/** * This method is invoked when the builtin is called in a rule body. * * @param args the array of argument values for the builtin, this is an array of Nodes, some of * which may be Node_RuleVariables. * @param length the length of the argument list, may be less than the length of the args array * for some rule engines * @param context an execution context giving access to other relevant data * @return return true if the buildin predicate is deemed to have succeeded in the current * environment */ public boolean bodyCall(Node[] args, int length, RuleContext context) { if (length != 3) { throw new BuiltinException( this, context, "builtin " + getName() + " requires 3 arguments but saw " + length); } Node obj = getArg(2, args, context); Node subj = getArg(0, args, context); // Allow variables in subject position to correspond to a wild card if (subj.isVariable()) { subj = null; } // Allow variables in the predicate position to correspond to a wild card Node pred = getArg(1, args, context); if (pred.isVariable()) { pred = null; } boolean bContainsObj = context.contains(subj, pred, obj); if (!bContainsObj) { return false; } // does it contain anything else? ClosableIterator<Triple> citr = context.find((Node) null, pred, obj); boolean otherSubject = false; while (citr.hasNext()) { Object o = citr.next(); Node tmpSubj = ((Triple) o).getSubject(); if (!tmpSubj.equals(subj)) { otherSubject = true; break; } } citr.close(); return !otherSubject; }
/** * This method is invoked when the builtin is called in a rule body. * * @param args the array of argument values for the builtin, this is an array of Nodes, some of * which may be Node_RuleVariables. * @param length the length of the argument list, may be less than the length of the args array * for some rule engines * @param context an execution context giving access to other relevant data * @return return true if the buildin predicate is deemed to have succeeded in the current * environment */ public boolean bodyCall(Node[] args, int length, RuleContext context) { checkArgs(length, context); BindingEnvironment env = context.getEnv(); Node n1 = getArg(0, args, context); Node n2 = getArg(1, args, context); if (n1.isLiteral() && n2.isLiteral()) { Object v1 = n1.getLiteralValue(); Object v2 = n2.getLiteralValue(); Node sum = null; if (v1 instanceof Number && v2 instanceof Number) { Number nv1 = (Number) v1; Number nv2 = (Number) v2; if (v1 instanceof Float || v1 instanceof Double || v2 instanceof Float || v2 instanceof Double) { sum = Util.makeDoubleNode(nv1.doubleValue() - nv2.doubleValue()); } else { sum = Util.makeLongNode(nv1.longValue() - nv2.longValue()); } return env.bind(args[2], sum); } } // Doesn't (yet) handle partially bound cases return false; }
/** * This method is invoked when the builtin is called in a rule body. * * @param args the array of argument values for the builtin, this is an array of Nodes, some of * which may be Node_RuleVariables. * @param length the length of the argument list, may be less than the length of the args array * for some rule engines * @param context an execution context giving access to other relevant data * @return return true if the buildin predicate is deemed to have succeeded in the current * environment */ @Override public boolean bodyCall(Node[] args, int length, RuleContext context) { if (length < 2) throw new BuiltinException(this, context, "Must have at least 2 arguments to " + getName()); String text = getString(getArg(0, args, context), context); String pattern = getString(getArg(1, args, context), context); Matcher m = Pattern.compile(pattern).matcher(text); if (!m.matches()) return false; if (length > 2) { // bind any capture groups BindingEnvironment env = context.getEnv(); for (int i = 0; i < Math.min(length - 2, m.groupCount()); i++) { String gm = m.group(i + 1); Node match = (gm != null) ? Node.createLiteral(gm) : Node.createLiteral(""); if (!env.bind(args[i + 2], match)) return false; } } return true; }
/** * This method is invoked when the builtin is called in a rule body. * * @param args the array of argument values for the builtin, this is an array of Nodes, some of * which may be Node_RuleVariables. * @param length the length of the argument list, may be less than the length of the args array * for some rule engines * @param context an execution context giving access to other relevant data * @return return true if the buildin predicate is deemed to have succeeded in the current * environment */ @SuppressWarnings("unused") public boolean bodyCall(Node[] args, int length, RuleContext context) { checkArgs(length, context); BindingEnvironment env = context.getEnv(); Object maxVal = null; Node min = null; boolean allLongs = true; if (length >= 3) { for (int i = 0; i < length; i++) { Node n1 = getArg(i, args, context); if (n1.isLiteral()) { Object v1 = n1.getLiteralValue(); if (v1 instanceof Number) { Number nv1 = (Number) v1; if (maxVal == null) { maxVal = nv1; } else { if (v1 instanceof Float || v1 instanceof Double) { double pwd = nv1.doubleValue(); if (pwd > ((Number) maxVal).doubleValue()) { maxVal = nv1; } allLongs = false; } else if (v1 instanceof Integer || v1 instanceof Long) { long pwd = nv1.longValue(); if (pwd > ((Number) maxVal).doubleValue()) { maxVal = nv1; } } } } else if (v1 instanceof XSDDateTime) { if (maxVal == null) { maxVal = v1; } else if (maxVal instanceof XSDDateTime) { if (((XSDDateTime) maxVal).compareTo((XSDDateTime) v1) < 0) { maxVal = v1; } } else { throw new BuiltinException( this, context, "Can't compare datetime (" + v1.toString() + ") with non-datetime value (" + maxVal.toString() + ")"); } } else { return false; } } } // end for } else { Node n1 = getArg(0, args, context); if (n1 == null || n1.equals(RDF.Nodes.nil)) { return false; } else { maxVal = maxOfList(n1, context); } } if (maxVal == null) { return false; } if (maxVal instanceof Float) { min = Utils.makeFloatNode(((Number) maxVal).floatValue()); } else if (maxVal instanceof Double) { min = Util.makeDoubleNode(((Number) maxVal).doubleValue()); } else if (maxVal instanceof XSDDateTime) { min = Utils.makeXSDDateTimeNode((XSDDateTime) maxVal); } else if (maxVal instanceof Integer) { min = Util.makeIntNode(((Number) maxVal).intValue()); } else { min = Util.makeLongNode(((Number) maxVal).longValue()); } return env.bind(args[length - 1], min); }
@Override public void headAction(Node[] args, int length, RuleContext context) { checkArgs(length, context); Node n0 = getArg(0, args, context); Node n1 = getArg(1, args, context); Node n2 = getArg(2, args, context); logger.fine("BLACKLIST in head action " + n0 + " " + n1 + " " + n2); SolrDocumentList docs = SolrUtil.getDocsbySPO(null, IDS.hasSourceDeviceId.toString(), n2.toString(), 4, true); logger.fine(" docs are " + docs); int countIncidents = 0; for (int k = 0; k < docs.size(); k++) { SolrDocument doc = docs.get(k); logger.fine(" doc received is " + doc); String subject = (String) doc.getFieldValue("subject_t"); SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1); logger.fine(" docs2 are " + docs2); Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t")); logger.info("TIMESTAMP: " + timeStamp.getTime()); Calendar oldNow = Util.getNowPlus(-86400000); logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow)); if (timeStamp.compareTo(oldNow) > 0) { countIncidents = countIncidents + 1; logger.fine("CountIncidents: " + countIncidents); } } SolrDocumentList docs2 = SolrUtil.getDocsbySPO( null, IDS.isAttackedByID.toString(), n2.toString(), SolrUtil.MAX_DOCS, true); if (docs2.size() <= 0) { if (countIncidents == 4) { Node sub = NodeFactory.createURI(IDS.Attack.getURI() + UUID.randomUUID()); Node pred1 = NodeFactory.createURI(IDS.hasStatus.getURI()); Node obj1 = NodeFactory.createLiteral("Multiple ID Attempt Attack"); context.add(new Triple(sub, pred1, obj1)); logger.fine("added n-triple: " + sub + "," + pred1 + "," + obj1); Node pred2 = NodeFactory.createURI(IDS.isAttackedByID.getURI()); context.add(new Triple(sub, pred2, n2)); logger.fine("added n-triple: " + sub + "," + pred2 + "," + n2); SolrDocument doc = docs.get(0); Date timeStamp = (Date) doc.getFieldValue("timestamp"); Calendar cal = Calendar.getInstance(); cal.setTime(timeStamp); String aTimeStart = Util.calendarToISO8601String(cal); Node obj2 = NodeFactory.createLiteral(aTimeStart); Node pred3 = NodeFactory.createURI(IDS.attackStartTime.getURI()); context.add(new Triple(sub, pred3, obj2)); logger.fine("added n-triple: " + sub + "," + pred3 + "," + obj2); SolrDocument doc2 = docs.get(docs.size() - 1); Date timeStamp2 = (Date) doc.getFieldValue("timestamp"); Calendar cal2 = Calendar.getInstance(); cal2.setTime(timeStamp2); String aTimeStart2 = Util.calendarToISO8601String(cal2); Node obj3 = NodeFactory.createLiteral(aTimeStart2); Node pred4 = NodeFactory.createURI(IDS.attackEndTime.getURI()); context.add(new Triple(sub, pred4, obj3)); logger.fine("added n-triple: " + sub + "," + pred4 + "," + obj3); } } }
/** * This method is invoked when the builtin is called in a rule body. * * @param args the array of argument values for the builtin, this is an array of Nodes, some of * which may be Node_RuleVariables. * @param length the length of the argument list, may be less than the length of the args array * for some rule engines * @param context an execution context giving access to other relevant data * @return return true if the buildin predicate is deemed to have succeeded in the current * environment */ @Override public boolean bodyCall(Node[] args, int length, RuleContext context) { if (length != 3) { throw new BuiltinException( this, context, "builtin " + getName() + " requires 3 arguments but saw " + length); } BindingEnvironment env = context.getEnv(); Node subj = getArg(0, args, context); Node pred = getArg(1, args, context); Node obj = getArg(2, args, context); logger.fine("BLACKLIST Body Call subject is " + subj + " pred is " + pred + " obj is " + obj); checkArgs(length, context); Node n0 = getArg(0, args, context); Node n1 = getArg(1, args, context); Node n2 = getArg(2, args, context); logger.fine( "BLACKLIST in Body Call " + n0 + " " + n1.getLiteralValue() + " " + n2.getLiteralValue()); int numberToGet = (Integer) n1.getLiteralValue(); int hoursSince = (Integer) n2.getLiteralValue(); logger.fine(" BLACKLIST numberToGet = " + numberToGet + " hours since = " + hoursSince); // String deviceId = (String) n0.getLiteralValue(); String SourceIP = (String) n0.getLiteralValue(); // logger.fine(" deviceId = " + deviceId); logger.fine(" SourceIP = " + SourceIP); SolrDocumentList docs = SolrUtil.getDocsbySPO(null, IDS.hasSourceIP.toString(), SourceIP, numberToGet, true); logger.fine(" docs are " + docs); if (docs.size() >= numberToGet) { int countIncidents = 0; Calendar oldNow = Util.getNowPlus(-1 * ((hoursSince * 60) * 60 * 1000)); logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow)); for (int k = 0; k < docs.size(); k++) { SolrDocument doc = docs.get(k); logger.fine(" doc received is " + doc); String subject = (String) doc.getFieldValue("subject_t"); SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1); logger.fine(" docs2 are " + docs2); Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t")); logger.info("TIMESTAMP: " + timeStamp.getTime()); if (timeStamp.compareTo(oldNow) > 0) { countIncidents = countIncidents + 1; logger.fine("CountIncidents: " + countIncidents); } } logger.fine(" countIncidents = " + countIncidents + " number to get = " + numberToGet); if (countIncidents >= numberToGet) { logger.fine(" returning TRUE"); return true; } } else { return false; } return false; }