From c04042095006760456e20f0c2e074ea996ae62a6 Mon Sep 17 00:00:00 2001 From: Andrew Skene Date: Fri, 23 Feb 2018 16:58:53 -0500 Subject: [PATCH] Updated the EVTX FileHeader class to correctly check if there are more chunks in the file. Previously this would not process the last chunk. Updated the EVTX ChunkHeader class to correctly check if there are additional records in the chunk. Previously this would only process the first record of each chunk. It was using the fileLastRecordNumber where it should have been using the logLastRecordNumber value. Updated the EVTX unit tests to have the correct expected number of events and use the logLastRecordNumber. --- .../nifi/processors/evtx/parser/ChunkHeader.java | 2 +- .../apache/nifi/processors/evtx/parser/FileHeader.java | 2 +- .../org/apache/nifi/processors/evtx/ParseEvtxTest.java | 10 +++++----- .../nifi/processors/evtx/parser/ChunkHeaderTest.java | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/ChunkHeader.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/ChunkHeader.java index 7f01adf0c0cf..bb4e4d7136cf 100644 --- a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/ChunkHeader.java +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/ChunkHeader.java @@ -158,7 +158,7 @@ public String toString() { } public boolean hasNext() { - return fileLastRecordNumber.compareTo(recordNumber) > 0; + return logLastRecordNumber.compareTo(recordNumber) > 0; } public String getString(int offset) { diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/FileHeader.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/FileHeader.java index 8610fe9ef390..0b265232e4b4 100644 --- a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/FileHeader.java +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/FileHeader.java @@ -144,7 +144,7 @@ public UnsignedInteger getChecksum() { * @return true iff there are chunks left */ public boolean hasNext() { - return count < chunkCount; + return count <= chunkCount; } /** diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/ParseEvtxTest.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/ParseEvtxTest.java index 2e5e90ddd1c7..5e24df209b7a 100644 --- a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/ParseEvtxTest.java +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/ParseEvtxTest.java @@ -366,7 +366,7 @@ public void fileGranularityLifecycleTest() throws IOException, ParserConfigurati assertEquals(1, failureFlowFiles.size()); validateFlowFiles(failureFlowFiles); // We expect the same number of records to come out no matter the granularity - assertEquals(960, validateFlowFiles(failureFlowFiles)); + assertEquals(1053, validateFlowFiles(failureFlowFiles)); // Whole file fails if there is a failure parsing List successFlowFiles = testRunner.getFlowFilesForRelationship(ParseEvtx.REL_SUCCESS); @@ -399,10 +399,10 @@ public void chunkGranularityLifecycleTest() throws IOException, ParserConfigurat assertEquals(1, failureFlowFiles.size()); List successFlowFiles = testRunner.getFlowFilesForRelationship(ParseEvtx.REL_SUCCESS); - assertEquals(8, successFlowFiles.size()); + assertEquals(9, successFlowFiles.size()); // We expect the same number of records to come out no matter the granularity - assertEquals(960, validateFlowFiles(successFlowFiles) + validateFlowFiles(failureFlowFiles)); + assertEquals(1053, validateFlowFiles(successFlowFiles) + validateFlowFiles(failureFlowFiles)); } @Test @@ -433,10 +433,10 @@ public void recordGranularityLifecycleTest() throws IOException, ParserConfigura // Whole file fails if there is a failure parsing List successFlowFiles = testRunner.getFlowFilesForRelationship(ParseEvtx.REL_SUCCESS); - assertEquals(960, successFlowFiles.size()); + assertEquals(1053, successFlowFiles.size()); // We expect the same number of records to come out no matter the granularity - assertEquals(960, validateFlowFiles(successFlowFiles)); + assertEquals(1053, validateFlowFiles(successFlowFiles)); } private int validateFlowFiles(List successFlowFiles) throws SAXException, IOException, ParserConfigurationException { diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/parser/ChunkHeaderTest.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/parser/ChunkHeaderTest.java index 1cb52dbb6096..247d37fb0b56 100644 --- a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/parser/ChunkHeaderTest.java +++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/parser/ChunkHeaderTest.java @@ -102,7 +102,7 @@ public void setup() throws IOException { offset += 11; } - RecordTest.putNode(testBinaryReaderBuilder, fileLastRecordNumber, new Date()); + RecordTest.putNode(testBinaryReaderBuilder, logLastRecordNumber, new Date()); testBinaryReaderBuilder.put(dataBuilder.toByteArray()); @@ -133,7 +133,7 @@ public void testInit() throws IOException { assertTrue(chunkHeader.hasNext()); Record next = chunkHeader.next(); - assertEquals(fileLastRecordNumber, next.getRecordNum().intValue()); + assertEquals(logLastRecordNumber, next.getRecordNum().intValue()); RootNode rootNode = next.getRootNode(); List children = rootNode.getChildren(); assertEquals(1, children.size());