You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Otto Fowler (JIRA)" <ji...@apache.org> on 2017/08/06 02:19:00 UTC

[jira] [Updated] (METRON-711) StellarShell assigns variables even if an exception was thrown in the statement.

     [ https://issues.apache.org/jira/browse/METRON-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Otto Fowler updated METRON-711:
-------------------------------
    Affects Version/s: 0.4.1

> StellarShell assigns variables even if an exception was thrown in the statement.
> --------------------------------------------------------------------------------
>
>                 Key: METRON-711
>                 URL: https://issues.apache.org/jira/browse/METRON-711
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>            Reporter: Justin Leet
>            Assignee: Otto Fowler
>            Priority: Minor
>
> Discovered while reviewing https://github.com/apache/incubator-metron/pull/438.
> If an exception is thrown during Stellar execution, the exception will be logged, and null is returned.  The assignment then goes through as normal, leaving the assigned variable null.
> Seen using THREAT_TRIAGE_REMOVE with a String arg, instead of a List.  Resulted in a null conf variable.
> {code}
> [Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage])
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, 'Abnormal DNS Port')
> [!] Unable to execute: java.lang.String cannot be cast to java.util.List
> org.apache.metron.common.dsl.ParseException: Unable to execute: java.lang.String cannot be cast to java.util.List
> 	at org.apache.metron.common.stellar.StellarCompiler.getResult(StellarCompiler.java:409)
> 	at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:127)
> 	at org.apache.metron.common.stellar.shell.StellarExecutor.execute(StellarExecutor.java:275)
> 	at org.apache.metron.common.stellar.shell.StellarShell.executeStellar(StellarShell.java:373)
> 	at org.apache.metron.common.stellar.shell.StellarShell.handleStellar(StellarShell.java:276)
> 	at org.apache.metron.common.stellar.shell.StellarShell.execute(StellarShell.java:412)
> 	at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
> 	at org.apache.metron.management.ThreatTriageFunctions$RemoveStellarTransformation.apply(ThreatTriageFunctions.java:232)
> 	at org.apache.metron.common.stellar.StellarCompiler.exitTransformationFunc(StellarCompiler.java:267)
> 	at org.apache.metron.common.stellar.generated.StellarParser$TransformationFuncContext.exitRule(StellarParser.java:1689)
> 	at org.antlr.v4.runtime.Parser.triggerExitRuleEvent(Parser.java:422)
> 	at org.antlr.v4.runtime.Parser.exitRule(Parser.java:632)
> 	at org.apache.metron.common.stellar.generated.StellarParser.functions(StellarParser.java:1712)
> 	at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_operands(StellarParser.java:1846)
> 	at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr_mul(StellarParser.java:1609)
> 	at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr(StellarParser.java:1469)
> 	at org.apache.metron.common.stellar.generated.StellarParser.transformation_expr(StellarParser.java:308)
> 	at org.apache.metron.common.stellar.generated.StellarParser.transformation(StellarParser.java:149)
> 	at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:126)
> 	... 8 more
> [Stellar]>>> conf
> [Stellar]>>> conf
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, ['Abnormal DNS Port'])
> [Stellar]>>> conf
> {
>   "enrichment" : {
>     "fieldMap" : { },
>     "fieldToTypeMap" : { },
>     "config" : { }
>   },
>   "threatIntel" : {
>     "fieldMap" : { },
>     "fieldToTypeMap" : { },
>     "config" : { },
>     "triageConfig" : {
>       "riskLevelRules" : [ ],
>       "aggregator" : "MAX",
>       "aggregationConfig" : { }
>     }
>   },
>   "configuration" : { }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)