Details
-
Bug
-
Status: Done
-
Minor
-
Resolution: Done
-
0.4.1
-
None
Description
Discovered while reviewing https://github.com/apache/incubator-metron/pull/438.
If an exception is thrown during Stellar execution, the exception will be logged, and null is returned. The assignment then goes through as normal, leaving the assigned variable null.
Seen using THREAT_TRIAGE_REMOVE with a String arg, instead of a List. Resulted in a null conf variable.
[Stellar]>>> conf := THREAT_TRIAGE_ADD(conf, [triage]) [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, 'Abnormal DNS Port') [!] Unable to execute: java.lang.String cannot be cast to java.util.List org.apache.metron.common.dsl.ParseException: Unable to execute: java.lang.String cannot be cast to java.util.List at org.apache.metron.common.stellar.StellarCompiler.getResult(StellarCompiler.java:409) at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:127) at org.apache.metron.common.stellar.shell.StellarExecutor.execute(StellarExecutor.java:275) at org.apache.metron.common.stellar.shell.StellarShell.executeStellar(StellarShell.java:373) at org.apache.metron.common.stellar.shell.StellarShell.handleStellar(StellarShell.java:276) at org.apache.metron.common.stellar.shell.StellarShell.execute(StellarShell.java:412) at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List at org.apache.metron.management.ThreatTriageFunctions$RemoveStellarTransformation.apply(ThreatTriageFunctions.java:232) at org.apache.metron.common.stellar.StellarCompiler.exitTransformationFunc(StellarCompiler.java:267) at org.apache.metron.common.stellar.generated.StellarParser$TransformationFuncContext.exitRule(StellarParser.java:1689) at org.antlr.v4.runtime.Parser.triggerExitRuleEvent(Parser.java:422) at org.antlr.v4.runtime.Parser.exitRule(Parser.java:632) at org.apache.metron.common.stellar.generated.StellarParser.functions(StellarParser.java:1712) at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_operands(StellarParser.java:1846) at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr_mul(StellarParser.java:1609) at org.apache.metron.common.stellar.generated.StellarParser.arithmetic_expr(StellarParser.java:1469) at org.apache.metron.common.stellar.generated.StellarParser.transformation_expr(StellarParser.java:308) at org.apache.metron.common.stellar.generated.StellarParser.transformation(StellarParser.java:149) at org.apache.metron.common.stellar.BaseStellarProcessor.parse(BaseStellarProcessor.java:126) ... 8 more [Stellar]>>> conf [Stellar]>>> conf [Stellar]>>> conf := THREAT_TRIAGE_REMOVE(conf, ['Abnormal DNS Port']) [Stellar]>>> conf { "enrichment" : { "fieldMap" : { }, "fieldToTypeMap" : { }, "config" : { } }, "threatIntel" : { "fieldMap" : { }, "fieldToTypeMap" : { }, "config" : { }, "triageConfig" : { "riskLevelRules" : [ ], "aggregator" : "MAX", "aggregationConfig" : { } } }, "configuration" : { } }
Attachments
Issue Links
- links to