http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/metron-parser-fireeye/src/test/resources/logData/FireEyeParserTest.txt ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/metron-parser-fireeye/src/test/resources/logData/FireEyeParserTest.txt b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/metron-parser-fireeye/src/test/resources/logData/FireEyeParserTest.txt new file mode 100644 index 0000000..f3be97a --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/metron-parser-fireeye/src/test/resources/logData/FireEyeParserTest.txt @@ -0,0 +1,8 @@ +<164>Mar 19 05:24:39 10.220.15.15 fenotify-851983.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851983 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<164>Mar 19 05:24:39 10.220.15.15 fenotify-851987.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:33:41 UTC dvc=10.201.78.113 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=51218 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851987 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851987 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<164>Mar 19 05:24:39 10.220.15.15 fenotify-3483808.2.alert: 1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/mic roads/update/InjectScript.js HTTP +<164>Mar 19 05:24:39 10.220.15.15 fenotify-793972.2.alert: Control: no-cache::~~::~~ dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Exploit.Kit.Magnitude +<161>Apr 1 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS +fireeye[-]: <161>Mar 19 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS +fireeye[-]: <161>Apr 1 02:49:49 10.220.15.15 fenotify-900702.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Apr 01 2015 09:49:14 UTC src=10.1.97.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abcd0060xzy03.example.com proto=udp spt=63100 cs5Label=cncHost cs5=mfdclk001.org dvchost=DEV1FEYE1 dvc=10.220.15.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=900702 cs4Label=link cs4=https://ABCD0040CMS01.example.com/event_stream/events_for_bot?ev_id\=900702 act=notified dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS +<161>Apr 11 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/pom.xml ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/pom.xml b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/pom.xml new file mode 100644 index 0000000..74fee34 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/pom.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-extensions</artifactId> + <version>0.4.1</version> + </parent> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-fireeye-extension</artifactId> + <name>metron-parser-fireeye-extension</name> + <version>0.4.1</version> + <packaging>pom</packaging> + + + <description>FireEyeParser Parser Extension for Metron</description> + <modules> + <module>metron-parser-fireeye</module> + <module>metron-parser-fireeye-bundle</module> + <module>metron-parser-fireeye-assembly</module> + </modules> +</project> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/pom.xml ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/pom.xml b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/pom.xml new file mode 100644 index 0000000..94a9806 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/pom.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-ise-extension</artifactId> + <version>0.4.1</version> + </parent> + + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-ise-assembly</artifactId> + <version>0.4.1</version> + <packaging>pom</packaging> + <name>metron-parser-ise-assembly</name> + + <build> + <plugins> + <plugin> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <descriptor>src/main/assembly/assembly.xml</descriptor> + </configuration> + <executions> + <execution> + <id>make-assembly</id> <!-- this is used for inheritance merges --> + <phase>package</phase> <!-- bind to the packaging phase --> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/src/main/assembly/assembly.xml ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/src/main/assembly/assembly.xml b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/src/main/assembly/assembly.xml new file mode 100644 index 0000000..14fe037 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/src/main/assembly/assembly.xml @@ -0,0 +1,42 @@ +<!-- + Licensed to the Apache Software + Foundation (ASF) under one or more contributor license agreements. See the + NOTICE file distributed with this work for additional information regarding + copyright ownership. The ASF licenses this file to You under the Apache License, + Version 2.0 (the "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed + under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the License. + --> + +<assembly> + <id>archive</id> + <formats> + <format>tar.gz</format> + </formats> + <includeBaseDirectory>false</includeBaseDirectory> + <fileSets> + <fileSet> + <directory>${project.basedir}/../metron-parser-ise/src/main/config</directory> + <outputDirectory>/config</outputDirectory> + <useDefaultExcludes>true</useDefaultExcludes> + <excludes> + <exclude>**/*.formatted</exclude> + <exclude>**/*.filtered</exclude> + </excludes> + <fileMode>0644</fileMode> + <lineEnding>unix</lineEnding> + <filtered>true</filtered> + </fileSet> + <fileSet> + <directory>${project.basedir}/../metron-parser-ise-bundle/target</directory> + <includes> + <include>metron-parser-ise-bundle-${project.version}.bundle</include> + </includes> + <outputDirectory>/lib</outputDirectory> + <useDefaultExcludes>true</useDefaultExcludes> + </fileSet> + </fileSets> +</assembly> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-bundle/pom.xml ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-bundle/pom.xml b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-bundle/pom.xml new file mode 100644 index 0000000..882c937 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-bundle/pom.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-ise-extension</artifactId> + <version>0.4.1</version> + </parent> + + <artifactId>metron-parser-ise-bundle</artifactId> + <version>0.4.1</version> + <name>metron-parser-ise-bundle</name> + <packaging>bundle</packaging> + <properties> + <maven.javadoc.skip>true</maven.javadoc.skip> + <source.skip>false</source.skip> + </properties> + + <dependencies> + <dependency> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-ise</artifactId> + <version>0.4.1</version> + </dependency> + </dependencies> + +</project> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/README.md ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/README.md b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/README.md new file mode 100644 index 0000000..17c3546 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/README.md @@ -0,0 +1,3 @@ +# ISE Parser + +This is the ISE parser http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/pom.xml ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/pom.xml b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/pom.xml new file mode 100644 index 0000000..8cdda6f --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/pom.xml @@ -0,0 +1,89 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software + Foundation (ASF) under one or more contributor license agreements. See the + NOTICE file distributed with this work for additional information regarding + copyright ownership. The ASF licenses this file to You under the Apache License, + Version 2.0 (the "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed + under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the License. + --><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-ise-extension</artifactId> + <version>0.4.1</version> + </parent> + <artifactId>metron-parser-ise</artifactId> + <version>0.4.1</version> + <name>metron-parser-ise</name> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> + </properties> + <dependencies> + <dependency> + <groupId>org.apache.metron</groupId> + <artifactId>metron-common</artifactId> + <version>${project.parent.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parsers</artifactId> + <version>${project.parent.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.atteo.classindex</groupId> + <artifactId>classindex</artifactId> + <version>${global_classindex_version}</version> + <scope>provided</scope> + </dependency> + <!-- testing --> + <dependency> + <groupId>org.apache.metron</groupId> + <artifactId>metron-parser-extensions-testing</artifactId> + <version>${project.parent.version}</version> + <type>pom</type> + <scope>test</scope> + </dependency> + <dependency> + <groupId>com.github.fge</groupId> + <artifactId>json-schema-validator</artifactId> + <version>2.2.6</version> + <scope>test</scope> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jar-plugin</artifactId> + <version>${global_jar_version}</version> + <executions> + <execution> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + <resources> + <resource> + <directory>src/main/resources</directory> + </resource> + <resource> + <directory>src/main/patterns</directory> + </resource> + <resource> + <directory>src/test/resources</directory> + </resource> + </resources> + </build> +</project> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/enrichments/ise.json ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/enrichments/ise.json b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/enrichments/ise.json new file mode 100644 index 0000000..2cd0667 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/enrichments/ise.json @@ -0,0 +1,20 @@ +{ + "enrichment" : { + "fieldMap": { + "geo": [ + "ip_dst_addr", + "ip_src_addr" + ] + } + }, + "threatIntel": { + "fieldMap": { + "hbaseThreatIntel": ["ip_src_addr", "ip_dst_addr"] + }, + "fieldToTypeMap": { + "ip_src_addr" : ["malicious_ip"], + "ip_dst_addr" : ["malicious_ip"] + } + } +} + http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/indexing/ise.json ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/indexing/ise.json b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/indexing/ise.json new file mode 100644 index 0000000..b5b4ab7 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/indexing/ise.json @@ -0,0 +1,18 @@ +{ + "hdfs" : { + "index": "ise", + "batchSize": 5, + "enabled" : true + }, + "elasticsearch" : { + "index": "ise", + "batchSize": 5, + "enabled" : true + }, + "solr" : { + "index": "ise", + "batchSize": 5, + "enabled" : true + } +} + http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/parsers/ise.json ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/parsers/ise.json b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/parsers/ise.json new file mode 100644 index 0000000..86f8eb0 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/config/zookeeper/parsers/ise.json @@ -0,0 +1,7 @@ +{ + "parserClassName": "org.apache.metron.parsers.ise.BasicIseParser", + "sensorTopic": "ise", + "parserConfig": { + "deviceTimeZone": "UTC" + } +} http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/BasicIseParser.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/BasicIseParser.java b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/BasicIseParser.java new file mode 100644 index 0000000..4e91585 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/BasicIseParser.java @@ -0,0 +1,101 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.apache.metron.parsers.ise; + +import com.esotericsoftware.minlog.Log; +import org.apache.metron.parsers.BasicParser; +import org.json.simple.JSONObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.StringReader; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +@SuppressWarnings("serial") +public class BasicIseParser extends BasicParser { + + private static final Logger _LOG = LoggerFactory + .getLogger(BasicIseParser.class); + static final transient ISEParser _parser = new ISEParser("header="); + + @Override + public void configure(Map<String, Object> parserConfig) { + + } + + @Override + public void init() { + + } + + @SuppressWarnings("unchecked") + @Override + public List<JSONObject> parse(byte[] msg) { + + String raw_message = ""; + List<JSONObject> messages = new ArrayList<>(); + try { + + raw_message = new String(msg, "UTF-8"); + _LOG.debug("Received message: {}", raw_message); + + /* + * Reinitialize Parser. It has the effect of calling the constructor again. + */ + _parser.ReInit(new StringReader("header=" + raw_message.trim())); + + JSONObject payload = _parser.parseObject(); + + String ip_src_addr = (String) payload.get("Device IP Address"); + String ip_src_port = (String) payload.get("Device Port"); + String ip_dst_addr = (String) payload.get("DestinationIPAddress"); + String ip_dst_port = (String) payload.get("DestinationPort"); + + /* + * Standard Fields for Metron. + */ + + if(ip_src_addr != null) + payload.put("ip_src_addr", ip_src_addr); + if(ip_src_port != null) + payload.put("ip_src_port", ip_src_port); + if(ip_dst_addr != null) + payload.put("ip_dst_addr", ip_dst_addr); + if(ip_dst_port != null) + payload.put("ip_dst_port", ip_dst_port); + messages.add(payload); + return messages; + + } catch (Exception e) { + Log.error(e.toString()); + e.printStackTrace(); + } + return null; + } + + @Override + public boolean validate(JSONObject message) { + return true; + } + + +} http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.java b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.java new file mode 100644 index 0000000..b310a82 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.java @@ -0,0 +1,665 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Generated By:JavaCC: Do not edit this line. ISEParser.java */ +package org.apache.metron.parsers.ise; + +import org.json.simple.JSONObject; + +import java.io.*; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** +* Basic ISE data parser generated by JavaCC. +*/ +public class ISEParser implements Serializable, ISEParserConstants { + // private boolean nativeNumbers = false; + + private static final long serialVersionUID = -2531656825360044979L; + + public ISEParser() + { //do nothing + } + + public ISEParser(String input) + { + this (new StringReader(input)); + } + + /** + * Parses a ISE String into a JSON object {@code Map}. + */ + public JSONObject parseObject() throws ParseException + { + JSONObject toReturn = object(); + if (!ensureEOF()) throw new IllegalStateException("Expected EOF, but still had content to parse"); + return toReturn; + } + + @SuppressWarnings("unused") +final public boolean ensureEOF() throws ParseException { + switch (jj_nt.kind) { + case COMMA: + jj_consume_token(COMMA); + break; + default: + jj_la1[0] = jj_gen; + ; + } + jj_consume_token(0); + {if (true) return true;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings({ "unchecked", "unused" }) +final public JSONObject innerMap() throws ParseException { + final JSONObject json = new JSONObject(); + String key; + Object value; + key = objectKey(); + jj_consume_token(EQUALS); + value = value(); + json.put(key, value); + key = null; + value = null; + label_1: + while (true) { + switch (jj_nt.kind) { + case SLASH: + ; + break; + default: + jj_la1[1] = jj_gen; + break label_1; + } + jj_consume_token(SLASH); + jj_consume_token(COMMA); + key = objectKey(); + jj_consume_token(EQUALS); + value = value(); + json.put(key, value); + key = null; + value = null; + } + {if (true) return json;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings({ "unused", "unchecked" }) +final public JSONObject object() throws ParseException { + final JSONObject json = new JSONObject(); + String key; + Object value; + key = objectKey(); + jj_consume_token(EQUALS); + value = value(); + json.put(key, value); + key = null; + value = null; + label_2: + while (true) { + if (jj_2_1(2)) { + ; + } else { + break label_2; + } + jj_consume_token(COMMA); + key = objectKey(); + jj_consume_token(EQUALS); + value = value(); + json.put(key, value); + key = null; + value = null; + } + {if (true) return json;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String objectKey() throws ParseException { + String k; + k = string(); + // System.out.println("key == " + k); + {if (true) return k.trim();} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings({ "unused", "rawtypes" }) +final public Object value() throws ParseException { + Object x; + String eof = "EOF"; + Map m = null; + if (jj_2_2(2147483647)) { + x = nullValue(); + } else if (jj_2_3(2147483647)) { + x = innerMap(); + } else { + switch (jj_nt.kind) { + case TAG: + x = tagString(); + break; + default: + jj_la1[2] = jj_gen; + if (jj_2_4(2147483647)) { + x = blankValue(); + } else if (jj_2_5(2147483647)) { + x = braced_string(); + } else if (jj_2_6(2)) { + x = string(); + } else { + jj_consume_token(-1); + throw new ParseException(); + } + } + } + // System.out.println("val == " + x); + //if (x instanceof Map) return "Map"; + //return (String) x; + {if (true) return x;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String nullValue() throws ParseException { + {if (true) return null;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String tagString() throws ParseException { + String output = "(tag=0)"; + jj_consume_token(TAG); + jj_consume_token(STRING_BODY); + {if (true) return output + token.image;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String blankValue() throws ParseException { + {if (true) return null;} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String string() throws ParseException { + String s; + jj_consume_token(STRING_BODY); + {if (true) return token.image.trim();} + throw new Error("Missing return statement in function"); + } + + @SuppressWarnings("unused") +final public String braced_string() throws ParseException { + String s; + jj_consume_token(BRACED_STRING); + // System.out.println("braced == " + token.image); + s = token.image; + jj_consume_token(COMMA); + {if (true) return s.trim();} + throw new Error("Missing return statement in function"); + } + + private boolean jj_2_1(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_1(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(0, xla); } + } + + private boolean jj_2_2(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_2(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(1, xla); } + } + + private boolean jj_2_3(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_3(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(2, xla); } + } + + private boolean jj_2_4(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_4(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(3, xla); } + } + + private boolean jj_2_5(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_5(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(4, xla); } + } + + private boolean jj_2_6(int xla) { + jj_la = xla; jj_lastpos = jj_scanpos = token; + try { return !jj_3_6(); } + catch(LookaheadSuccess ls) { return true; } + finally { jj_save(5, xla); } + } + + private boolean jj_3_5() { + if (jj_3R_5()) return true; + return false; + } + + private boolean jj_3_4() { + if (jj_scan_token(0)) return true; + return false; + } + + private boolean jj_3R_5() { + if (jj_scan_token(BRACED_STRING)) return true; + if (jj_scan_token(COMMA)) return true; + return false; + } + + private boolean jj_3_3() { + if (jj_3R_4()) return true; + return false; + } + + private boolean jj_3R_4() { + if (jj_3R_3()) return true; + if (jj_scan_token(EQUALS)) return true; + if (jj_3R_7()) return true; + Token xsp; + while (true) { + xsp = jj_scanpos; + if (jj_3R_8()) { jj_scanpos = xsp; break; } + } + return false; + } + + private boolean jj_3_2() { + if (jj_scan_token(COMMA)) return true; + return false; + } + + private boolean jj_3_6() { + if (jj_3R_6()) return true; + return false; + } + + private boolean jj_3_1() { + if (jj_scan_token(COMMA)) return true; + if (jj_3R_3()) return true; + return false; + } + + private boolean jj_3R_13() { + if (jj_3R_5()) return true; + return false; + } + + private boolean jj_3R_12() { + if (jj_3R_16()) return true; + return false; + } + + private boolean jj_3R_11() { + if (jj_3R_15()) return true; + return false; + } + + private boolean jj_3R_6() { + if (jj_scan_token(STRING_BODY)) return true; + return false; + } + + private boolean jj_3R_10() { + if (jj_3R_4()) return true; + return false; + } + + private boolean jj_3R_9() { + if (jj_3R_14()) return true; + return false; + } + + private boolean jj_3R_7() { + Token xsp; + xsp = jj_scanpos; + if (jj_3R_9()) { + jj_scanpos = xsp; + if (jj_3R_10()) { + jj_scanpos = xsp; + if (jj_3R_11()) { + jj_scanpos = xsp; + if (jj_3R_12()) { + jj_scanpos = xsp; + if (jj_3R_13()) { + jj_scanpos = xsp; + if (jj_3_6()) return true; + } + } + } + } + } + return false; + } + + private boolean jj_3R_16() { + return false; + } + + private boolean jj_3R_15() { + if (jj_scan_token(TAG)) return true; + if (jj_scan_token(STRING_BODY)) return true; + return false; + } + + private boolean jj_3R_3() { + if (jj_3R_6()) return true; + return false; + } + + private boolean jj_3R_8() { + if (jj_scan_token(SLASH)) return true; + if (jj_scan_token(COMMA)) return true; + if (jj_3R_3()) return true; + if (jj_scan_token(EQUALS)) return true; + if (jj_3R_7()) return true; + return false; + } + + private boolean jj_3R_14() { + return false; + } + + /** Generated Token Manager. */ + public ISEParserTokenManager token_source; + JavaCharStream jj_input_stream; + /** Current token. */ + public Token token; + /** Next token. */ + public Token jj_nt; + private Token jj_scanpos, jj_lastpos; + private int jj_la; + private int jj_gen; + final private int[] jj_la1 = new int[3]; + static private int[] jj_la1_0; + static { + jj_la1_init_0(); + } + private static void jj_la1_init_0() { + jj_la1_0 = new int[] {0x20,0x80,0x100,}; + } + final private JJCalls[] jj_2_rtns = new JJCalls[6]; + private boolean jj_rescan = false; + private int jj_gc = 0; + + /** Constructor with InputStream. */ + public ISEParser(InputStream stream) { + this(stream, null); + } + /** Constructor with InputStream and supplied encoding */ + public ISEParser(InputStream stream, String encoding) { + try { jj_input_stream = new JavaCharStream(stream, encoding, 1, 1); } catch(UnsupportedEncodingException e) { throw new RuntimeException(e); } + token_source = new ISEParserTokenManager(jj_input_stream); + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + /** Reinitialise. */ + public void ReInit(InputStream stream) { + ReInit(stream, null); + } + /** Reinitialise. */ + public void ReInit(InputStream stream, String encoding) { + try { jj_input_stream.ReInit(stream, encoding, 1, 1); } catch(UnsupportedEncodingException e) { throw new RuntimeException(e); } + token_source.ReInit(jj_input_stream); + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + /** Constructor. */ + public ISEParser(Reader stream) { + jj_input_stream = new JavaCharStream(stream, 1, 1); + token_source = new ISEParserTokenManager(jj_input_stream); + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + /** Reinitialise. */ + public void ReInit(Reader stream) { + jj_input_stream.ReInit(stream, 1, 1); + token_source.ReInit(jj_input_stream); + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + /** Constructor with generated Token Manager. */ + public ISEParser(ISEParserTokenManager tm) { + token_source = tm; + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + /** Reinitialise. */ + public void ReInit(ISEParserTokenManager tm) { + token_source = tm; + token = new Token(); + token.next = jj_nt = token_source.getNextToken(); + jj_gen = 0; + for (int i = 0; i < 3; i++) jj_la1[i] = -1; + for (int i = 0; i < jj_2_rtns.length; i++) jj_2_rtns[i] = new JJCalls(); + } + + private Token jj_consume_token(int kind) throws ParseException { + Token oldToken = token; + if ((token = jj_nt).next != null) jj_nt = jj_nt.next; + else jj_nt = jj_nt.next = token_source.getNextToken(); + if (token.kind == kind) { + jj_gen++; + if (++jj_gc > 100) { + jj_gc = 0; + for (int i = 0; i < jj_2_rtns.length; i++) { + JJCalls c = jj_2_rtns[i]; + while (c != null) { + if (c.gen < jj_gen) c.first = null; + c = c.next; + } + } + } + return token; + } + jj_nt = token; + token = oldToken; + jj_kind = kind; + throw generateParseException(); + } + + static private final class LookaheadSuccess extends Error { + + private static final long serialVersionUID = -5724812746511794505L; } + final private LookaheadSuccess jj_ls = new LookaheadSuccess(); + private boolean jj_scan_token(int kind) { + if (jj_scanpos == jj_lastpos) { + jj_la--; + if (jj_scanpos.next == null) { + jj_lastpos = jj_scanpos = jj_scanpos.next = token_source.getNextToken(); + } else { + jj_lastpos = jj_scanpos = jj_scanpos.next; + } + } else { + jj_scanpos = jj_scanpos.next; + } + if (jj_rescan) { + int i = 0; Token tok = token; + while (tok != null && tok != jj_scanpos) { i++; tok = tok.next; } + if (tok != null) jj_add_error_token(kind, i); + } + if (jj_scanpos.kind != kind) return true; + if (jj_la == 0 && jj_scanpos == jj_lastpos) throw jj_ls; + return false; + } + + +/** Get the next Token. */ + final public Token getNextToken() { + if ((token = jj_nt).next != null) jj_nt = jj_nt.next; + else jj_nt = jj_nt.next = token_source.getNextToken(); + jj_gen++; + return token; + } + +/** Get the specific Token. */ + final public Token getToken(int index) { + Token t = token; + for (int i = 0; i < index; i++) { + if (t.next != null) t = t.next; + else t = t.next = token_source.getNextToken(); + } + return t; + } + + private List<int[]> jj_expentries = new ArrayList<int[]>(); + private int[] jj_expentry; + private int jj_kind = -1; + private int[] jj_lasttokens = new int[100]; + private int jj_endpos; + + private void jj_add_error_token(int kind, int pos) { + if (pos >= 100) return; + if (pos == jj_endpos + 1) { + jj_lasttokens[jj_endpos++] = kind; + } else if (jj_endpos != 0) { + jj_expentry = new int[jj_endpos]; + for (int i = 0; i < jj_endpos; i++) { + jj_expentry[i] = jj_lasttokens[i]; + } + jj_entries_loop: for (Iterator<?> it = jj_expentries.iterator(); it.hasNext();) { + int[] oldentry = (int[])(it.next()); + if (oldentry.length == jj_expentry.length) { + for (int i = 0; i < jj_expentry.length; i++) { + if (oldentry[i] != jj_expentry[i]) { + continue jj_entries_loop; + } + } + jj_expentries.add(jj_expentry); + break jj_entries_loop; + } + } + if (pos != 0) jj_lasttokens[(jj_endpos = pos) - 1] = kind; + } + } + + /** Generate ParseException. */ + public ParseException generateParseException() { + jj_expentries.clear(); + boolean[] la1tokens = new boolean[11]; + if (jj_kind >= 0) { + la1tokens[jj_kind] = true; + jj_kind = -1; + } + for (int i = 0; i < 3; i++) { + if (jj_la1[i] == jj_gen) { + for (int j = 0; j < 32; j++) { + if ((jj_la1_0[i] & (1<<j)) != 0) { + la1tokens[j] = true; + } + } + } + } + for (int i = 0; i < 11; i++) { + if (la1tokens[i]) { + jj_expentry = new int[1]; + jj_expentry[0] = i; + jj_expentries.add(jj_expentry); + } + } + jj_endpos = 0; + jj_rescan_token(); + jj_add_error_token(0, 0); + int[][] exptokseq = new int[jj_expentries.size()][]; + for (int i = 0; i < jj_expentries.size(); i++) { + exptokseq[i] = jj_expentries.get(i); + } + return new ParseException(token, exptokseq, tokenImage); + } + + /** Enable tracing. */ + final public void enable_tracing() { + } + + /** Disable tracing. */ + final public void disable_tracing() { + } + + private void jj_rescan_token() { + jj_rescan = true; + for (int i = 0; i < 6; i++) { + try { + JJCalls p = jj_2_rtns[i]; + do { + if (p.gen > jj_gen) { + jj_la = p.arg; jj_lastpos = jj_scanpos = p.first; + switch (i) { + case 0: jj_3_1(); break; + case 1: jj_3_2(); break; + case 2: jj_3_3(); break; + case 3: jj_3_4(); break; + case 4: jj_3_5(); break; + case 5: jj_3_6(); break; + } + } + p = p.next; + } while (p != null); + } catch(LookaheadSuccess ls) { } + } + jj_rescan = false; + } + + private void jj_save(int index, int xla) { + JJCalls p = jj_2_rtns[index]; + while (p.gen > jj_gen) { + if (p.next == null) { p = p.next = new JJCalls(); break; } + p = p.next; + } + p.gen = jj_gen + xla - jj_la; p.first = token; p.arg = xla; + } + + static final class JJCalls { + int gen; + Token first; + int arg; + JJCalls next; + } + +} http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.jj ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.jj b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.jj new file mode 100644 index 0000000..6071922 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParser.jj @@ -0,0 +1,12 @@ +options { CHOICE_AMBIGUITY_CHECK = 3; OTHER_AMBIGUITY_CHECK = 2; //DEBUG_PARSER=true + //DEBUG_LOOKAHEAD=true + //DEBUG_TOKEN_MANAGER=true + ERROR_REPORTING = true; JAVA_UNICODE_ESCAPE = true; UNICODE_INPUT = true; IGNORE_CASE = true; SUPPORT_CLASS_VISIBILITY_PUBLIC = false; FORCE_LA_CHECK = true; CACHE_TOKENS = true; SANITY_CHECK = true; STATIC = false; //KEEP_LINE_COLUMN=true; +} PARSER_BEGIN(ISEParser) /** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.metron.ise.parser; import java.io.*; import java.util.*; import org.json.simple.*; /** +* Basic ISE data parser generated by JavaCC. +*/ public class ISEParser implements Serializable { private boolean nativeNumbers = false; public ISEParser() { //do nothing + } public ISEParser(String input) { this (new StringReader(input)); } /** + * Parses a ISE String into a JSON object {@code Map}. + */ public JSONObject parseObject() throws ParseException { JSONObject toReturn = object(); if (!ensureEOF()) throw new IllegalStateException("Expected EOF, but still had content to parse"); return toReturn; } } PARSER_END(ISEParser) // Ignore comments SKIP : { < C_SINGLE_COMMENT : "//" (~[ "\n", "\r", "\f" ])* < EOL >> | < C_MULTILINE_COMMENT : "/*" (~[ ])* "*/" > | < SH_SINGLE_COMMENT : "#" (~[ "\n", "\r", "\f" ])* < EOL >> /*| < WHITESPACE : " " | "\t" >*/ | < EOL : "\n" | "\r" | "\f" > } // Common tokens +TOKEN : { < COMMA : "," > | < EQUALS : "=" > | < SLASH : "\\" > | < TAG : "(tag=0)" > } // Null token /*TOKEN : { //< NULL : "null" > } */ // String tokens +TOKEN : { //< SYMBOL : ([ "a"-"z", "A"-"Z", "0", "1"-"9", " ", "\t" , ":" , "-" , "." ])+ > < STRING_BODY : ( (~[ "\"", "\r", "\n", "\f", "\t", "=", "," ]) | ( "\\" ( "r" | "n" | "f" | "\\" | "/" | "\"" | "b" | "t" | "," ) ) )+ > | < BRACED_STRING : ( "{" (~[ "{", "}" ])+ "}" ) > } boolean ensureEOF() : {} { (< COMMA >)? < EOF > { return true; } } JSONObject innerMap() : { final JSONObject json = new JSONObject(); String key; Object value; } { key = objectKey() < EQUALS > value = value() { json.put(key, value); } { key = null; value = null; } ( < SLASH > < COMMA > key = objectKey() < EQUALS > value = value() { json.put(key, value); } { key = null; value = null; } )* { return json; } } JSONObject object() : { final JSONObject json = new JSONObject() ; String key; Object value; } { key = objectKey() < EQUALS > value = value() { json.put(key, value); } { key = null; value = null; } ( ( LOOKAHEAD(2) < COMMA > key = objectKey() < EQUALS > value = value() { json.put(key, value); } { key = null; value = null; } )* | LOOKAHEAD(2) < COMMA > < EOF > ) // ensureEOF() { return json; } } String objectKey() : { String k; } { ( k = string() ) { // System.out.println("key == " + k); return k.trim(); } } Object value() : { Object x; String eof = "EOF"; Map m = null; } { ( LOOKAHEAD(< COMMA >) x = nullValue() | LOOKAHEAD(innerMap()) x = innerMap() | x = tagString() | LOOKAHEAD(< EOF >) x = blankValue() | LOOKAHEAD(braced_string()) x = braced_string() | LOOKAHEAD(2) x = string() ) { // System.out.println("val == " + x); //if (x instanceof Map) return "Map "; //return (String) x; return x; } } String nullValue() : {} { { return null; } } String tagString() : { String output = "(tag=0)"; } { < TAG > < STRING_BODY > { return output + token.image; } } String blankValue() : {} { { return null; } } String string() : { String s; } { < STRING_BODY > { return token.image.trim(); } } String braced_string() : { String s; } { < BRACED_STRING > { // System.out.println("braced == " + token.image); s = token.image; } < COMMA > { return s.trim(); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserConstants.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserConstants.java b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserConstants.java new file mode 100644 index 0000000..126d120 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserConstants.java @@ -0,0 +1,69 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Generated By:JavaCC: Do not edit this line. ISEParserConstants.java */ +package org.apache.metron.parsers.ise; + + +/** + * Token literal values and constants. + * Generated by org.javacc.parser.OtherFilesGen#start() + */ +interface ISEParserConstants { + + /** End of File. */ + int EOF = 0; + /** RegularExpression Id. */ + int C_SINGLE_COMMENT = 1; + /** RegularExpression Id. */ + int C_MULTILINE_COMMENT = 2; + /** RegularExpression Id. */ + int SH_SINGLE_COMMENT = 3; + /** RegularExpression Id. */ + int EOL = 4; + /** RegularExpression Id. */ + int COMMA = 5; + /** RegularExpression Id. */ + int EQUALS = 6; + /** RegularExpression Id. */ + int SLASH = 7; + /** RegularExpression Id. */ + int TAG = 8; + /** RegularExpression Id. */ + int STRING_BODY = 9; + /** RegularExpression Id. */ + int BRACED_STRING = 10; + + /** Lexical state. */ + int DEFAULT = 0; + + /** Literal token values. */ + String[] tokenImage = { + "<EOF>", + "<C_SINGLE_COMMENT>", + "<C_MULTILINE_COMMENT>", + "<SH_SINGLE_COMMENT>", + "<EOL>", + "\",\"", + "\"=\"", + "\"\\\\\"", + "\"(tag=0)\"", + "<STRING_BODY>", + "<BRACED_STRING>", + }; + +} http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserTokenManager.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserTokenManager.java b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserTokenManager.java new file mode 100644 index 0000000..9bd5347 --- /dev/null +++ b/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise/src/main/java/org/apache/metron/parsers/ise/ISEParserTokenManager.java @@ -0,0 +1,676 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Generated By:JavaCC: Do not edit this line. ISEParserTokenManager.java */ +package org.apache.metron.parsers.ise; + +/** Token Manager. */ +class ISEParserTokenManager implements ISEParserConstants +{ + + /** Debug output. */ + public java.io.PrintStream debugStream = System.out; + /** Set debug output. */ + public void setDebugStream(java.io.PrintStream ds) { debugStream = ds; } +private final int jjStopStringLiteralDfa_0(int pos, long active0) +{ + switch (pos) + { + case 0: + if ((active0 & 0x100L) != 0L) + { + jjmatchedKind = 9; + return 18; + } + if ((active0 & 0x80L) != 0L) + return 6; + return -1; + case 1: + if ((active0 & 0x100L) != 0L) + { + jjmatchedKind = 9; + jjmatchedPos = 1; + return 18; + } + return -1; + case 2: + if ((active0 & 0x100L) != 0L) + { + jjmatchedKind = 9; + jjmatchedPos = 2; + return 18; + } + return -1; + case 3: + if ((active0 & 0x100L) != 0L) + { + jjmatchedKind = 9; + jjmatchedPos = 3; + return 18; + } + return -1; + case 4: + if ((active0 & 0x100L) != 0L) + { + if (jjmatchedPos < 3) + { + jjmatchedKind = 9; + jjmatchedPos = 3; + } + return -1; + } + return -1; + case 5: + if ((active0 & 0x100L) != 0L) + { + if (jjmatchedPos < 3) + { + jjmatchedKind = 9; + jjmatchedPos = 3; + } + return -1; + } + return -1; + default : + return -1; + } +} +private final int jjStartNfa_0(int pos, long active0) +{ + return jjMoveNfa_0(jjStopStringLiteralDfa_0(pos, active0), pos + 1); +} +private int jjStopAtPos(int pos, int kind) +{ + jjmatchedKind = kind; + jjmatchedPos = pos; + return pos + 1; +} +private int jjMoveStringLiteralDfa0_0() +{ + switch(curChar) + { + case 40: + return jjMoveStringLiteralDfa1_0(0x100L); + case 44: + return jjStopAtPos(0, 5); + case 61: + return jjStopAtPos(0, 6); + case 92: + return jjStartNfaWithStates_0(0, 7, 6); + default : + return jjMoveNfa_0(0, 0); + } +} +private int jjMoveStringLiteralDfa1_0(long active0) +{ + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(0, active0); + return 1; + } + switch(curChar) + { + case 84: + case 116: + return jjMoveStringLiteralDfa2_0(active0, 0x100L); + default : + break; + } + return jjStartNfa_0(0, active0); +} +private int jjMoveStringLiteralDfa2_0(long old0, long active0) +{ + if (((active0 &= old0)) == 0L) + return jjStartNfa_0(0, old0); + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(1, active0); + return 2; + } + switch(curChar) + { + case 65: + case 97: + return jjMoveStringLiteralDfa3_0(active0, 0x100L); + default : + break; + } + return jjStartNfa_0(1, active0); +} +private int jjMoveStringLiteralDfa3_0(long old0, long active0) +{ + if (((active0 &= old0)) == 0L) + return jjStartNfa_0(1, old0); + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(2, active0); + return 3; + } + switch(curChar) + { + case 71: + case 103: + return jjMoveStringLiteralDfa4_0(active0, 0x100L); + default : + break; + } + return jjStartNfa_0(2, active0); +} +private int jjMoveStringLiteralDfa4_0(long old0, long active0) +{ + if (((active0 &= old0)) == 0L) + return jjStartNfa_0(2, old0); + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(3, active0); + return 4; + } + switch(curChar) + { + case 61: + return jjMoveStringLiteralDfa5_0(active0, 0x100L); + default : + break; + } + return jjStartNfa_0(3, active0); +} +private int jjMoveStringLiteralDfa5_0(long old0, long active0) +{ + if (((active0 &= old0)) == 0L) + return jjStartNfa_0(3, old0); + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(4, active0); + return 5; + } + switch(curChar) + { + case 48: + return jjMoveStringLiteralDfa6_0(active0, 0x100L); + default : + break; + } + return jjStartNfa_0(4, active0); +} +private int jjMoveStringLiteralDfa6_0(long old0, long active0) +{ + if (((active0 &= old0)) == 0L) + return jjStartNfa_0(4, old0); + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { + jjStopStringLiteralDfa_0(5, active0); + return 6; + } + switch(curChar) + { + case 41: + if ((active0 & 0x100L) != 0L) + return jjStopAtPos(6, 8); + break; + default : + break; + } + return jjStartNfa_0(5, active0); +} +private int jjStartNfaWithStates_0(int pos, int kind, int state) +{ + jjmatchedKind = kind; + jjmatchedPos = pos; + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { return pos + 1; } + return jjMoveNfa_0(state, pos + 1); +} +static final long[] jjbitVec0 = { + 0xfffffffffffffffeL, 0xffffffffffffffffL, 0xffffffffffffffffL, 0xffffffffffffffffL +}; +static final long[] jjbitVec2 = { + 0x0L, 0x0L, 0xffffffffffffffffL, 0xffffffffffffffffL +}; +private int jjMoveNfa_0(int startState, int curPos) +{ + int startsAt = 0; + jjnewStateCnt = 18; + int i = 1; + jjstateSet[0] = startState; + int kind = 0x7fffffff; + for (;;) + { + if (++jjround == 0x7fffffff) + ReInitRounds(); + if (curChar < 64) + { + long l = 1L << curChar; + do + { + switch(jjstateSet[--i]) + { + case 18: + case 4: + if ((0xdfffeffbffffc9ffL & l) == 0L) + break; + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + break; + case 0: + if ((0xdfffeffbffffc9ffL & l) != 0L) + { + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + } + else if ((0x3400L & l) != 0L) + { + if (kind > 4) + kind = 4; + } + if (curChar == 47) + jjAddStates(0, 1); + else if (curChar == 35) + jjCheckNAddTwoStates(1, 2); + break; + case 6: + if ((0xdfffeffbffffc9ffL & l) != 0L) + { + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + } + if ((0x900400000000L & l) != 0L) + { + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + } + break; + case 1: + if ((0xffffffffffffcbffL & l) != 0L) + jjCheckNAddTwoStates(1, 2); + break; + case 2: + if ((0x3400L & l) != 0L && kind > 3) + kind = 3; + break; + case 3: + if ((0x3400L & l) != 0L && kind > 4) + kind = 4; + break; + case 8: + jjAddStates(2, 3); + break; + case 10: + if (curChar == 47) + jjAddStates(0, 1); + break; + case 11: + if (curChar == 47) + jjCheckNAddTwoStates(12, 13); + break; + case 12: + if ((0xffffffffffffcbffL & l) != 0L) + jjCheckNAddTwoStates(12, 13); + break; + case 13: + if ((0x3400L & l) != 0L && kind > 1) + kind = 1; + break; + case 14: + if (curChar == 42) + jjCheckNAddTwoStates(15, 17); + break; + case 15: + jjCheckNAddTwoStates(15, 17); + break; + case 16: + if (curChar == 47 && kind > 2) + kind = 2; + break; + case 17: + if (curChar == 42) + jjstateSet[jjnewStateCnt++] = 16; + break; + default : break; + } + } while(i != startsAt); + } + else if (curChar < 128) + { + long l = 1L << (curChar & 077); + do + { + switch(jjstateSet[--i]) + { + case 18: + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + if (curChar == 92) + jjstateSet[jjnewStateCnt++] = 6; + break; + case 0: + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + if (curChar == 123) + jjCheckNAdd(8); + else if (curChar == 92) + jjstateSet[jjnewStateCnt++] = 6; + break; + case 6: + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + if ((0x14404410144044L & l) != 0L) + { + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + } + if (curChar == 92) + jjstateSet[jjnewStateCnt++] = 6; + break; + case 1: + jjAddStates(4, 5); + break; + case 4: + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + break; + case 5: + if (curChar == 92) + jjstateSet[jjnewStateCnt++] = 6; + break; + case 7: + if (curChar == 123) + jjCheckNAdd(8); + break; + case 8: + if ((0xd7ffffffffffffffL & l) != 0L) + jjCheckNAddTwoStates(8, 9); + break; + case 9: + if (curChar == 125 && kind > 10) + kind = 10; + break; + case 12: + jjAddStates(6, 7); + break; + case 15: + jjAddStates(8, 9); + break; + default : break; + } + } while(i != startsAt); + } + else + { + int hiByte = (int)(curChar >> 8); + int i1 = hiByte >> 6; + long l1 = 1L << (hiByte & 077); + int i2 = (curChar & 0xff) >> 6; + long l2 = 1L << (curChar & 077); + do + { + switch(jjstateSet[--i]) + { + case 18: + case 4: + if (!jjCanMove_0(hiByte, i1, i2, l1, l2)) + break; + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + break; + case 0: + if (!jjCanMove_0(hiByte, i1, i2, l1, l2)) + break; + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + break; + case 6: + if (!jjCanMove_0(hiByte, i1, i2, l1, l2)) + break; + if (kind > 9) + kind = 9; + jjCheckNAddTwoStates(4, 5); + break; + case 1: + if (jjCanMove_0(hiByte, i1, i2, l1, l2)) + jjAddStates(4, 5); + break; + case 8: + if (jjCanMove_0(hiByte, i1, i2, l1, l2)) + jjAddStates(2, 3); + break; + case 12: + if (jjCanMove_0(hiByte, i1, i2, l1, l2)) + jjAddStates(6, 7); + break; + case 15: + if (jjCanMove_0(hiByte, i1, i2, l1, l2)) + jjAddStates(8, 9); + break; + default : break; + } + } while(i != startsAt); + } + if (kind != 0x7fffffff) + { + jjmatchedKind = kind; + jjmatchedPos = curPos; + kind = 0x7fffffff; + } + ++curPos; + if ((i = jjnewStateCnt) == (startsAt = 18 - (jjnewStateCnt = startsAt))) + return curPos; + try { curChar = input_stream.readChar(); } + catch(java.io.IOException e) { return curPos; } + } +} +static final int[] jjnextStates = { + 11, 14, 8, 9, 1, 2, 12, 13, 15, 17, +}; +private static final boolean jjCanMove_0(int hiByte, int i1, int i2, long l1, long l2) +{ + switch(hiByte) + { + case 0: + return ((jjbitVec2[i2] & l2) != 0L); + default : + if ((jjbitVec0[i1] & l1) != 0L) + return true; + return false; + } +} + +/** Token literal values. */ +public static final String[] jjstrLiteralImages = { +"", null, null, null, null, "\54", "\75", "\134", null, null, null, }; + +/** Lexer state names. */ +public static final String[] lexStateNames = { + "DEFAULT", +}; +static final long[] jjtoToken = { + 0x7e1L, +}; +static final long[] jjtoSkip = { + 0x1eL, +}; +protected JavaCharStream input_stream; +private final int[] jjrounds = new int[18]; +private final int[] jjstateSet = new int[36]; +protected char curChar; +/** Constructor. */ +public ISEParserTokenManager(JavaCharStream stream){ + if (JavaCharStream.staticFlag) + throw new Error("ERROR: Cannot use a static CharStream class with a non-static lexical analyzer."); + input_stream = stream; +} + +/** Constructor. */ +public ISEParserTokenManager(JavaCharStream stream, int lexState){ + this(stream); + SwitchTo(lexState); +} + +/** Reinitialise parser. */ +public void ReInit(JavaCharStream stream) +{ + jjmatchedPos = jjnewStateCnt = 0; + curLexState = defaultLexState; + input_stream = stream; + ReInitRounds(); +} +private void ReInitRounds() +{ + int i; + jjround = 0x80000001; + for (i = 18; i-- > 0;) + jjrounds[i] = 0x80000000; +} + +/** Reinitialise parser. */ +public void ReInit(JavaCharStream stream, int lexState) +{ + ReInit(stream); + SwitchTo(lexState); +} + +/** Switch to specified lex state. */ +public void SwitchTo(int lexState) +{ + if (lexState >= 1 || lexState < 0) + throw new TokenMgrError("Error: Ignoring invalid lexical state : " + lexState + ". State unchanged.", TokenMgrError.INVALID_LEXICAL_STATE); + else + curLexState = lexState; +} + +protected Token jjFillToken() +{ + final Token t; + final String curTokenImage; + final int beginLine; + final int endLine; + final int beginColumn; + final int endColumn; + String im = jjstrLiteralImages[jjmatchedKind]; + curTokenImage = (im == null) ? input_stream.GetImage() : im; + beginLine = input_stream.getBeginLine(); + beginColumn = input_stream.getBeginColumn(); + endLine = input_stream.getEndLine(); + endColumn = input_stream.getEndColumn(); + t = Token.newToken(jjmatchedKind, curTokenImage); + + t.beginLine = beginLine; + t.endLine = endLine; + t.beginColumn = beginColumn; + t.endColumn = endColumn; + + return t; +} + +int curLexState = 0; +int defaultLexState = 0; +int jjnewStateCnt; +int jjround; +int jjmatchedPos; +int jjmatchedKind; + +/** Get the next Token. */ +public Token getNextToken() +{ + Token matchedToken; + int curPos = 0; + + EOFLoop : + for (;;) + { + try + { + curChar = input_stream.BeginToken(); + } + catch(java.io.IOException e) + { + jjmatchedKind = 0; + matchedToken = jjFillToken(); + return matchedToken; + } + + jjmatchedKind = 0x7fffffff; + jjmatchedPos = 0; + curPos = jjMoveStringLiteralDfa0_0(); + if (jjmatchedKind != 0x7fffffff) + { + if (jjmatchedPos + 1 < curPos) + input_stream.backup(curPos - jjmatchedPos - 1); + if ((jjtoToken[jjmatchedKind >> 6] & (1L << (jjmatchedKind & 077))) != 0L) + { + matchedToken = jjFillToken(); + return matchedToken; + } + else + { + continue EOFLoop; + } + } + int error_line = input_stream.getEndLine(); + int error_column = input_stream.getEndColumn(); + String error_after = null; + boolean EOFSeen = false; + try { input_stream.readChar(); input_stream.backup(1); } + catch (java.io.IOException e1) { + EOFSeen = true; + error_after = curPos <= 1 ? "" : input_stream.GetImage(); + if (curChar == '\n' || curChar == '\r') { + error_line++; + error_column = 0; + } + else + error_column++; + } + if (!EOFSeen) { + input_stream.backup(1); + error_after = curPos <= 1 ? "" : input_stream.GetImage(); + } + throw new TokenMgrError(EOFSeen, curLexState, error_line, error_column, error_after, curChar, TokenMgrError.LEXICAL_ERROR); + } +} + +private void jjCheckNAdd(int state) +{ + if (jjrounds[state] != jjround) + { + jjstateSet[jjnewStateCnt++] = state; + jjrounds[state] = jjround; + } +} +private void jjAddStates(int start, int end) +{ + do { + jjstateSet[jjnewStateCnt++] = jjnextStates[start]; + } while (start++ != end); +} +private void jjCheckNAddTwoStates(int state1, int state2) +{ + jjCheckNAdd(state1); + jjCheckNAdd(state2); +} + +}