http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java new file mode 100644 index 0000000..0b21c38 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.NumberUtil; + +import java.io.IOException; + +/** + * Template node describing structure of xml to be rendered into + */ +public class TemplateNode extends BxmlNode { + private final int nextOffset; + private final UnsignedInteger templateId; + private final String guid; + private final int dataLength; + + public TemplateNode(BinaryReader binaryReader, ChunkHeader chunkHeader) throws IOException { + super(binaryReader, chunkHeader, null); + nextOffset = NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE, "Invalid offset."); + + //TemplateId and Guid overlap + templateId = new BinaryReader(binaryReader, binaryReader.getPosition()).readDWord(); + guid = binaryReader.readGuid(); + dataLength = NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE - 0x18, "Data length too large."); + init(); + } + + @Override + public String toString() { + return "TemplateNode{" + + "nextOffset=" + nextOffset + + ", templateId=" + templateId + + ", guid='" + guid + '\'' + + ", dataLength=" + dataLength + + '}'; + } + + public int getNextOffset() { + return nextOffset; + } + + public UnsignedInteger getTemplateId() { + return templateId; + } + + public String getGuid() { + return guid; + } + + public int getDataLength() { + return dataLength; + } + + @Override + public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException { + bxmlNodeVisitor.visit(this); + } +}
http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java new file mode 100644 index 0000000..013ffb7 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.value.BXmlTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.BinaryTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.BooleanTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.DoubleTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.FiletimeTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.FloatTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.GuidTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.Hex32TypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.Hex64TypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.NullTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SIDTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SignedByteTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SignedDWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SignedQWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SignedWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SizeTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.StringTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.SystemtimeTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedByteTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedDWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedQWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedWordTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.VariantTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.VariantTypeNodeFactory; +import org.apache.nifi.processors.evtx.parser.bxml.value.WStringArrayTypeNode; +import org.apache.nifi.processors.evtx.parser.bxml.value.WStringTypeNode; + +import java.io.IOException; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Node type that has one VariantTypeNode child + */ +public class ValueNode extends BxmlNodeWithToken { + public static final Map<Integer, VariantTypeNodeFactory> factories = initFactories(); + private final int type; + + public ValueNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent) throws IOException { + super(binaryReader, chunkHeader, parent); + if ((getFlags() & 0x0B) != 0) { + throw new IOException("Invalid flag"); + } + type = binaryReader.read(); + init(); + } + + private static final Map<Integer, VariantTypeNodeFactory> initFactories() { + Map<Integer, VariantTypeNodeFactory> result = new HashMap<>(); + result.put(0, NullTypeNode::new); + result.put(1, WStringTypeNode::new); + result.put(2, StringTypeNode::new); + result.put(3, SignedByteTypeNode::new); + result.put(4, UnsignedByteTypeNode::new); + result.put(5, SignedWordTypeNode::new); + result.put(6, UnsignedWordTypeNode::new); + result.put(7, SignedDWordTypeNode::new); + result.put(8, UnsignedDWordTypeNode::new); + result.put(9, SignedQWordTypeNode::new); + result.put(10, UnsignedQWordTypeNode::new); + result.put(11, FloatTypeNode::new); + result.put(12, DoubleTypeNode::new); + result.put(13, BooleanTypeNode::new); + result.put(14, BinaryTypeNode::new); + result.put(15, GuidTypeNode::new); + result.put(16, SizeTypeNode::new); + result.put(17, FiletimeTypeNode::new); + result.put(18, SystemtimeTypeNode::new); + result.put(19, SIDTypeNode::new); + result.put(20, Hex32TypeNode::new); + result.put(21, Hex64TypeNode::new); + result.put(33, BXmlTypeNode::new); + result.put(129, WStringArrayTypeNode::new); + return Collections.unmodifiableMap(result); + } + + @Override + protected List<BxmlNode> initChildren() throws IOException { + VariantTypeNode variantTypeNode = factories.get(type).create(getBinaryReader(), getChunkHeader(), this, -1); + return Collections.singletonList(variantTypeNode); + } + + @Override + public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException { + bxmlNodeVisitor.visit(this); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java new file mode 100644 index 0000000..06761d9 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; +import org.apache.nifi.processors.evtx.parser.bxml.RootNode; + +import java.io.IOException; + +/** + * Node containing an embedded root node + */ +public class BXmlTypeNode extends VariantTypeNode { + private final RootNode rootNode; + + public BXmlTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + rootNode = new RootNode(binaryReader, chunkHeader, this); + } + + public RootNode getRootNode() { + return rootNode; + } + + @Override + public String getValue() { + return rootNode.toString(); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java new file mode 100644 index 0000000..4188356 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.NumberUtil; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing consisting of base64 encoded binary content + */ +public class BinaryTypeNode extends VariantTypeNode { + private final String value; + + public BinaryTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + if (length >= 0) { + value = binaryReader.readAndBase64EncodeBinary(length); + } else { + value = binaryReader.readAndBase64EncodeBinary(NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE, "Invalid string length.")); + } + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java new file mode 100644 index 0000000..c2d666d --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node that is true if the signed value is greater than 0 + */ +public class BooleanTypeNode extends VariantTypeNode { + private final boolean value; + + public BooleanTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + UnsignedInteger unsignedInteger = binaryReader.readDWord(); + value = unsignedInteger.intValue() > 0; + } + + @Override + public String getValue() { + return Boolean.toString(value); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java new file mode 100644 index 0000000..91fb4ed --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedLong; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a double value + */ +public class DoubleTypeNode extends VariantTypeNode { + private final double value; + + public DoubleTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + UnsignedLong unsignedLong = binaryReader.readQWord(); + value = Double.longBitsToDouble(unsignedLong.longValue()); + } + + @Override + public String getValue() { + return Double.toString(value); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java new file mode 100644 index 0000000..aa78362 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.TimeZone; + +/** + * Node containing a windows file time + */ +public class FiletimeTypeNode extends VariantTypeNode { + private final String value; + + public FiletimeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = getFormat().format(binaryReader.readFileTime()); + } + + public static final SimpleDateFormat getFormat() { + SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS"); + simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC")); + return simpleDateFormat; + } + + @Override + public String getValue() { + return value.toString(); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java new file mode 100644 index 0000000..58d582e --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a float + */ +public class FloatTypeNode extends VariantTypeNode { + private final float value; + + public FloatTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + UnsignedInteger unsignedInteger = binaryReader.readDWord(); + value = Float.intBitsToFloat(unsignedInteger.intValue()); + } + + @Override + public String getValue() { + return Float.toString(value); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java new file mode 100644 index 0000000..ec7b590 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a guid + */ +public class GuidTypeNode extends VariantTypeNode { + private final String value; + + public GuidTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readGuid(); + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java new file mode 100644 index 0000000..70df156 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containging a 32 bit hex value + */ +public class Hex32TypeNode extends VariantTypeNode { + private final String value; + + public Hex32TypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = "0x" + binaryReader.readDWord().toString(16); + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java new file mode 100644 index 0000000..7024c58 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a 64 bit hex value + */ +public class Hex64TypeNode extends VariantTypeNode { + private final String value; + + public Hex64TypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = "0x" + binaryReader.readQWord().toString(16); + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java new file mode 100644 index 0000000..66f9751 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing null value + */ +public class NullTypeNode extends VariantTypeNode { + public NullTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + } + + @Override + public String getValue() { + return ""; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java new file mode 100644 index 0000000..20f3e80 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing an SID + */ +public class SIDTypeNode extends VariantTypeNode { + private final String value; + + public SIDTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + int version = binaryReader.read(); + int num_elements = binaryReader.read(); + UnsignedInteger id_high = binaryReader.readDWordBE(); + int id_low = binaryReader.readWordBE(); + StringBuilder builder = new StringBuilder("S-"); + builder.append(version); + builder.append("-"); + builder.append((id_high.longValue() << 16) ^ id_low); + for (int i = 0; i < num_elements; i++) { + builder.append("-"); + builder.append(binaryReader.readDWord()); + } + value = builder.toString(); + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java new file mode 100644 index 0000000..8ab5835 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a signed byte value + */ +public class SignedByteTypeNode extends VariantTypeNode { + private byte value; + + public SignedByteTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = (byte) binaryReader.read(); + } + + @Override + public String getValue() { + return "" + value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java new file mode 100644 index 0000000..651dd2c --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node contianing a signed 32 bit value + */ +public class SignedDWordTypeNode extends VariantTypeNode { + private final UnsignedInteger value; + + public SignedDWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readDWord(); + } + + @Override + public String getValue() { + return Integer.toString(value.intValue()); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java new file mode 100644 index 0000000..3b01ff0 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedLong; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a signed 64 bit value + */ +public class SignedQWordTypeNode extends VariantTypeNode { + private final UnsignedLong value; + + public SignedQWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readQWord(); + } + + @Override + public String getValue() { + return Long.toString(value.longValue()); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java new file mode 100644 index 0000000..15e72e7 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a signed 16 bit value + */ +public class SignedWordTypeNode extends VariantTypeNode { + private final int value; + + public SignedWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readWord(); + } + + @Override + public String getValue() { + return Short.toString((short) value); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java new file mode 100644 index 0000000..e229706 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a size value + */ +public class SizeTypeNode extends VariantTypeNode { + private final Number value; + + public SizeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + if (length == 4) { + value = binaryReader.readDWord(); + } else { + value = binaryReader.readQWord(); + } + } + + @Override + public String getValue() { + return value.toString(); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java new file mode 100644 index 0000000..4eb82c9 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing a string (ascii) + */ +public class StringTypeNode extends VariantTypeNode { + private final String value; + + public StringTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + if (length >= 0) { + value = binaryReader.readString(length); + } else { + value = binaryReader.readString(binaryReader.readWord()); + } + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java new file mode 100644 index 0000000..af5c9c0 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.TimeZone; + +/** + * Node containing a system timestamp + */ +public class SystemtimeTypeNode extends VariantTypeNode { + private final String value; + + public SystemtimeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + int year = binaryReader.readWord(); + int month = binaryReader.readWord(); + int dayOfWeek = binaryReader.readWord(); + int day = binaryReader.readWord(); + int hour = binaryReader.readWord(); + int minute = binaryReader.readWord(); + int second = binaryReader.readWord(); + int millisecond = binaryReader.readWord(); + Calendar calendar = Calendar.getInstance(); + calendar.set(year, month, day, hour, minute, second); + calendar.set(Calendar.MILLISECOND, millisecond); + value = getFormat().format(calendar.getTime()); + } + + public static final SimpleDateFormat getFormat() { + SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS"); + simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC")); + return simpleDateFormat; + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java new file mode 100644 index 0000000..9645579 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Unsigned byte value + */ +public class UnsignedByteTypeNode extends VariantTypeNode { + private int value; + + public UnsignedByteTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = Byte.toUnsignedInt((byte) binaryReader.read()); + } + + @Override + public String getValue() { + return "" + value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java new file mode 100644 index 0000000..66ab492 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedInteger; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Unsigned 32 bit value + */ +public class UnsignedDWordTypeNode extends VariantTypeNode { + private final UnsignedInteger value; + + public UnsignedDWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readDWord(); + } + + @Override + public String getValue() { + return value.toString(); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java new file mode 100644 index 0000000..3efdc37 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import com.google.common.primitives.UnsignedLong; +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Unsigned 64 bit value + */ +public class UnsignedQWordTypeNode extends VariantTypeNode { + private final UnsignedLong value; + + public UnsignedQWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readQWord(); + } + + @Override + public String getValue() { + return value.toString(); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java new file mode 100644 index 0000000..52efbf1 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Unsigned 16 bit value + */ +public class UnsignedWordTypeNode extends VariantTypeNode { + private final int value; + + public UnsignedWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + value = binaryReader.readWord(); + } + + @Override + public String getValue() { + return Integer.toString(value); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java new file mode 100644 index 0000000..dc8236a --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; +import java.util.Collections; +import java.util.List; + +/** + * Parent class for variant nodes (they all have no children) + */ +public abstract class VariantTypeNode extends BxmlNode { + private final int length; + + public VariantTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent); + this.length = length; + init(); + } + + @Override + protected List<BxmlNode> initChildren() throws IOException { + return Collections.emptyList(); + } + + public abstract String getValue(); + + @Override + public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException { + bxmlNodeVisitor.visit(this); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java new file mode 100644 index 0000000..9906a84 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +public interface VariantTypeNodeFactory { + VariantTypeNode create(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException; +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java new file mode 100644 index 0000000..b301a60 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; +import org.apache.nifi.stream.io.ByteArrayOutputStream; + +import javax.xml.stream.XMLOutputFactory; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamWriter; +import java.io.IOException; + +/** + * Node representing an array of wstring values + */ +public class WStringArrayTypeNode extends VariantTypeNode { + public static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newFactory(); + private final String value; + + public WStringArrayTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + String raw; + if (length >= 0) { + raw = binaryReader.readWString(length / 2); + } else { + int binaryLength = binaryReader.readWord(); + raw = binaryReader.readWString(binaryLength / 2); + } + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + try { + XMLStreamWriter xmlStreamWriter = XML_OUTPUT_FACTORY.createXMLStreamWriter(stream, "UTF-8"); + for (String s : raw.split("\u0000")) { + xmlStreamWriter.writeStartElement("string"); + try { + xmlStreamWriter.writeCharacters(s); + } finally { + xmlStreamWriter.writeEndElement(); + } + } + xmlStreamWriter.close(); + } catch (XMLStreamException e) { + throw new IOException(e); + } + value = stream.toString("UTF-8"); + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java new file mode 100644 index 0000000..9ccdcf9 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx.parser.bxml.value; + +import org.apache.nifi.processors.evtx.parser.BinaryReader; +import org.apache.nifi.processors.evtx.parser.ChunkHeader; +import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode; + +import java.io.IOException; + +/** + * Node containing string read as UTF16_LE + */ +public class WStringTypeNode extends VariantTypeNode { + private final String value; + + public WStringTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException { + super(binaryReader, chunkHeader, parent, length); + if (length >= 0) { + value = binaryReader.readWString(length / 2); + } else { + int characters = binaryReader.readWord(); + value = binaryReader.readWString(characters); + } + } + + @Override + public String getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor new file mode 100644 index 0000000..ed0e17a --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor @@ -0,0 +1,17 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +org.apache.nifi.processors.evtx.ParseEvtx http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html new file mode 100644 index 0000000..faa5baa --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html @@ -0,0 +1,91 @@ +<!DOCTYPE html> +<html lang="en"> + <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + <head> + <meta charset="utf-8" /> + <title>ParseEvtx</title> + + <link rel="stylesheet" href="../../css/component-usage.css" type="text/css" /> + </head> + + <body> + <!-- Processor Documentation ================================================== --> + <h2>Description:</h2> + <p>This processor is used to parse Windows event logs in the binary evtx format. The input flow files' content should be evtx files. The processor has 4 outputs: + <ul> + <li>The original unmodified FlowFile</li> + <li>The XML resulting from parsing at the configured granularity</li> + <li>Failed parsing with partial output</li> + <li>Malformed chunk in binary form</li> + </ul> + </p> + <h2>Output XML Example:</h2> + <p> + <pre> +<?xml version="1.0"?> +<Events> + <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> + <System> + <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" Ev +entSourceName="Service Control Manager"/> + <EventID Qualifiers="16384">7036</EventID> + <Version>0</Version> + <Level>4</Level> + <Task>0</Task> + <Opcode>0</Opcode> + <Keywords>0x8080000000000000</Keywords> + <TimeCreated SystemTime="2016-01-08 16:49:47.518"/> + <EventRecordID>780</EventRecordID> + <Correlation ActivityID="" RelatedActivityID=""/> + <Execution ProcessID="480" ThreadID="596"/> + <Channel>System</Channel> + <Computer>win7-pro-vm</Computer> + <Security UserID=""/> + </System> + <EventData> + <Data Name="param1">Workstation</Data> + <Data Name="param2">running</Data> + <Binary>TABhAG4AbQBhAG4AVwBvAHIAawBzAHQAYQB0AGkAbwBuAC8ANAAAAA==</Binary> + </EventData> + </Event> + <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> + <System> + <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager"/> + <EventID Qualifiers="16384">7036</EventID> + <Version>0</Version> + <Level>4</Level> + <Task>0</Task> + <Opcode>0</Opcode> + <Keywords>0x8080000000000000</Keywords> + <TimeCreated SystemTime="2016-01-08 16:49:47.535"/> + <EventRecordID>781</EventRecordID> + <Correlation ActivityID="" RelatedActivityID=""/> + <Execution ProcessID="480" ThreadID="576"/> + <Channel>System</Channel> + <Computer>win7-pro-vm</Computer> + <Security UserID=""/> + </System> + <EventData> + <Data Name="param1">Cryptographic Services</Data> + <Data Name="param2">running</Data> + <Binary>QwByAHkAcAB0AFMAdgBjAC8ANAAAAA==</Binary> + </EventData> + </Event> +</Events> + </pre> + </p> +</body> +</html> http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java new file mode 100644 index 0000000..1aa16a5 --- /dev/null +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.evtx; + +import com.google.common.net.MediaType; +import org.apache.nifi.flowfile.FlowFile; +import org.apache.nifi.flowfile.attributes.CoreAttributes; +import org.apache.nifi.processor.ProcessSession; +import org.apache.nifi.processor.Relationship; +import org.apache.nifi.processor.io.OutputStreamCallback; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.runners.MockitoJUnitRunner; + +import java.io.ByteArrayOutputStream; + +import static org.junit.Assert.assertArrayEquals; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class MalformedChunkHandlerTest { + Relationship badChunkRelationship; + + MalformedChunkHandler malformedChunkHandler; + + @Before + public void setup() { + badChunkRelationship = new Relationship.Builder().build(); + malformedChunkHandler = new MalformedChunkHandler(badChunkRelationship); + } + + @Test + public void testHandle() { + String name = "name"; + byte[] badChunk = {8}; + FlowFile original = mock(FlowFile.class); + FlowFile updated1 = mock(FlowFile.class); + FlowFile updated2 = mock(FlowFile.class); + FlowFile updated3 = mock(FlowFile.class); + FlowFile updated4 = mock(FlowFile.class); + ProcessSession session = mock(ProcessSession.class); + + when(session.create(original)).thenReturn(updated1); + when(session.putAttribute(updated1, CoreAttributes.FILENAME.key(), name)).thenReturn(updated2); + when(session.putAttribute(updated2, CoreAttributes.MIME_TYPE.key(), MediaType.APPLICATION_BINARY.toString())).thenReturn(updated3); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + when(session.write(eq(updated3), any(OutputStreamCallback.class))).thenAnswer(invocation -> { + ((OutputStreamCallback) invocation.getArguments()[1]).process(out); + return updated4; + }); + + malformedChunkHandler.handle(original, session, name, badChunk); + + verify(session).transfer(updated4, badChunkRelationship); + assertArrayEquals(badChunk, out.toByteArray()); + } +}