forked from defensestation/osquery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhighlight.go
349 lines (293 loc) · 9.66 KB
/
highlight.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
// Modified by DefenseStation on 2024-06-06
// Changes: Updated ElasticSearch client to OpenSearch client, changed package name to 'osquery',
// updated references to OpenSearch documentation, and modified examples accordingly.
package osquery
import (
"github.com/fatih/structs"
)
// Map returns a map representation of the highlight; implementing the
// Mappable interface.
func (q *QueryHighlight) Map() map[string]interface{} {
results := structs.Map(q.params)
if q.highlightQuery != nil {
results["query"] = q.highlightQuery.Map()
}
if len(q.fields) > 0 {
fields := make(map[string]interface{})
for k, v := range q.fields {
fields[k] = v.Map()
}
results["fields"] = fields
}
return results
}
type QueryHighlight struct {
highlightQuery Mappable `structs:"highlight_query,omitempty"`
fields map[string]*QueryHighlight `structs:"fields"`
params highlighParams
}
type highlighParams struct {
PreTags []string `structs:"pre_tags,omitempty"`
PostTags []string `structs:"post_tags,omitempty"`
FragmentSize uint16 `structs:"fragment_size,omitempty"`
NumberOfFragments uint16 `structs:"number_of_fragments,omitempty"`
Type HighlightType `structs:"type,string,omitempty"`
BoundaryChars string `structs:"boundary_chars,omitempty"`
BoundaryMaxScan uint16 `structs:"boundary_max_scan,omitempty"`
BoundaryScanner HighlightBoundaryScanner `structs:"boundary_scanner,string,omitempty"`
BoundaryScannerLocale string `structs:"boundary_scanner_locale,omitempty"`
Encoder HighlightEncoder `structs:"encoder,string,omitempty"`
ForceSource *bool `structs:"force_source,omitempty"`
Fragmenter HighlightFragmenter `structs:"fragmenter,string,omitempty"`
FragmentOffset uint16 `structs:"fragment_offset,omitempty"`
MatchedFields []string `structs:"matched_fields,omitempty"`
NoMatchSize uint16 `structs:"no_match_size,omitempty"`
Order HighlightOrder `structs:"order,string,omitempty"`
PhraseLimit uint16 `structs:"phrase_limit,omitempty"`
RequireFieldMatch *bool `structs:"require_field_match,omitempty"`
TagsSchema HighlightTagsSchema `structs:"tags_schema,string,omitempty"`
}
// Highlight creates a new "query" of type "highlight"
func Highlight() *QueryHighlight {
return newHighlight()
}
func newHighlight() *QueryHighlight {
return &QueryHighlight{
fields: make(map[string]*QueryHighlight),
params: highlighParams{},
}
}
// PreTags sets the highlight query's pre_tags ignore unmapped field
func (q *QueryHighlight) PreTags(s ...string) *QueryHighlight {
q.params.PreTags = append(q.params.PreTags, s...)
return q
}
// PostTags sets the highlight query's post_tags ignore unmapped field
func (q *QueryHighlight) PostTags(s ...string) *QueryHighlight {
q.params.PostTags = append(q.params.PostTags, s...)
return q
}
// Field sets an entry the highlight query's fields
func (q *QueryHighlight) Field(name string, h ...*QueryHighlight) *QueryHighlight {
var fld *QueryHighlight
if len(h) > 0 {
fld = h[len(h)-1]
} else {
fld = &QueryHighlight{}
}
q.fields[name] = fld
return q
}
// Fields sets all entries for the highlight query's fields
func (q *QueryHighlight) Fields(h map[string]*QueryHighlight) *QueryHighlight {
q.fields = h
return q
}
// FragmentSize sets the highlight query's fragment_size ignore unmapped field
func (q *QueryHighlight) FragmentSize(i uint16) *QueryHighlight {
q.params.FragmentSize = i
return q
}
// NumberOfFragments sets the highlight query's number_of_fragments ignore unmapped field
func (q *QueryHighlight) NumberOfFragments(i uint16) *QueryHighlight {
q.params.NumberOfFragments = i
return q
}
// Type sets the highlight query's type ignore unmapped field
func (q *QueryHighlight) Type(t HighlightType) *QueryHighlight {
q.params.Type = t
return q
}
// BoundaryChars sets the highlight query's boundary_chars ignore unmapped field
func (q *QueryHighlight) BoundaryChars(s string) *QueryHighlight {
q.params.BoundaryChars = s
return q
}
// BoundaryMaxScan sets the highlight query's boundary_max_scan ignore unmapped field
func (q *QueryHighlight) BoundaryMaxScan(i uint16) *QueryHighlight {
q.params.BoundaryMaxScan = i
return q
}
// BoundaryScanner sets the highlight query's boundary_scanner ignore unmapped field
func (q *QueryHighlight) BoundaryScanner(t HighlightBoundaryScanner) *QueryHighlight {
q.params.BoundaryScanner = t
return q
}
// BoundaryScannerLocale sets the highlight query's boundary_scanner_locale ignore unmapped field
func (q *QueryHighlight) BoundaryScannerLocale(l string) *QueryHighlight {
q.params.BoundaryScannerLocale = l
return q
}
// Encoder sets the highlight query's encoder ignore unmapped field
func (q *QueryHighlight) Encoder(e HighlightEncoder) *QueryHighlight {
q.params.Encoder = e
return q
}
// ForceSource sets the highlight query's force_source ignore unmapped field
func (q *QueryHighlight) ForceSource(b bool) *QueryHighlight {
q.params.ForceSource = &b
return q
}
// Fragmenter sets the highlight query's fragmenter ignore unmapped field
func (q *QueryHighlight) Fragmenter(f HighlightFragmenter) *QueryHighlight {
q.params.Fragmenter = f
return q
}
// FragmentOffset sets the highlight query's fragment_offset ignore unmapped field
func (q *QueryHighlight) FragmentOffset(i uint16) *QueryHighlight {
q.params.FragmentOffset = i
return q
}
// HighlightQuery sets the highlight query's highlight_query ignore unmapped field
func (q *QueryHighlight) HighlightQuery(b Mappable) *QueryHighlight {
q.highlightQuery = b
return q
}
// MatchedFields sets the highlight query's matched_fields ignore unmapped field
func (q *QueryHighlight) MatchedFields(s ...string) *QueryHighlight {
q.params.MatchedFields = append(q.params.MatchedFields, s...)
return q
}
// NoMatchSize sets the highlight query's no_match_size ignore unmapped field
func (q *QueryHighlight) NoMatchSize(i uint16) *QueryHighlight {
q.params.NoMatchSize = i
return q
}
// Order sets the nested highlight's score order unmapped field
func (q *QueryHighlight) Order(o HighlightOrder) *QueryHighlight {
q.params.Order = o
return q
}
// PhraseLimit sets the highlight query's phrase_limit ignore unmapped field
func (q *QueryHighlight) PhraseLimit(i uint16) *QueryHighlight {
q.params.PhraseLimit = i
return q
}
// RequireFieldMatch sets the highlight query's require_field_match ignore unmapped field
func (q *QueryHighlight) RequireFieldMatch(b bool) *QueryHighlight {
q.params.RequireFieldMatch = &b
return q
}
// TagsSchema sets the highlight query's tags_schema ignore unmapped field
func (q *QueryHighlight) TagsSchema(s HighlightTagsSchema) *QueryHighlight {
q.params.TagsSchema = s
return q
}
type HighlightType uint8
const (
// HighlighterUnified is the "unified" value
HighlighterUnified HighlightType = iota
// HighlighterPlain is the "plain" value
HighlighterPlain
// HighlighterFvh is the "fvh" value
HighlighterFvh
)
// String returns a string representation of the type parameter, as
// known to OpenSearch.
func (a HighlightType) String() string {
switch a {
case HighlighterUnified:
return "unified"
case HighlighterPlain:
return "plain"
case HighlighterFvh:
return "fvh"
}
return ""
}
type HighlightBoundaryScanner uint8
const (
BoundaryScannerDefault HighlightBoundaryScanner = iota
// BoundaryScannerChars is the "chars" value
BoundaryScannerChars
// BoundaryScannerSentence is the "sentence" value
BoundaryScannerSentence
// BoundaryScannerWord is the "word" value
BoundaryScannerWord
)
// String returns a string representation of the boundary_scanner parameter, as
// known to OpenSearch.
func (a HighlightBoundaryScanner) String() string {
switch a {
case BoundaryScannerChars:
return "chars"
case BoundaryScannerSentence:
return "sentence"
case BoundaryScannerWord:
return "word"
default:
return ""
}
}
type HighlightEncoder uint8
const (
// EncoderDefault is the "default" value
EncoderDefault HighlightEncoder = iota
// EncoderHtml is the "html" value
EncoderHtml
)
// String returns a string representation of the encoder parameter, as
// known to OpenSearch.
func (a HighlightEncoder) String() string {
switch a {
case EncoderDefault:
return "default"
case EncoderHtml:
return "html"
}
return ""
}
type HighlightFragmenter uint8
const (
// FragmenterSpan is the "span" value
FragmenterSpan HighlightFragmenter = iota
// FragmenterSimple is the "simple" value
FragmenterSimple
)
// String returns a string representation of the fragmenter parameter, as
// known to OpenSearch.
func (a HighlightFragmenter) String() string {
switch a {
case FragmenterSpan:
return "span"
case FragmenterSimple:
return "simple"
default:
return ""
}
}
type HighlightOrder uint8
const (
// OrderNone is the "none" value
OrderNone HighlightOrder = iota
// OrderScore is the "score" value
OrderScore
)
// String returns a string representation of the order parameter, as
// known to OpenSearch.
func (a HighlightOrder) String() string {
switch a {
case OrderNone:
return "none"
case OrderScore:
return "score"
default:
return ""
}
}
type HighlightTagsSchema uint8
const (
TagsSchemaDefault HighlightTagsSchema = iota
// TagsSchemaStyled is the "styled" value
TagsSchemaStyled
)
// String returns a string representation of the tags_schema parameter, as
// known to OpenSearch.
func (a HighlightTagsSchema) String() string {
switch a {
case TagsSchemaStyled:
return "styled"
default:
return ""
}
}