Skip to content

Commit

Permalink
datajson: support for nested value key
Browse files Browse the repository at this point in the history
With this patch, it is now possible to define the
value to be used in the datajson set as a value
in a chain of subobjects.

For example, with the following JSON:

{
  "info": {
    "threat": [
      {
        "context": "gold old test",
        "year": 2005,
        "host": {
          "fqdn": "www.testmyids.com",
          "domain": "testmyids.com"
        }
      }
    ]
  }
}

it is possible to match on host.fqdn by doing:

http.host; datajson:isset,nkbadhost,type string,load hosts-nested-key.json,key host,json_key host.fqdn, array_key info.threat

`array_key info.threat` to access the inner array and then
`json_key host.fqdn` to access the field inside.
  • Loading branch information
regit committed Dec 24, 2024
1 parent d3b231d commit 6b533a6
Showing 1 changed file with 65 additions and 17 deletions.
82 changes: 65 additions & 17 deletions src/datajson.c
Original file line number Diff line number Diff line change
Expand Up @@ -329,20 +329,23 @@ static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key)
fclose(fp);
} else {
json_t *json;
bool found = false;

if (ParseJsonFile(set->load, &json, array_key) == -1)
return -1;

size_t index;
json_t *value;
json_array_foreach (json, index, value) {
json_t *key = json_object_get(value, json_key);

json_t *key = GetSubObjectByKey(value, json_key);
if (key == NULL) {
FatalErrorOnInit("Can't find expected key in object");
/* ignore error as it can be a working mode where some entries
are not in the same format */
continue;
}

found = true;

const char *val = json_string_value(key);

DataJsonType json = { .value = NULL, .len = 0 };
Expand All @@ -358,6 +361,12 @@ static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key)
}
}
json_decref(json);

if (found == false) {
FatalErrorOnInit(
"No valid entries for key '%s' found in the file '%s'", json_key, set->load);
return -1;
}
}
THashConsolidateMemcap(set->hash);

Expand Down Expand Up @@ -427,19 +436,23 @@ static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key)
fclose(fp);
} else {
json_t *json;
bool found = false;

if (ParseJsonFile(set->load, &json, array_key) == -1)
return -1;

size_t index;
json_t *value;
json_array_foreach (json, index, value) {
json_t *key = json_object_get(value, json_key);

json_t *key = GetSubObjectByKey(value, json_key);
if (key == NULL) {
FatalErrorOnInit("Can't find expected key in object");
/* ignore error as it can be a working mode where some entries
are not in the same format */
continue;
}

found = true;

const char *hash_string = json_string_value(key);
if (strlen(hash_string) != 32) {
FatalErrorOnInit("Not correct length for a hash");
Expand All @@ -465,6 +478,12 @@ static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key)
}
}
json_decref(json);

if (found == false) {
FatalErrorOnInit(
"No valid entries for key '%s' found in the file '%s'", json_key, set->load);
return -1;
}
}
THashConsolidateMemcap(set->hash);

Expand Down Expand Up @@ -529,20 +548,23 @@ static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key)
fclose(fp);
} else {
json_t *json;
bool found = false;

if (ParseJsonFile(set->load, &json, array_key) == -1)
return -1;

size_t index;
json_t *value;
json_array_foreach (json, index, value) {
json_t *key = json_object_get(value, json_key);

json_t *key = GetSubObjectByKey(value, json_key);
if (key == NULL) {
FatalErrorOnInit("Can't find expected key in object");
/* ignore error as it can be a working mode where some entries
are not in the same format */
continue;
}

found = true;

const char *hash_string = json_string_value(key);
if (strlen(hash_string) != 64) {
FatalErrorOnInit("Not correct length for a hash");
Expand All @@ -568,6 +590,13 @@ static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key)
}
}
json_decref(json);

if (found == false) {
FatalErrorOnInit(
"No valid entries for key '%s' found in the file '%s'", json_key, set->load);
return -1;
}

}
THashConsolidateMemcap(set->hash);

Expand Down Expand Up @@ -635,22 +664,24 @@ static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key)
fclose(fp);
} else {
json_t *json;
bool found = false;

if (ParseJsonFile(set->load, &json, array_key) == -1)
return -1;

size_t index;
json_t *value;
json_array_foreach (json, index, value) {
json_t *key = json_object_get(value, json_key);

json_t *key = GetSubObjectByKey(value, json_key);
if (key == NULL) {
FatalErrorOnInit("Can't find expected key in object");
/* ignore error as it can be a working mode where some entries
are not in the same format */
continue;
}

const char *ip_string = json_string_value(key);
found = true;

const char *ip_string = json_string_value(key);
struct in_addr in;
if (inet_pton(AF_INET, ip_string, &in) != 1) {
FatalErrorOnInit(
Expand All @@ -670,6 +701,13 @@ static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key)
}
}
json_decref(json);

if (found == false) {
FatalErrorOnInit(
"No valid entries for key '%s' found in the file '%s'", json_key, set->load);
return -1;
}

}
THashConsolidateMemcap(set->hash);

Expand Down Expand Up @@ -737,21 +775,24 @@ static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key)
fclose(fp);
} else {
json_t *json;
bool found = false;

if (ParseJsonFile(set->load, &json, array_key) == -1)
return -1;

size_t index;
json_t *value;
json_array_foreach (json, index, value) {
json_t *key = json_object_get(value, json_key);

json_t *key = GetSubObjectByKey(value, json_key);
if (key == NULL) {
FatalErrorOnInit("Can't find expected key in object");
/* ignore error as it can be a working mode where some entries
are not in the same format */
continue;
}

const char *ip_string = json_string_value(key);
found = true;

const char *ip_string = json_string_value(key);
struct in6_addr in6;
int ret = DatasetParseIpv6String(set, ip_string, &in6);
if (ret < 0) {
Expand All @@ -771,6 +812,13 @@ static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key)
}
}
json_decref(json);

if (found == false) {
FatalErrorOnInit(
"No valid entries for key '%s' found in the file '%s'", json_key, set->load);
return -1;
}

}

THashConsolidateMemcap(set->hash);
Expand Down

0 comments on commit 6b533a6

Please sign in to comment.