From: Aleksander Zdyb <a.zdyb@samsung.com>
Date: Fri, 22 May 2015 10:20:46 +0000 (+0200)
Subject: Implement Audit::Parser
X-Git-Tag: submit/tizen/20161014.065203~25
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F28%2F43728%2F1;p=platform%2Fcore%2Fsecurity%2Fnice-lad.git

Implement Audit::Parser

It aggregates audit records. Invokes a callback, when full event
is collected.

Change-Id: I5bc1b526d88dc3b42c70965c3be38e25dab5401d
---

diff --git a/src/Audit/Parser.cpp b/src/Audit/Parser.cpp
new file mode 100644
index 0000000..ea8bb6e
--- /dev/null
+++ b/src/Audit/Parser.cpp
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+/**
+ * @file        src/Audit/Parser.cpp
+ * @author      Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version     1.0
+ */
+
+#include <Log/log.h>
+
+#include "ErrorException.h"
+#include "Parser.h"
+
+namespace Audit {
+
+    Parser::Parser(BaseAuparseWrapper &auparseApi) : m_auparseApi(auparseApi) {
+        auparseApi.auparse_add_callback(this);
+    }
+
+    // TODO: Consider throwing instead of silently continuing on errors
+    void Parser::handleEvent() {
+        Event event;
+
+        auto hasRecords = m_auparseApi.auparse_first_record();
+        while (hasRecords == 1) {
+            Record rec;
+
+            auto hasFields = m_auparseApi.auparse_first_field();
+            while (hasFields == 1) {
+                const auto fieldName = m_auparseApi.auparse_get_field_name();
+                const auto fieldValue = m_auparseApi.auparse_interpret_field();
+                if (fieldName && fieldValue)
+                    rec.emplace(fieldName, fieldValue);
+                hasFields = m_auparseApi.auparse_next_field();
+            }
+
+            hasRecords = m_auparseApi.auparse_next_record();
+            event.push_back(std::move(rec));
+        }
+        this->onEvent(event);
+    }
+
+    void Parser::feed(const char *data, std::size_t size) {
+        const auto ret = m_auparseApi.auparse_feed(data, size);
+        if (ret != 0)
+            throw ErrorException("Could not feed parser -- auparse_feed() failed");
+    }
+
+    void Parser::flush() {
+        const auto ret = m_auparseApi.auparse_flush_feed();
+        if (ret != 0)
+            throw ErrorException("Could not flush parser -- auparse_flush_feed() failed");
+    }
+
+} /* namespace Audit */
diff --git a/src/Audit/Parser.h b/src/Audit/Parser.h
new file mode 100644
index 0000000..88e3d56
--- /dev/null
+++ b/src/Audit/Parser.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+/**
+ * @file        src/Audit/Parser.h
+ * @author      Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version     1.0
+ */
+
+#ifndef SRC_AUDIT_PARSER_H
+#define SRC_AUDIT_PARSER_H
+
+#include <cstdint>
+#include <list>
+#include <string>
+#include <unordered_map>
+
+#include <boost/signals2.hpp>
+
+#include "BaseAuparseWrapper.h"
+#include "EventHandler.h"
+
+namespace Audit {
+
+class Parser : public EventHandler {
+public:
+    typedef std::unordered_map<std::string, std::string> Record;
+    typedef std::list<Record> Event;
+    Parser(BaseAuparseWrapper &auparseApi);
+    virtual ~Parser() = default;
+
+    void feed(const char *data, std::size_t size);
+    void flush();
+    void handleEvent();
+
+    // TODO: Consider using std::function as member, if the application stays single-threaded
+    boost::signals2::signal<void(const Event &)> onEvent;
+
+private:
+    BaseAuparseWrapper &m_auparseApi;
+};
+
+} /* namespace Audit */
+
+
+#endif /* SRC_AUDIT_PARSER_H */