Skip to content

Commit

Permalink
Preserve order when using JSON output (#242)
Browse files Browse the repository at this point in the history 
* Preserve order when using JSON

* fix tests

* Update remainder of tests
  • Loading branch information
@ac-rn
ac-rn authored Jul 3, 2024
1 parent c1666d6 commit 92c65a0
Show file tree
Hide file tree
Showing 12 changed files with 324 additions and 331 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ dialoguer = { version = "0.11", optional = true }
indoc = { version = "2", optional = true }

serde = "1"
serde_json = "1"
serde_json = { version = "1", features = ["preserve_order"]}

[target.'cfg(not(windows))'.dependencies]
# jemalloc is significantly more peformant than the system allocator.
Expand Down
4 changes: 2 additions & 2 deletions src/json_output.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,10 +536,10 @@ mod tests {
let s2 = r#"
{
"HTTPResponseHeadersInfo": {
"Header": "HTTP/1.1 200 OK",
"Header_attributes": {
"attribute1": "NoProxy"
}
},
"Header": "HTTP/1.1 200 OK"
}
}
"#
Expand Down
42 changes: 21 additions & 21 deletions tests/snapshots/test_record_samples__event_json_missing_string_cache_entry.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,34 @@ source: tests/test_record_samples.rs
expression: "&value"
---
{
"Event_attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
},
"Event": {
"EventData": null,
"System": {
"Channel": "Security",
"Computer": "37L4247F27-25",
"Correlation": null,
"EventID": 4608,
"EventRecordID": 1,
"Execution_attributes": {
"ProcessID": 456,
"ThreadID": 460
},
"Keywords": "0x8020000000000000",
"Level": 0,
"Opcode": 0,
"Provider_attributes": {
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D",
"Name": "Microsoft-Windows-Security-Auditing"
"Name": "Microsoft-Windows-Security-Auditing",
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D"
},
"Security": null,
"EventID": 4608,
"Version": 0,
"Level": 0,
"Task": 12288,
"Opcode": 0,
"Keywords": "0x8020000000000000",
"TimeCreated_attributes": {
"SystemTime": "2016-07-08T18:12:51.681640Z"
},
"Version": 0
}
},
"Event_attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
"EventRecordID": 1,
"Correlation": null,
"Execution_attributes": {
"ProcessID": 456,
"ThreadID": 460
},
"Channel": "Security",
"Computer": "37L4247F27-25",
"Security": null
},
"EventData": null
}
}
33 changes: 16 additions & 17 deletions tests/snapshots/test_record_samples__event_json_multiple_empty_data_nodes_not_ignored.snap
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,33 @@
---
source: tests/test_record_samples.rs
expression: "&value"

---
{
"Event_attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
},
"Event": {
"EventData": {
"Data": "Set-Mailbox-Identity \"Administrateur\" -DeliverToMailboxAndForward \"False\" -ForwardingSmtpAddress \"smtp:[email protected]\"ave.local/Users/AdministrateurS-1-5-21-186559946-3925841745-111227986-500S-1-5-21-186559946-3925841745-111227986-500Remote-ManagementShell-Unknown5668 w3wp#MSExchangePowerShellAppPool500:00:26.0389557Afficher la forêt entière : 'False', Portée par défaut : « ave.local », Configuration du contrôleur de domaine : « DC.ave.local », Catalogue global préféré : « DC.ave.local », Contrôleurs de domaine préférés : « { DC.ave.local } »False0 objects execution has been proxied to remote server.0ActivityId: a3591746-a27b-447a-b8be-ff54ae3a46f1ServicePlan:;IsAdmin:True;fr-FR"
},
"System": {
"Channel": "MSExchange Management",
"Computer": "WEC.ave.local",
"EventID": "1",
"Provider_attributes": {
"Name": "MSExchange CmdletLogs"
},
"EventID_attributes": {
"Qualifiers": "16384"
},
"EventRecordID": "3229",
"Keywords": "0x80000000000000",
"EventID": "1",
"Level": "4",
"Provider_attributes": {
"Name": "MSExchange CmdletLogs"
},
"Security": null,
"Task": "1",
"Keywords": "0x80000000000000",
"TimeCreated_attributes": {
"SystemTime": "2021-11-19T16:52:33.833733500Z"
}
},
"EventRecordID": "3229",
"Channel": "MSExchange Management",
"Computer": "WEC.ave.local",
"Security": null
},
"EventData": {
"Data": "Set-Mailbox-Identity \"Administrateur\" -DeliverToMailboxAndForward \"False\" -ForwardingSmtpAddress \"smtp:[email protected]\"ave.local/Users/AdministrateurS-1-5-21-186559946-3925841745-111227986-500S-1-5-21-186559946-3925841745-111227986-500Remote-ManagementShell-Unknown5668 w3wp#MSExchangePowerShellAppPool500:00:26.0389557Afficher la forêt entière : 'False', Portée par défaut : « ave.local », Configuration du contrôleur de domaine : « DC.ave.local », Catalogue global préféré : « DC.ave.local », Contrôleurs de domaine préférés : « { DC.ave.local } »False0 objects execution has been proxied to remote server.0ActivityId: a3591746-a27b-447a-b8be-ff54ae3a46f1ServicePlan:;IsAdmin:True;fr-FR"
}
},
"Event_attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
}
}
39 changes: 19 additions & 20 deletions tests/snapshots/test_record_samples__event_json_sample.snap
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,42 @@
---
source: tests/test_record_samples.rs
expression: "&value"

---
{
"Event": {
"#attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
},
"EventData": null,
"System": {
"Channel": "Security",
"Computer": "37L4247F27-25",
"Correlation": null,
"EventID": 4608,
"EventRecordID": 1,
"Execution": {
"Provider": {
"#attributes": {
"ProcessID": 456,
"ThreadID": 460
"Name": "Microsoft-Windows-Security-Auditing",
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D"
}
},
"Keywords": "0x8020000000000000",
"EventID": 4608,
"Version": 0,
"Level": 0,
"Task": 12288,
"Opcode": 0,
"Provider": {
"Keywords": "0x8020000000000000",
"TimeCreated": {
"#attributes": {
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D",
"Name": "Microsoft-Windows-Security-Auditing"
"SystemTime": "2016-07-08T18:12:51.681640Z"
}
},
"Security": null,
"Task": 12288,
"TimeCreated": {
"EventRecordID": 1,
"Correlation": null,
"Execution": {
"#attributes": {
"SystemTime": "2016-07-08T18:12:51.681640Z"
"ProcessID": 456,
"ThreadID": 460
}
},
"Version": 0
}
"Channel": "Security",
"Computer": "37L4247F27-25",
"Security": null
},
"EventData": null
}
}
69 changes: 34 additions & 35 deletions tests/snapshots/test_record_samples__event_json_sample_with_event_data.snap
View file
Original file line number Diff line number Diff line change
@@ -1,59 +1,58 @@
---
source: tests/test_record_samples.rs
expression: "&value"

---
{
"Event": {
"#attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
},
"EventData": {
"CommandLine": "",
"MandatoryLabel": "S-1-16-16384",
"NewProcessId": "0x58",
"NewProcessName": "Registry",
"ParentProcessName": "",
"ProcessId": "0x4",
"SubjectDomainName": "-",
"SubjectLogonId": "0x3e7",
"SubjectUserName": "-",
"SubjectUserSid": "S-1-5-18",
"TargetDomainName": "-",
"TargetLogonId": "0x0",
"TargetUserName": "-",
"TargetUserSid": "S-1-0-0",
"TokenElevationType": "%%1936"
},
"System": {
"Channel": "Security",
"Computer": "WIN-LL0C19JS506",
"Correlation": null,
"EventID": 4688,
"EventRecordID": 1,
"Execution": {
"Provider": {
"#attributes": {
"ProcessID": 4,
"ThreadID": 32
"Name": "Microsoft-Windows-Security-Auditing",
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D"
}
},
"Keywords": "0x8020000000000000",
"EventID": 4688,
"Version": 2,
"Level": 0,
"Task": 13312,
"Opcode": 0,
"Provider": {
"Keywords": "0x8020000000000000",
"TimeCreated": {
"#attributes": {
"Guid": "54849625-5478-4994-A5BA-3E3B0328C30D",
"Name": "Microsoft-Windows-Security-Auditing"
"SystemTime": "2018-07-28T07:24:45.754787Z"
}
},
"Security": null,
"Task": 13312,
"TimeCreated": {
"EventRecordID": 1,
"Correlation": null,
"Execution": {
"#attributes": {
"SystemTime": "2018-07-28T07:24:45.754787Z"
"ProcessID": 4,
"ThreadID": 32
}
},
"Version": 2
"Channel": "Security",
"Computer": "WIN-LL0C19JS506",
"Security": null
},
"EventData": {
"SubjectUserSid": "S-1-5-18",
"SubjectUserName": "-",
"SubjectDomainName": "-",
"SubjectLogonId": "0x3e7",
"NewProcessId": "0x58",
"NewProcessName": "Registry",
"TokenElevationType": "%%1936",
"ProcessId": "0x4",
"CommandLine": "",
"TargetUserSid": "S-1-0-0",
"TargetUserName": "-",
"TargetDomainName": "-",
"TargetLogonId": "0x0",
"ParentProcessName": "",
"MandatoryLabel": "S-1-16-16384"
}
}
}
47 changes: 23 additions & 24 deletions ...hots/test_record_samples__event_json_sample_with_event_data_with_attributes_and_text.snap
View file
Original file line number Diff line number Diff line change
@@ -1,49 +1,48 @@
---
source: tests/test_record_samples.rs
assertion_line: 92
expression: "&value"
---
{
"Event": {
"#attributes": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
},
"EventData": {
"Binary": null,
"Data": {
"#text": [
"10.00.",
"15063",
"",
"Multiprocessor Free",
"0"
]
}
},
"System": {
"Channel": "System",
"Computer": "WIN-P4SIAA0SQCO",
"Provider": {
"#attributes": {
"Name": "EventLog"
}
},
"EventID": {
"#attributes": {
"Qualifiers": 32768
},
"#text": 6009
},
"EventRecordID": 1,
"Keywords": "0x80000000000000",
"Level": 4,
"Provider": {
"#attributes": {
"Name": "EventLog"
}
},
"Security": null,
"Task": 0,
"Keywords": "0x80000000000000",
"TimeCreated": {
"#attributes": {
"SystemTime": "2017-07-12T17:16:28.214161Z"
}
}
},
"EventRecordID": 1,
"Channel": "System",
"Computer": "WIN-P4SIAA0SQCO",
"Security": null
},
"EventData": {
"Data": {
"#text": [
"10.00.",
"15063",
"",
"Multiprocessor Free",
"0"
]
},
"Binary": null
}
}
}
Loading

0 comments on commit 92c65a0

Please sign in to comment.