Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-9329 - Expose event validation in ParseCEF processor (#5477)

This commit is contained in:
Pierre Villard 2021-10-25 16:37:39 +04:00 committed by GitHub
parent 5766d33fce
commit 8fe7f372d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ParseCEF.java
View File

@ -144,6 +144,19 @@ public class ParseCEF extends AbstractProcessor {
.addValidator(StandardValidators.BOOLEAN_VALIDATOR)
.required(true)
.defaultValue("false")
.allowableValues("true", "false")
.build();
public static final PropertyDescriptor VALIDATE_DATA = new PropertyDescriptor.Builder()
.name("VALIDATE_DATA")
.displayName("Validate the CEF event")
.description("If set to true, the event will be validated against the CEF standard (revision 23). If the event is invalid, the "
+ "FlowFile will be routed to the failure relationship. If this property is set to false, the event will be processed "
+ "without validating the data.")
.addValidator(StandardValidators.BOOLEAN_VALIDATOR)
.required(true)
.defaultValue("true")
.allowableValues("true", "false")
.build();
public static final String UTC = "UTC";
@ -187,6 +200,7 @@ public class ParseCEF extends AbstractProcessor {
properties.add(FIELDS_DESTINATION);
properties.add(APPEND_RAW_MESSAGE_TO_JSON);
properties.add(INCLUDE_CUSTOM_EXTENSIONS);
properties.add(VALIDATE_DATA);
properties.add(TIME_REPRESENTATION);
properties.add(DATETIME_REPRESENTATION);
return properties;
@ -247,7 +261,8 @@ public class ParseCEF extends AbstractProcessor {
// parcefoneLocale defaults to en_US, so this should not fail. But we force failure in case the custom
// validator failed to identify an invalid Locale
final Locale parcefoneLocale = Locale.forLanguageTag(context.getProperty(DATETIME_REPRESENTATION).getValue());
event = parser.parse(buffer, true, parcefoneLocale);
final boolean validateData = context.getProperty(VALIDATE_DATA).asBoolean();
event = parser.parse(buffer, validateData, parcefoneLocale);
} catch (Exception e) {
// This should never trigger but adding in here as a fencing mechanism to

29
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestParseCEF.java
View File

@ -342,5 +342,34 @@ public class TestParseCEF {
Assert.assertEquals(200, extension.get("http_response").asInt());
}
@Test
public void testDataValidation() throws Exception {
String invalidEvent = sample1 + " proto=ICMP"; // according to the standard, proto can be either tcp or udp.
final TestRunner runner = TestRunners.newTestRunner(new ParseCEF());
runner.setProperty(ParseCEF.FIELDS_DESTINATION, ParseCEF.DESTINATION_CONTENT);
runner.setProperty(ParseCEF.TIME_REPRESENTATION, ParseCEF.UTC);
runner.enqueue(invalidEvent.getBytes());
runner.run();
runner.assertAllFlowFilesTransferred(ParseCEF.REL_FAILURE, 1);
runner.clearTransferState();
runner.setProperty(ParseCEF.VALIDATE_DATA, "false");
runner.enqueue(invalidEvent.getBytes());
runner.run();
runner.assertAllFlowFilesTransferred(ParseCEF.REL_SUCCESS, 1);
final MockFlowFile mff = runner.getFlowFilesForRelationship(ParseCEF.REL_SUCCESS).get(0);
byte [] rawJson = mff.toByteArray();
JsonNode results = new ObjectMapper().readTree(rawJson);
JsonNode extension = results.get("extension");
Assert.assertEquals("ICMP", extension.get("proto").asText());
}
}