incubator-metron git commit: METRON-231: Snort parser should throw exception. This closes apache/incubator-metron#155

[ce...@apache.org]

Repository: incubator-metron
Updated Branches:
  refs/heads/master 916432c96 -> 0a3da362e


METRON-231: Snort parser should throw exception. This closes apache/incubator-metron#155


Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/0a3da362
Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/0a3da362
Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/0a3da362

Branch: refs/heads/master
Commit: 0a3da362e1db942bcb93e40cf30012f10895609e
Parents: 916432c
Author: cstella <ce...@gmail.com>
Authored: Thu Jun 16 14:51:20 2016 -0400
Committer: cstella <ce...@gmail.com>
Committed: Thu Jun 16 14:51:20 2016 -0400

----------------------------------------------------------------------
 .../metron/parsers/snort/BasicSnortParser.java  |  7 +-
 .../apache/metron/parsers/SnortParserTest.java  | 74 ++++++++++++++++++++
 2 files changed, 77 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/0a3da362/metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/snort/BasicSnortParser.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/snort/BasicSnortParser.java b/metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/snort/BasicSnortParser.java
index 1fcb6c4..f295d4c 100644
--- a/metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/snort/BasicSnortParser.java
+++ b/metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/snort/BasicSnortParser.java
@@ -119,10 +119,9 @@ public class BasicSnortParser extends BasicParser {
       jsonMessage.put("is_alert", "true");
       messages.add(jsonMessage);
     } catch (Exception e) {
-
-      _LOG.error("unable to parse message: " + rawMessage);
-      e.printStackTrace();
-      return null;
+      String message = "Unable to parse message: " + rawMessage;
+      _LOG.error(message, e);
+      throw new IllegalStateException(message, e);
     }
 
     return messages;

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/0a3da362/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/SnortParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/SnortParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/SnortParserTest.java
new file mode 100644
index 0000000..6d777aa
--- /dev/null
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/SnortParserTest.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.metron.parsers;
+
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.parsers.snort.BasicSnortParser;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Map;
+
+public class SnortParserTest {
+  /**
+  01/27-16:01:04.877970 ,129,12,1,"Consecutive TCP small segments exceeding threshold",TCP,10.0.2.2,56642,10.0.2.15,22,52:54:00:12:35:02,08:00:27:7F:93:2D,0x4E,***AP***,0x9AFF3D7,0xC8761D52,,0xFFFF,64,0,59677,64,65536,,,,
+   **/
+  @Multiline
+  public static String goodMessage;
+
+
+  @Test
+  public void testGoodMessage() {
+    BasicSnortParser parser = new BasicSnortParser();
+    Map out = parser.parse(goodMessage.getBytes()).get(0);
+    Assert.assertEquals(out.get("msg"),"\"Consecutive TCP small segments exceeding threshold\"");
+    Assert.assertEquals(out.get("sig_rev"), "1");
+    Assert.assertEquals(out.get("ip_dst_addr"), "10.0.2.15");
+    Assert.assertEquals(out.get("ip_dst_port"), "22");
+    Assert.assertEquals(out.get("ethsrc"), "52:54:00:12:35:02");
+    Assert.assertEquals(out.get("tcpseq"),"0x9AFF3D7");
+    Assert.assertEquals(out.get("dgmlen"), "64");
+    Assert.assertEquals(out.get("icmpid"), "");
+    Assert.assertEquals(out.get("tcplen"), "");
+    Assert.assertEquals(out.get("tcpwindow"), "0xFFFF");
+    Assert.assertEquals(out.get("icmpseq").toString().trim(), "");
+    Assert.assertEquals(out.get("tcpack"), "0xC8761D52");
+    Assert.assertEquals(out.get("icmpcode"), "");
+    Assert.assertEquals(out.get("tos"), "0");
+    Assert.assertEquals(out.get("id"), "59677");
+    Assert.assertEquals(out.get("ethdst"), "08:00:27:7F:93:2D");
+    Assert.assertEquals(out.get("ip_src_addr"), "10.0.2.2");
+    Assert.assertEquals(out.get("ttl"),"64");
+    Assert.assertEquals(out.get("ethlen"),"0x4E");
+    Assert.assertEquals(out.get("iplen"),"65536");
+    Assert.assertEquals(out.get("icmptype"),"");
+    Assert.assertEquals(out.get("protocol"),"TCP");
+    Assert.assertEquals(out.get("ip_src_port"),"56642");
+    Assert.assertEquals(out.get("tcpflags"),"***AP***");
+    Assert.assertEquals(out.get("sig_id"),"12");
+    Assert.assertEquals(out.get("sig_generator"), "129");
+    Assert.assertEquals(out.get("is_alert"), "true");
+  }
+
+  @Test(expected=IllegalStateException.class)
+  public void testBadMessage() {
+    BasicSnortParser parser = new BasicSnortParser();
+    parser.parse("foo bar".getBytes());
+  }
+}