From a5d953c124b195552adb7869126088ba8510355d Mon Sep 17 00:00:00 2001 From: dtrai2 Date: Wed, 13 Nov 2024 09:36:03 +0100 Subject: [PATCH] revert exception signature and add rule to add_field_to method as argument --- logprep/abc/processor.py | 6 ++-- logprep/processor/base/exceptions.py | 11 ++----- logprep/processor/dissector/processor.py | 4 +-- .../domain_label_extractor/processor.py | 10 ++++-- logprep/processor/field_manager/processor.py | 20 +++++++----- logprep/processor/generic_adder/processor.py | 2 +- .../processor/generic_resolver/processor.py | 3 +- logprep/processor/geoip_enricher/processor.py | 1 + logprep/processor/grokker/processor.py | 3 +- .../processor/hyperscan_resolver/processor.py | 3 +- logprep/processor/ip_informer/processor.py | 2 +- logprep/processor/labeler/processor.py | 4 +-- .../processor/list_comparison/processor.py | 2 +- logprep/processor/pre_detector/processor.py | 4 +-- logprep/processor/pseudonymizer/processor.py | 4 ++- logprep/processor/requester/processor.py | 4 ++- .../selective_extractor/processor.py | 2 +- .../processor/string_splitter/processor.py | 2 +- .../processor/template_replacer/processor.py | 5 ++- logprep/processor/timestamper/processor.py | 2 +- logprep/util/helper.py | 31 +++++++++++++------ tests/unit/exceptions/base.py | 2 +- .../exceptions/test_processing_exceptions.py | 2 +- tests/unit/framework/test_pipeline.py | 4 +-- 24 files changed, 80 insertions(+), 53 deletions(-) diff --git a/logprep/abc/processor.py b/logprep/abc/processor.py index f6f2a7f10..0eff6d044 100644 --- a/logprep/abc/processor.py +++ b/logprep/abc/processor.py @@ -359,15 +359,15 @@ def _handle_warning_error(self, event, rule, error, failure_tags=None): new_field = {"tags": sorted(list({*failure_tags}))} else: new_field = {"tags": sorted(list({*tags, *failure_tags}))} - add_and_overwrite(event, new_field) + add_and_overwrite(event, new_field, rule) if isinstance(error, ProcessingWarning): if error.tags: tags = tags if tags else [] new_field = {"tags": sorted(list({*error.tags, *tags, *failure_tags}))} - add_and_overwrite(event, new_field) + add_and_overwrite(event, new_field, rule) self.result.warnings.append(error) else: - self.result.warnings.append(ProcessingWarning(str(error), event, rule)) + self.result.warnings.append(ProcessingWarning(str(error), rule, event)) def _has_missing_values(self, event, rule, source_field_dict): missing_fields = list( diff --git a/logprep/processor/base/exceptions.py b/logprep/processor/base/exceptions.py index 4ecb9008d..caaa40f68 100644 --- a/logprep/processor/base/exceptions.py +++ b/logprep/processor/base/exceptions.py @@ -70,7 +70,7 @@ def __init__(self, message: str, rule: "Rule"): class ProcessingWarning(Warning): """A warning occurred - log the warning, but continue processing the event.""" - def __init__(self, message: str, event: dict, rule: "Rule" = None, tags: List[str] = None): + def __init__(self, message: str, rule: "Rule | None", event: dict, tags: List[str] = None): self.tags = tags if tags else [] if rule: rule.metrics.number_of_warnings += 1 @@ -82,16 +82,11 @@ def __init__(self, message: str, event: dict, rule: "Rule" = None, tags: List[st class FieldExistsWarning(ProcessingWarning): """Raised if field already exists.""" - def __init__( - self, - event: dict, - skipped_fields: List[str], - rule: "Rule" = None, - ): + def __init__(self, rule: "Rule | None", event: dict, skipped_fields: List[str]): self.skipped_fields = skipped_fields message = ( "The following fields could not be written, because " "one or more subfields existed and could not be extended: " f"{', '.join(skipped_fields)}" ) - super().__init__(message, event, rule) + super().__init__(message, rule, event) diff --git a/logprep/processor/dissector/processor.py b/logprep/processor/dissector/processor.py index 2257a1a35..ed1aeb0d8 100644 --- a/logprep/processor/dissector/processor.py +++ b/logprep/processor/dissector/processor.py @@ -85,12 +85,12 @@ def _get_mappings(self, event, rule) -> List[Tuple[Callable, dict, dict, str, in if strip_char: content = content.strip(strip_char) field = {target_field: content} - yield rule_action, event, field, separator, position + yield rule_action, event, field, separator, rule, position def _apply_convert_datatype(self, event, rule): for target_field, converter in rule.convert_actions: try: target_value = converter(get_dotted_field_value(event, target_field)) - add_field_to(event, {target_field: target_value}, overwrite_target_field=True) + add_field_to(event, {target_field: target_value}, rule, overwrite_target_field=True) except ValueError as error: self._handle_warning_error(event, rule, error) diff --git a/logprep/processor/domain_label_extractor/processor.py b/logprep/processor/domain_label_extractor/processor.py index 22683e523..f3354938f 100644 --- a/logprep/processor/domain_label_extractor/processor.py +++ b/logprep/processor/domain_label_extractor/processor.py @@ -130,7 +130,9 @@ def _apply_rules(self, event, rule: DomainLabelExtractorRule): if self._is_valid_ip(domain): tagging_field.append(f"ip_in_{rule.source_fields[0].replace('.', '_')}") - add_and_overwrite(event, fields={self._config.tagging_field_name: tagging_field}) + add_and_overwrite( + event, fields={self._config.tagging_field_name: tagging_field}, rule=rule + ) return labels = self._tld_extractor(domain) @@ -140,10 +142,12 @@ def _apply_rules(self, event, rule: DomainLabelExtractorRule): f"{rule.target_field}.top_level_domain": labels.suffix, f"{rule.target_field}.subdomain": labels.subdomain, } - add_field_to(event, fields, overwrite_target_field=rule.overwrite_target) + add_field_to(event, fields, rule, overwrite_target_field=rule.overwrite_target) else: tagging_field.append(f"invalid_domain_in_{rule.source_fields[0].replace('.', '_')}") - add_and_overwrite(event, fields={self._config.tagging_field_name: tagging_field}) + add_and_overwrite( + event, fields={self._config.tagging_field_name: tagging_field}, rule=rule + ) @staticmethod def _is_valid_ip(domain): diff --git a/logprep/processor/field_manager/processor.py b/logprep/processor/field_manager/processor.py index 7f93b0ffe..97f095636 100644 --- a/logprep/processor/field_manager/processor.py +++ b/logprep/processor/field_manager/processor.py @@ -78,7 +78,11 @@ def _apply_mapping(self, event, rule, rule_args): return source_field_values, targets = self._filter_missing_fields(source_field_values, targets) add_field_to( - event, dict(zip(targets, source_field_values)), extend_target_list, overwrite_target + event, + dict(zip(targets, source_field_values)), + rule, + extend_target_list, + overwrite_target, ) if rule.delete_source_fields: for dotted_field in source_fields: @@ -105,7 +109,7 @@ def _write_to_single_target(self, args, extend_target_list, overwrite_target, ru case State( extend=True, overwrite=True, single_source_element=False, target_is_list=False ): - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case State( @@ -117,16 +121,16 @@ def _write_to_single_target(self, args, extend_target_list, overwrite_target, ru ): flattened_source_fields = self._overwrite_from_source_values(source_fields_values) source_fields_values = [*flattened_source_fields] - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case State(extend=True, overwrite=False, target_is_list=False, target_is_none=True): - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case State(extend=True, overwrite=False, target_is_list=False): source_fields_values = [target_field_value, *source_fields_values] - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case State( @@ -134,18 +138,18 @@ def _write_to_single_target(self, args, extend_target_list, overwrite_target, ru ): flattened_source_fields = self._overwrite_from_source_values(source_fields_values) source_fields_values = [*target_field_value, *flattened_source_fields] - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case State(overwrite=True, extend=True): flattened_source_fields = self._overwrite_from_source_values(source_fields_values) source_fields_values = [*flattened_source_fields] - add_and_overwrite(event, fields={target_field: source_fields_values}) + add_and_overwrite(event, fields={target_field: source_fields_values}, rule=rule) return case _: field = {target_field: source_fields_values} - add_field_to(event, field, state.extend, state.overwrite) + add_field_to(event, field, rule, state.extend, state.overwrite) def _overwrite_from_source_values(self, source_fields_values): duplicates = [] diff --git a/logprep/processor/generic_adder/processor.py b/logprep/processor/generic_adder/processor.py index 0dd8a0574..2f9224560 100644 --- a/logprep/processor/generic_adder/processor.py +++ b/logprep/processor/generic_adder/processor.py @@ -230,7 +230,7 @@ def _apply_rules(self, event: dict, rule: GenericAdderRule): self._update_db_table() items_to_add = self._get_items_to_add_from_db(event, rule) if items_to_add: - add_field_to(event, items_to_add, rule.extend_target_list, rule.overwrite_target) + add_field_to(event, items_to_add, rule, rule.extend_target_list, rule.overwrite_target) def _get_items_to_add_from_db(self, event: dict, rule: GenericAdderRule) -> dict | None: """Get the sub part of the value from the event using a regex pattern""" diff --git a/logprep/processor/generic_resolver/processor.py b/logprep/processor/generic_resolver/processor.py index aee580b25..70da7f0b2 100644 --- a/logprep/processor/generic_resolver/processor.py +++ b/logprep/processor/generic_resolver/processor.py @@ -62,13 +62,14 @@ def _apply_rules(self, event, rule): add_field_to( event, fields={target_field: content}, + rule=rule, extends_lists=rule.extend_target_list, overwrite_target_field=rule.overwrite_target, ) except FieldExistsWarning as error: conflicting_fields.extend(error.skipped_fields) if conflicting_fields: - raise FieldExistsWarning(event, conflicting_fields, rule) + raise FieldExistsWarning(rule, event, conflicting_fields) def _find_content_of_first_matching_pattern(self, rule, source_field_value): if rule.resolve_from_file: diff --git a/logprep/processor/geoip_enricher/processor.py b/logprep/processor/geoip_enricher/processor.py index c3cad0745..3fc35a074 100644 --- a/logprep/processor/geoip_enricher/processor.py +++ b/logprep/processor/geoip_enricher/processor.py @@ -135,6 +135,7 @@ def _apply_rules(self, event, rule): add_field_to( event, fields, + rule=rule, extends_lists=False, overwrite_target_field=rule.overwrite_target, ) diff --git a/logprep/processor/grokker/processor.py b/logprep/processor/grokker/processor.py index b2c830367..983c69f8e 100644 --- a/logprep/processor/grokker/processor.py +++ b/logprep/processor/grokker/processor.py @@ -88,13 +88,14 @@ def _apply_rules(self, event: dict, rule: GrokkerRule): add_field_to( event, result, + rule=rule, extends_lists=rule.extend_target_list, overwrite_target_field=rule.overwrite_target, ) if self._handle_missing_fields(event, rule, rule.actions.keys(), source_values): return if not matches: - raise ProcessingWarning("no grok pattern matched", event, rule) + raise ProcessingWarning("no grok pattern matched", rule, event) def setup(self): """Loads the action mapping. Has to be called before processing""" diff --git a/logprep/processor/hyperscan_resolver/processor.py b/logprep/processor/hyperscan_resolver/processor.py index 81a4b89ee..34dd7cc3c 100644 --- a/logprep/processor/hyperscan_resolver/processor.py +++ b/logprep/processor/hyperscan_resolver/processor.py @@ -122,6 +122,7 @@ def _apply_rules(self, event: dict, rule: HyperscanResolverRule): add_field_to( event, fields={resolve_target: dest_val}, + rule=rule, extends_lists=rule.extend_target_list, overwrite_target_field=rule.overwrite_target, ) @@ -129,7 +130,7 @@ def _apply_rules(self, event: dict, rule: HyperscanResolverRule): conflicting_fields.extend(error.skipped_fields) self._handle_missing_fields(event, rule, rule.field_mapping.keys(), source_values) if conflicting_fields: - raise FieldExistsWarning(event, conflicting_fields, rule) + raise FieldExistsWarning(rule, event, conflicting_fields) @staticmethod def _match_with_hyperscan(hyperscan_db: Database, src_val: str) -> list: diff --git a/logprep/processor/ip_informer/processor.py b/logprep/processor/ip_informer/processor.py index 5d8ce35a4..1c75bf702 100644 --- a/logprep/processor/ip_informer/processor.py +++ b/logprep/processor/ip_informer/processor.py @@ -54,7 +54,7 @@ def _apply_rules(self, event: dict, rule: IpInformerRule) -> None: if results: self._write_target_field(event, rule, results) for msg, error in self._processing_warnings: - raise ProcessingWarning(msg, event, rule) from error + raise ProcessingWarning(msg, rule, event) from error def _get_results(self, ip_address_list: Iterable, rule: IpInformerRule) -> dict: results = [(ip, self._ip_properties(ip, rule)) for ip in ip_address_list] diff --git a/logprep/processor/labeler/processor.py b/logprep/processor/labeler/processor.py index 6b2d47a6f..f74286d82 100644 --- a/logprep/processor/labeler/processor.py +++ b/logprep/processor/labeler/processor.py @@ -74,10 +74,10 @@ def setup(self): def _apply_rules(self, event, rule): """Applies the rule to the current event""" fields = {key: value for key, value in rule.prefixed_label.items()} - add_field_to(event, fields, extends_lists=True) + add_field_to(event, fields, rule=rule, extends_lists=True) # convert sets into sorted lists fields = { key: sorted(set(get_dotted_field_value(event, key))) for key, _ in rule.prefixed_label.items() } - add_field_to(event, fields, overwrite_target_field=True) + add_field_to(event, fields, rule=rule, overwrite_target_field=True) diff --git a/logprep/processor/list_comparison/processor.py b/logprep/processor/list_comparison/processor.py index 4d1adc2da..dbbbe4c48 100644 --- a/logprep/processor/list_comparison/processor.py +++ b/logprep/processor/list_comparison/processor.py @@ -74,7 +74,7 @@ def _apply_rules(self, event, rule): comparison_result, comparison_key = self._list_comparison(rule, event) if comparison_result is not None: fields = {f"{rule.target_field}.{comparison_key}": comparison_result} - add_field_to(event, fields, extends_lists=True) + add_field_to(event, fields, rule=rule, extends_lists=True) def _list_comparison(self, rule: ListComparisonRule, event: dict): """ diff --git a/logprep/processor/pre_detector/processor.py b/logprep/processor/pre_detector/processor.py index abaa24850..d2efb64ba 100644 --- a/logprep/processor/pre_detector/processor.py +++ b/logprep/processor/pre_detector/processor.py @@ -105,8 +105,8 @@ def normalize_timestamp(self, rule: PreDetectorRule, timestamp: str) -> str: except TimeParserException as error: raise ProcessingWarning( "Could not parse timestamp", - self.result.event, rule, + self.result.event, tags=["_pre_detector_timeparsing_failure"], ) from error @@ -126,7 +126,7 @@ def _get_detection_result(self, event: dict, rule: PreDetectorRule): pre_detection_id = get_dotted_field_value(event, "pre_detection_id") if pre_detection_id is None: pre_detection_id = str(uuid4()) - add_field_to(event, {"pre_detection_id": pre_detection_id}) + add_field_to(event, {"pre_detection_id": pre_detection_id}, rule=rule) detection_result = self._generate_detection_result(pre_detection_id, event, rule) self.result.data.append((detection_result, self._config.outputs)) diff --git a/logprep/processor/pseudonymizer/processor.py b/logprep/processor/pseudonymizer/processor.py index b324e8134..4873e65db 100644 --- a/logprep/processor/pseudonymizer/processor.py +++ b/logprep/processor/pseudonymizer/processor.py @@ -264,7 +264,9 @@ def _apply_rules(self, event: dict, rule: PseudonymizerRule): ] else: field_value = self._pseudonymize_field(rule, dotted_field, regex, field_value) - add_field_to(event, fields={dotted_field: field_value}, overwrite_target_field=True) + add_field_to( + event, fields={dotted_field: field_value}, rule=rule, overwrite_target_field=True + ) if "@timestamp" in event: for pseudonym, _ in self.result.data: pseudonym["@timestamp"] = event["@timestamp"] diff --git a/logprep/processor/requester/processor.py b/logprep/processor/requester/processor.py index dc56a8d8c..306691e97 100644 --- a/logprep/processor/requester/processor.py +++ b/logprep/processor/requester/processor.py @@ -73,6 +73,7 @@ def _handle_response(self, event, rule, response): add_field_to( event, fields={rule.target_field: self._get_result(response)}, + rule=rule, extends_lists=rule.extend_target_list, overwrite_target_field=rule.overwrite_target, ) @@ -86,13 +87,14 @@ def _handle_response(self, event, rule, response): add_field_to( event, dict(zip(targets, contents)), + rule, rule.extend_target_list, rule.overwrite_target, ) except FieldExistsWarning as error: conflicting_fields.extend(error.skipped_fields) if conflicting_fields: - raise FieldExistsWarning(event, conflicting_fields, rule) + raise FieldExistsWarning(rule, event, conflicting_fields) def _request(self, event, rule, kwargs): try: diff --git a/logprep/processor/selective_extractor/processor.py b/logprep/processor/selective_extractor/processor.py index fee75a67f..01cf10f23 100644 --- a/logprep/processor/selective_extractor/processor.py +++ b/logprep/processor/selective_extractor/processor.py @@ -64,5 +64,5 @@ def _apply_rules(self, event: dict, rule: SelectiveExtractorRule): } if flattened_fields: filtered_event = {} - add_field_to(filtered_event, flattened_fields) + add_field_to(filtered_event, flattened_fields, rule) self.result.data.append((filtered_event, rule.outputs)) diff --git a/logprep/processor/string_splitter/processor.py b/logprep/processor/string_splitter/processor.py index 9d06d335d..f2b94e260 100644 --- a/logprep/processor/string_splitter/processor.py +++ b/logprep/processor/string_splitter/processor.py @@ -42,6 +42,6 @@ def _apply_rules(self, event: dict, rule: StringSplitterRule): source_field_content = get_dotted_field_value(event, source_field) self._handle_missing_fields(event, rule, rule.source_fields, [source_field_content]) if not isinstance(source_field_content, str): - raise ProcessingWarning(f"source_field '{source_field}' is not a string", event, rule) + raise ProcessingWarning(f"source_field '{source_field}' is not a string", rule, event) result = source_field_content.split(rule.delimeter) self._write_target_field(event, rule, result) diff --git a/logprep/processor/template_replacer/processor.py b/logprep/processor/template_replacer/processor.py index 9b17fbcfa..a91951846 100644 --- a/logprep/processor/template_replacer/processor.py +++ b/logprep/processor/template_replacer/processor.py @@ -115,7 +115,10 @@ def _perform_replacement(self, event: dict, replacement: str, rule: TemplateRepl """ overwrite = get_dotted_field_value(event, self._target_field) is not None add_field_to( - event, fields={self._target_field: replacement}, overwrite_target_field=overwrite + event, + fields={self._target_field: replacement}, + rule=rule, + overwrite_target_field=overwrite, ) def setup(self): diff --git a/logprep/processor/timestamper/processor.py b/logprep/processor/timestamper/processor.py index ce1c579b3..71f2bcaa3 100644 --- a/logprep/processor/timestamper/processor.py +++ b/logprep/processor/timestamper/processor.py @@ -61,4 +61,4 @@ def _apply_rules(self, event, rule): parsed_successfully = True break if not parsed_successfully: - raise ProcessingWarning(str("Could not parse timestamp"), event, rule) + raise ProcessingWarning(str("Could not parse timestamp"), rule, event) diff --git a/logprep/util/helper.py b/logprep/util/helper.py index 26ad4178c..37c47b0e1 100644 --- a/logprep/util/helper.py +++ b/logprep/util/helper.py @@ -15,6 +15,7 @@ from logprep.util.defaults import DEFAULT_CONFIG_LOCATION if TYPE_CHECKING: # pragma: no cover + from logprep.processor.base.rule import Rule from logprep.util.configuration import Configuration @@ -62,6 +63,7 @@ def _add_and_not_overwrite_key(sub_dict, key): def _add_one_field_to( event: dict, field: tuple, + rule: "Rule", extends_lists: bool = False, overwrite_target_field: bool = False, ) -> None: @@ -76,6 +78,8 @@ def _add_one_field_to( A key value pair describing the field that should be added. The key is the dotted subfield string indicating the target. The value is the content that should be added to the named target. The content can be of type str, float, int, list, dict. + rule: Rule + A rule that initiated the field addition, is used for proper error handling. extends_lists: bool Flag that determines whether target_field lists should be extended overwrite_target_field: bool @@ -101,13 +105,13 @@ def _add_one_field_to( try: target_parent = reduce(_add_and_not_overwrite_key, field_path) except KeyError as error: - raise FieldExistsWarning(event, [target_field]) from error + raise FieldExistsWarning(rule, event, [target_field]) from error existing_value = target_parent.get(target_key) if existing_value is None: target_parent[target_key] = content return if not extends_lists or not isinstance(existing_value, list): - raise FieldExistsWarning(event, [target_field]) + raise FieldExistsWarning(rule, event, [target_field]) if isinstance(content, list | set): target_parent[target_key].extend(content) else: @@ -138,7 +142,11 @@ def _add_one_field_to_silent_fail(*args, **kwargs) -> None | str: def add_field_to( - event: dict, fields: dict, extends_lists: bool = False, overwrite_target_field: bool = False + event: dict, + fields: dict, + rule: "Rule" = None, + extends_lists: bool = False, + overwrite_target_field: bool = False, ) -> None: """ Handles the batch addition operation while raising a FieldExistsWarning with all unsuccessful targets. @@ -150,6 +158,8 @@ def add_field_to( A dicht with key value pairs describing the fields that should be added. The key is the dotted subfield string indicating the target. The value is the content that should be added to the named target. The content can be of type: str, float, int, list, dict. + rule: Rule + A rule that initiated the field addition, is used for proper error handling. extends_lists: bool A boolean indicating whether to extend lists if the target field already exists. overwrite_target_field: bool @@ -163,18 +173,21 @@ def add_field_to( fields = {key: value for key, value in fields.items() if value is not None} number_fields = len(dict(fields)) if number_fields == 1: - _add_one_field_to(event, list(fields.items())[0], extends_lists, overwrite_target_field) + _add_one_field_to( + event, list(fields.items())[0], rule, extends_lists, overwrite_target_field + ) return unsuccessful_targets = map( _add_one_field_to_silent_fail, itertools.repeat(event, number_fields), fields.items(), + itertools.repeat(rule, number_fields), itertools.repeat(extends_lists, number_fields), itertools.repeat(overwrite_target_field, number_fields), ) unsuccessful_targets = [item for item in unsuccessful_targets if item is not None] if unsuccessful_targets: - raise FieldExistsWarning(event, unsuccessful_targets) + raise FieldExistsWarning(rule, event, unsuccessful_targets) def _get_slice_arg(slice_item): @@ -346,19 +359,19 @@ def snake_to_camel(snake: str) -> str: append_as_list = partial(add_field_to, extends_lists=True) -def add_and_overwrite(event, fields, *_): +def add_and_overwrite(event, fields, rule, *_): """wrapper for add_field_to""" - add_field_to(event, fields, overwrite_target_field=True) + add_field_to(event, fields, rule, overwrite_target_field=True) -def append(event, field, separator): +def append(event, field, separator, rule): """appends to event""" target_field, content = list(field.items())[0] target_value = get_dotted_field_value(event, target_field) if not isinstance(target_value, list): target_value = "" if target_value is None else target_value target_value = f"{target_value}{separator}{content}" - add_and_overwrite(event, fields={target_field: target_value}) + add_and_overwrite(event, fields={target_field: target_value}, rule=rule) else: append_as_list(event, field) diff --git a/tests/unit/exceptions/base.py b/tests/unit/exceptions/base.py index 3a658ad1f..72013e228 100644 --- a/tests/unit/exceptions/base.py +++ b/tests/unit/exceptions/base.py @@ -22,7 +22,7 @@ class ExceptionBaseTest: def setup_method(self): self.object = Rule._create_from_dict({"filter": "message", "rule": {}}) self.event = {"message": "test_event"} - self.exception_args = ("the error message", self.event, self.object) + self.exception_args = ("the error message", self.object, self.event) def test_error_message(self): with pytest.raises(self.exception, match=self.error_message): diff --git a/tests/unit/exceptions/test_processing_exceptions.py b/tests/unit/exceptions/test_processing_exceptions.py index 5d24244ef..52c8534b6 100644 --- a/tests/unit/exceptions/test_processing_exceptions.py +++ b/tests/unit/exceptions/test_processing_exceptions.py @@ -35,7 +35,7 @@ class TestFieldExistsWarning(ExceptionBaseTest): def setup_method(self): super().setup_method() - self.exception_args = (self.event, ["my_field"], self.object) + self.exception_args = (self.object, self.event, ["my_field"]) class TestProcessingCriticalError(ExceptionBaseTest): diff --git a/tests/unit/framework/test_pipeline.py b/tests/unit/framework/test_pipeline.py index 2c8f4b8f7..3dec94242 100644 --- a/tests/unit/framework/test_pipeline.py +++ b/tests/unit/framework/test_pipeline.py @@ -253,7 +253,7 @@ def test_processor_warning_error_is_logged_but_processing_continues(self, mock_w self.pipeline._setup() self.pipeline._input.get_next.return_value = {"message": "test"} mock_rule = mock.MagicMock() - processing_warning = ProcessingWarning("not so bad", {"message": "test"}, mock_rule) + processing_warning = ProcessingWarning("not so bad", mock_rule, {"message": "test"}) self.pipeline._pipeline[1].process.return_value = ProcessorResult( processor_name="mock_processor", warnings=[processing_warning] ) @@ -308,7 +308,7 @@ def test_processor_logs_processing_error_and_warnings_separately( mock_create({"mock_processor1": {"type": "mock_processor"}}), mock_create({"mock_processor2": {"type": "mock_processor"}}), ] - warning = FieldExistsWarning(input_event1, ["foo"], mock_rule) + warning = FieldExistsWarning(mock_rule, input_event1, ["foo"]) self.pipeline._pipeline[0].process.return_value = ProcessorResult( processor_name="", warnings=[warning] )