search

billyJoePiano / TenaPull

TenaPull is a configurable Java application which fetches and processes the data from one or more Nessus APIs, and converts it into JSON ouputs that are usable by Splunk
7 stars 1 forks source link

Week 8 exercise #7

Closed billyJoePiano closed 2 years ago

billyJoePiano commented 2 years ago

@pawaitemadisoncollege

I made a lot of changes and improvements to this over spring break! Curious about your thoughts when you have a chance.

billyJoePiano commented 2 years ago

I really had to dig into some of the more obscure parts of Hibernate and Jackson (though to a lesser degree with Jackson) in order to get everything working. Some of it I posted in the Slack channel, but after a while it seemed like no one was reading it (well, except for Justin...) so I just stopped posting everything there.

With Hibernate, I'm using a few Converters -- had to create the MultiTypeWrapper and ExtraJson classes for this purpose. Those are the types being converted to DB-compatible values (varchar for MultiTypeWrapper and LongText for ExtraJson). You also see the converters as small static sub-classes of those.

With Jackson, I had to figure out how to make run-time MixIns, JsonFilters, and a custom ObjectMapper work, in order for the tests to function properly. You'll see this in the test.testUtils.CustomObjectMapper class.

This goes back some of the issues that I mentioned previously, about the design conflict between having a tightly integrated deserialization -> persistence -> re-serialization pipeline, and having Unit Tests that only test one part of the functionality. Basically, to make these atomized unit tests work properly, the ObjectMapper has to take over some of the functions normally done by one of the other parts of the process. Specifically in this case, assigning the id to the ScanInfo class. Normally this is done by the NessusClient after it fetches the info and deserializes it into a ScanInfo instance. The Nessus server response itself doesn't contain this id because it is already part of the URL. So for the CRUD tests to work, the id needs to be included in the test parameters JSON ... meaning the normal behavior of Jackson ignoring the id for NessusResponse implementations needed to be overridden.

Anyways, I have definitely learned a lot about Jackson and Hibernate in the process of doing all of this!!

pawaitemadisoncollege commented 2 years ago

WOW! @billyJoePiano You've accomplished so much here!!! I do have your Checkpoint 2 revisions sitting in my TODO list, but wanted to get feedback on the weekly work here sooner than later, maybe it'll actually cover both - let me know if you have outstanding questions after this.

Great job using properties files over hard-coding values into the client. That's one of those things that's easy to put off and it shows your attention to the detail that you completed this already. Same comment with regard to error handling - very thorough job and again, shows a keen eye on the important, but often overlooked, details.

  1. Consume the NessusAPI => resulting in objects.
  2. Store those objects in the database.

For easier maintenance, testing, debugging and potential reuse, this might be better designed as two independent parts and then a "processor" or "manager" class can call the Client to get the response and the Dao to store to the db.

I'm very impressed with the quantity of work you've produced over these last couple weeks!

Last thing - with regard to the lack of responses in Slack on your posts, I have a feeling many of your classmates aren't quite there yet with consuming apis and may not have been able to fully process all of that info! I appreciate you sharing out there - it's great to see your process and learning happening! I suspect others will return to your posts as they move through the course material and consider similar obstacles. Keep up the great work!