private static object AdaptLocalTime(ValueAdapterContext context, object currentValue)
{
var val = context.Value.ToString();
var pos = val.IndexOfAny(new[] { '-', '+' });
if (pos != -1)
{
var pos2 = val.IndexOfAny(new[] { '-', ' ' }, pos + 1);
if (pos2 == -1)
{
context.AddCustomField("OS.Localization", "LocalDateTime.TimeZone", val.Substring(pos));
}
}
DateTime time;
if (WmiDateConverter.TryParse(context.Value.ToString(), out time))
{
context.AddCustomField("OS.Localization", "LocalDateTime.Hour", time.Hour.ToString());
context.AddCustomField("OS.Localization", "LocalDateTime.Minute", time.Minute.ToString());
context.AddCustomField("OS.Localization", "LocalDateTime.DayOfWeek", time.DayOfWeek.ToString());
context.AddCustomField("OS.Localization", "LocalDateTime.DayOfYear", time.DayOfYear);
}
context.IgnoreProperty = true;
return(currentValue);
}
/// <summary>
/// Adapt the value specified in the context
/// </summary>
/// <param name="context">Context information</param>
/// <param name="currentValue">Value which might have been adapted</param>
/// <returns>The new value (or same as the current value if no modification has been made)</returns>
public object Adapt(ValueAdapterContext context, object currentValue)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (context.ContextName != "HttpHeaders" || context.PropertyName != "User-Agent" || context.Value == null)
{
return(currentValue);
}
var uaParser = Parser.GetDefault();
var c = uaParser.Parse(context.Value.ToString());
context.AddCustomField("UserAgent.Family", c.UserAgent.Family);
context.AddCustomField("UserAgent.Version",
string.Format("{0} v{1}.{2}", c.UserAgent.Family, c.UserAgent.Major, c.UserAgent.Minor));
context.AddCustomField("UserInfo", "DeviceType", c.Device.Family);
context.AddCustomField("UserInfo", "IsWebSpider", c.Device.IsSpider);
context.AddCustomField("UserInfo", "OS.Family", c.OS.Family);
context.AddCustomField("UserInfo", "OS.Version", c.OS.Major + "." + c.OS.Minor);
context.AddCustomField("UserInfo", "OS.VersionPatch", c.OS.Patch + "." + c.OS.PatchMinor);
context.IgnoreProperty = true;
return(currentValue);
}
/// <summary>
/// Adapt the value specified in the context
/// </summary>
/// <param name="context">Context information</param>
/// <param name="currentValue">Value which might have been adapted</param>
/// <returns>The new value (or same as the current value if no modification has been made)</returns>
public object Adapt(ValueAdapterContext context, object currentValue)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (currentValue == null || context.ContextName != "ApplicationInfo")
{
return(currentValue);
}
if (context.PropertyName == "MainModule")
{
if (currentValue.ToString().StartsWith("System.Diagnostics.ProcessModule"))
{
return(currentValue.ToString()
.Substring("System.Diagnostics.ProcessModule".Length)
.Trim(' ', '(', ')'));
}
}
if (MemoryProperties.Any(x => x.Equals(context.PropertyName, StringComparison.OrdinalIgnoreCase)))
{
var value = 0;
if (!int.TryParse(currentValue.ToString(), out value))
{
return(currentValue);
}
value = value / 1000000;
return(MemoryNormalizer.Divide(value, context.TypeOfApplication == "Mobile" ? 32 : 512));
}
if (context.PropertyName == "ThreadCount")
{
return(NumberNormalizer.Normalize(currentValue.ToString(), 10, 50));
}
if (context.PropertyName == "HandleCount")
{
return(NumberNormalizer.Normalize(currentValue.ToString(), 100, 5000));
}
if (context.PropertyName == "StartTime")
{
DateTime dt;
if (!DateTime.TryParse(currentValue.ToString(), out dt))
{
return(currentValue);
}
context.IgnoreProperty = true;
context.AddCustomField("ApplicationInfo", "StartTime.Hour", dt.Hour);
context.AddCustomField("ApplicationInfo", "StartTime.DayOfWeek", dt.DayOfWeek.ToString());
}
context.IgnoreProperty = true;
return(currentValue);
}
public object Adapt(ValueAdapterContext context, object currentValue)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (context.ContextName != "ApplicationInfo")
{
return(currentValue);
}
if (!Fields.Contains(context.PropertyName, EqualityComparer <string> .Default))
{
return(currentValue);
}
var timeSpan = TimeSpan.Parse(context.Value.ToString());
if (timeSpan < TimeSpan.FromMinutes(1))
{
return("under one minute");
}
if (timeSpan < TimeSpan.FromMinutes(30))
{
return("between 1 and 30 minutes");
}
if (timeSpan < TimeSpan.FromHours(1))
{
return("between 30 minutes and an hour");
}
if (timeSpan < TimeSpan.FromDays(1))
{
return("between an hour and a day");
}
if (timeSpan < TimeSpan.FromDays(30))
{
return("up to a month");
}
if (timeSpan < TimeSpan.FromDays(90))
{
return("between one and three months");
}
if (timeSpan > TimeSpan.FromDays(365 / 2))
{
return("between three and six months");
}
if (timeSpan > TimeSpan.FromDays(365 / 2))
{
return("between 6 months and a year");
}
return("up to " + (int)timeSpan.TotalDays / 365 + " years");
}
private static object AdaptInstallDate(ValueAdapterContext context, object currentValue)
{
DateTime time;
if (WmiDateConverter.TryParse(context.Value.ToString(), out time))
{
context.AddCustomField("OS.Environment", "InstallDate.Year", time.Year.ToString());
context.AddCustomField("OS.Environment", "InstallDate.YearMonth", time.ToString("yyyy-MM"));
}
context.IgnoreProperty = true;
return(currentValue);
}
public object Adapt(ValueAdapterContext context, object currentValue)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (!context.ContextName.Equals("ExceptionProperties", StringComparison.OrdinalIgnoreCase))
{
return(currentValue);
}
if (IgnoredProperties.Any(x => x.Equals(context.PropertyName, StringComparison.OrdinalIgnoreCase)))
{
context.IgnoreProperty = true;
return(currentValue);
}
return(currentValue);
}
public object Adapt(ValueAdapterContext context, object currentValue)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
var val = currentValue as string;
if (string.IsNullOrEmpty(val))
{
return(currentValue);
}
if (!context.ContextName.Equals("OperatingSystem", StringComparison.OrdinalIgnoreCase))
{
return(currentValue);
}
context.IgnoreProperty = true;
if (context.PropertyName.Equals("OperatingSystemSKU", StringComparison.OrdinalIgnoreCase))
{
var name = OperatingSystemSku.GetName(currentValue.ToString()) ?? currentValue;
context.AddCustomField("OS.Metadata", "Edition", name);
}
if (context.PropertyName.Equals("CSDVersion", StringComparison.OrdinalIgnoreCase))
{
context.AddCustomField("OS.Metadata", "ServicePack", currentValue.ToString());
return(currentValue);
}
if (context.PropertyName.Equals("OSProductSuite", StringComparison.OrdinalIgnoreCase))
{
var value = OsProductSuite.GetNames(currentValue.ToString()) ?? currentValue;
context.AddCustomField("OS.Metadata", "ProductSuite", value);
return(currentValue);
}
if (context.PropertyName.Equals("ProductType", StringComparison.OrdinalIgnoreCase))
{
switch (currentValue.ToString())
{
case "1":
currentValue = "Work Station";
break;
case "2":
currentValue = "Domain Controller";
break;
case "3":
currentValue = "Server";
break;
}
context.AddCustomField("OS.Metadata", "ProductType", currentValue);
return(currentValue);
}
if (context.PropertyName.Equals("SuiteMask", StringComparison.OrdinalIgnoreCase))
{
var bitMask = 0;
var value = "";
if (int.TryParse(currentValue.ToString(), out bitMask))
{
if ((bitMask & 1) != 0)
{
value += "Small Business, ";
}
if ((bitMask & 2) != 0)
{
value += "Enterprise, ";
}
if ((bitMask & 4) != 0)
{
value += "BackOffice, ";
}
if ((bitMask & 8) != 0)
{
value += "Communications, ";
}
if ((bitMask & 16) != 0)
{
value += "Terminal Services, ";
}
if ((bitMask & 32) != 0)
{
value += "Small Business Restricted, ";
}
if ((bitMask & 64) != 0)
{
value += "Embedded Edition, ";
}
if ((bitMask & 128) != 0)
{
value += "Datacenter Edition, ";
}
if ((bitMask & 256) != 0)
{
value += "Single User, ";
}
if ((bitMask & 512) != 0)
{
value += "Home Edition, ";
}
if ((bitMask & 1024) != 0)
{
value += "Web Server Edition, ";
}
}
if (value != "")
{
currentValue = value.Remove(value.Length - 2, 2);
}
context.AddCustomField("OS.Metadata", "Suite2", currentValue);
return(currentValue);
}
if (context.PropertyName.Equals("QuantumLength", StringComparison.OrdinalIgnoreCase))
{
switch (currentValue.ToString())
{
case "0":
currentValue = "Unknown ";
break;
case "1":
currentValue = "One tick";
break;
case "2":
currentValue = "Two ticks";
break;
}
context.AddCustomField("OS.Metadata", "QuantumLength", currentValue);
return(currentValue);
}
if (context.PropertyName.Equals("QuantumType", StringComparison.OrdinalIgnoreCase))
{
switch (currentValue.ToString())
{
case "0":
currentValue = "Unknown ";
break;
case "1":
currentValue = "Fixed";
break;
case "2":
currentValue = "Variable";
break;
}
context.AddCustomField("OS.Metadata", "QuantumType", currentValue);
return(currentValue);
}
if (context.PropertyName == "InstallDate")
{
return(AdaptInstallDate(context, currentValue));
}
if (context.PropertyName == "LastBootUpTime")
{
DateTime time;
if (WmiDateConverter.TryParse(context.Value.ToString(), out time))
{
context.AddCustomField("OS.Environment", "LastBootup.Hour", time.Hour);
context.AddCustomField("OS.Environment", "LastBootup.DayOfWeek", time.DayOfWeek.ToString());
}
}
if (context.PropertyName == "LocalDateTime")
{
return(AdaptLocalTime(context, currentValue));
}
if (context.PropertyName.StartsWith("Free", StringComparison.OrdinalIgnoreCase) ||
context.PropertyName.StartsWith("Total", StringComparison.OrdinalIgnoreCase) ||
context.PropertyName.Equals("SizeStoredInPagingFiles", StringComparison.OrdinalIgnoreCase))
{
var divisor = context.TypeOfApplication == "Server" ? 512 : 256;
var value = MemoryNormalizer.Divide(currentValue as string, divisor);
if (!string.IsNullOrEmpty(value))
{
context.AddCustomField("OS.Environment", context.PropertyName, value);
}
return(currentValue);
}
//allow as-is
if (context.PropertyName.StartsWith("DataExecutionPrevention", StringComparison.OrdinalIgnoreCase))
{
context.AddCustomField("OS.Metadata", context.PropertyName, currentValue);
return(currentValue);
}
if (LocalizationProperties.Any(x => x.Equals(context.PropertyName, StringComparison.OrdinalIgnoreCase)))
{
if (context.PropertyName == "Locale")
{
int lcid;
if (int.TryParse(currentValue.ToString(), NumberStyles.HexNumber, NumberFormatInfo.InvariantInfo,
out lcid))
{
currentValue = CultureInfo.GetCultureInfo(lcid).Name;
}
}
context.AddCustomField("OS.Localization", context.PropertyName, currentValue);
return(null);
}
if (OsEnvironment.Any(x => x.Equals(context.PropertyName, StringComparison.OrdinalIgnoreCase)))
{
if (context.PropertyName == "NumberOfUsers")
{
if ("0".Equals(currentValue))
{
currentValue = "0";
}
else if ("1".Equals(currentValue))
{
currentValue = "1";
}
else
{
currentValue = "> 1";
}
context.AddCustomField("OS.Environment", "NumberOfLoggedInUsers", currentValue);
return(currentValue);
}
if (context.PropertyName == "NumberOfProcesses")
{
currentValue = NumberNormalizer.Normalize(currentValue as string, 20, 1000);
}
context.AddCustomField("OS.Environment", context.PropertyName, currentValue);
return(currentValue);
}
return(currentValue);
}
/// <summary>
/// Add a new report.
/// </summary>
/// <param name="report">report</param>
/// <param name="adapters">adapters</param>
public void AddReport(ReportDTO report, IReadOnlyList <IValueAdapter> adapters)
{
if (report == null)
{
throw new ArgumentNullException("report");
}
if (adapters == null)
{
throw new ArgumentNullException("adapters");
}
//TODO: Varför skicka in adapters? Skapa via en Factory istället
if (report == null)
{
throw new ArgumentNullException("report");
}
_similarity.IncreateReportCount();
foreach (var context in report.ContextCollections)
{
if (context.Name == null)
{
throw new ArgumentException("ContextInfo.Name may not be null.");
}
if (_similarity.IsIgnored(context.Name))
{
continue;
}
foreach (var property in context.Properties)
{
if (property.Value != null && property.Value.Length > 40)
{
continue;
}
if (property.Key.Equals("OEMStringArray"))
{
continue;
}
if (context.Name.Equals("ExceptionProperties") && property.Key == "Message")
{
continue;
}
if (context.Name.Equals("ExceptionProperties") && property.Key == "StackTrace")
{
continue;
}
if (context.Name.Equals("ExceptionProperties") && property.Key == "InnerException")
{
continue;
}
if (property.Key.Contains("LastModified"))
{
continue;
}
if (property.Key == "Id")
{
continue;
}
var adapterContext = new ValueAdapterContext(context.Name, property.Key, property.Value, report);
object adaptedValue = property.Value;
foreach (var adapter in adapters)
{
adaptedValue = adapter.Adapt(adapterContext, adaptedValue);
}
foreach (var field in adapterContext.CustomFields)
{
_similarity.AddSimilarity(field.ContextName, field.PropertyName, field.Value);
}
if (adapterContext.IgnoreProperty || "".Equals(adaptedValue))
{
continue;
}
if (adaptedValue == null)
{
adaptedValue = adapterContext.Value ?? "null";
}
_similarity.AddSimilarity(context.Name, adapterContext.PropertyName, adaptedValue);
//similarity.IncreaseUsage(ReportCount);
}
}
}