Optimized refactoring to delete rule count bug and neglect on wrong r…

…ule filter
fkie-cad · Apr 8, 2024 · 9c6d7d7 · 9c6d7d7
1 parent 3ca351f
commit 9c6d7d7
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 15 deletions.
diff --git a/logprep/util/auto_rule_tester/auto_rule_tester.py b/logprep/util/auto_rule_tester/auto_rule_tester.py
@@ -160,6 +160,7 @@ def _print_diff_test( key, rule, t_idx=None):
             PorcessorExtensions.color_based_print(diff)
         else:
             if t_idx is not None:
+                print(t_idx)
                 diff = f"{key}: {rule[t_idx]}"
                 PorcessorExtensions.color_based_print(diff)
             else:
@@ -311,17 +312,30 @@ def _prepare_test_eval(
 
     def _eval_file_rule_test(self, rule_test: dict, processor: "Processor", r_idx: int):
         self._filename_printed = False
+        #print(f"....... {rule_test['tests']}")
+        #self._rule_cnt = 0 #todo what is with this variable?
         for t_idx, test in enumerate(rule_test["tests"]):
-            if test.get("target_rule_idx") is not None and test.get("target_rule_idx") != r_idx:
+            ##print(f"rule {t_idx}/{len(rule_test['tests'])}")
+            #rule_nr = test.get("target_rule_idx") if test.get("target_rule_idx") != None else "0" #test.get("target_rule_idx")
+            #if rule_nr is not None and rule_nr != r_idx:
+
+            if test.get("target_rule_idx") is not None and test.get("target_rule_idx") != r_idx: #todo here is the problem when first rule in example two si wrong
+                print("continue")
                 continue
             try:
                 extra_output = processor.process(test["raw"])
+                #print(f"EXTRA: {extra_output}")
+                if not extra_output:
+                    print("\n\n\nExcept the Except\n\n\n")
+                    raise Exception("Couldn't process, maybe invalid filter.") 
             except BaseException as error:
-                self._print_error_on_exception(error, rule_test, self._rule_cnt)
+                self._print_error_on_exception(error, rule_test, self._rule_cnt)#t_idx)# #todo: _rule_cnt needed?
                 self._success = False
                 self._result["- failed_rule_tests_cnt"] += 1
                 return
 
+            print(f"rule {t_idx}/{len(rule_test['tests'])}")
+
             diff = self._get_diff_raw_test(test)
             print_diff = self._check_if_different(diff)
 
@@ -338,10 +352,15 @@ def _eval_file_rule_test(self, rule_test: dict, processor: "Processor", r_idx: i
             else:
                 self._result["+ successful_rule_tests_cnt"] += 1 
 
-            self._pd_extra.print_rules(self._problems, self._rule_cnt)
 
-        self._rule_cnt += 1 
-        self._result["total_tests"] = self._result["+ successful_rule_tests_cnt"] + self._result["- failed_rule_tests_cnt"]
+            print(f"self._problems ++ {self._problems}")
+            self._pd_extra.print_rules(self._problems, self._rule_cnt) #, _rule_cnt
+
+            self._rule_cnt += 1 #optimizable?!
+        #print(666, self._result["+ successful_rule_tests_cnt"])
+        #print(666, self._result["- failed_rule_tests_cnt"])
+        #todo below gets executed twice
+        self._result["total_tests"] = self._result["+ successful_rule_tests_cnt"] + self._result["- failed_rule_tests_cnt"] #wont work if cause of failed filter this method doesnt process through
 
     @staticmethod
     def _reset_(processor: "Processor"):
@@ -496,15 +515,11 @@ def _get_rule_dirs_by_processor_name(self) -> defaultdict:
         rules_dirs = defaultdict(dict)
         for processor in self._config_yml["pipeline"]:
             processor_name, processor_cfg = next(iter(processor.items()))
-            rules_to_add = []
+
             print("\nProcessor Config:")
             pprint(processor_cfg)
 
-            if processor_cfg.get("rules"):
-                rules_to_add.append(("rules", processor_cfg["rules"]))
-            elif processor_cfg.get("generic_rules") and processor_cfg.get("specific_rules"):
-                rules_to_add.append(("generic_rules", processor_cfg["generic_rules"][0]))
-                rules_to_add.append(("specific_rules", processor_cfg["specific_rules"][0]))
+            rules_to_add = self._get_rules_to_add(processor_cfg)
 
             if not rules_dirs[processor_name]:
                 rules_dirs[processor_name] = defaultdict(dict)
@@ -518,3 +533,14 @@ def _get_rule_dirs_by_processor_name(self) -> defaultdict:
                 rules_dirs[processor_name]["rule_dirs"][rule_to_add[0]] += rule_to_add[1]
 
         return rules_dirs
+
+    def _get_rules_to_add(self, processor_cfg):
+        rules_to_add = []
+
+        if processor_cfg.get("rules"):
+            rules_to_add.append(("rules", processor_cfg["rules"]))
+        elif processor_cfg.get("generic_rules") and processor_cfg.get("specific_rules"):
+            rules_to_add.append(("generic_rules", processor_cfg["generic_rules"][0]))
+            rules_to_add.append(("specific_rules", processor_cfg["specific_rules"][0]))
+
+        return rules_to_add
diff --git a/quickstart/exampledata/rules/pre_detector/generic/example_rule.yml b/quickstart/exampledata/rules/pre_detector/generic/example_rule.yml
@@ -1,10 +1,9 @@
-filter: "test_pre_detector"
+filter: 'tags: "1" AND inp.message: "1"'
 pre_detector:
-  id: RULE_ONE_ID
+  id: RULE_ONE_ID_1
   title: RULE_ONE
   severity: critical
   mitre:
     - attack.test1
-    - attack.test2
   case_condition: directly
-description: "..."
+