datajson: support for nested value key

With this patch, it is now possible to define the value to be used in the datajson set as a value in a chain of subobjects. For example, with the following JSON: { "info": { "threat": [ { "context": "gold old test", "year": 2005, "host": { "fqdn": "www.testmyids.com", "domain": "testmyids.com" } } ] } } it is possible to match on host.fqdn by doing: http.host; datajson:isset,nkbadhost,type string,load hosts-nested-key.json,key host,json_key host.fqdn, array_key info.threat `array_key info.threat` to access the inner array and then `json_key host.fqdn` to access the field inside.
OISF · Dec 24, 2024 · 4960bd7 · 4960bd7
1 parent d3b231d
commit 4960bd7
Showing 1 changed file with 62 additions and 17 deletions.
diff --git a/src/datajson.c b/src/datajson.c
@@ -329,20 +329,23 @@ static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key)
         fclose(fp);
     } else {
         json_t *json;
+        bool found = false;
 
         if (ParseJsonFile(set->load, &json, array_key) == -1)
             return -1;
 
         size_t index;
         json_t *value;
         json_array_foreach (json, index, value) {
-            json_t *key = json_object_get(value, json_key);
-
+            json_t *key = GetSubObjectByKey(value, json_key);
             if (key == NULL) {
-                FatalErrorOnInit("Can't find expected key in object");
+                /* ignore error as it can be a working mode where some entries
+                are not in the same format */
                 continue;
             }
 
+            found = true;
+
             const char *val = json_string_value(key);
 
             DataJsonType json = { .value = NULL, .len = 0 };
@@ -358,6 +361,12 @@ static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key)
             }
         }
         json_decref(json);
+
+        if (found == false) {
+            FatalErrorOnInit(
+                    "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+            return -1;
+        }
     }
     THashConsolidateMemcap(set->hash);
 
@@ -427,19 +436,23 @@ static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key)
         fclose(fp);
     } else {
         json_t *json;
+        bool found = false;
+
         if (ParseJsonFile(set->load, &json, array_key) == -1)
             return -1;
 
         size_t index;
         json_t *value;
         json_array_foreach (json, index, value) {
-            json_t *key = json_object_get(value, json_key);
-
+            json_t *key = GetSubObjectByKey(value, json_key);
             if (key == NULL) {
-                FatalErrorOnInit("Can't find expected key in object");
+                /* ignore error as it can be a working mode where some entries
+                are not in the same format */
                 continue;
             }
 
+            found = true;
+
             const char *hash_string = json_string_value(key);
             if (strlen(hash_string) != 32) {
                 FatalErrorOnInit("Not correct length for a hash");
@@ -465,6 +478,12 @@ static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key)
             }
         }
         json_decref(json);
+
+        if (found == false) {
+            FatalErrorOnInit(
+                    "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+            return -1;
+        }
     }
     THashConsolidateMemcap(set->hash);
 
@@ -529,20 +548,23 @@ static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key)
         fclose(fp);
     } else {
         json_t *json;
+        bool found = false;
 
         if (ParseJsonFile(set->load, &json, array_key) == -1)
             return -1;
 
         size_t index;
         json_t *value;
         json_array_foreach (json, index, value) {
-            json_t *key = json_object_get(value, json_key);
-
+            json_t *key = GetSubObjectByKey(value, json_key);
             if (key == NULL) {
-                FatalErrorOnInit("Can't find expected key in object");
+                /* ignore error as it can be a working mode where some entries
+                are not in the same format */
                 continue;
             }
 
+            found = true;
+
             const char *hash_string = json_string_value(key);
             if (strlen(hash_string) != 64) {
                 FatalErrorOnInit("Not correct length for a hash");
@@ -568,6 +590,12 @@ static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key)
             }
         }
         json_decref(json);
+
+        if (found == false) {
+            FatalErrorOnInit(
+                    "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+            return -1;
+        }
     }
     THashConsolidateMemcap(set->hash);
 
@@ -635,22 +663,24 @@ static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key)
         fclose(fp);
     } else {
         json_t *json;
+        bool found = false;
 
         if (ParseJsonFile(set->load, &json, array_key) == -1)
             return -1;
 
         size_t index;
         json_t *value;
         json_array_foreach (json, index, value) {
-            json_t *key = json_object_get(value, json_key);
-
+            json_t *key = GetSubObjectByKey(value, json_key);
             if (key == NULL) {
-                FatalErrorOnInit("Can't find expected key in object");
+                /* ignore error as it can be a working mode where some entries
+                are not in the same format */
                 continue;
             }
 
-            const char *ip_string = json_string_value(key);
+            found = true;
 
+            const char *ip_string = json_string_value(key);
             struct in_addr in;
             if (inet_pton(AF_INET, ip_string, &in) != 1) {
                 FatalErrorOnInit(
@@ -670,6 +700,12 @@ static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key)
             }
         }
         json_decref(json);
+
+        if (found == false) {
+            FatalErrorOnInit(
+                    "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+            return -1;
+        }
     }
     THashConsolidateMemcap(set->hash);
 
@@ -737,21 +773,24 @@ static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key)
         fclose(fp);
     } else {
         json_t *json;
+        bool found = false;
+
         if (ParseJsonFile(set->load, &json, array_key) == -1)
             return -1;
 
         size_t index;
         json_t *value;
         json_array_foreach (json, index, value) {
-            json_t *key = json_object_get(value, json_key);
-
+            json_t *key = GetSubObjectByKey(value, json_key);
             if (key == NULL) {
-                FatalErrorOnInit("Can't find expected key in object");
+                /* ignore error as it can be a working mode where some entries
+                are not in the same format */
                 continue;
             }
 
-            const char *ip_string = json_string_value(key);
+            found = true;
 
+            const char *ip_string = json_string_value(key);
             struct in6_addr in6;
             int ret = DatasetParseIpv6String(set, ip_string, &in6);
             if (ret < 0) {
@@ -771,6 +810,12 @@ static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key)
             }
         }
         json_decref(json);
+
+        if (found == false) {
+            FatalErrorOnInit(
+                    "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+            return -1;
+        }
     }
 
     THashConsolidateMemcap(set->hash);