Properly implement in the package methods

pcktdmp · Sep 22, 2024 · ab18e1a · ab18e1a
1 parent d31577a
commit ab18e1a
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -57,9 +57,11 @@ func main() {
 	if err != nil {
 		fmt.Println("Need to handle this.")
 	}
-    // if you want parse a CEF event from a line
+
+    // if you want read a CEF event from a line
     eventLine := "CEF:0|Cool Vendor|Cool Product|1.0|COOL_THING|Something cool happened.|Unknown|src=127.0.0.1"
-    eventFromLine := cefevent.Parse(eventLine)
+	newEvent := cefevent.CefEvent{}
+    newEvent.Read(eventLine)
 
 }
 ```

diff --git a/cefevent/cefevent.go b/cefevent/cefevent.go
@@ -14,8 +14,7 @@ import (
 type CefEventer interface {
 	Generate() (string, error)
 	Validate() bool
-	// TODO: implement read feature for just Parsed() events.
-	//Read() (CefEvent, error)
+	Read(line string) (CefEvent, error)
 	Log() (bool, error)
 }
 
@@ -147,9 +146,9 @@ func (event CefEvent) Generate() (string, error) {
 	return eventCef, nil
 }
 
-func Parse(eventLine string) (CefEvent, error) {
-	if strings.HasPrefix(string(eventLine), "CEF:") {
-		eventSlashed := strings.Split(strings.TrimPrefix(string(eventLine), "CEF:"), "|")
+func (event CefEvent) Read(eventLine string) (CefEvent, error) {
+	if strings.HasPrefix(eventLine, "CEF:") {
+		eventSlashed := strings.Split(strings.TrimPrefix(eventLine, "CEF:"), "|")
 
 		// convert CEF version to int
 		cefVersion, err := strconv.Atoi(eventSlashed[0])
@@ -181,6 +180,11 @@ func Parse(eventLine string) (CefEvent, error) {
 			Severity:           eventSlashed[6],
 			Extensions:         parsedExtensions,
 		}
+
+		if !CefEventer.Validate(&eventParsed) {
+			return CefEvent{}, errors.New("not all mandatory CEF fields are set")
+		}
+
 		return eventParsed, nil
 	}
 	return CefEvent{}, errors.New("not a valid CEF message")

diff --git a/cefevent_test.go b/cefevent_test.go
@@ -35,8 +35,21 @@ func TestCefEventExpected(t *testing.T) {
 
 func TestCefEventParsed(t *testing.T) {
 
+	newEvent := cefevent.CefEvent{}
 	want := event
-	got, _ := cefevent.Parse(eventLine)
+	got, _ := newEvent.Read(eventLine)
+
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("Parse() = %v, want %v", got, want)
+	}
+}
+
+func TestCefEventParsedAndGenerated(t *testing.T) {
+
+	newEvent := cefevent.CefEvent{}
+	want := eventLine
+	parsedEvent, _ := newEvent.Read(eventLine)
+	got, _ := parsedEvent.Generate()
 
 	if !reflect.DeepEqual(want, got) {
 		t.Errorf("Parse() = %v, want %v", got, want)
@@ -45,7 +58,9 @@ func TestCefEventParsed(t *testing.T) {
 
 func TestCefEventParsedFail(t *testing.T) {
 
-	got, err := cefevent.Parse("This should definitely fail.")
+	newEvent := cefevent.CefEvent{}
+
+	got, err := newEvent.Read("This should definitely fail.")
 
 	if err == nil {
 		t.Errorf("Parse() = %v, want %v", err, got)