From e6513799641d0573e6b89ef6faad642dc7bd2b71 Mon Sep 17 00:00:00 2001 From: he2ss Date: Fri, 10 Sep 2021 12:43:11 +0200 Subject: [PATCH] add jsonExtractUnescape Helper (#962) * add jsonExtractUnescape Helper --- pkg/exprhelpers/exprlib.go | 17 ++++++------ pkg/exprhelpers/jsonextract.go | 19 ++++++++++++++ pkg/exprhelpers/jsonextract_test.go | 40 +++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 8 deletions(-) diff --git a/pkg/exprhelpers/exprlib.go b/pkg/exprhelpers/exprlib.go index 510980528..4ef1c8eb5 100644 --- a/pkg/exprhelpers/exprlib.go +++ b/pkg/exprhelpers/exprlib.go @@ -33,14 +33,15 @@ func Upper(s string) string { func GetExprEnv(ctx map[string]interface{}) map[string]interface{} { var ExprLib = map[string]interface{}{ - "Atof": Atof, - "JsonExtract": JsonExtract, - "JsonExtractLib": JsonExtractLib, - "File": File, - "RegexpInFile": RegexpInFile, - "Upper": Upper, - "IpInRange": IpInRange, - "TimeNow": TimeNow, + "Atof": Atof, + "JsonExtract": JsonExtract, + "JsonExtractUnescape": JsonExtractUnescape, + "JsonExtractLib": JsonExtractLib, + "File": File, + "RegexpInFile": RegexpInFile, + "Upper": Upper, + "IpInRange": IpInRange, + "TimeNow": TimeNow, } for k, v := range ctx { ExprLib[k] = v diff --git a/pkg/exprhelpers/jsonextract.go b/pkg/exprhelpers/jsonextract.go index 125dd2176..1e3022df4 100644 --- a/pkg/exprhelpers/jsonextract.go +++ b/pkg/exprhelpers/jsonextract.go @@ -30,6 +30,25 @@ func JsonExtractLib(jsblob string, target ...string) string { return strvalue } +func JsonExtractUnescape(jsblob string, target ...string) string { + value, err := jsonparser.GetString( + jsonparser.StringToBytes(jsblob), + target..., + ) + + if err != nil { + if err == jsonparser.KeyPathNotFoundError { + log.Debugf("%+v doesn't exist", target) + return "" + } + log.Errorf("JsonExtractUnescape : %+v : %s", target, err) + return "" + } + log.Tracef("extract path %+v", target) + strvalue := string(value) + return strvalue +} + func JsonExtract(jsblob string, target string) string { if !strings.HasPrefix(target, "[") { target = strings.Replace(target, "[", ".[", -1) diff --git a/pkg/exprhelpers/jsonextract_test.go b/pkg/exprhelpers/jsonextract_test.go index 6694dc1b1..1e3563348 100644 --- a/pkg/exprhelpers/jsonextract_test.go +++ b/pkg/exprhelpers/jsonextract_test.go @@ -47,3 +47,43 @@ func TestJsonExtract(t *testing.T) { } } +func TestJsonExtractUnescape(t *testing.T) { + if err := Init(); err != nil { + log.Fatalf(err.Error()) + } + + err := FileInit(TestFolder, "test_data_re.txt", "regex") + if err != nil { + log.Fatalf(err.Error()) + } + + tests := []struct { + name string + jsonBlob string + targetField string + expectResult string + }{ + { + name: "basic json extract", + jsonBlob: `{"log" : "\"GET /JBNwtQ6i.blt HTTP/1.1\" 200 13 \"-\" \"Craftbot\""}`, + targetField: "log", + expectResult: "\"GET /JBNwtQ6i.blt HTTP/1.1\" 200 13 \"-\" \"Craftbot\"", + }, + { + name: "basic json extract with non existing field", + jsonBlob: `{"test" : "1234"}`, + targetField: "non_existing_field", + expectResult: "", + }, + } + + for _, test := range tests { + result := JsonExtractUnescape(test.jsonBlob, test.targetField) + isOk := assert.Equal(t, test.expectResult, result) + if !isOk { + t.Fatalf("test '%s' failed", test.name) + } + log.Printf("test '%s' : OK", test.name) + } + +}