usiem/testing/
parsers.rs

1use crate::prelude::{
2    holder::DatasetHolder, FieldSchema, GeneratorConfig, LogGenerator, LogParser, LogParsingError,
3    SiemField, SiemLog,
4};
5
6pub struct DummyLogGenerator {}
7
8impl LogGenerator for DummyLogGenerator {
9    fn log(&self) -> String {
10        "This is a dummy log".to_string()
11    }
12
13    fn weight(&self) -> u8 {
14        1
15    }
16
17    fn configure(&mut self, _config: GeneratorConfig) {}
18}
19
20/// Parser that only parses a log if the message contains the word "DUMMY".
21///
22/// Adds an extra field called "parser" with the content "DummyParserText"
23#[derive(Clone, Default)]
24pub struct DummyParserText {
25    schema: FieldSchema,
26}
27impl DummyParserText {
28    pub fn new() -> Self {
29        Self {
30            schema: FieldSchema::new(),
31        }
32    }
33}
34
35impl LogParser for DummyParserText {
36    fn parse_log(
37        &self,
38        mut log: SiemLog,
39        _datasets: &DatasetHolder,
40    ) -> Result<SiemLog, LogParsingError> {
41        if !log.message().contains("DUMMY") {
42            return Err(LogParsingError::NoValidParser(log));
43        }
44        log.add_field("parser", SiemField::from_str_slice("DummyParserText"));
45        Ok(log)
46    }
47    fn name(&self) -> &'static str {
48        "DummyParserText"
49    }
50    fn description(&self) -> &'static str {
51        "This is a dummy that parsers if contains DUMMY in text"
52    }
53    fn schema(&self) -> &FieldSchema {
54        &self.schema
55    }
56
57    fn generator(&self) -> Box<dyn LogGenerator> {
58        Box::new(DummyLogGenerator {})
59    }
60}
61
62/// A simple parser that always parses logs.
63///
64/// Adds an extra field called "parser" with the content "DummyParserAll"
65#[derive(Clone, Default)]
66pub struct DummyParserAll {
67    schema: FieldSchema,
68}
69impl DummyParserAll {
70    pub fn new() -> Self {
71        Self {
72            schema: FieldSchema::new(),
73        }
74    }
75}
76
77impl LogParser for DummyParserAll {
78    fn parse_log(
79        &self,
80        mut log: SiemLog,
81        _datasets: &DatasetHolder,
82    ) -> Result<SiemLog, LogParsingError> {
83        log.add_field("parser", "DummyParserAll".into());
84        Ok(log)
85    }
86    fn name(&self) -> &'static str {
87        "DummyParserAll"
88    }
89    fn description(&self) -> &'static str {
90        "This is a dummy parser that always parses logs"
91    }
92    fn schema(&self) -> &FieldSchema {
93        &self.schema
94    }
95
96    fn generator(&self) -> Box<dyn LogGenerator> {
97        Box::new(DummyLogGenerator {})
98    }
99}
100
101/// Parser that always returns a parser error
102#[derive(Clone)]
103pub struct DummyParserError {
104    schema: FieldSchema,
105}
106impl Default for DummyParserError {
107    fn default() -> Self {
108        Self {
109            schema: FieldSchema::new(),
110        }
111    }
112}
113impl DummyParserError {
114    pub fn new() -> Self {
115        Self::default()
116    }
117}
118
119impl LogParser for DummyParserError {
120    fn parse_log(
121        &self,
122        log: SiemLog,
123        _datasets: &DatasetHolder,
124    ) -> Result<SiemLog, LogParsingError> {
125        Err(LogParsingError::ParserError(log, "Bug in parser".into()))
126    }
127    fn name(&self) -> &'static str {
128        "DummyParserError"
129    }
130    fn description(&self) -> &'static str {
131        "This is a parser that cannot parse because it has a bug"
132    }
133    fn schema(&self) -> &FieldSchema {
134        &self.schema
135    }
136
137    fn generator(&self) -> Box<dyn LogGenerator> {
138        Box::new(DummyLogGenerator {})
139    }
140}