[ https://issues.apache.org/jira/browse/NIFI-1965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15397358#comment-15397358 ]
ASF GitHub Bot commented on NIFI-1965: -------------------------------------- Github user trixpan commented on a diff in the pull request: https://github.com/apache/nifi/pull/496#discussion_r72596717 --- Diff: nifi-nar-bundles/nifi-enrich-bundle/nifi-enrich-processors/src/main/java/org/apache/nifi/processors/enrich/QueryDNS.java --- @@ -0,0 +1,269 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.enrich; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Hashtable; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; +import javax.naming.Context; +import javax.naming.NameNotFoundException; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.DirContext; +import javax.naming.directory.InitialDirContext; + +import org.apache.commons.lang3.StringUtils; + +import org.apache.nifi.annotation.behavior.EventDriven; +import org.apache.nifi.annotation.behavior.InputRequirement; +import org.apache.nifi.annotation.behavior.SideEffectFree; +import org.apache.nifi.annotation.behavior.SupportsBatching; +import org.apache.nifi.annotation.behavior.WritesAttribute; +import org.apache.nifi.annotation.behavior.WritesAttributes; +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.annotation.lifecycle.OnScheduled; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.flowfile.FlowFile; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.ProcessSession; +import org.apache.nifi.processor.Relationship; +import org.apache.nifi.processor.exception.ProcessException; +import org.apache.nifi.processor.util.StandardValidators; + + +@EventDriven +@SideEffectFree +@SupportsBatching +@Tags({"dns", "enrich", "ip"}) +@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED) +@CapabilityDescription("A powerful DNS query processor primary designed to enrich DataFlows with DNS based APIs " + + "(e.g. RBLs, ShadowServer's ASN lookup) but that can be also used to perform regular DNS lookups.") +@WritesAttributes({ + @WritesAttribute(attribute = "enrich.dns.record*.group*", description = "The captured fields of the DNS query response for each of the records received"), +}) +public class QueryDNS extends AbstractEnrichProcessor { + + public static final PropertyDescriptor DNS_QUERY_TYPE = new PropertyDescriptor.Builder() + .name("DNS Query Type") + .description("The DNS query type to be used by the processor (e.g. TXT, A)") + .required(true) + .defaultValue("TXT") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + public static final PropertyDescriptor DNS_SERVER = new PropertyDescriptor.Builder() + .name("DNS Servers") + .description("A comma separated list of DNS servers to be used. (Defaults to system wide if none is used)") + .required(false) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + public static final PropertyDescriptor DNS_TIMEOUT = new PropertyDescriptor.Builder() + .name("DNS Query Timeout") + .description("The amount of milliseconds to wait until considering a query as failed") + .required(true) + .defaultValue("1500") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + public static final PropertyDescriptor DNS_RETRIES = new PropertyDescriptor.Builder() + .name("DNS Query Retries") + .description("The number of attempts before giving up and moving on") + .required(true) + .defaultValue("1") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + + private final static List<PropertyDescriptor> propertyDescriptors; + private final static Set<Relationship> relationships; + + private DirContext ictx; + + // Assign the default and generally used contextFactory value + private String contextFactory = com.sun.jndi.dns.DnsContextFactory.class.getName();; + + static { + List<PropertyDescriptor> props = new ArrayList<>(); + props.add(QUERY_INPUT); + props.add(QUERY_PARSER); + props.add(QUERY_PARSER_INPUT); + props.add(DNS_RETRIES); + props.add(DNS_TIMEOUT); + props.add(DNS_SERVER); + props.add(DNS_QUERY_TYPE); + propertyDescriptors = Collections.unmodifiableList(props); + + Set<Relationship> rels = new HashSet<>(); + rels.add(REL_FOUND); + rels.add(REL_NOT_FOUND); + relationships = Collections.unmodifiableSet(rels); + } + + private AtomicBoolean initialized; + + @Override + protected List<PropertyDescriptor> getSupportedPropertyDescriptors() { + return propertyDescriptors; + } + + @Override + public Set<Relationship> getRelationships() { + return relationships; + } + + @Override + public void onTrigger(ProcessContext context, ProcessSession session) throws ProcessException { + try { + initializeResolver(context); + } catch (Exception e) { + context.yield(); + throw new ProcessException("Failed to initialize the JNDI DNS resolver server", e); + } + + FlowFile flowFile = session.get(); + if (flowFile == null) { + return; + } + + final String queryType = context.getProperty(DNS_QUERY_TYPE).getValue(); + final String queryInput = context.getProperty(QUERY_INPUT).evaluateAttributeExpressions(flowFile).getValue(); + final String queryParser = context.getProperty(QUERY_PARSER).getValue(); + final String queryRegex = context.getProperty(QUERY_PARSER_INPUT).getValue(); + final String dnsServer = context.getProperty(DNS_SERVER).getValue(); --- End diff -- addressed. left over of a previous iteration of the code. > Create a QueryDNS processor > --------------------------- > > Key: NIFI-1965 > URL: https://issues.apache.org/jira/browse/NIFI-1965 > Project: Apache NiFi > Issue Type: Bug > Reporter: Andre > > As part of a data pipeline security teams frequently must enrich data using > DNS enabled APIs such as: > ShadowServer BGP and ASN lookup via DNS > https://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP#toc7 > Team Cymru Malware Hash Registry > http://www.team-cymru.org/MHR.html > Spamhaus (SBL, XBL, etc) > and others > QueryDNS will use an expression language enabled property to run a query > against DNS and add the raw result to an attribute (for later processing if > necessary). -- This message was sent by Atlassian JIRA (v6.3.4#6332)