Skip to content

Commit

Permalink
Fix up santactl metric command and golden files for tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
Pete Markowsky committed Oct 27, 2022
1 parent ca62a67 commit 364b1bc
Show file tree
Hide file tree
Showing 9 changed files with 85 additions and 36 deletions.
2 changes: 1 addition & 1 deletion Source/common/SNTMetricSetTest.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -697,7 +697,7 @@ - (void)testEnsureMetricsWithMultipleFieldNamesSerializeOnce {
},
],
},
}
},
};

NSDictionary *got = [metricSet export][@"metrics"];
Expand Down
27 changes: 23 additions & 4 deletions Source/santactl/Commands/SNTCommandMetrics.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,14 +68,33 @@ - (void)prettyPrintMetricValues:(NSDictionary *)metrics {

for (NSString *fieldName in metric[@"fields"]) {
for (NSDictionary *field in metric[@"fields"][fieldName]) {
const char *fieldNameStr = [fieldName cStringUsingEncoding:NSUTF8StringEncoding];
const char *fieldValueStr = [field[@"value"] cStringUsingEncoding:NSUTF8StringEncoding];
//const char *fieldNameStr = [fieldName cStringUsingEncoding:NSUTF8StringEncoding];
//const char *fieldValueStr = [field[@"value"] cStringUsingEncoding:NSUTF8StringEncoding];
const char *createdStr = [field[@"created"] UTF8String];
const char *lastUpdatedStr = [field[@"last_updated"] UTF8String];
const char *data = [[NSString stringWithFormat:@"%@", field[@"data"]] UTF8String];

if (strlen(fieldNameStr) > 0) {
printf(" %-25s | %s=%s\n", "Field", fieldNameStr, fieldValueStr);
NSArray<NSString *> *fields = [fieldName componentsSeparatedByString:@","];
NSArray<NSString *> *fieldValues = [field[@"value"] componentsSeparatedByString:@","];

if (fields.count != fieldValues.count) {
//TODO Log Error
continue;
}

NSString *fieldDisplayString = @"";

if (fields.count >= 1 && ![@"" isEqualToString: fields[0]]) {
for (int i = 0; i < fields.count; i++) {
fieldDisplayString = [fieldDisplayString stringByAppendingString:[NSString stringWithFormat:@"%@=%@",fields[i], fieldValues[i]]];
if (i < fields.count - 1) {
fieldDisplayString = [fieldDisplayString stringByAppendingString:@","];
}
}
}

if (![fieldDisplayString isEqualToString: @""]) {
printf(" %-25s | %s\n", "Field", [fieldDisplayString UTF8String]);
}

printf(" %-25s | %s\n", "Created", createdStr);
Expand Down
10 changes: 5 additions & 5 deletions Source/santactl/Commands/testdata/metrics-prettyprint.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,18 +38,18 @@
"type" : 9,
"description" : "Count of process exec events on the host",
"fields" : {
"rule_type" : [
"rule_type,client" : [
{
"created" : "2021-09-16T21:07:34.826Z",
"last_updated" : "2021-09-16T21:07:34.826Z",
"value" : "binary",
"data" : 1
"value" : "certificate,authorizer",
"data" : 2
},
{
"created" : "2021-09-16T21:07:34.826Z",
"last_updated" : "2021-09-16T21:07:34.826Z",
"value" : "certificate",
"data" : 2
"value" : "binary,authorizer",
"data" : 1
}
]
}
Expand Down
8 changes: 4 additions & 4 deletions Source/santactl/Commands/testdata/metrics-prettyprint.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@
Metric Name | /santa/events
Description | Count of process exec events on the host
Type | SNTMetricTypeCounter
Field | rule_type=binary
Field | rule_type=certificate,client=authorizer
Created | 2021-09-16T21:07:34.826Z
Last Updated | 2021-09-16T21:07:34.826Z
Data | 1
Field | rule_type=certificate
Data | 2
Field | rule_type=binary,client=authorizer
Created | 2021-09-16T21:07:34.826Z
Last Updated | 2021-09-16T21:07:34.826Z
Data | 2
Data | 1

Metric Name | /santa/using_endpoint_security_framework
Description | Is santad using the endpoint security framework
Expand Down
6 changes: 3 additions & 3 deletions Source/santametricservice/Formats/SNTMetricFormatTestHelper.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@ + (NSDictionary *)createValidMetricsDictionary {
value:(long long)(0x12345668910)];
// Add Metrics
SNTMetricCounter *c = [metricSet counterWithName:@"/santa/events"
fieldNames:@[ @"rule_type" ]
fieldNames:@[ @"rule_type", @"client"]
helpText:@"Count of process exec events on the host"];

[c incrementForFieldValues:@[ @"binary" ]];
[c incrementBy:2 forFieldValues:@[ @"certificate" ]];
[c incrementForFieldValues:@[ @"binary", @"authorizer" ]];
[c incrementBy:2 forFieldValues:@[ @"certificate", @"authorizer" ]];

SNTMetricInt64Gauge *g = [metricSet int64GaugeWithName:@"/santa/rules"
fieldNames:@[ @"rule_type" ]
Expand Down
37 changes: 27 additions & 10 deletions Source/santametricservice/Formats/SNTMetricMonarchJSONFormat.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
const NSString *kValueType = @"valueType";
const NSString *kDescription = @"description";
const NSString *kData = @"data";
const NSString *kField = @"field";
const NSString *kFieldDescriptor = @"fieldDescriptor";
const NSString *kBoolValue = @"boolValue";
const NSString *kBoolValueType = @"BOOL";
Expand Down Expand Up @@ -54,7 +55,7 @@ - (instancetype)init {
return self;
}

- (void)encodeValueAndStreamKindFor:(NSString *)metricName
- (void)encodeValueTypeAndStreamKindFor:(NSString *)metricName
withMetric:(NSDictionary *)metric
into:(NSMutableDictionary *)monarchMetric {
if (!metric[@"type"]) {
Expand Down Expand Up @@ -109,7 +110,19 @@ - (void)encodeValueAndStreamKindFor:(NSString *)metricName
NSMutableDictionary *monarchDataEntry = [[NSMutableDictionary alloc] init];

if (![fieldName isEqualToString:@""]) {
monarchDataEntry[@"field"] = @[ @{kName : fieldName, kStringValue : entry[@"value"]} ];
// We encode multiple fields as a single comma separated string.
NSArray<NSString *> *fieldNames = [fieldName componentsSeparatedByString:@","];
NSArray<NSString *> *fieldValues = [entry[@"value"] componentsSeparatedByString:@","];

if (fieldNames.count != fieldValues.count) {
LOGE(@"malformed metric data encounterd: %@", fieldName);
continue;
}
monarchDataEntry[kField] = [[NSMutableArray alloc] init];

for (int i = 0; i < fieldNames.count; i++) {
[monarchDataEntry[kField] addObject: @{kName: fieldNames[i], kStringValue: fieldValues[i]}];
}
}

monarchDataEntry[kStartTimestamp] = [self->_dateFormatter stringFromDate:entry[@"created"]];
Expand Down Expand Up @@ -146,13 +159,17 @@ - (void)encodeValueAndStreamKindFor:(NSString *)metricName
* Translates SNTMetricSet fields to monarch's expected format. In this implementation only string
* type fields are supported.
*/
- (NSArray<NSDictionary *> *)encodeFieldsFor:(NSDictionary *)metric {
- (NSArray<NSDictionary *> *)encodeFieldDescriptorsFor:(NSDictionary *)metric {
NSMutableArray<NSDictionary *> *monarchFields = [[NSMutableArray alloc] init];

for (NSString *fieldName in metric[@"fields"]) {
if (![fieldName isEqualToString:@""]) {
[monarchFields addObject:@{kName : fieldName, @"fieldType" : kStringValueType}];
}
for (NSString *field in metric[@"fields"]) {
if (![field isEqualToString:@""]) {
// we encode multiple field names as comma separated strings.
NSArray<NSString *> *fieldNames = [field componentsSeparatedByString:@","];
for (NSString *fieldName in fieldNames) {
[monarchFields addObject:@{kName : fieldName, @"fieldType" : kStringValueType}];
}
}
}
return monarchFields;
}
Expand All @@ -173,12 +190,12 @@ - (NSDictionary *)formatMetric:(NSString *)name
monarchMetric[kDescription] = metric[kDescription];
}

NSArray<NSDictionary *> *fieldDescriptorEntries = [self encodeFieldsFor:metric];
NSArray<NSDictionary *> *fieldDescriptorEntries = [self encodeFieldDescriptorsFor:metric];
if (fieldDescriptorEntries.count > 0) {
monarchMetric[kFieldDescriptor] = [self encodeFieldsFor:metric];
monarchMetric[kFieldDescriptor] = fieldDescriptorEntries;
}

[self encodeValueAndStreamKindFor:name withMetric:metric into:monarchMetric];
[self encodeValueTypeAndStreamKindFor:name withMetric:metric into:monarchMetric];
monarchMetric[@"data"] = [self encodeDataForMetric:metric withEndTimestamp:endTimestamp];

return monarchMetric;
Expand Down
1 change: 1 addition & 0 deletions Source/santametricservice/Formats/SNTMetricMonarchJSONFormatTest.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ - (void)testMetricsConversionToJSON {
error:&err];

XCTAssertNotNil(expectedJSONDict);
XCTAssertNil(err);
XCTAssertEqualObjects(expectedJSONDict, jsonDict, @"generated JSON does not match golden file.");
}

Expand Down
20 changes: 16 additions & 4 deletions Source/santametricservice/Formats/testdata/json/monarch.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,28 +67,40 @@
{
"name" : "rule_type",
"fieldType" : "STRING"
},
{
"name" : "client",
"fieldType" : "STRING"
}
],
"streamKind" : "CUMULATIVE",
"data" : [
{
"int64Value" : 1,
"int64Value" : 2,
"endTimestamp" : "2021-09-16T21:08:10.000Z",
"field" : [
{
"name" : "rule_type",
"stringValue" : "binary"
"stringValue" : "certificate"
},
{
"name" : "client",
"stringValue" : "authorizer"
}
],
"startTimestamp" : "2021-09-16T21:07:34.826Z"
},
{
"int64Value" : 2,
"int64Value" : 1,
"endTimestamp" : "2021-09-16T21:08:10.000Z",
"field" : [
{
"name" : "rule_type",
"stringValue" : "certificate"
"stringValue" : "binary"
},
{
"name" : "client",
"stringValue" : "authorizer"
}
],
"startTimestamp" : "2021-09-16T21:07:34.826Z"
Expand Down
10 changes: 5 additions & 5 deletions Source/santametricservice/Formats/testdata/json/test.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,18 @@
"type" : 9,
"description" : "Count of process exec events on the host",
"fields" : {
"rule_type" : [
"rule_type,client" : [
{
"value" : "binary",
"value" : "certificate,authorizer",
"created" : "2021-09-16T21:07:34.826Z",
"last_updated" : "2021-09-16T21:07:34.826Z",
"data" : 1
"data" : 2
},
{
"value" : "certificate",
"value" : "binary,authorizer",
"created" : "2021-09-16T21:07:34.826Z",
"last_updated" : "2021-09-16T21:07:34.826Z",
"data" : 2
"data" : 1
}
]
}
Expand Down

0 comments on commit 364b1bc

Please sign in to comment.