Merge pull request jtmelton#77 from dscrobonia/feature-storage-integr…

…ations-1 rule integration with file-based and in-memory storage
yadox · May 25, 2017 · 7c79296 · 7c79296
2 parents 8ada927 + d2dfcb1
commit 7c79296
Show file tree

Hide file tree

Showing 9 changed files with 389 additions and 54 deletions.
diff --git a/...alysis-rules/src/main/java/org/owasp/appsensor/analysis/AggregateEventAnalysisEngine.java b/...alysis-rules/src/main/java/org/owasp/appsensor/analysis/AggregateEventAnalysisEngine.java
@@ -309,7 +309,7 @@ protected DateTime findMostRecentAttackTime(Event triggerEvent, Rule rule) {
 		Collection<Attack> attacks = appSensorServer.getAttackStore().findAttacks(criteria);
 
 		for (Attack attack : attacks) {
-			if (attack.getRule().equals(rule)) {
+			if (attack.getRule().guidMatches(rule)) {
 				if (DateUtils.fromString(attack.getTimestamp()).isAfter(newest)) {
 					newest = DateUtils.fromString(attack.getTimestamp());
 				}

diff --git a/appsensor-core/src/main/java/org/owasp/appsensor/core/Attack.java b/appsensor-core/src/main/java/org/owasp/appsensor/core/Attack.java
@@ -168,6 +168,18 @@ public void setMetadata(Collection<KeyValuePair> metadata) {
 		this.metadata = metadata;
 	}
 
+	public String getName() {
+		String name = "";
+
+		if (this.rule == null) {
+			name = this.detectionPoint.getLabel();
+		} else {
+			name = this.rule.getName() == null ? this.rule.getGuid() : this.rule.getName();
+		}
+
+		return name;
+	}
+
 	@Override
 	public int hashCode() {
 		return new HashCodeBuilder(17,31).
@@ -214,4 +226,4 @@ public String toString() {
 			       toString();
 	}
 
-}
+}
diff --git a/appsensor-core/src/main/java/org/owasp/appsensor/core/rule/Rule.java b/appsensor-core/src/main/java/org/owasp/appsensor/core/rule/Rule.java
@@ -6,9 +6,11 @@
 import java.util.Set;
 
 import javax.persistence.*;
+import javax.xml.bind.annotation.XmlTransient;
 
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.ToStringBuilder;
+import org.codehaus.jackson.annotate.JsonProperty;
 import org.owasp.appsensor.core.DetectionPoint;
 import org.owasp.appsensor.core.IAppsensorEntity;
 import org.owasp.appsensor.core.Interval;
@@ -55,18 +57,21 @@ public class Rule implements IAppsensorEntity {
 	 * A Rule's window must be greater than or equal to the total of it's Expressions' windows.
 	 */
 	@ManyToOne(cascade = CascadeType.ALL)
+	@JsonProperty("window")
 	private Interval window;
 
 	/** The {@link Expression}s that build up a Rule
 	 * 	The order of the list corresponds to the temporal order of the expressions.
 	 */
 	@Transient
+	@JsonProperty("expressions")
 	private ArrayList<Expression> expressions;
 
 	/**
 	 * Set of {@link Response}s associated with given Rule.
 	 */
 	@Transient
+	@JsonProperty("responses")
 	private Collection<Response> responses = new ArrayList<Response>();
 
 	public Rule () {
@@ -121,28 +126,37 @@ public Rule setName(String name) {
 		return this;
 	}
 
+	@XmlTransient
+	@JsonProperty("window")
 	public Interval getWindow() {
 		return this.window;
 	}
 
+	@JsonProperty("window")
 	public Rule setWindow(Interval window) {
 		this.window = window;
 		return this;
 	}
 
+	@XmlTransient
+	@JsonProperty("expressions")
 	public ArrayList<Expression> getExpressions() {
 		return this.expressions;
 	}
 
+	@JsonProperty("expressions")
 	public Rule setExpressions(ArrayList<Expression> expression) {
 		this.expressions = expression;
 		return this;
 	}
 
+	@XmlTransient
+	@JsonProperty("responses")
 	public Collection<Response> getResponses() {
 		return this.responses;
 	}
 
+	@JsonProperty("responses")
 	public Rule setResponses(Collection<Response> responses) {
 		this.responses = responses;
 		return this;
@@ -187,6 +201,19 @@ public boolean typeAndThresholdContainsDetectionPoint(DetectionPoint detectionPo
 		return false;
 	}
 
+	/* checks whether other rule has same guid, i.e. is the same rule */
+	public boolean guidMatches(Rule other) {
+		if (other == null) {
+			throw new IllegalArgumentException("other must be non-null");
+		}
+
+		boolean matches = true;
+
+		matches &= (guid != null) ? guid.equals(other.getGuid()) : true;
+
+		return matches;
+	}
+
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj)
@@ -217,4 +244,4 @@ public String toString() {
 			       append("name", name).
 			       toString();
 	}
-}
+}
diff --git a/appsensor-core/src/main/java/org/owasp/appsensor/core/storage/AttackStore.java b/appsensor-core/src/main/java/org/owasp/appsensor/core/storage/AttackStore.java
@@ -127,9 +127,11 @@ protected Collection<Attack> findAttacks(SearchCriteria criteria, Collection<Att
 			}
 
 			//check rule match if rule specified
-			boolean ruleMatch = (rule != null) ?
-					rule.equals(attack.getRule()) : true;
-
+			boolean ruleMatch = true;
+			if (rule != null) {
+				ruleMatch = (attack.getRule() != null) ?
+					rule.guidMatches(attack.getRule()) : false;
+			}
 
 			DateTime attackTimestamp = DateUtils.fromString(attack.getTimestamp());
 
@@ -172,8 +174,12 @@ protected boolean isMatchingAttack(SearchCriteria criteria, Attack attack) {
 		boolean detectionPointMatch = (detectionPoint != null) ?
 				detectionPoint.typeAndThresholdMatches(attack.getDetectionPoint()) : true;
 
-		boolean ruleMatch = (rule != null) ?
-				rule.equals(attack.getRule()) : true;
+		//check rule match if rule specified
+		boolean ruleMatch = true;
+		if (rule != null) {
+			ruleMatch = (attack.getRule() != null) ?
+				rule.guidMatches(attack.getRule()) : false;
+		}
 
 		boolean earliestMatch = (earliest != null) ? earliest.isBefore(DateUtils.fromString(attack.getTimestamp())): true;
 
@@ -184,4 +190,4 @@ protected boolean isMatchingAttack(SearchCriteria criteria, Attack attack) {
 		return match;
 	}
 
-}
+}