@Override
public void headAction(Node[] args, int length, RuleContext context) {
checkArgs(length, context);
Node n0 = getArg(0, args, context);
Node n1 = getArg(1, args, context);
Node n2 = getArg(2, args, context);
logger.fine("BLACKLIST in head action " + n0 + " " + n1 + " " + n2);
SolrDocumentList docs =
SolrUtil.getDocsbySPO(null, IDS.hasSourceDeviceId.toString(), n2.toString(), 4, true);
logger.fine(" docs are " + docs);
int countIncidents = 0;
for (int k = 0; k < docs.size(); k++) {
SolrDocument doc = docs.get(k);
logger.fine(" doc received is " + doc);
String subject = (String) doc.getFieldValue("subject_t");
SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1);
logger.fine(" docs2 are " + docs2);
Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t"));
logger.info("TIMESTAMP: " + timeStamp.getTime());
Calendar oldNow = Util.getNowPlus(-86400000);
logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow));
if (timeStamp.compareTo(oldNow) > 0) {
countIncidents = countIncidents + 1;
logger.fine("CountIncidents: " + countIncidents);
}
}
SolrDocumentList docs2 =
SolrUtil.getDocsbySPO(
null, IDS.isAttackedByID.toString(), n2.toString(), SolrUtil.MAX_DOCS, true);
if (docs2.size() <= 0) {
if (countIncidents == 4) {
Node sub = NodeFactory.createURI(IDS.Attack.getURI() + UUID.randomUUID());
Node pred1 = NodeFactory.createURI(IDS.hasStatus.getURI());
Node obj1 = NodeFactory.createLiteral("Multiple ID Attempt Attack");
context.add(new Triple(sub, pred1, obj1));
logger.fine("added n-triple: " + sub + "," + pred1 + "," + obj1);
Node pred2 = NodeFactory.createURI(IDS.isAttackedByID.getURI());
context.add(new Triple(sub, pred2, n2));
logger.fine("added n-triple: " + sub + "," + pred2 + "," + n2);
SolrDocument doc = docs.get(0);
Date timeStamp = (Date) doc.getFieldValue("timestamp");
Calendar cal = Calendar.getInstance();
cal.setTime(timeStamp);
String aTimeStart = Util.calendarToISO8601String(cal);
Node obj2 = NodeFactory.createLiteral(aTimeStart);
Node pred3 = NodeFactory.createURI(IDS.attackStartTime.getURI());
context.add(new Triple(sub, pred3, obj2));
logger.fine("added n-triple: " + sub + "," + pred3 + "," + obj2);
SolrDocument doc2 = docs.get(docs.size() - 1);
Date timeStamp2 = (Date) doc.getFieldValue("timestamp");
Calendar cal2 = Calendar.getInstance();
cal2.setTime(timeStamp2);
String aTimeStart2 = Util.calendarToISO8601String(cal2);
Node obj3 = NodeFactory.createLiteral(aTimeStart2);
Node pred4 = NodeFactory.createURI(IDS.attackEndTime.getURI());
context.add(new Triple(sub, pred4, obj3));
logger.fine("added n-triple: " + sub + "," + pred4 + "," + obj3);
}
}
}
/**
* This method is invoked when the builtin is called in a rule body.
*
* @param args the array of argument values for the builtin, this is an array of Nodes, some of
* which may be Node_RuleVariables.
* @param length the length of the argument list, may be less than the length of the args array
* for some rule engines
* @param context an execution context giving access to other relevant data
* @return return true if the buildin predicate is deemed to have succeeded in the current
* environment
*/
@Override
public boolean bodyCall(Node[] args, int length, RuleContext context) {
if (length != 3) {
throw new BuiltinException(
this, context, "builtin " + getName() + " requires 3 arguments but saw " + length);
}
BindingEnvironment env = context.getEnv();
Node subj = getArg(0, args, context);
Node pred = getArg(1, args, context);
Node obj = getArg(2, args, context);
logger.fine("BLACKLIST Body Call subject is " + subj + " pred is " + pred + " obj is " + obj);
checkArgs(length, context);
Node n0 = getArg(0, args, context);
Node n1 = getArg(1, args, context);
Node n2 = getArg(2, args, context);
logger.fine(
"BLACKLIST in Body Call " + n0 + " " + n1.getLiteralValue() + " " + n2.getLiteralValue());
int numberToGet = (Integer) n1.getLiteralValue();
int hoursSince = (Integer) n2.getLiteralValue();
logger.fine(" BLACKLIST numberToGet = " + numberToGet + " hours since = " + hoursSince);
// String deviceId = (String) n0.getLiteralValue();
String SourceIP = (String) n0.getLiteralValue();
// logger.fine(" deviceId = " + deviceId);
logger.fine(" SourceIP = " + SourceIP);
SolrDocumentList docs =
SolrUtil.getDocsbySPO(null, IDS.hasSourceIP.toString(), SourceIP, numberToGet, true);
logger.fine(" docs are " + docs);
if (docs.size() >= numberToGet) {
int countIncidents = 0;
Calendar oldNow = Util.getNowPlus(-1 * ((hoursSince * 60) * 60 * 1000));
logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow));
for (int k = 0; k < docs.size(); k++) {
SolrDocument doc = docs.get(k);
logger.fine(" doc received is " + doc);
String subject = (String) doc.getFieldValue("subject_t");
SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1);
logger.fine(" docs2 are " + docs2);
Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t"));
logger.info("TIMESTAMP: " + timeStamp.getTime());
if (timeStamp.compareTo(oldNow) > 0) {
countIncidents = countIncidents + 1;
logger.fine("CountIncidents: " + countIncidents);
}
}
logger.fine(" countIncidents = " + countIncidents + " number to get = " + numberToGet);
if (countIncidents >= numberToGet) {
logger.fine(" returning TRUE");
return true;
}
} else {
return false;
}
return false;
}