You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Otto Fowler (JIRA)" <ji...@apache.org> on 2017/08/06 02:18:00 UTC
[jira] [Assigned] (METRON-711) StellarShell assigns variables even
if an exception was thrown in the statement.
[ https://issues.apache.org/jira/browse/METRON-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Otto Fowler reassigned METRON-711:
----------------------------------
Assignee: Otto Fowler (was: Justin Leet)
[~justinleet] I have a fix for this, if you don't mind. I came across this looking into METRON-693.
> StellarShell assigns variables even if an exception was thrown in the statement.
> --------------------------------------------------------------------------------
>
> Key: METRON-711
> URL: https://issues.apache.org/jira/browse/METRON-711
> Project: Metron
> Issue Type: Bug
> Reporter: Justin Leet
> Assignee: Otto Fowler
> Priority: Minor
>
> Discovered while reviewing https://github.com/apache/incubator-metron/pull/438.
> If an exception is thrown during Stellar execution, the exception will be logged, and null is returned. The assignment then goes through as normal, leaving the assigned variable null.
> Seen using THREAT_TRIAGE_REMOVE with a String arg, instead of a List. Resulted in a null conf variable.
> {code}
> [Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage])
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, 'Abnormal DNS Port')
> [!] Unable to execute: java.lang.String cannot be cast to java.util.List
> org.apache.metron.common.dsl.ParseException: Unable to execute: java.lang.String cannot be cast to java.util.List
> at org.apache.metron.common.stellar.StellarCompiler.getResult(StellarCompiler.java:409)
> at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:127)
> at org.apache.metron.common.stellar.shell.StellarExecutor.execute(StellarExecutor.java:275)
> at org.apache.metron.common.stellar.shell.StellarShell.executeStellar(StellarShell.java:373)
> at org.apache.metron.common.stellar.shell.StellarShell.handleStellar(StellarShell.java:276)
> at org.apache.metron.common.stellar.shell.StellarShell.execute(StellarShell.java:412)
> at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
> at org.apache.metron.management.ThreatTriageFunctions$RemoveStellarTransformation.apply(ThreatTriageFunctions.java:232)
> at org.apache.metron.common.stellar.StellarCompiler.exitTransformationFunc(StellarCompiler.java:267)
> at org.apache.metron.common.stellar.generated.StellarParser$TransformationFuncContext.exitRule(StellarParser.java:1689)
> at org.antlr.v4.runtime.Parser.triggerExitRuleEvent(Parser.java:422)
> at org.antlr.v4.runtime.Parser.exitRule(Parser.java:632)
> at org.apache.metron.common.stellar.generated.StellarParser.functions(StellarParser.java:1712)
> at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_operands(StellarParser.java:1846)
> at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr_mul(StellarParser.java:1609)
> at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr(StellarParser.java:1469)
> at org.apache.metron.common.stellar.generated.StellarParser.transformation_expr(StellarParser.java:308)
> at org.apache.metron.common.stellar.generated.StellarParser.transformation(StellarParser.java:149)
> at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:126)
> ... 8 more
> [Stellar]>>> conf
> [Stellar]>>> conf
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, ['Abnormal DNS Port'])
> [Stellar]>>> conf
> {
> "enrichment" : {
> "fieldMap" : { },
> "fieldToTypeMap" : { },
> "config" : { }
> },
> "threatIntel" : {
> "fieldMap" : { },
> "fieldToTypeMap" : { },
> "config" : { },
> "triageConfig" : {
> "riskLevelRules" : [ ],
> "aggregator" : "MAX",
> "aggregationConfig" : { }
> }
> },
> "configuration" : { }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)