7

File tree

4 files changed

+66
-9
lines changed

4 files changed

+66
-9
lines changed

‎uncoder-core/app/translator/core/mapping.py‎

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,28 @@ def get_source_mappings_by_fields_and_log_sources(
186186

187187
returnby_log_sources_and_fieldsorby_fieldsor [self._source_mappings[DEFAULT_MAPPING_NAME]]
188188

189+
defget_alt_source_mappings_by_fields_and_log_sources(
190+
self,field_names:list[str],log_sources:dict[str,list[Union[int,str]]],alt_mapping:str
191+
)->list[SourceMapping]:
192+
by_log_sources_and_fields= []
193+
by_fields= []
194+
forsource_mappinginself._alternative_mappings.get(alt_mapping).values():
195+
ifsource_mapping.source_id==DEFAULT_MAPPING_NAME:
196+
continue
197+
198+
ifsource_mapping.fields_mapping.is_suitable(field_names):
199+
by_fields.append(source_mapping)
200+
201+
log_source_signature:LogSourceSignature=source_mapping.log_source_signature
202+
iflog_source_signatureandlog_source_signature.is_suitable(**log_sources):
203+
by_log_sources_and_fields.append(source_mapping)
204+
205+
return (
206+
by_log_sources_and_fields
207+
orby_fields
208+
or [self._alternative_mappings.get(alt_mapping)[DEFAULT_MAPPING_NAME]]
209+
)
210+
189211
defget_source_mapping(self,source_id:str)->Optional[SourceMapping]:
190212
returnself._source_mappings.get(source_id)
191213

‎uncoder-core/app/translator/core/parser.py‎

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
fromapp.translator.core.exceptions.parserimportTokenizerGeneralException
2525
fromapp.translator.core.functionsimportPlatformFunctions
2626
fromapp.translator.core.mappingimportBasePlatformMappings,SourceMapping
27-
fromapp.translator.core.models.functions.baseimportFunction
27+
fromapp.translator.core.models.functions.baseimportFunction,ParsedFunctions
2828
fromapp.translator.core.models.platform_detailsimportPlatformDetails
2929
fromapp.translator.core.models.query_containerimportRawQueryContainer,TokenizedQueryContainer
3030
fromapp.translator.core.models.query_tokens.fieldimportField
@@ -51,6 +51,9 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
5151
defparse(self,raw_query_container:RawQueryContainer)->TokenizedQueryContainer:
5252
raiseNotImplementedError("Abstract method")
5353

54+
def_parse_query(self,query:str)->tuple[str,dict[str,Union[list[str],list[int]]],Optional[ParsedFunctions]]:
55+
raiseNotImplementedError("Abstract method")
56+
5457

5558
classPlatformQueryParser(QueryParser,ABC):
5659
mappings:BasePlatformMappings=None
@@ -80,11 +83,24 @@ def get_field_tokens(
8083
returnquery_field_tokens,function_field_tokens,function_field_tokens_map
8184

8285
defget_source_mappings(
83-
self,field_tokens:list[Field],log_sources:dict[str,list[Union[int,str]]]
86+
self,
87+
field_tokens:list[Field],
88+
log_sources:dict[str,list[Union[int,str]]],
89+
alt_mapping:Optional[str]=None,
8490
)->list[SourceMapping]:
8591
field_names= [field.source_nameforfieldinfield_tokens]
86-
source_mappings=self.mappings.get_source_mappings_by_fields_and_log_sources(
87-
field_names=field_names,log_sources=log_sources
88-
)
92+
ifalt_mapping:
93+
source_mappings=self.mappings.get_alt_source_mappings_by_fields_and_log_sources(
94+
field_names=field_names,log_sources=log_sources,alt_mapping=alt_mapping
95+
)
96+
else:
97+
source_mappings=self.mappings.get_source_mappings_by_fields_and_log_sources(
98+
field_names=field_names,log_sources=log_sources
99+
)
89100
self.tokenizer.set_field_tokens_generic_names_map(field_tokens,source_mappings,self.mappings.default_mapping)
90101
returnsource_mappings
102+
103+
defget_source_mapping_ids_by_logsources(self,query:str)->Optional[list[str]]:
104+
_,parsed_logsources,_=self._parse_query(query=query)
105+
ifparsed_logsources:
106+
returnself.mappings.get_source_mappings_by_log_sources(parsed_logsources)

‎uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py‎

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
-----------------------------------------------------------------
1717
"""
1818

19+
fromtypingimportOptional,Union
1920

2021
fromapp.translator.core.models.functions.baseimportParsedFunctions
2122
fromapp.translator.core.models.platform_detailsimportPlatformDetails
@@ -37,7 +38,7 @@ class MicrosoftSentinelQueryParser(PlatformQueryParser):
3738

3839
wrapped_with_comment_pattern=r"^\s*//.*(?:\n|$)"
3940

40-
def_parse_query(self,query:str)->tuple[str,dict[str,list[str]],ParsedFunctions]:
41+
def_parse_query(self,query:str)->tuple[str,dict[str,Union[list[str],list[int]]],Optional[ParsedFunctions]]:
4142
table,query,functions=self.platform_functions.parse(query)
4243
log_sources= {"table": [table]}
4344
returnquery,log_sources,functions
@@ -48,7 +49,11 @@ def parse(self, raw_query_container: RawQueryContainer) -> TokenizedQueryContain
4849
query_field_tokens,function_field_tokens,function_field_tokens_map=self.get_field_tokens(
4950
query_tokens,functions.functions
5051
)
51-
source_mappings=self.get_source_mappings(query_field_tokens+function_field_tokens,log_sources)
52+
source_mappings=self.get_source_mappings(
53+
field_tokens=query_field_tokens+function_field_tokens,
54+
log_sources=log_sources,
55+
alt_mapping=raw_query_container.meta_info.source_alt_mapping
56+
)
5257
meta_info=raw_query_container.meta_info
5358
meta_info.query_fields=query_field_tokens
5459
meta_info.function_fields=function_field_tokens

‎uncoder-core/app/translator/translator.py‎

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,11 @@ def __translate_one(
105105
target_alt_mapping:Optional[str]=None,
106106
)-> (bool,str):
107107
status,parsed_data=self.__parse_incoming_data(
108-
text=text,source=source,target=target,source_alt_mapping=source_alt_mapping,target_alt_mapping=target_alt_mapping
108+
text=text,
109+
source=source,
110+
target=target,
111+
source_alt_mapping=source_alt_mapping,
112+
target_alt_mapping=target_alt_mapping,
109113
)
110114
ifnotstatus:
111115
returnstatus,parsed_data
@@ -149,9 +153,19 @@ def translate_one(
149153
target_alt_mapping:Optional[str]=None,
150154
)-> (bool,str):
151155
ifsource==target:
156+
iftarget_alt_mappingorsource_alt_mapping:
157+
message= (
158+
"Currently, Uncoder doesn't support translation between "
159+
"non-default data schemas of the same platform."
160+
)
161+
returnFalse,message
152162
returnTrue,text
153163
returnself.__translate_one(
154-
text=text,source=source,target=target,source_alt_mapping=source_alt_mapping,target_alt_mapping=target_alt_mapping
164+
text=text,
165+
source=source,
166+
target=target,
167+
source_alt_mapping=source_alt_mapping,
168+
target_alt_mapping=target_alt_mapping,
155169
)
156170

157171
deftranslate_all(self,text:str,source:str)->list[dict]:

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp