[jira] [Created] (METRON-711) StellarShell assigns variables even if an exception was thrown in the statement.

Thu, 09 Feb 2017 12:54:06 -0800 

Justin Leet created METRON-711:
----------------------------------

             Summary: StellarShell assigns variables even if an exception was 
thrown in the statement.
                 Key: METRON-711
                 URL: https://issues.apache.org/jira/browse/METRON-711
             Project: Metron
          Issue Type: Bug
            Reporter: Justin Leet
            Assignee: Justin Leet
            Priority: Minor


Discovered while reviewing https://github.com/apache/incubator-metron/pull/438.

If an exception is thrown during Stellar execution, the exception will be 
logged, and null is returned.  The assignment then goes through as normal, 
leaving the assigned variable null.

Seen using THREAT_TRIAGE_REMOVE with a String arg, instead of a List.  Resulted 
in a null conf variable.

{code}
[Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage])
[Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, 'Abnormal DNS Port')
[!] Unable to execute: java.lang.String cannot be cast to java.util.List
org.apache.metron.common.dsl.ParseException: Unable to execute: 
java.lang.String cannot be cast to java.util.List
        at 
org.apache.metron.common.stellar.StellarCompiler.getResult(StellarCompiler.java:409)
        at 
org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:127)
        at 
org.apache.metron.common.stellar.shell.StellarExecutor.execute(StellarExecutor.java:275)
        at 
org.apache.metron.common.stellar.shell.StellarShell.executeStellar(StellarShell.java:373)
        at 
org.apache.metron.common.stellar.shell.StellarShell.handleStellar(StellarShell.java:276)
        at 
org.apache.metron.common.stellar.shell.StellarShell.execute(StellarShell.java:412)
        at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to 
java.util.List
        at 
org.apache.metron.management.ThreatTriageFunctions$RemoveStellarTransformation.apply(ThreatTriageFunctions.java:232)
        at 
org.apache.metron.common.stellar.StellarCompiler.exitTransformationFunc(StellarCompiler.java:267)
        at 
org.apache.metron.common.stellar.generated.StellarParser$TransformationFuncContext.exitRule(StellarParser.java:1689)
        at org.antlr.v4.runtime.Parser.triggerExitRuleEvent(Parser.java:422)
        at org.antlr.v4.runtime.Parser.exitRule(Parser.java:632)
        at 
org.apache.metron.common.stellar.generated.StellarParser.functions(StellarParser.java:1712)
        at 
org.apache.metron.common.stellar.generated.StellarParser.arithmetic_operands(StellarParser.java:1846)
        at 
org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr_mul(StellarParser.java:1609)
        at 
org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr(StellarParser.java:1469)
        at 
org.apache.metron.common.stellar.generated.StellarParser.transformation_expr(StellarParser.java:308)
        at 
org.apache.metron.common.stellar.generated.StellarParser.transformation(StellarParser.java:149)
        at 
org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:126)
        ... 8 more
[Stellar]>>> conf
[Stellar]>>> conf
[Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, ['Abnormal DNS Port'])
[Stellar]>>> conf
{
  "enrichment" : {
    "fieldMap" : { },
    "fieldToTypeMap" : { },
    "config" : { }
  },
  "threatIntel" : {
    "fieldMap" : { },
    "fieldToTypeMap" : { },
    "config" : { },
    "triageConfig" : {
      "riskLevelRules" : [ ],
      "aggregator" : "MAX",
      "aggregationConfig" : { }
    }
  },
  "configuration" : { }
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to