fgerlits commented on code in PR #1515: URL: https://github.com/apache/nifi-minifi-cpp/pull/1515#discussion_r1121668279
########## extensions/windows-event-log/wel/JSONUtils.cpp: ########## @@ -67,6 +59,29 @@ rapidjson::Value xmlDocumentToJSON(const pugi::xml_node& node, rapidjson::Docume return children; } +void simplifiedGenericXmlToJson(const pugi::xml_node& node, rapidjson::Value& val, rapidjson::Document& doc, bool flatten = false) { Review Comment: these parameters could have better names, e.g `const pugi::xml_node& source, rapidjson::Value& target, rapidjson::Document& allocator_provider` ########## extensions/windows-event-log/tests/ConsumeWindowsEventLogTests.cpp: ########## @@ -469,4 +470,65 @@ TEST_CASE("ConsumeWindowsEventLog batch commit size works", "[onTrigger]") { batchCommitSizeTestHelper(5, 0, 5); } +TEST_CASE("ConsumeWindowsEventLog Simple JSON works with UserData", "[cwel][json][userdata]") { + using org::apache::nifi::minifi::wel::jsonToString; + using org::apache::nifi::minifi::wel::toSimpleJSON; + using org::apache::nifi::minifi::wel::toFlattenedJSON; + const auto event_xml = R"( +<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> + <System> + <Provider Name="Microsoft-Windows-AppLocker" Guid="CBDA4DBF-8D5D-4F69-9578-BE14AA540D22"> + </Provider> + <EventID>8002</EventID> + <Version>0</Version> + <Level>4</Level> + <Task>0</Task> + <Opcode>0</Opcode> + <Keywords>0x8000000000000000</Keywords> + <TimeCreated SystemTime="2023-02-06T16:58:09.008534Z"> + </TimeCreated> + <EventRecordID>46</EventRecordID> + <Correlation> + </Correlation> + <Execution ProcessID="1234" ThreadID="1235"> + </Execution> + <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel> + <Computer>example.local</Computer> + <Security UserID="S-1-1-0"> + </Security> + </System> + <UserData> + <RuleAndFileData xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0"> + <PolicyNameLength>3</PolicyNameLength> + <PolicyName>EXE</PolicyName> + <RuleNameLength>9</RuleNameLength> + <RuleName>All files</RuleName> + <RuleSddlLength>48</RuleSddlLength> + <RuleSddl>D:(XA;;FX;;;S-1-1-0;(APPID://PATH Contains "*"))</RuleSddl> + <TargetUser>S-1-1-0</TargetUser> + <TargetProcessId>1234</TargetProcessId> + <FilePathLength>22</FilePathLength> + <FilePath>%SYSTEM32%\CSCRIPT.EXE</FilePath> + <FileHashLength>0</FileHashLength> + <FileHash></FileHash> + <FqbnLength>1</FqbnLength> + <Fqbn>-</Fqbn> + </RuleAndFileData> Review Comment: can you add some nodes with attributes inside `UserData` to check & document what happens to `<Parent foo="bar"><Child/></Parent>` and `<Leaf foo="bar"></Leaf>` (maybe also `<AltLeaf foo="bar"/>`), please? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org