diff options
| author | wangkuan <[email protected]> | 2024-01-26 11:21:14 +0800 |
|---|---|---|
| committer | wangkuan <[email protected]> | 2024-01-26 11:21:14 +0800 |
| commit | 2b0f887ca8e3c4f31aa3e90d6372004de87a3531 (patch) | |
| tree | 464ec55ce29949305be791fdeaef4f0bbc084311 /groot-bootstrap | |
| parent | 6f80c22012d6b30836fbdbfa90e0e8149872a41d (diff) | |
[feature][core]重新定义Base64 Decode函数,单元测试适配变化
Diffstat (limited to 'groot-bootstrap')
| -rw-r--r-- | groot-bootstrap/src/main/resources/grootstream_job_test.yaml | 26 | ||||
| -rw-r--r-- | groot-bootstrap/src/test/java/com/geedgenetworks/bootstrap/main/simple/SimpleJobTest.java | 8 |
2 files changed, 23 insertions, 11 deletions
diff --git a/groot-bootstrap/src/main/resources/grootstream_job_test.yaml b/groot-bootstrap/src/main/resources/grootstream_job_test.yaml index 2120abc..45c8f56 100644 --- a/groot-bootstrap/src/main/resources/grootstream_job_test.yaml +++ b/groot-bootstrap/src/main/resources/grootstream_job_test.yaml @@ -5,12 +5,11 @@ sources: type : inline fields: # [array of object] Field List, if not set, all fields(Map<String, Object>) will be output. properties: - data: '[{"packet_capture_file":"test","ssl_sni":"www.google.com","decoded_as":"BASE","ssl_san":"www.google.com","__timestamp":1705568517095,"client_ip":"192.168.0.1","server_ip":"2600:1015:b002::"},{"decoded_as":"HTTP","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"},{"decoded_as":"DNS","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"},{"decoded_as":"SSL","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"}]' + data: '[{"mail_attachment_name_charset":"GBK","mail_attachment_name":"aGVsbG8=","packet_capture_file":"test","ssl_sni":"www.google.com","decoded_as":"BASE","ssl_san":"www.google.com","__timestamp":1705568517095,"client_ip":"255.255.255.255","server_ip":"2600:1015:b002::"},{"decoded_as":"HTTP","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"},{"decoded_as":"DNS","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"},{"decoded_as":"SSL","log_id": 1, "recv_time":"111", "client_ip":"192.168.0.2","server_ip":"2600:1015:b002::"}]' interval.per.row: 1s # 可选 repeat.count: 1 # 可选 format: json json.ignore.parse.errors: false - filters: schema_type_filter: type: com.geedgenetworks.core.filter.AviatorFilter @@ -47,15 +46,30 @@ processing_pipelines: lookup_fields: [ '' ] output_fields: [ '' ] filter: event.decoded_as == 'SSL' + - function: BASE64_DECODE_TO_STRING + output_fields: [mail_attachment_name] + parameters: + value_field: mail_attachment_name + charset_field: mail_attachment_name_charset + - function: GEOIP_LOOKUP - lookup_fields: [ server_ip ] - output_fields: [] + lookup_fields: [ client_ip ] + output_fields: [ ] parameters: kb_name: tsg_ip_location option: IP_TO_OBJECT geolocation_field_mapping: COUNTRY: client_country_region PROVINCE: client_super_admin_area + - function: GEOIP_LOOKUP + lookup_fields: [ server_ip ] + output_fields: [] + parameters: + kb_name: tsg_ip_location + option: IP_TO_OBJECT + geolocation_field_mapping: + COUNTRY: server_country_region + PROVINCE: server_super_admin_area - function: ASN_LOOKUP lookup_fields: [ server_ip ] output_fields: [ server_asn ] @@ -93,10 +107,6 @@ processing_pipelines: parameters: option: FIRST_SIGNIFICANT_SUBDOMAIN - - function: BASE64_DECODE_TO_STRING - lookup_fields: [ mail_subject,mail_subject_charset ] - output_fields: [ mail_subject ] - - function: PATH_COMBINE lookup_fields: [ packet_capture_file ] output_fields: [ packet_capture_file ] diff --git a/groot-bootstrap/src/test/java/com/geedgenetworks/bootstrap/main/simple/SimpleJobTest.java b/groot-bootstrap/src/test/java/com/geedgenetworks/bootstrap/main/simple/SimpleJobTest.java index eecf01d..31e53f9 100644 --- a/groot-bootstrap/src/test/java/com/geedgenetworks/bootstrap/main/simple/SimpleJobTest.java +++ b/groot-bootstrap/src/test/java/com/geedgenetworks/bootstrap/main/simple/SimpleJobTest.java @@ -76,11 +76,13 @@ public class SimpleJobTest { assertTrue(1000000000 < Integer.parseInt(CollectSink.values.get(0).getExtractedFields().get("recv_time").toString())); assertTrue(1000000000 < Integer.parseInt(CollectSink.values.get(0).getExtractedFields().get("processing_time").toString())); assertTrue(0 != Long.parseLong(CollectSink.values.get(0).getExtractedFields().get("log_id").toString())); - Assert.assertEquals("印第安纳州", CollectSink.values.get(0).getExtractedFields().get("client_super_admin_area").toString()); + Assert.assertEquals("印第安纳州", CollectSink.values.get(0).getExtractedFields().get("server_super_admin_area").toString()); Assert.assertEquals("6167", CollectSink.values.get(0).getExtractedFields().get("server_asn").toString()); - Assert.assertEquals("美国", CollectSink.values.get(0).getExtractedFields().get("client_country_region").toString()); + Assert.assertEquals("美国", CollectSink.values.get(0).getExtractedFields().get("server_country_region").toString()); + Assert.assertTrue(!CollectSink.values.get(0).getExtractedFields().containsKey("client_country_region")); Assert.assertEquals("http://192.168.44.12:8089/traffic_file_bucket/test", CollectSink.values.get(0).getExtractedFields().get("packet_capture_file").toString()); - Assert.assertEquals("[2600:1015:b002::,192.168.0.1]", CollectSink.values.get(0).getExtractedFields().get("ip_string").toString()); + Assert.assertEquals("[2600:1015:b002::,255.255.255.255]", CollectSink.values.get(0).getExtractedFields().get("ip_string").toString()); + Assert.assertEquals("hello", CollectSink.values.get(0).getExtractedFields().get("mail_attachment_name").toString()); List<String> asn_list = (List<String>) CollectSink.values.get(0).getExtractedFields().get("asn_list"); Assert.assertEquals("6167", asn_list.get(1)); |