plunk 0.0.8 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/plunk/parser.rb +22 -5
  4. data/plunk.gemspec +1 -1
  5. data/spec/boolean_spec.rb +3 -3
  6. data/spec/nested_search_spec.rb +15 -6
  7. data/spec/shared/basic.rb +5 -0
  8. data/spec/shared/field_value.rb +7 -0
  9. data/spec/shared/last.rb +6 -0
  10. metadata +4 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 599c26a054ac47928ba6b476dcf62c2731b07305
4
- data.tar.gz: d10dbfe0b2c3d3d26611a509b1e699bc42b8e412
3
+ metadata.gz: f4dfac5efa2e55552472e25e7c690597f9897f54
4
+ data.tar.gz: dcd5d467953d34343a7bb3a1a2f52ed9a1a40293
5
5
  SHA512:
6
- metadata.gz: 1f5facdc7cedcfdb9a94d7f51a148ad72319b1ebd55ae54449c6e860f6a173149da2f5ec95697ef2a7e23bcd2af46535154bfba46030345864f07ab2c244144d
7
- data.tar.gz: 0b8b372f4b1b5ca0ae46cfcb3d2214e68dcc5490432b9117bb02d84f8e2cbf564f8322b961d385eb0ea57116e1b4b3b2b542d16f105364702573c8a4a0a56ec9
6
+ metadata.gz: 883e88718a5af4fdd8bb7e636cf4a1621a24b6dd8b15e00d94b1bdeb5c147944daa24ba04672b3496b6adedf6576e3c9a5b89b9e82d444e1d44ffeb414c60111
7
+ data.tar.gz: 4c1403380786063af8680102e108650e769883568f38aa7434f75da71abb7991d567ecc5264f19f3f4721a364700f700670f258ef711d624a7115853f24d58fa
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- plunk (0.0.7)
4
+ plunk (0.0.8)
5
5
  activesupport
6
6
  json
7
7
  parslet
data/lib/plunk/parser.rb CHANGED
@@ -1,6 +1,11 @@
1
1
  require 'parslet'
2
2
 
3
3
  class Plunk::Parser < Parslet::Parser
4
+
5
+ def parenthesized(atom)
6
+ lparen >> atom >> rparen
7
+ end
8
+
4
9
  # Single character rules
5
10
  rule(:lparen) { str('(') >> space? }
6
11
  rule(:rparen) { str(')') >> space? }
@@ -21,6 +26,8 @@ class Plunk::Parser < Parslet::Parser
21
26
  rule(:wildcard) { match('[a-zA-Z0-9.*]').repeat(1) }
22
27
  rule(:searchop) { match('[=]').as(:op) }
23
28
 
29
+ rule(:query_value) { wildcard | integer }
30
+
24
31
  # boolean operators search
25
32
  rule(:concatop) { (str('OR') | str('AND')) >> space? }
26
33
  rule(:operator) { match('[|]').as(:op) >> space? }
@@ -30,9 +37,19 @@ class Plunk::Parser < Parslet::Parser
30
37
 
31
38
  # Grammar parts
32
39
  rule(:rhs) {
33
- regexp | subsearch | integer | wildcard |
34
- (lparen >> (space? >> (wildcard | integer) >>
35
- (space >> concatop).maybe).repeat(1) >> rparen).maybe
40
+ regexp | subsearch | integer | wildcard | booleanop
41
+ }
42
+
43
+ rule(:boolean_value) {
44
+ booleanparen | query_value
45
+ }
46
+
47
+ rule(:booleanop) {
48
+ boolean_value >> (space >> concatop >> boolean_value).repeat
49
+ }
50
+
51
+ rule(:booleanparen) {
52
+ lparen >> space? >> booleanop >> space? >> rparen
36
53
  }
37
54
 
38
55
  rule(:regexp) {
@@ -58,9 +75,9 @@ class Plunk::Parser < Parslet::Parser
58
75
  }
59
76
 
60
77
  rule(:nested_search) {
61
- match('[^|]').repeat.as(:initial_query) >> str('|') >> space? >>
78
+ # match('[^|]').repeat.as(:initial_query) >> str('|') >> space? >>
79
+ job.as(:initial_query) >> space? >> str('|') >> space? >>
62
80
  match('[^`]').repeat.as(:extractors)
63
- # job >> str('|') >> space? >>
64
81
  }
65
82
 
66
83
  rule(:paren) {
data/plunk.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "plunk"
3
- s.version = "0.0.8"
3
+ s.version = "0.0.9"
4
4
  s.date = "2013-12-03"
5
5
  s.add_runtime_dependency "json"
6
6
  s.add_runtime_dependency "parslet"
data/spec/boolean_spec.rb CHANGED
@@ -7,9 +7,9 @@ describe 'boolean searches' do
7
7
  end
8
8
 
9
9
  it 'should parse a single field / value complex boolean expression' do
10
- @parsed = @parser.parse 'ids.attackers=(bar OR car)'
11
- expect(@parsed[:field].to_s).to eq 'ids.attackers'
12
- expect(@parsed[:value].to_s).to eq '(bar OR car)'
10
+ @parsed = @parser.parse 'baz=(foo OR bar AND (bar OR fez))'
11
+ expect(@parsed[:field].to_s).to eq 'baz'
12
+ expect(@parsed[:value].to_s).to eq '(foo OR bar AND (bar OR fez))'
13
13
  expect(@parsed[:op].to_s).to eq '='
14
14
  end
15
15
 
data/spec/nested_search_spec.rb CHANGED
@@ -5,7 +5,7 @@ describe 'nested searches' do
5
5
  @parsed = @parser.parse 'tshark.len = ` 226 | tshark.frame.time_epoch,tshark.ip.src`'
6
6
  expect(@parsed[:field].to_s).to eq 'tshark.len'
7
7
  expect(@parsed[:op].to_s).to eq '='
8
- expect(@parsed[:value][:initial_query].to_s).to eq '226 '
8
+ expect(@parsed[:value][:initial_query][:match].to_s).to eq '226 '
9
9
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
10
10
  end
11
11
 
@@ -13,7 +13,9 @@ describe 'nested searches' do
13
13
  @parsed = @parser.parse 'tshark.len = ` cif.malicious_ips=/foo/ | tshark.frame.time_epoch,tshark.ip.src`'
14
14
  expect(@parsed[:field].to_s).to eq 'tshark.len'
15
15
  expect(@parsed[:op].to_s).to eq '='
16
- expect(@parsed[:value][:initial_query].to_s).to eq 'cif.malicious_ips=/foo/ '
16
+ expect(@parsed[:value][:initial_query][:field].to_s).to eq 'cif.malicious_ips'
17
+ expect(@parsed[:value][:initial_query][:op].to_s).to eq '='
18
+ expect(@parsed[:value][:initial_query][:value].to_s).to eq '/foo/'
17
19
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
18
20
  end
19
21
 
@@ -21,7 +23,7 @@ describe 'nested searches' do
21
23
  @parsed = @parser.parse 'tshark.len = `(foo OR bar) | tshark.frame.time_epoch,tshark.ip.src`'
22
24
  expect(@parsed[:field].to_s).to eq 'tshark.len'
23
25
  expect(@parsed[:op].to_s).to eq '='
24
- expect(@parsed[:value][:initial_query].to_s).to eq '(foo OR bar) '
26
+ expect(@parsed[:value][:initial_query][:match].to_s).to eq '(foo OR bar) '
25
27
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
26
28
  end
27
29
 
@@ -29,7 +31,9 @@ describe 'nested searches' do
29
31
  @parsed = @parser.parse 'tshark.len = `baz=(foo OR bar AND (bar OR fez)) | tshark.frame.time_epoch,tshark.ip.src`'
30
32
  expect(@parsed[:field].to_s).to eq 'tshark.len'
31
33
  expect(@parsed[:op].to_s).to eq '='
32
- expect(@parsed[:value][:initial_query].to_s).to eq 'baz=(foo OR bar AND (bar OR fez)) '
34
+ expect(@parsed[:value][:initial_query][:field].to_s).to eq 'baz'
35
+ expect(@parsed[:value][:initial_query][:op].to_s).to eq '='
36
+ expect(@parsed[:value][:initial_query][:value].to_s).to eq '(foo OR bar AND (bar OR fez)) '
33
37
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
34
38
  end
35
39
 
@@ -37,7 +41,8 @@ describe 'nested searches' do
37
41
  @parsed = @parser.parse 'tshark.len = `last 24h | tshark.frame.time_epoch,tshark.ip.src`'
38
42
  expect(@parsed[:field].to_s).to eq 'tshark.len'
39
43
  expect(@parsed[:op].to_s).to eq '='
40
- expect(@parsed[:value][:initial_query].to_s).to eq 'last 24h '
44
+ expect(@parsed[:value][:initial_query][:timerange][:quantity].to_s).to eq '24'
45
+ expect(@parsed[:value][:initial_query][:timerange][:quantifier].to_s).to eq 'h'
41
46
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
42
47
  end
43
48
 
@@ -45,7 +50,11 @@ describe 'nested searches' do
45
50
  @parsed = @parser.parse 'tshark.len = `last 24h foo=bar | tshark.frame.time_epoch,tshark.ip.src`'
46
51
  expect(@parsed[:field].to_s).to eq 'tshark.len'
47
52
  expect(@parsed[:op].to_s).to eq '='
48
- expect(@parsed[:value][:initial_query].to_s).to eq 'last 24h foo=bar '
53
+ expect(@parsed[:value][:initial_query][:timerange][:quantity].to_s).to eq '24'
54
+ expect(@parsed[:value][:initial_query][:timerange][:quantifier].to_s).to eq 'h'
55
+ expect(@parsed[:value][:initial_query][:search][:field].to_s).to eq 'foo'
56
+ expect(@parsed[:value][:initial_query][:search][:op].to_s).to eq '='
57
+ expect(@parsed[:value][:initial_query][:search][:value].to_s).to eq 'bar'
49
58
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
50
59
  end
51
60
  end
data/spec/shared/basic.rb ADDED
@@ -0,0 +1,5 @@
1
+ shared_examples 'basic' do
2
+ describe 'string' do
3
+ expect(query[:match].to_s).to eq expected[:match]
4
+ end
5
+ end
data/spec/shared/field_value.rb ADDED
@@ -0,0 +1,7 @@
1
+ shared_examples 'field / value' do
2
+ describe 'basic' do
3
+ expect(query[:field].to_s).to eq expected[:field]
4
+ expect(query[:value].to_s).to eq expected[:value]
5
+ expect(query[:op].to_s).to eq expected[:op]
6
+ end
7
+ end
data/spec/shared/last.rb ADDED
@@ -0,0 +1,6 @@
1
+ shared_examples 'last' do
2
+ describe 'basic' do
3
+ expect(query[:timerange][:quantity].to_s).to eq expected[:quantity]
4
+ expect(query[:timerange][:quantifier].to_s).to eq expected[:quantifier]
5
+ end
6
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: plunk
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ram Mehta
@@ -108,6 +108,9 @@ files:
108
108
  - spec/last_spec.rb
109
109
  - spec/nested_search_spec.rb
110
110
  - spec/regexp_spec.rb
111
+ - spec/shared/basic.rb
112
+ - spec/shared/field_value.rb
113
+ - spec/shared/last.rb
111
114
  - spec/spec_helper.rb
112
115
  homepage: https://github.com/elbii/plunk
113
116
  licenses: