You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "fgerlits (via GitHub)" <gi...@apache.org> on 2023/03/01 12:50:50 UTC
[GitHub] [nifi-minifi-cpp] fgerlits commented on a diff in pull request #1515: MINIFICPP-2056 CWEL: support UserData in simple/flattened json
fgerlits commented on code in PR #1515:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1515#discussion_r1121668279
##########
extensions/windows-event-log/wel/JSONUtils.cpp:
##########
@@ -67,6 +59,29 @@ rapidjson::Value xmlDocumentToJSON(const pugi::xml_node& node, rapidjson::Docume
return children;
}
+void simplifiedGenericXmlToJson(const pugi::xml_node& node, rapidjson::Value& val, rapidjson::Document& doc, bool flatten = false) {
Review Comment:
these parameters could have better names, e.g `const pugi::xml_node& source, rapidjson::Value& target, rapidjson::Document& allocator_provider`
##########
extensions/windows-event-log/tests/ConsumeWindowsEventLogTests.cpp:
##########
@@ -469,4 +470,65 @@ TEST_CASE("ConsumeWindowsEventLog batch commit size works", "[onTrigger]") {
batchCommitSizeTestHelper(5, 0, 5);
}
+TEST_CASE("ConsumeWindowsEventLog Simple JSON works with UserData", "[cwel][json][userdata]") {
+ using org::apache::nifi::minifi::wel::jsonToString;
+ using org::apache::nifi::minifi::wel::toSimpleJSON;
+ using org::apache::nifi::minifi::wel::toFlattenedJSON;
+ const auto event_xml = R"(
+<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+ <System>
+ <Provider Name="Microsoft-Windows-AppLocker" Guid="CBDA4DBF-8D5D-4F69-9578-BE14AA540D22">
+ </Provider>
+ <EventID>8002</EventID>
+ <Version>0</Version>
+ <Level>4</Level>
+ <Task>0</Task>
+ <Opcode>0</Opcode>
+ <Keywords>0x8000000000000000</Keywords>
+ <TimeCreated SystemTime="2023-02-06T16:58:09.008534Z">
+ </TimeCreated>
+ <EventRecordID>46</EventRecordID>
+ <Correlation>
+ </Correlation>
+ <Execution ProcessID="1234" ThreadID="1235">
+ </Execution>
+ <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel>
+ <Computer>example.local</Computer>
+ <Security UserID="S-1-1-0">
+ </Security>
+ </System>
+ <UserData>
+ <RuleAndFileData xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0">
+ <PolicyNameLength>3</PolicyNameLength>
+ <PolicyName>EXE</PolicyName>
+ <RuleNameLength>9</RuleNameLength>
+ <RuleName>All files</RuleName>
+ <RuleSddlLength>48</RuleSddlLength>
+ <RuleSddl>D:(XA;;FX;;;S-1-1-0;(APPID://PATH Contains "*"))</RuleSddl>
+ <TargetUser>S-1-1-0</TargetUser>
+ <TargetProcessId>1234</TargetProcessId>
+ <FilePathLength>22</FilePathLength>
+ <FilePath>%SYSTEM32%\CSCRIPT.EXE</FilePath>
+ <FileHashLength>0</FileHashLength>
+ <FileHash></FileHash>
+ <FqbnLength>1</FqbnLength>
+ <Fqbn>-</Fqbn>
+ </RuleAndFileData>
Review Comment:
can you add some nodes with attributes inside `UserData` to check & document what happens to `<Parent foo="bar"><Child/></Parent>` and `<Leaf foo="bar"></Leaf>` (maybe also `<AltLeaf foo="bar"/>`), please?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org