def test_flatten_dict_array_mv(self):
"""
This tests the conversion to ensure that a list is included within a single row.
"""
dictionary = '{ "name" : "Test", "configuration" : ["a", "b", "c"] }'
flattened = flatten(json.loads(dictionary))
self.assertGreaterEqual(len(flattened['configuration']), 3)
def test_flatten_dict(self):
"""
This tests conversion to a dictionary where the heirarchy is listed in the field names.
"""
heirarchy = '{ "name" : "Test", "configuration" : { "views" : [ { "name" : "some_view", "app" : "some_app" } ], "delay" : 300, "delay_readable" : "5m", "hide_chrome" : true, "invert_colors" : true }, "_user" : "nobody", "_key" : "123456789" }'
flat_list = flatten(json.loads(heirarchy))
self.assertEqual(flat_list['configuration.delay'], '300')
self.assertEqual(flat_list['configuration.views.0.name'], 'some_view')
self.assertEqual(flat_list['name'], "Test")
def whois(host,
index=None,
sourcetype="whois",
source="whois_search_command",
logger=None):
"""
Performs a whois request. If the host is a domain-name then a normal DNS whois will be
performed. If the name is an IP address, then an IP whois will be done.
"""
# See if this is an IP address. If so, do an IP whois.
try:
# The following will throw a ValueError exception indicating that this is not an IP address
validate_ip(host)
whois_object = IPWhois(host)
results_orig = whois_object.lookup_rdap(depth=1)
except ValueError:
# Since this isn't an IP address, run a domain whois
results_orig = get_whois(host)
if 'query' not in results_orig:
results_orig['query'] = host
result = flatten(results_orig, ignore_blanks=True)
# Pull out raw so that we can put it at the end. This is done in case the raw field contains
# things that might mess up the extractions.
raw = result.get('raw', None)
try:
del result['raw']
result['raw'] = raw
except KeyError:
pass # Ok, raw didn't exist
# Write the event as a stash new file
if index is not None:
writer = StashNewWriter(index=index,
source_name=source,
sourcetype=sourcetype,
file_extension=".stash_output")
# Log that we performed the whois request
if logger:
logger.debug("Wrote stash file=%s", writer.write_event(result))
return result
def test_flatten_dict_ignore_blanks(self):
"""
This tests the conversion but with the dropping of blank entries.
"""
dictionary = collections.OrderedDict()
dictionary['not_blank'] = 'something here'
dictionary['none'] = None
dictionary['empty'] = ''
flattened_d = flatten(dictionary, ignore_blanks=True)
self.assertEqual(flattened_d['not_blank'], 'something here')
self.assertEqual('none' in flattened_d, False)
self.assertEqual('empty' in flattened_d, False)