Рефакторинг оборачивания сырого события в конверт, подготовка к фиче …

…с оборачиваем всех необёрнутых событий.
zBlurr · Jul 25, 2023 · a6157c1 · a6157c1
1 parent 3502ca9
commit a6157c1
Show file tree

Hide file tree

Showing 7 changed files with 194 additions and 147 deletions.
diff --git a/client/src/helpers/testHelper.ts b/client/src/helpers/testHelper.ts
@@ -94,6 +94,11 @@ export class TestHelper {
 	 * @returns строка с сырыми событиями, в которых json-события сжаты
 	 * TODO: возвращать список сжатых событий
 	 */
+	/**
+	 * Сжатие json-событий.
+	 * @param rawEvents строка с сырыми событиями
+	 * @returns строка с сырыми событиями, в которых json-события сжаты
+	 */
 	public static compressRawEvents(rawEvents: string) : string {
 
 		if(!rawEvents) {
@@ -147,6 +152,12 @@ export class TestHelper {
 		return comressedRawEvents.trim();
 	}
 
+	public static compressRawEvent(rawEvent: string) : string {
+		const eventObject = JSON.parse(rawEvent);
+		const compressedJson = JSON.stringify(eventObject);
+		return compressedJson;
+	}
+
 	public static compressTestCode(testCode: string) {
 		const compressedNormalizedEventReg = /{\s+"[\s\S]*\s+}$/gm;
 

diff --git a/client/src/models/enveloper.ts b/client/src/models/enveloper.ts
@@ -16,21 +16,23 @@ export class Enveloper {
 		}
 
 		// Проверяем, если исходное событие в формате xml (EventViewer)
-		let rawEventsTrimmed = rawEvents.trim();
+		const rawEventsTrimmed = rawEvents.trim();
 		if(this.isRawEventXml(rawEventsTrimmed)) {
-			rawEventsTrimmed = this.convertXmlRawEventsToJson(rawEventsTrimmed);
+			const convertedXmlEvents = this.convertXmlRawEventsToJson(rawEventsTrimmed);
+			return this.addEventsToEnvelope(convertedXmlEvents, mimeType);
 		}
 
 		if(this.isEnvelopedEvents(rawEventsTrimmed)) {
 			throw new XpException("Конверт для событий уже добавлен.");
 		}
 
-		// Сжали список событий и обернули в конверт.
-		const compressedRawEvents = TestHelper.compressRawEvents(rawEventsTrimmed);
-		const envelopedRawEvents = this.addEventsToEnvelope(compressedRawEvents, mimeType);
-		const envelopedRawEventsString = envelopedRawEvents.join('\n');
+		// Сжимаем json-события 
+		const compressedRawEventsString = TestHelper.compressRawEvents(rawEventsTrimmed);
+		const compressedRawEvents = compressedRawEventsString.split(Enveloper.END_OF_LINE);
 
-		return envelopedRawEventsString;
+		// Добавляем каждому конверт
+		const envelopedRawEvents = this.addEventsToEnvelope(compressedRawEvents, mimeType);
+		return envelopedRawEvents;
 	}
 
 	public static isRawEventXml(rawEvent : string) : any {
@@ -85,55 +87,52 @@ export class Enveloper {
 	 * @param mimeType тип событий
 	 * @returns массив сырых событий, в котором каждое событие обёрнуто в конверт заданного типа и начинается с новой строки
 	 */
-	public static addEventsToEnvelope(compressedRawEvents : string, mimeType : EventMimeType) : string[] {
+	public static addEventsToEnvelope(compressedRawEvents : string[], mimeType : EventMimeType) : string[] {
 		const newRawEvents = [];
 
-		const trimmedCompressedRawEvents = compressedRawEvents.trim();
+		for(let index = 0; index < compressedRawEvents.length; index++) {
 
-		trimmedCompressedRawEvents.split("\n").forEach(
-			(rawEvent, index) => {
-
-				if(rawEvent === "") {
-					return;
-				}
+			let rawEvent = compressedRawEvents[index];
+			if(rawEvent === "") {
+				return;
+			}
 
-				// Убираем пустое поле в начале при копироваине из SIEM-а группы (одного) события
-				// importance = low и info добавляет пустое поле
-				// importance = medium добавляет поле medium
-				const regCorrection = /^"(?:medium)?","(.*?)"$/;
-				const regExResult = rawEvent.match(regCorrection);
-				if(regExResult && regExResult.length == 2) {
-					rawEvent = regExResult[1];
-				}
-
-				// '2012-11-04T14:51:06.157Z'
-				const date = new Date().toISOString();
-				const uuidSeed = index + 1;
-
-				const envelopedRawEvents = {
-					body : rawEvent,
-					recv_ipv4 : "127.0.0.1",
-					recv_time : date.toString(),
-					task_id : '00000000-0000-0000-0000-000000000000',
-					tag : "some_tag",
-					mime : mimeType,
-					normalized : false,
-					input_id : "00000000-0000-0000-0000-000000000000",
-					type : "raw",
-					uuid : uuidv4(uuidSeed)
-				};
-
-				const newRawEvent = JSON.stringify(envelopedRawEvents);
-				newRawEvents.push(newRawEvent);
+			// Убираем пустое поле в начале при копироваине из SIEM-а группы (одного) события
+			// importance = low и info добавляет пустое поле
+			// importance = medium добавляет поле medium
+			const regCorrection = /^"(?:medium)?","(.*?)"$/;
+			const regExResult = rawEvent.match(regCorrection);
+			if(regExResult && regExResult.length == 2) {
+				rawEvent = regExResult[1];
 			}
-		);
+
+			// '2012-11-04T14:51:06.157Z'
+			const date = new Date().toISOString();
+			const uuidSeed = index + 1;
+
+			const envelopedRawEvents = {
+				body : rawEvent,
+				recv_ipv4 : "127.0.0.1",
+				recv_time : date.toString(),
+				task_id : '00000000-0000-0000-0000-000000000000',
+				tag : "some_tag",
+				mime : mimeType,
+				normalized : false,
+				input_id : "00000000-0000-0000-0000-000000000000",
+				type : "raw",
+				uuid : uuidv4(uuidSeed)
+			};
+
+			const newRawEvent = JSON.stringify(envelopedRawEvents);
+			newRawEvents.push(newRawEvent);
+		}
 
 		return newRawEvents;
 	}
 
-	public static convertXmlRawEventsToJson(xmlRawEvent : string) : string {
+	public static convertXmlRawEventsToJson(xmlRawEvent : string) : string[] {
 
-		let resultJson = "";
+		const events : string[] = [];
 		const xmlRawEventCorrected = xmlRawEvent
 			.replace(/^- <Event /gm, "<Event ")
 			.replace(/^- <System>/gm, "<System>")
@@ -155,9 +154,12 @@ export class Enveloper {
 			// Исправляем xml.
 			const resultXmlRawEvent = jsonEventString.replace(/_@ttribute/gm, "text");
 
-			resultJson += resultXmlRawEvent + "\n";
+			events.push(resultXmlRawEvent);
 		}
 
-		return resultJson;
+		return events;
 	}
+
+	// TODO: решить вопрос с визуализацией и кроссплатформенностью.
+	public static END_OF_LINE = "\n";
 }
diff --git a/client/src/test/testHelper/testHelper.compressRawEvents.test.ts b/client/src/test/testHelper/testHelper.compressRawEvents.test.ts
@@ -7,7 +7,7 @@ suite('TestHelper.compressRawEvents', async () => {
 
 	test('Сжатие одного события с новыми строками', async () => {
 
-const rawEventsFromSIEM = 
+		const rawEventsFromSIEM = 
 `{
 	"Event": {
 		"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event",
@@ -75,9 +75,9 @@ const rawEventsFromSIEM =
 	}
 }`;
 
-		const formatedTestCode = TestHelper.compressRawEvents(rawEventsFromSIEM);
+		const compressedRawEventsString = TestHelper.compressRawEvents(rawEventsFromSIEM);
 
-		const lines = formatedTestCode.split("\n");
+		const lines = compressedRawEventsString.split("\n");
 		assert.strictEqual(lines.length, 1);
 	});