NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commitfd35d58

committed

gis-8882 fix elastic eql regex modifier

1 parent416f5ca commitfd35d58Copy full SHA for fd35d58

File tree

1 file changed

+174

-0

lines changed

uncoder-core/app/translator/platforms/elasticsearch/renders
- elasticsearch_eql.py

1 file changed

+174

-0

lines changed

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py‎`

Lines changed: 174 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,174 @@`
	`1`	`+fromtypingimportOptional,Union`
	`2`	`+`
	`3`	`+fromapp.translator.constimportDEFAULT_VALUE_TYPE`
	`4`	`+fromapp.translator.core.constimportQUERY_TOKEN_TYPE`
	`5`	`+fromapp.translator.core.custom_types.tokensimportGroupType,LogicalOperatorType,OperatorType`
	`6`	`+fromapp.translator.core.custom_types.valuesimportValueType`
	`7`	`+fromapp.translator.core.mappingimportLogSourceSignature,SourceMapping`
	`8`	`+fromapp.translator.core.models.platform_detailsimportPlatformDetails`
	`9`	`+fromapp.translator.core.models.query_containerimportTokenizedQueryContainer`
	`10`	`+fromapp.translator.core.models.query_tokens.field_valueimportFieldValue`
	`11`	`+fromapp.translator.core.models.query_tokens.identifierimportIdentifier`
	`12`	`+fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender`
	`13`	`+fromapp.translator.core.str_value_managerimportStrValueManager`
	`14`	`+fromapp.translator.managersimportrender_manager`
	`15`	`+fromapp.translator.platforms.base.lucene.mappingimportLuceneMappings`
	`16`	`+fromapp.translator.platforms.elasticsearch.constimportelastic_eql_query_details`
	`17`	`+fromapp.translator.platforms.elasticsearch.mappingimportelastic_eql_query_mappings`
	`18`	`+fromapp.translator.platforms.elasticsearch.str_value_managerimporteql_str_value_manager`
	`19`	`+`
	`20`	`+`
	`21`	`+classElasticSearchEQLFieldValue(BaseFieldValueRender):`
	`22`	`+details:PlatformDetails=elastic_eql_query_details`
	`23`	`+str_value_manager:StrValueManager=eql_str_value_manager`
	`24`	`+list_token=", "`
	`25`	`+`
	`26`	`+@staticmethod`
	`27`	`+def_wrap_str_value(value:str)->str:`
	`28`	`+returnf'"{value}"'`
	`29`	`+`
	`30`	`+@staticmethod`
	`31`	`+def_wrap_int_value(value:int)->str:`
	`32`	`+returnf'"{value}"'`
	`33`	`+`
	`34`	`+defapply_field(self,field:str)->str:`
	`35`	`+iffield.count("-")>0orfield.count(" ")>0orfield[0].isdigit():`
	`36`	+returnf"`{field}`"
	`37`	`+iffield.endswith(".text"):`
	`38`	`+returnfield[:-5]`
	`39`	`+returnfield`
	`40`	`+`
	`41`	`+defequal_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`42`	`+ifisinstance(value,list):`
	`43`	`+values=self.list_token.join(`
	`44`	`+self._pre_process_value(field,v,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`45`	`+forvinvalue`
	`46`	`+ )`
	`47`	`+returnf"{self.apply_field(field)} : ({values})"`
	`48`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`49`	`+returnf"{self.apply_field(field)} :{value}"`
	`50`	`+`
	`51`	`+defless_modifier(self,field:str,value:Union[int,str])->str:`
	`52`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`53`	`+returnf"{self.apply_field(field)} <{value}"`
	`54`	`+`
	`55`	`+defless_or_equal_modifier(self,field:str,value:Union[int,str])->str:`
	`56`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`57`	`+returnf"{self.apply_field(field)} <={value}"`
	`58`	`+`
	`59`	`+defgreater_modifier(self,field:str,value:Union[int,str])->str:`
	`60`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`61`	`+returnf"{self.apply_field(field)} >{value}"`
	`62`	`+`
	`63`	`+defgreater_or_equal_modifier(self,field:str,value:Union[int,str])->str:`
	`64`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`65`	`+returnf"{self.apply_field(field)} >={value}"`
	`66`	`+`
	`67`	`+defnot_equal_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`68`	`+ifisinstance(value,list):`
	`69`	`+values=self.list_token.join(`
	`70`	`+self._pre_process_value(field,v,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`71`	`+forvinvalue`
	`72`	`+ )`
	`73`	`+returnf"{self.apply_field(field)} != ({values})"`
	`74`	`+value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)`
	`75`	`+returnf"{self.apply_field(field)} !={value}"`
	`76`	`+`
	`77`	`+defcontains_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`78`	`+ifisinstance(value,list):`
	`79`	`+values=self.list_token.join(`
	`80`	`+f'"{self._pre_process_value(field,v,value_type=ValueType.value)}"'forvinvalue`
	`81`	`+ )`
	`82`	`+returnf"{self.apply_field(field)} : ({values})"`
	`83`	`+value=self._pre_process_value(field,value,value_type=ValueType.value)`
	`84`	`+returnf'{self.apply_field(field)} : "{value}"'`
	`85`	`+`
	`86`	`+defendswith_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`87`	`+ifisinstance(value,list):`
	`88`	`+values=self.list_token.join(`
	`89`	`+f'"*{self._pre_process_value(field,v,value_type=ValueType.value)}"'forvinvalue`
	`90`	`+ )`
	`91`	`+returnf"{self.apply_field(field)} : ({values})"`
	`92`	`+value=self._pre_process_value(field,value,value_type=ValueType.value)`
	`93`	`+returnf'{self.apply_field(field)} : "*{value}"'`
	`94`	`+`
	`95`	`+defstartswith_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`96`	`+ifisinstance(value,list):`
	`97`	`+values=self.list_token.join(`
	`98`	`+f'"{self._pre_process_value(field,v,value_type=ValueType.value)}*"'forvinvalue`
	`99`	`+ )`
	`100`	`+returnf"{self.apply_field(field)} : ({values})"`
	`101`	`+value=self._pre_process_value(field,value,value_type=ValueType.value)`
	`102`	`+returnf'{self.apply_field(field)} : "{value}*"'`
	`103`	`+`
	`104`	`+defregex_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`105`	`+ifisinstance(value,list):`
	`106`	`+returnf"({self.or_token.join(self.regex_modifier(field=field,value=v)forvinvalue)})"`
	`107`	`+value=self._pre_process_value(field,value,value_type=ValueType.regex_value,wrap_int=True)`
	`108`	`+returnf'{self.apply_field(field)} regex~ "{value}.?"'`
	`109`	`+`
	`110`	`+defkeywords(self,field:str,value:DEFAULT_VALUE_TYPE)->str:`
	`111`	`+ifisinstance(value,list):`
	`112`	`+returnf"({self.or_token.join(self.keywords(field=field,value=v)forvinvalue)})"`
	`113`	`+returnself._pre_process_value(field,value,wrap_str=True)`
	`114`	`+`
	`115`	`+defis_none(self,field:str,value:DEFAULT_VALUE_TYPE)->str:# noqa: ARG002`
	`116`	`+returnf"{self.apply_field(field)} == null"`
	`117`	`+`
	`118`	`+defis_not_none(self,field:str,value:DEFAULT_VALUE_TYPE)->str:# noqa: ARG002`
	`119`	`+returnf"{self.apply_field(field)} != null"`
	`120`	`+`
	`121`	`+`
	`122`	`+@render_manager.register`
	`123`	`+classElasticSearchEQLQueryRender(PlatformQueryRender):`
	`124`	`+details:PlatformDetails=elastic_eql_query_details`
	`125`	`+mappings:LuceneMappings=elastic_eql_query_mappings`
	`126`	`+or_token="or"`
	`127`	`+and_token="and"`
	`128`	`+not_token="not"`
	`129`	`+comment_symbol="//"`
	`130`	`+field_value_render=ElasticSearchEQLFieldValue(or_token=or_token)`
	`131`	`+`
	`132`	`+defgenerate_prefix(self,log_source_signature:Optional[LogSourceSignature],functions_prefix:str="")->str:# noqa: ARG002`
	`133`	`+return"any where "`
	`134`	`+`
	`135`	`+defin_brackets(self,raw_list:list[QUERY_TOKEN_TYPE])->list[QUERY_TOKEN_TYPE]:`
	`136`	`+return [Identifier(token_type=GroupType.L_PAREN),*raw_list,Identifier(token_type=GroupType.R_PAREN)]`
	`137`	`+`
	`138`	`+def_generate_from_tokenized_query_container_by_source_mapping(`
	`139`	`+self,query_container:TokenizedQueryContainer,source_mapping:SourceMapping`
	`140`	`+ )->str:`
	`141`	`+unmapped_fields=self.mappings.check_fields_mapping_existence(`
	`142`	`+query_container.meta_info.query_fields,`
	`143`	`+query_container.meta_info.function_fields_map,`
	`144`	`+self.platform_functions.manager.supported_render_names,`
	`145`	`+source_mapping,`
	`146`	`+ )`
	`147`	`+rendered_functions=self.generate_functions(query_container.functions.functions,source_mapping)`
	`148`	`+prefix=self.generate_prefix(source_mapping.log_source_signature,rendered_functions.rendered_prefix)`
	`149`	`+`
	`150`	`+ifsource_mapping.raw_log_fields:`
	`151`	`+defined_raw_log_fields=self.generate_raw_log_fields(`
	`152`	`+fields=query_container.meta_info.query_fields+query_container.meta_info.function_fields,`
	`153`	`+source_mapping=source_mapping,`
	`154`	`+ )`
	`155`	`+prefix+=f"\n{defined_raw_log_fields}"`
	`156`	`+ifsource_mapping.conditions:`
	`157`	`+forfield,valueinsource_mapping.conditions.items():`
	`158`	`+tokens=self.in_brackets(query_container.tokens)`
	`159`	`+extra_tokens= [`
	`160`	`+FieldValue(source_name=field,operator=Identifier(token_type=OperatorType.EQ),value=value),`
	`161`	`+Identifier(token_type=LogicalOperatorType.AND),`
	`162`	`+ ]`
	`163`	`+query_container.tokens=self.in_brackets([extra_tokens,tokens])`
	`164`	`+query=self.generate_query(tokens=query_container.tokens,source_mapping=source_mapping)`
	`165`	`+not_supported_functions=query_container.functions.not_supported+rendered_functions.not_supported`
	`166`	`+returnself.finalize_query(`
	`167`	`+prefix=prefix,`
	`168`	`+query=query,`
	`169`	`+functions=rendered_functions.rendered,`
	`170`	`+not_supported_functions=not_supported_functions,`
	`171`	`+unmapped_fields=unmapped_fields,`
	`172`	`+meta_info=query_container.meta_info,`
	`173`	`+source_mapping=source_mapping,`
	`174`	`+ )`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfd35d58

File tree

1 file changed

1 file changed

`‎uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_eql.py‎`

0 commit comments