[jira] [Updated] (METRON-711) StellarShell assigns variables even if an exception was thrown in the statement.

Sat, 05 Aug 2017 19:20:04 -0700 

     [ 
https://issues.apache.org/jira/browse/METRON-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Otto Fowler updated METRON-711:
-------------------------------
    Affects Version/s: 0.4.1

> StellarShell assigns variables even if an exception was thrown in the 
> statement.
> --------------------------------------------------------------------------------
>
>                 Key: METRON-711
>                 URL: https://issues.apache.org/jira/browse/METRON-711
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>            Reporter: Justin Leet
>            Assignee: Otto Fowler
>            Priority: Minor
>
> Discovered while reviewing 
> https://github.com/apache/incubator-metron/pull/438.
> If an exception is thrown during Stellar execution, the exception will be 
> logged, and null is returned.  The assignment then goes through as normal, 
> leaving the assigned variable null.
> Seen using THREAT_TRIAGE_REMOVE with a String arg, instead of a List.  
> Resulted in a null conf variable.
> {code}
> [Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage])
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, 'Abnormal DNS Port')
> [!] Unable to execute: java.lang.String cannot be cast to java.util.List
> org.apache.metron.common.dsl.ParseException: Unable to execute: 
> java.lang.String cannot be cast to java.util.List
>       at 
> org.apache.metron.common.stellar.StellarCompiler.getResult(StellarCompiler.java:409)
>       at 
> org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:127)
>       at 
> org.apache.metron.common.stellar.shell.StellarExecutor.execute(StellarExecutor.java:275)
>       at 
> org.apache.metron.common.stellar.shell.StellarShell.executeStellar(StellarShell.java:373)
>       at 
> org.apache.metron.common.stellar.shell.StellarShell.handleStellar(StellarShell.java:276)
>       at 
> org.apache.metron.common.stellar.shell.StellarShell.execute(StellarShell.java:412)
>       at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to 
> java.util.List
>       at 
> org.apache.metron.management.ThreatTriageFunctions$RemoveStellarTransformation.apply(ThreatTriageFunctions.java:232)
>       at 
> org.apache.metron.common.stellar.StellarCompiler.exitTransformationFunc(StellarCompiler.java:267)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser$TransformationFuncContext.exitRule(StellarParser.java:1689)
>       at org.antlr.v4.runtime.Parser.triggerExitRuleEvent(Parser.java:422)
>       at org.antlr.v4.runtime.Parser.exitRule(Parser.java:632)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.functions(StellarParser.java:1712)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.arithmetic_operands(StellarParser.java:1846)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr_mul(StellarParser.java:1609)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr(StellarParser.java:1469)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.transformation_expr(StellarParser.java:308)
>       at 
> org.apache.metron.common.stellar.generated.StellarParser.transformation(StellarParser.java:149)
>       at 
> org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:126)
>       ... 8 more
> [Stellar]>>> conf
> [Stellar]>>> conf
> [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, ['Abnormal DNS Port'])
> [Stellar]>>> conf
> {
>   "enrichment" : {
>     "fieldMap" : { },
>     "fieldToTypeMap" : { },
>     "config" : { }
>   },
>   "threatIntel" : {
>     "fieldMap" : { },
>     "fieldToTypeMap" : { },
>     "config" : { },
>     "triageConfig" : {
>       "riskLevelRules" : [ ],
>       "aggregator" : "MAX",
>       "aggregationConfig" : { }
>     }
>   },
>   "configuration" : { }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to