Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule context can be modified within rule #526

Merged
merged 2 commits into from
Dec 12, 2017
Merged

Rule context can be modified within rule #526

merged 2 commits into from
Dec 12, 2017

Conversation

javuto
Copy link
Contributor

@javuto javuto commented Dec 12, 2017

to: @ryandeivert @jacknagz
cc: @airbnb/streamalert-maintainers
size: small

Background

Context was added to rules to be able to extract information from the rule record and be utilized after (for example, outputs). This code makes that alteration possible and adds test for it.

Changes

  • If context is used, it will be passed as argument of the rule.
  • Test to verify the added code.

Testing

$ rm .coverage && ./tests/scripts/unit_tests.sh
...
TOTAL                                                    2951     94    97%
----------------------------------------------------------------------
Ran 501 tests in 8.074s

OK

$ ./tests/scripts/pylint.sh

--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)

$ python manage.py lambda test --processor rule all
...
StreamAlertCLI [INFO]: (60/60) Successful Tests
StreamAlertCLI [INFO]: (93/93) Alert Tests Passed
StreamAlertCLI [INFO]: Completed

@javuto javuto added this to the 1.6.0 milestone Dec 12, 2017
@coveralls
Copy link

Coverage Status

Coverage increased (+0.003%) to 95.569% when pulling db6ecfe on javier-streamalert-modify-context into 9d532ab on master.

ryandeivert
ryandeivert reviewed Dec 12, 2017
View reviewed changes
stream_alert/rule_processor/rules_engine.py
if rule.context:
rule_result = rule.rule_function(record, rule.context)
else:
rule_result = rule.rule_function(record)
except Exception: # pylint: disable=broad-except
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@javuto I know this isn't part of your changes, but can you get rid of this except Exception: line and just have this be try: ... except: ... . This would get rid of that pylint disable message too

ryandeivert
ryandeivert approved these changes Dec 12, 2017
View reviewed changes
Copy link
Contributor

@ryandeivert ryandeivert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments that should be addressed but LGTM!

tests/unit/stream_alert_rule_processor/test_rules_engine.py Outdated
# process payloads
alerts = self.rules_engine.process(payload)

print alerts
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rouge print statement should be removed

tests/unit/stream_alert_rule_processor/test_rules_engine.py
@rule(logs=['test_log_type_json_nested_with_data'],
outputs=['s3:sample_bucket'],
context={'assigned_user': 'not_set', 'assigned_policy': 'not_set2'})
def modify_context_test(rec, context): # pylint: disable=unused-variable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you shouldn't need this # pylint: disable=unused-variable do you?

@coveralls
Copy link

Coverage Status

Coverage increased (+0.003%) to 95.569% when pulling 308bac4 on javier-streamalert-modify-context into 9d532ab on master.

@javuto javuto merged commit 560c0f7 into master Dec 12, 2017
@javuto javuto deleted the javier-streamalert-modify-context branch December 12, 2017 23:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryandeivert ryandeivert ryandeivert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.6.0
Development

Successfully merging this pull request may close these issues.
3 participants
@javuto @coveralls @ryandeivert