fgerlits commented on code in PR #1515:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1515#discussion_r1121668279
##########
extensions/windows-event-log/wel/JSONUtils.cpp:
##########
@@ -67,6 +59,29 @@ rapidjson::Value xmlDocumentToJSON(const pugi::xml_node&
node, rapidjson::Docume
return children;
}
+void simplifiedGenericXmlToJson(const pugi::xml_node& node, rapidjson::Value&
val, rapidjson::Document& doc, bool flatten = false) {
Review Comment:
these parameters could have better names, e.g `const pugi::xml_node& source,
rapidjson::Value& target, rapidjson::Document& allocator_provider`
##########
extensions/windows-event-log/tests/ConsumeWindowsEventLogTests.cpp:
##########
@@ -469,4 +470,65 @@ TEST_CASE("ConsumeWindowsEventLog batch commit size
works", "[onTrigger]") {
batchCommitSizeTestHelper(5, 0, 5);
}
+TEST_CASE("ConsumeWindowsEventLog Simple JSON works with UserData",
"[cwel][json][userdata]") {
+ using org::apache::nifi::minifi::wel::jsonToString;
+ using org::apache::nifi::minifi::wel::toSimpleJSON;
+ using org::apache::nifi::minifi::wel::toFlattenedJSON;
+ const auto event_xml = R"(
+<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
+ <System>
+ <Provider Name="Microsoft-Windows-AppLocker"
Guid="CBDA4DBF-8D5D-4F69-9578-BE14AA540D22">
+ </Provider>
+ <EventID>8002</EventID>
+ <Version>0</Version>
+ <Level>4</Level>
+ <Task>0</Task>
+ <Opcode>0</Opcode>
+ <Keywords>0x8000000000000000</Keywords>
+ <TimeCreated SystemTime="2023-02-06T16:58:09.008534Z">
+ </TimeCreated>
+ <EventRecordID>46</EventRecordID>
+ <Correlation>
+ </Correlation>
+ <Execution ProcessID="1234" ThreadID="1235">
+ </Execution>
+ <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel>
+ <Computer>example.local</Computer>
+ <Security UserID="S-1-1-0">
+ </Security>
+ </System>
+ <UserData>
+ <RuleAndFileData
xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0";>
+ <PolicyNameLength>3</PolicyNameLength>
+ <PolicyName>EXE</PolicyName>
+ <RuleNameLength>9</RuleNameLength>
+ <RuleName>All files</RuleName>
+ <RuleSddlLength>48</RuleSddlLength>
+ <RuleSddl>D:(XA;;FX;;;S-1-1-0;(APPID://PATH Contains
"*"))</RuleSddl>
+ <TargetUser>S-1-1-0</TargetUser>
+ <TargetProcessId>1234</TargetProcessId>
+ <FilePathLength>22</FilePathLength>
+ <FilePath>%SYSTEM32%\CSCRIPT.EXE</FilePath>
+ <FileHashLength>0</FileHashLength>
+ <FileHash></FileHash>
+ <FqbnLength>1</FqbnLength>
+ <Fqbn>-</Fqbn>
+ </RuleAndFileData>
Review Comment:
can you add some nodes with attributes inside `UserData` to check & document
what happens to `<Parent foo="bar"><Child/></Parent>` and `<Leaf
foo="bar"></Leaf>` (maybe also `<AltLeaf foo="bar"/>`), please?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
