plunk 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/plunk/parser.rb +22 -5
  4. data/plunk.gemspec +1 -1
  5. data/spec/boolean_spec.rb +3 -3
  6. data/spec/nested_search_spec.rb +15 -6
  7. data/spec/shared/basic.rb +5 -0
  8. data/spec/shared/field_value.rb +7 -0
  9. data/spec/shared/last.rb +6 -0
  10. metadata +4 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 599c26a054ac47928ba6b476dcf62c2731b07305
4
- data.tar.gz: d10dbfe0b2c3d3d26611a509b1e699bc42b8e412
3
+ metadata.gz: f4dfac5efa2e55552472e25e7c690597f9897f54
4
+ data.tar.gz: dcd5d467953d34343a7bb3a1a2f52ed9a1a40293
5
5
  SHA512:
6
- metadata.gz: 1f5facdc7cedcfdb9a94d7f51a148ad72319b1ebd55ae54449c6e860f6a173149da2f5ec95697ef2a7e23bcd2af46535154bfba46030345864f07ab2c244144d
7
- data.tar.gz: 0b8b372f4b1b5ca0ae46cfcb3d2214e68dcc5490432b9117bb02d84f8e2cbf564f8322b961d385eb0ea57116e1b4b3b2b542d16f105364702573c8a4a0a56ec9
6
+ metadata.gz: 883e88718a5af4fdd8bb7e636cf4a1621a24b6dd8b15e00d94b1bdeb5c147944daa24ba04672b3496b6adedf6576e3c9a5b89b9e82d444e1d44ffeb414c60111
7
+ data.tar.gz: 4c1403380786063af8680102e108650e769883568f38aa7434f75da71abb7991d567ecc5264f19f3f4721a364700f700670f258ef711d624a7115853f24d58fa
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- plunk (0.0.7)
4
+ plunk (0.0.8)
5
5
  activesupport
6
6
  json
7
7
  parslet
data/lib/plunk/parser.rb CHANGED
@@ -1,6 +1,11 @@
1
1
  require 'parslet'
2
2
 
3
3
  class Plunk::Parser < Parslet::Parser
4
+
5
+ def parenthesized(atom)
6
+ lparen >> atom >> rparen
7
+ end
8
+
4
9
  # Single character rules
5
10
  rule(:lparen) { str('(') >> space? }
6
11
  rule(:rparen) { str(')') >> space? }
@@ -21,6 +26,8 @@ class Plunk::Parser < Parslet::Parser
21
26
  rule(:wildcard) { match('[a-zA-Z0-9.*]').repeat(1) }
22
27
  rule(:searchop) { match('[=]').as(:op) }
23
28
 
29
+ rule(:query_value) { wildcard | integer }
30
+
24
31
  # boolean operators search
25
32
  rule(:concatop) { (str('OR') | str('AND')) >> space? }
26
33
  rule(:operator) { match('[|]').as(:op) >> space? }
@@ -30,9 +37,19 @@ class Plunk::Parser < Parslet::Parser
30
37
 
31
38
  # Grammar parts
32
39
  rule(:rhs) {
33
- regexp | subsearch | integer | wildcard |
34
- (lparen >> (space? >> (wildcard | integer) >>
35
- (space >> concatop).maybe).repeat(1) >> rparen).maybe
40
+ regexp | subsearch | integer | wildcard | booleanop
41
+ }
42
+
43
+ rule(:boolean_value) {
44
+ booleanparen | query_value
45
+ }
46
+
47
+ rule(:booleanop) {
48
+ boolean_value >> (space >> concatop >> boolean_value).repeat
49
+ }
50
+
51
+ rule(:booleanparen) {
52
+ lparen >> space? >> booleanop >> space? >> rparen
36
53
  }
37
54
 
38
55
  rule(:regexp) {
@@ -58,9 +75,9 @@ class Plunk::Parser < Parslet::Parser
58
75
  }
59
76
 
60
77
  rule(:nested_search) {
61
- match('[^|]').repeat.as(:initial_query) >> str('|') >> space? >>
78
+ # match('[^|]').repeat.as(:initial_query) >> str('|') >> space? >>
79
+ job.as(:initial_query) >> space? >> str('|') >> space? >>
62
80
  match('[^`]').repeat.as(:extractors)
63
- # job >> str('|') >> space? >>
64
81
  }
65
82
 
66
83
  rule(:paren) {
data/plunk.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "plunk"
3
- s.version = "0.0.8"
3
+ s.version = "0.0.9"
4
4
  s.date = "2013-12-03"
5
5
  s.add_runtime_dependency "json"
6
6
  s.add_runtime_dependency "parslet"
data/spec/boolean_spec.rb CHANGED
@@ -7,9 +7,9 @@ describe 'boolean searches' do
7
7
  end
8
8
 
9
9
  it 'should parse a single field / value complex boolean expression' do
10
- @parsed = @parser.parse 'ids.attackers=(bar OR car)'
11
- expect(@parsed[:field].to_s).to eq 'ids.attackers'
12
- expect(@parsed[:value].to_s).to eq '(bar OR car)'
10
+ @parsed = @parser.parse 'baz=(foo OR bar AND (bar OR fez))'
11
+ expect(@parsed[:field].to_s).to eq 'baz'
12
+ expect(@parsed[:value].to_s).to eq '(foo OR bar AND (bar OR fez))'
13
13
  expect(@parsed[:op].to_s).to eq '='
14
14
  end
15
15
 
data/spec/nested_search_spec.rb CHANGED
@@ -5,7 +5,7 @@ describe 'nested searches' do
5
5
  @parsed = @parser.parse 'tshark.len = ` 226 | tshark.frame.time_epoch,tshark.ip.src`'
6
6
  expect(@parsed[:field].to_s).to eq 'tshark.len'
7
7
  expect(@parsed[:op].to_s).to eq '='
8
- expect(@parsed[:value][:initial_query].to_s).to eq '226 '
8
+ expect(@parsed[:value][:initial_query][:match].to_s).to eq '226 '
9
9
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
10
10
  end
11
11
 
@@ -13,7 +13,9 @@ describe 'nested searches' do
13
13
  @parsed = @parser.parse 'tshark.len = ` cif.malicious_ips=/foo/ | tshark.frame.time_epoch,tshark.ip.src`'
14
14
  expect(@parsed[:field].to_s).to eq 'tshark.len'
15
15
  expect(@parsed[:op].to_s).to eq '='
16
- expect(@parsed[:value][:initial_query].to_s).to eq 'cif.malicious_ips=/foo/ '
16
+ expect(@parsed[:value][:initial_query][:field].to_s).to eq 'cif.malicious_ips'
17
+ expect(@parsed[:value][:initial_query][:op].to_s).to eq '='
18
+ expect(@parsed[:value][:initial_query][:value].to_s).to eq '/foo/'
17
19
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
18
20
  end
19
21
 
@@ -21,7 +23,7 @@ describe 'nested searches' do
21
23
  @parsed = @parser.parse 'tshark.len = `(foo OR bar) | tshark.frame.time_epoch,tshark.ip.src`'
22
24
  expect(@parsed[:field].to_s).to eq 'tshark.len'
23
25
  expect(@parsed[:op].to_s).to eq '='
24
- expect(@parsed[:value][:initial_query].to_s).to eq '(foo OR bar) '
26
+ expect(@parsed[:value][:initial_query][:match].to_s).to eq '(foo OR bar) '
25
27
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
26
28
  end
27
29
 
@@ -29,7 +31,9 @@ describe 'nested searches' do
29
31
  @parsed = @parser.parse 'tshark.len = `baz=(foo OR bar AND (bar OR fez)) | tshark.frame.time_epoch,tshark.ip.src`'
30
32
  expect(@parsed[:field].to_s).to eq 'tshark.len'
31
33
  expect(@parsed[:op].to_s).to eq '='
32
- expect(@parsed[:value][:initial_query].to_s).to eq 'baz=(foo OR bar AND (bar OR fez)) '
34
+ expect(@parsed[:value][:initial_query][:field].to_s).to eq 'baz'
35
+ expect(@parsed[:value][:initial_query][:op].to_s).to eq '='
36
+ expect(@parsed[:value][:initial_query][:value].to_s).to eq '(foo OR bar AND (bar OR fez)) '
33
37
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
34
38
  end
35
39
 
@@ -37,7 +41,8 @@ describe 'nested searches' do
37
41
  @parsed = @parser.parse 'tshark.len = `last 24h | tshark.frame.time_epoch,tshark.ip.src`'
38
42
  expect(@parsed[:field].to_s).to eq 'tshark.len'
39
43
  expect(@parsed[:op].to_s).to eq '='
40
- expect(@parsed[:value][:initial_query].to_s).to eq 'last 24h '
44
+ expect(@parsed[:value][:initial_query][:timerange][:quantity].to_s).to eq '24'
45
+ expect(@parsed[:value][:initial_query][:timerange][:quantifier].to_s).to eq 'h'
41
46
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
42
47
  end
43
48
 
@@ -45,7 +50,11 @@ describe 'nested searches' do
45
50
  @parsed = @parser.parse 'tshark.len = `last 24h foo=bar | tshark.frame.time_epoch,tshark.ip.src`'
46
51
  expect(@parsed[:field].to_s).to eq 'tshark.len'
47
52
  expect(@parsed[:op].to_s).to eq '='
48
- expect(@parsed[:value][:initial_query].to_s).to eq 'last 24h foo=bar '
53
+ expect(@parsed[:value][:initial_query][:timerange][:quantity].to_s).to eq '24'
54
+ expect(@parsed[:value][:initial_query][:timerange][:quantifier].to_s).to eq 'h'
55
+ expect(@parsed[:value][:initial_query][:search][:field].to_s).to eq 'foo'
56
+ expect(@parsed[:value][:initial_query][:search][:op].to_s).to eq '='
57
+ expect(@parsed[:value][:initial_query][:search][:value].to_s).to eq 'bar'
49
58
  expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
50
59
  end
51
60
  end
data/spec/shared/basic.rb ADDED
@@ -0,0 +1,5 @@
1
+ shared_examples 'basic' do
2
+ describe 'string' do
3
+ expect(query[:match].to_s).to eq expected[:match]
4
+ end
5
+ end
data/spec/shared/field_value.rb ADDED
@@ -0,0 +1,7 @@
1
+ shared_examples 'field / value' do
2
+ describe 'basic' do
3
+ expect(query[:field].to_s).to eq expected[:field]
4
+ expect(query[:value].to_s).to eq expected[:value]
5
+ expect(query[:op].to_s).to eq expected[:op]
6
+ end
7
+ end
data/spec/shared/last.rb ADDED
@@ -0,0 +1,6 @@
1
+ shared_examples 'last' do
2
+ describe 'basic' do
3
+ expect(query[:timerange][:quantity].to_s).to eq expected[:quantity]
4
+ expect(query[:timerange][:quantifier].to_s).to eq expected[:quantifier]
5
+ end
6
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: plunk
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ram Mehta
@@ -108,6 +108,9 @@ files:
108
108
  - spec/last_spec.rb
109
109
  - spec/nested_search_spec.rb
110
110
  - spec/regexp_spec.rb
111
+ - spec/shared/basic.rb
112
+ - spec/shared/field_value.rb
113
+ - spec/shared/last.rb
111
114
  - spec/spec_helper.rb
112
115
  homepage: https://github.com/elbii/plunk
113
116
  licenses: