Package org.jwall.web.audit

Source Code of org.jwall.web.audit.AuditEventDatabaseMock

/*
*  Copyright (C) 2007-2014 Christian Bockermann <chris@jwall.org>
*
*  This file is part of the  web-audit  library.
*
*  web-audit library is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 3 of the License, or
*  (at your option) any later version.
*
*  The  web-audit  library is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.jwall.web.audit;

import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.zip.GZIPInputStream;

import org.jwall.audit.EventView;
import org.jwall.web.audit.filter.FilterExpression;
import org.jwall.web.audit.filter.Operator;
import org.jwall.web.audit.io.AuditEventReader;
import org.jwall.web.audit.io.ModSecurity2AuditReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class AuditEventDatabaseMock implements EventView<AuditEvent> {
  static Logger log = LoggerFactory.getLogger(AuditEventDatabaseMock.class);

  List<AuditEvent> events = new ArrayList<AuditEvent>();
  Set<String> variables = new TreeSet<String>();

  public AuditEventDatabaseMock() {
    try {
      URL url = AuditEventDatabaseMock.class
          .getResource("/sink-audit.log.gz");
      log.info("Creating DatabaseMock from URL {}", url);
      InputStream in = new GZIPInputStream(url.openStream());
      AuditEventReader reader = new ModSecurity2AuditReader(in);
      AuditEvent e = reader.readNext();
      while (e != null) {
        events.add(e);
        variables.addAll(e.getVariables());
        e = reader.readNext();
      }
    } catch (Exception ex) {
      ex.printStackTrace();
    }
    log.info("DatabaseMock has {} events", events.size());
  }

  @Override
  public Set<String> getVariables() {
    return variables;
  }

  @Override
  public Set<String> getIndexedVariables() {
    return variables;
  }

  @Override
  public List<String> getCompletions(String variable) {
    return new ArrayList<String>();
  }

  @Override
  public Long count(FilterExpression filter) throws Exception {

    Long cnt = 0L;

    for (AuditEvent e : events) {
      if (filter.matches(e))
        cnt++;
    }

    return cnt;
  }

  @Override
  public Map<String, Long> count(String variable, FilterExpression filter)
      throws Exception {
    Map<String, Long> result = new LinkedHashMap<String, Long>();

    for (AuditEvent e : events) {

      if (filter.matches(e)) {
        List<String> vals = e.getAll(variable);
        for (String val : vals) {
          Long cnt = result.get(val);
          if (cnt == null) {
            cnt = 1L;
          } else {
            cnt = cnt + 1;
          }
          result.put(val, cnt);
        }
      }
    }

    return result;
  }

  @Override
  public List<AuditEvent> list(FilterExpression filter, int offset, int limit)
      throws Exception {
    log.info("Creating list for filter {}", filter);
    log.info("    offset: {}, limit: {}", offset, limit);
    List<AuditEvent> evts = new ArrayList<AuditEvent>();
    for (AuditEvent e : events) {
      if (filter.matches(e))
        evts.add(e);
      /*
       * if( i >= offset && i < offset + limit && filter.matches( e ) ){
       * evts.add( e ); i++; }
       */
    }

    return evts.subList(offset, offset + limit);

    // return evts;
  }

  @Override
  public AuditEvent get(String id) throws Exception {
    for (AuditEvent e : events) {
      if (id != null && id.equals(e.get(ModSecurity.TX_ID)))
        return e;
    }
    return null;
  }

  @Override
  public Long delete(String id) throws Exception {
    Long deleted = 0L;
    log.debug("Deleting event by ID: {}", id);
    Iterator<AuditEvent> it = events.iterator();
    while (it.hasNext()) {
      AuditEvent evt = it.next();
      if (id != null && id.equals(evt.get(ModSecurity.TX_ID))) {
        it.remove();
        deleted++;
      }
    }

    log.debug("   event(s) deleted: {}", deleted);
    /*
     *
     * AuditEvent evt = get( id ); if( evt != null ) return events.remove(
     * evt );
     */
    return deleted;
  }

  public List<AuditEvent> getRealList() {
    return events;
  }

  @Override
  public void tag(FilterExpression filter, String tag) throws Exception {
  }

  @Override
  public void untag(FilterExpression filter, String tag) throws Exception {
  }

  @Override
  public Long delete(FilterExpression filter) throws Exception {
    Long deleted = 0L;
    Iterator<AuditEvent> it = events.iterator();
    while (it.hasNext()) {
      AuditEvent e = it.next();
      if (filter.matches(e)) {
        it.remove();
        deleted++;
      }
    }
    return deleted;
  }

  @Override
  public Set<Operator> getSupportedOperators() {
    Set<Operator> ops = new LinkedHashSet<Operator>();
    for (Operator op : Operator.values()) {
      ops.add(op);
    }
    return ops;
  }
}
TOP

Related Classes of org.jwall.web.audit.AuditEventDatabaseMock

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.