From c605fa0568a75cf8c2e0bde43e7f81e214a0e724 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 10:16:28 -0700 Subject: [PATCH] fix detector writeTo() method missing fields (#695) (#699) * fix detector writeTo() method missing fields Signed-off-by: Surya Sashank Nistala * fix test Signed-off-by: Surya Sashank Nistala --------- Signed-off-by: Surya Sashank Nistala (cherry picked from commit 7a452039e4bb7c6010cebffb1a455b84a23514f3) Co-authored-by: Surya Sashank Nistala --- .../securityanalytics/model/Detector.java | 20 ++++++++------ .../model/WriteableTests.java | 27 +++++++++++++++++++ 2 files changed, 39 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/model/Detector.java b/src/main/java/org/opensearch/securityanalytics/model/Detector.java index 93b575eff..052e6fff1 100644 --- a/src/main/java/org/opensearch/securityanalytics/model/Detector.java +++ b/src/main/java/org/opensearch/securityanalytics/model/Detector.java @@ -166,12 +166,12 @@ public Detector(StreamInput sin) throws IOException { sin.readList(DetectorInput::readFrom), sin.readList(DetectorTrigger::readFrom), sin.readStringList(), - sin.readString(), - sin.readString(), - sin.readString(), - sin.readString(), - sin.readString(), - sin.readString(), + sin.readOptionalString(), + sin.readOptionalString(), + sin.readOptionalString(), + sin.readOptionalString(), + sin.readOptionalString(), + sin.readOptionalString(), sin.readMap(StreamInput::readString, StreamInput::readString), sin.readStringList(), sin.readBoolean() @@ -206,8 +206,12 @@ public void writeTo(StreamOutput out) throws IOException { it.writeTo(out); } out.writeStringCollection(monitorIds); - out.writeString(ruleIndex); - + out.writeOptionalString(ruleIndex); + out.writeOptionalString(alertsIndex); + out.writeOptionalString(alertsHistoryIndex); + out.writeOptionalString(alertsHistoryIndexPattern); + out.writeOptionalString(findingsIndex); + out.writeOptionalString(findingsIndexPattern); out.writeMap(ruleIdMonitorIdMap, StreamOutput::writeString, StreamOutput::writeString); if (workflowIds != null) { diff --git a/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java b/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java index f12535b98..2c5639c95 100644 --- a/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java +++ b/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java @@ -13,15 +13,42 @@ import java.io.IOException; import java.util.List; +import static org.opensearch.securityanalytics.TestHelpers.parser; import static org.opensearch.securityanalytics.TestHelpers.randomDetector; import static org.opensearch.securityanalytics.TestHelpers.randomUser; import static org.opensearch.securityanalytics.TestHelpers.randomUserEmpty; +import static org.opensearch.securityanalytics.TestHelpers.toJsonStringWithUser; public class WriteableTests extends OpenSearchTestCase { public void testDetectorAsAStream() throws IOException { Detector detector = randomDetector(List.of()); detector.setInputs(List.of(new DetectorInput("", List.of(), List.of(), List.of()))); + logger.error(toJsonStringWithUser(detector)); + BytesStreamOutput out = new BytesStreamOutput(); + detector.writeTo(out); + StreamInput sin = StreamInput.wrap(out.bytes().toBytesRef().bytes); + Detector newDetector = new Detector(sin); + Assert.assertEquals("Round tripping Detector doesn't work", detector, newDetector); + } + + public void testDetector() throws IOException { // an edge case of detector serialization that failed testDetectorAsAStream() intermittently + String detectorString = "{\"type\":\"detector\",\"name\":\"MczAuRCrve\",\"detector_type\":\"test_windows\"," + + "\"user\":{\"name\":\"QhKrfthgxw\",\"backend_roles\":[\"uYvGLCPhfX\",\"fOLkcRxMWR\"],\"roles\"" + + ":[\"YuucNpVzTm\",\"all_access\"],\"custom_attribute_names\":[\"test_attr=test\"]," + + "\"user_requested_tenant\":null},\"threat_intel_enabled\":false,\"enabled\":false,\"enabled_time\"" + + ":null,\"schedule\":{\"period\":{\"interval\":5,\"unit\":\"MINUTES\"}},\"inputs\":[{\"detector_input\"" + + ":{\"description\":\"\",\"indices\":[],\"custom_rules\":[],\"pre_packaged_rules\":[]}}],\"triggers\"" + + ":[{\"id\":\"SiWfaosBBiNA8if0E1bC\",\"name\":\"windows-trigger\",\"severity\":\"1\",\"types\"" + + ":[\"test_windows\"],\"ids\":[\"QuarksPwDump Clearing Access History\"],\"sev_levels\":[\"high\"]," + + "\"tags\":[\"T0008\"],\"actions\":[],\"detection_types\":[\"rules\"]}],\"last_update_time\":" + + "1698300892093,\"monitor_id\":[\"\"],\"workflow_ids\":[],\"bucket_monitor_id_rule_id\"" + + ":{},\"rule_topic_index\":\"\",\"alert_index\":\"\",\"alert_history_index\":\"\"," + + "\"alert_history_index_pattern\":\"\",\"findings_index\":\"\",\"findings_index_pattern\":\"\"}"; + Detector detector = Detector.parse(parser(detectorString), null, null); +// Detector detector = randomDetector(List.of()); +// detector.setInputs(List.of(new DetectorInput("", List.of(), List.of(), List.of()))); +// logger.error(toJsonStringWithUser(detector)); BytesStreamOutput out = new BytesStreamOutput(); detector.writeTo(out); StreamInput sin = StreamInput.wrap(out.bytes().toBytesRef().bytes);