Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/586#discussion_r119243250
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/bro/BasicBroParserTest.java
---
@@ -68,27 +68,29 @@ public void testDecimalFormatAssumptions() {
}
public void testUnwrappedBroMessage() throws ParseException {
- String rawMessage =
"{\"timestamp\":1449511228.474,\"uid\":\"CFgSLp4HgsGqXnNjZi\",\"source_ip\":\"104.130.172.191\",\"source_port\":33893,\"dest_ip\":\"69.20.0.164\",\"dest_port\":53,\"proto\":\"udp\",\"trans_id\":3514,\"rcode\":3,\"rcode_name\":\"NXDOMAIN\",\"AA\":false,\"TC\":false,\"RD\":false,\"RA\":false,\"Z\":0,\"rejected\":false,\"sensor\":\"cloudbro\",\"type\":\"dns\"}";
+ String rawMessage =
"{\"ts\":1449511228.474,\"uid\":\"CFgSLp4HgsGqXnNjZi\",\"id.orig_h\":\"104.130.172.191\",\"id.orig_p\":33893,\"id.resp_h\":\"69.20.0.164\",\"id.resp_p\":53,\"proto\":\"udp\",\"trans_id\":3514,\"rcode\":3,\"rcode_name\":\"NXDOMAIN\",\"AA\":false,\"TC\":false,\"RD\":false,\"RA\":false,\"Z\":0,\"rejected\":false,\"sensor\":\"cloudbro\",\"type\":\"dns\"}";
--- End diff --
I'd like to see these pulled out and using `@Multiline` for readability.
Given that it's not currently in this format, I'm not opposed to just leaving
it, but it does make it easier to understand at a glance. Given that these all
get touched anyway right now, it seems like the perfect time to refactor it.
Example:
```
/**
* {
* "ts":1449511228.474,
* "uid":"CFgSLp4HgsGqXnNjZi",
* "id.orig_h":"104.130.172.191",
* "id.orig_p":33893,
* "id.resp_h":"69.20.0.164",
* "id.resp_p":53,
* "proto":"udp",
* "trans_id":3514,
* "rcode":3,
* "rcode_name":"NXDOMAIN",
* "AA":false,
* "TC":false,
* "RD":false,
* "RA":false,
* "Z":0,
* "rejected":false,
* "sensor":"cloudbro",
* "type":"dns"
* }
*/
@Multiline
public static String unwrappedBroMessage;
public void testUnwrappedBroMessage() throws ParseException {
JSONObject rawJson =
(JSONObject)jsonParser.parse(unwrappedBroMessage);
JSONObject broJson =
broParser.parse(unwrappedBroMessage.getBytes()).get(0);
String expectedBroTimestamp = "1449511228.474";
Assert.assertEquals(broJson.get("bro_timestamp"),
expectedBroTimestamp);
String expectedTimestamp = "1449511228474";
Assert.assertEquals(broJson.get("timestamp").toString(),
expectedTimestamp);
Assert.assertEquals(broJson.get("ip_src_addr").toString(),
rawJson.get("id.orig_h").toString());
Assert.assertEquals(broJson.get("ip_dst_addr").toString(),
rawJson.get("id.resp_h").toString());
Assert.assertEquals(broJson.get("ip_src_port"),
rawJson.get("id.orig_p"));
Assert.assertEquals(broJson.get("ip_dst_port"),
rawJson.get("id.resp_p"));
Assert.assertEquals(broJson.get("uid").toString(),
rawJson.get("uid").toString());
Assert.assertEquals(broJson.get("trans_id").toString(),
rawJson.get("trans_id").toString());
Assert.assertEquals(broJson.get("sensor").toString(),
rawJson.get("sensor").toString());
Assert.assertEquals(broJson.get("type").toString(),
rawJson.get("type").toString());
Assert.assertEquals(broJson.get("rcode").toString(),
rawJson.get("rcode").toString());
Assert.assertEquals(broJson.get("rcode_name").toString(),
rawJson.get("rcode_name").toString());
Assert.assertTrue(broJson.get("original_string").toString().startsWith("DNS"));
}
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
