You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by le...@apache.org on 2017/09/27 20:03:30 UTC
metron git commit: METRON-1195 Meta alerts improperly handle updates to non-alert fields (justinleet) closes apache/metron#766

Repository: metron
Updated Branches:
  refs/heads/master cd7257e12 -> b005563fe


METRON-1195 Meta alerts improperly handle updates to non-alert fields (justinleet) closes apache/metron#766


Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/b005563f
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/b005563f
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/b005563f

Branch: refs/heads/master
Commit: b005563fe6c7f4555a2dd07d20766976ada0ebf9
Parents: cd7257e
Author: justinleet <ju...@gmail.com>
Authored: Wed Sep 27 16:01:05 2017 -0400
Committer: leet <le...@apache.org>
Committed: Wed Sep 27 16:01:05 2017 -0400

----------------------------------------------------------------------
 .../dao/ElasticsearchMetaAlertDao.java          | 13 ++++--
 .../dao/ElasticsearchMetaAlertDaoTest.java      | 48 ++++++++++++++++++++
 .../metron/indexing/dao/update/Document.java    | 33 ++++++++++++++
 3 files changed, 89 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/metron/blob/b005563f/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java b/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
index 2fb9686..a64f5ad 100644
--- a/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
+++ b/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
@@ -294,11 +294,14 @@ public class ElasticsearchMetaAlertDao implements MetaAlertDao {
    * @throws IOException If there's a problem running the update
    */
   protected void handleMetaUpdate(Document update, Optional<String> index) throws IOException {
-    // We have an update to a meta alert itself (e.g. adding a document, etc.)  Calculate scores
-    // and defer the final result to the Elasticsearch DAO.
-    MetaScores metaScores = calculateMetaScores(update);
-    update.getDocument().putAll(metaScores.getMetaScores());
-    update.getDocument().put(threatTriageField, metaScores.getMetaScores().get(threatSort));
+    // We have an update to a meta alert itself
+    // If we've updated the alerts field (i.e add/remove), recalculate meta alert scores.
+    if (update.getDocument().containsKey(MetaAlertDao.ALERT_FIELD)) {
+      MetaScores metaScores = calculateMetaScores(update);
+      update.getDocument().putAll(metaScores.getMetaScores());
+      update.getDocument().put(threatTriageField, metaScores.getMetaScores().get(threatSort));
+    }
+
     indexDao.update(update, index);
   }
 

http://git-wip-us.apache.org/repos/asf/metron/blob/b005563f/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java
index 74e1275..ad2e7f3 100644
--- a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java
+++ b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java
@@ -21,6 +21,8 @@ package org.apache.metron.elasticsearch.dao;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import java.io.IOException;
@@ -59,6 +61,7 @@ import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
 import org.junit.Test;
+import org.mockito.Mock;
 
 public class ElasticsearchMetaAlertDaoTest {
 
@@ -423,4 +426,49 @@ public class ElasticsearchMetaAlertDaoTest {
     MetaScores actual = metaAlertDao.calculateMetaScores(doc);
     assertEquals(expected.getMetaScores(), actual.getMetaScores());
   }
+
+  @Test
+  public void testHandleMetaUpdateNonAlert() throws IOException {
+    ElasticsearchDao mockEsDao= mock(ElasticsearchDao.class);
+
+    Map<String, Object> docMap = new HashMap<>();
+    docMap.put(MetaAlertDao.STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString());
+    Document update = new Document(docMap, "guid", MetaAlertDao.METAALERT_TYPE, 0L);
+
+    ElasticsearchMetaAlertDao metaAlertDao = new ElasticsearchMetaAlertDao(mockEsDao);
+    metaAlertDao.handleMetaUpdate(update, Optional.of(MetaAlertDao.METAALERTS_INDEX));
+    verify(mockEsDao, times(1))
+        .update(update, Optional.of(MetaAlertDao.METAALERTS_INDEX));
+  }
+
+  @Test
+  public void testHandleMetaUpdateAlert() throws IOException {
+    ElasticsearchDao mockEsDao= mock(ElasticsearchDao.class);
+
+    Map<String, Object> alertMap = new HashMap<>();
+    alertMap.put(MetaAlertDao.THREAT_FIELD_DEFAULT, 10.0d);
+    List<Map<String, Object>> alertList = new ArrayList<>();
+    alertList.add(alertMap);
+
+    Map<String, Object> docMapBefore = new HashMap<>();
+    docMapBefore.put(MetaAlertDao.ALERT_FIELD, alertList);
+    Document before = new Document(docMapBefore, "guid", MetaAlertDao.METAALERT_TYPE, 0L);
+
+    Map<String, Object> docMapAfter = new HashMap<>();
+    docMapAfter.putAll(docMapBefore);
+    docMapAfter.put("average", 10.0d);
+    docMapAfter.put("min", 10.0d);
+    docMapAfter.put("median", 10.0d);
+    docMapAfter.put("max", 10.0d);
+    docMapAfter.put("count", 1L);
+    docMapAfter.put("sum", 10.0d);
+    docMapAfter.put(MetaAlertDao.THREAT_FIELD_DEFAULT, 10.0d);
+    Document after = new Document(docMapAfter, "guid", MetaAlertDao.METAALERT_TYPE, 0L);
+
+    ElasticsearchMetaAlertDao metaAlertDao = new ElasticsearchMetaAlertDao(mockEsDao);
+    metaAlertDao.handleMetaUpdate(before, Optional.of(MetaAlertDao.METAALERTS_INDEX));
+
+    verify(mockEsDao, times(1))
+        .update(after, Optional.of(MetaAlertDao.METAALERTS_INDEX));
+  }
 }

http://git-wip-us.apache.org/repos/asf/metron/blob/b005563f/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/update/Document.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/update/Document.java b/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/update/Document.java
index 461ce3e..b5fcb02 100644
--- a/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/update/Document.java
+++ b/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/update/Document.java
@@ -92,4 +92,37 @@ public class Document {
         ", sensorType='" + sensorType + '\'' +
         '}';
   }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+
+    Document document1 = (Document) o;
+
+    if (timestamp != null ? !timestamp.equals(document1.timestamp) : document1.timestamp != null) {
+      return false;
+    }
+    if (document != null ? !document.equals(document1.document) : document1.document != null) {
+      return false;
+    }
+    if (guid != null ? !guid.equals(document1.guid) : document1.guid != null) {
+      return false;
+    }
+    return sensorType != null ? sensorType.equals(document1.sensorType)
+        : document1.sensorType == null;
+  }
+
+  @Override
+  public int hashCode() {
+    int result = timestamp != null ? timestamp.hashCode() : 0;
+    result = 31 * result + (document != null ? document.hashCode() : 0);
+    result = 31 * result + (guid != null ? guid.hashCode() : 0);
+    result = 31 * result + (sensorType != null ? sensorType.hashCode() : 0);
+    return result;
+  }
 }