[jira] [Commented] (NIFI-3726) Create FuzzyHash comparison processor

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-3726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15988728#comment-15988728
 ] 

ASF GitHub Bot commented on NIFI-3726:
--------------------------------------

Github user trixpan commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1692#discussion_r113918024
  
    --- Diff: 
nifi-nar-bundles/nifi-cybersecurity-bundle/nifi-cybersecurity-processors/src/main/java/org/apache/nifi/processors/cybersecurity/CompareFuzzyHash.java
 ---
    @@ -183,38 +181,24 @@ public void onTrigger(ProcessContext context, 
ProcessSession session) throws Pro
                 return;
             }
     
    -        Digest inputDigest = null;
    -        SpamSum spamSum = null;
    +        FuzzyHashMatcher fuzzyHashMatcher = null;
     
             switch (algorithm) {
                 case tlsh:
    -                // In case we are using TLSH, makes sense to create the 
source Digest just once
    -                inputDigest = compareStringToTLSHDigest(inputHash);
    -                // we test the validation for null (failed)
    -                if (inputDigest == null) {
    -                    // and if that is the case we log
    -                    logger.error("Invalid hash provided. Sending to 
failure");
    -                    //  and send to failure
    -                    session.transfer(flowFile, REL_FAILURE);
    -                    session.commit();
    -                    return;
    -                }
    +                fuzzyHashMatcher = new TLSHHashMatcher(getLogger());
                     break;
                 case ssdeep:
    -                // However, in SSDEEP, the compare function uses the two 
desired strings.
    -                // So we try a poor man validation (the SpamSum comparison 
function seems to
    -                // be resilient enough but we still want to route to 
failure in case it
    -                // clearly bogus data
    -                if (looksLikeSpamSum(inputHash) == true) {
    -                    spamSum = new SpamSum();
    -                } else {
    -                    // and if that is the case we log
    -                    logger.error("Invalid hash provided. Sending to 
failure");
    -                    //  and send to failure
    -                    session.transfer(flowFile, REL_FAILURE);
    -                    session.commit();
    -                    return;
    -                }
    +                fuzzyHashMatcher = new SSDeepHashMatcher(getLogger());
    +                break;
    +        }
    +
    +        if (fuzzyHashMatcher.isValidHash(inputHash) == false) {
    --- End diff --
    
    introduced a `default` to `switch(algorithm)` so that we don't get here 
with null anymore.


> Create FuzzyHash comparison processor
> -------------------------------------
>
>                 Key: NIFI-3726
>                 URL: https://issues.apache.org/jira/browse/NIFI-3726
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Andre F de Miranda
>            Assignee: Andre F de Miranda
>
> Now that NiFi cyber-security package supports "Fuzzy Hashing" it may be a 
> good idea to support a processor that makes use of it for comparison and 
> routing of matches



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)