From 2fce1754da91b94c869000719f0d002cd754ab78 Mon Sep 17 00:00:00 2001 From: Joanne Wang Date: Wed, 4 Sep 2024 15:37:28 -0700 Subject: [PATCH] Stash context for List IOCs Api (#1278) * stash context for list iocs api Signed-off-by: Joanne Wang * refactor list iocs Signed-off-by: Joanne Wang * refactor list iocs action response Signed-off-by: Joanne Wang --------- Signed-off-by: Joanne Wang --- .../SecurityAnalyticsPlugin.java | 6 ++-- .../action/ListIOCsAction.java | 2 +- .../action/ListIOCsActionRequest.java | 3 +- .../action/ListIOCsActionResponse.java | 2 +- .../resthandler/RestListIOCsAction.java | 8 ++--- .../transport/TransportListIOCsAction.java | 30 ++++++++++++++----- .../resthandler/ListIOCsRestApiIT.java | 2 +- .../SourceConfigWithoutS3RestApiIT.java | 4 +-- .../ThreatIntelMonitorRestApiIT.java | 2 +- 9 files changed, 37 insertions(+), 22 deletions(-) rename src/main/java/org/opensearch/securityanalytics/{ => threatIntel}/action/ListIOCsAction.java (88%) rename src/main/java/org/opensearch/securityanalytics/{ => threatIntel}/action/ListIOCsActionRequest.java (97%) rename src/main/java/org/opensearch/securityanalytics/{ => threatIntel}/action/ListIOCsActionResponse.java (96%) rename src/main/java/org/opensearch/securityanalytics/{ => threatIntel}/resthandler/RestListIOCsAction.java (90%) rename src/main/java/org/opensearch/securityanalytics/{ => threatIntel}/transport/TransportListIOCsAction.java (92%) diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java index 95ca88315..4f79dcc7d 100644 --- a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java +++ b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java @@ -70,7 +70,7 @@ import org.opensearch.securityanalytics.action.IndexDetectorAction; import org.opensearch.securityanalytics.action.IndexRuleAction; import org.opensearch.securityanalytics.action.ListCorrelationsAction; -import org.opensearch.securityanalytics.action.ListIOCsAction; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsAction; import org.opensearch.securityanalytics.action.SearchCorrelationRuleAction; import org.opensearch.securityanalytics.action.SearchCustomLogTypeAction; import org.opensearch.securityanalytics.action.SearchDetectorAction; @@ -113,7 +113,7 @@ import org.opensearch.securityanalytics.resthandler.RestIndexDetectorAction; import org.opensearch.securityanalytics.resthandler.RestIndexRuleAction; import org.opensearch.securityanalytics.resthandler.RestListCorrelationAction; -import org.opensearch.securityanalytics.resthandler.RestListIOCsAction; +import org.opensearch.securityanalytics.threatIntel.resthandler.RestListIOCsAction; import org.opensearch.securityanalytics.resthandler.RestSearchCorrelationAction; import org.opensearch.securityanalytics.resthandler.RestSearchCorrelationRuleAction; import org.opensearch.securityanalytics.resthandler.RestSearchCustomLogTypeAction; @@ -197,7 +197,7 @@ import org.opensearch.securityanalytics.transport.TransportIndexDetectorAction; import org.opensearch.securityanalytics.transport.TransportIndexRuleAction; import org.opensearch.securityanalytics.transport.TransportListCorrelationAction; -import org.opensearch.securityanalytics.transport.TransportListIOCsAction; +import org.opensearch.securityanalytics.threatIntel.transport.TransportListIOCsAction; import org.opensearch.securityanalytics.transport.TransportSearchCorrelationAction; import org.opensearch.securityanalytics.transport.TransportSearchCorrelationRuleAction; import org.opensearch.securityanalytics.transport.TransportSearchCustomLogTypeAction; diff --git a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsAction.java similarity index 88% rename from src/main/java/org/opensearch/securityanalytics/action/ListIOCsAction.java rename to src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsAction.java index ae4912bbc..f9e5bde66 100644 --- a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsAction.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.opensearch.securityanalytics.action; +package org.opensearch.securityanalytics.threatIntel.action; import org.opensearch.action.ActionType; diff --git a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionRequest.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionRequest.java similarity index 97% rename from src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionRequest.java rename to src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionRequest.java index dead1cd3f..cb57213b9 100644 --- a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionRequest.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionRequest.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.opensearch.securityanalytics.action; +package org.opensearch.securityanalytics.threatIntel.action; import org.opensearch.action.ActionRequest; import org.opensearch.action.ActionRequestValidationException; @@ -14,7 +14,6 @@ import org.opensearch.securityanalytics.commons.model.IOCType; import java.io.IOException; -import java.util.Collections; import java.util.List; import java.util.Locale; import java.util.stream.Collectors; diff --git a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionResponse.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionResponse.java similarity index 96% rename from src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionResponse.java rename to src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionResponse.java index 741f3cf36..0f142fbf0 100644 --- a/src/main/java/org/opensearch/securityanalytics/action/ListIOCsActionResponse.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/ListIOCsActionResponse.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.opensearch.securityanalytics.action; +package org.opensearch.securityanalytics.threatIntel.action; import org.opensearch.core.action.ActionResponse; import org.opensearch.core.common.io.stream.StreamInput; diff --git a/src/main/java/org/opensearch/securityanalytics/resthandler/RestListIOCsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/resthandler/RestListIOCsAction.java similarity index 90% rename from src/main/java/org/opensearch/securityanalytics/resthandler/RestListIOCsAction.java rename to src/main/java/org/opensearch/securityanalytics/threatIntel/resthandler/RestListIOCsAction.java index f068be77c..e40aa6f71 100644 --- a/src/main/java/org/opensearch/securityanalytics/resthandler/RestListIOCsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/resthandler/RestListIOCsAction.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.opensearch.securityanalytics.resthandler; +package org.opensearch.securityanalytics.threatIntel.resthandler; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,9 +18,9 @@ import org.opensearch.rest.RestResponse; import org.opensearch.rest.action.RestResponseListener; import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; -import org.opensearch.securityanalytics.action.ListIOCsAction; -import org.opensearch.securityanalytics.action.ListIOCsActionRequest; -import org.opensearch.securityanalytics.action.ListIOCsActionResponse; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsAction; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionRequest; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionResponse; import java.io.IOException; import java.util.List; diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportListIOCsAction.java similarity index 92% rename from src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java rename to src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportListIOCsAction.java index 77c117784..4131c00ca 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportListIOCsAction.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.opensearch.securityanalytics.transport; +package org.opensearch.securityanalytics.threatIntel.transport; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,16 +19,17 @@ import org.opensearch.cluster.routing.Preference; import org.opensearch.cluster.service.ClusterService; import org.opensearch.common.inject.Inject; +import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.LoggingDeprecationHandler; import org.opensearch.common.xcontent.XContentType; import org.opensearch.commons.alerting.model.Table; +import org.opensearch.commons.authuser.User; import org.opensearch.core.action.ActionListener; import org.opensearch.core.rest.RestStatus; import org.opensearch.core.xcontent.NamedXContentRegistry; import org.opensearch.core.xcontent.XContentParser; import org.opensearch.index.IndexNotFoundException; import org.opensearch.index.query.BoolQueryBuilder; -import org.opensearch.index.query.Operator; import org.opensearch.index.query.QueryBuilder; import org.opensearch.index.query.QueryBuilders; import org.opensearch.search.SearchHit; @@ -37,14 +38,15 @@ import org.opensearch.search.sort.SortBuilder; import org.opensearch.search.sort.SortBuilders; import org.opensearch.search.sort.SortOrder; -import org.opensearch.securityanalytics.action.ListIOCsAction; -import org.opensearch.securityanalytics.action.ListIOCsActionRequest; -import org.opensearch.securityanalytics.action.ListIOCsActionResponse; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsAction; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionRequest; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionResponse; import org.opensearch.securityanalytics.model.DetailedSTIX2IOCDto; import org.opensearch.securityanalytics.model.STIX2IOC; import org.opensearch.securityanalytics.model.STIX2IOCDto; import org.opensearch.securityanalytics.model.threatintel.IocFinding; import org.opensearch.securityanalytics.model.threatintel.IocWithFeeds; +import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings; import org.opensearch.securityanalytics.threatIntel.action.GetIocFindingsAction; import org.opensearch.securityanalytics.threatIntel.action.GetIocFindingsRequest; import org.opensearch.securityanalytics.threatIntel.action.GetIocFindingsResponse; @@ -52,7 +54,7 @@ import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfig; import org.opensearch.securityanalytics.threatIntel.service.DefaultTifSourceConfigLoaderService; import org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService; -import org.opensearch.securityanalytics.threatIntel.transport.TransportSearchTIFSourceConfigsAction; +import org.opensearch.securityanalytics.transport.SecureTransportAction; import org.opensearch.securityanalytics.util.SecurityAnalyticsException; import org.opensearch.tasks.Task; import org.opensearch.threadpool.ThreadPool; @@ -83,6 +85,8 @@ public class TransportListIOCsAction extends HandledTransportAction defaultTifConfigsLoadedListener = null; try { defaultTifConfigsLoadedListener = new StepListener<>(); diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/ListIOCsRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/ListIOCsRestApiIT.java index 63703a201..240fe962b 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/ListIOCsRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/ListIOCsRestApiIT.java @@ -11,7 +11,7 @@ import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; import org.opensearch.securityanalytics.SecurityAnalyticsRestTestCase; import org.opensearch.securityanalytics.TestHelpers; -import org.opensearch.securityanalytics.action.ListIOCsActionResponse; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionResponse; import org.opensearch.securityanalytics.commons.model.IOCType; import org.opensearch.securityanalytics.model.STIX2IOC; import org.opensearch.securityanalytics.model.STIX2IOCDto; diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/SourceConfigWithoutS3RestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/SourceConfigWithoutS3RestApiIT.java index a542e9443..137cf0a0f 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/SourceConfigWithoutS3RestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/SourceConfigWithoutS3RestApiIT.java @@ -22,8 +22,8 @@ import org.opensearch.search.SearchHit; import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; import org.opensearch.securityanalytics.SecurityAnalyticsRestTestCase; -import org.opensearch.securityanalytics.action.ListIOCsActionRequest; -import org.opensearch.securityanalytics.action.ListIOCsActionResponse; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionRequest; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionResponse; import org.opensearch.securityanalytics.commons.model.IOCType; import org.opensearch.securityanalytics.model.STIX2IOCDto; import org.opensearch.securityanalytics.threatIntel.common.SourceConfigType; diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/ThreatIntelMonitorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/ThreatIntelMonitorRestApiIT.java index bcf424315..900b4d173 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/ThreatIntelMonitorRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/ThreatIntelMonitorRestApiIT.java @@ -17,7 +17,7 @@ import org.opensearch.search.SearchHit; import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; import org.opensearch.securityanalytics.SecurityAnalyticsRestTestCase; -import org.opensearch.securityanalytics.action.ListIOCsActionRequest; +import org.opensearch.securityanalytics.threatIntel.action.ListIOCsActionRequest; import org.opensearch.securityanalytics.commons.model.IOCType; import org.opensearch.securityanalytics.model.Detector; import org.opensearch.securityanalytics.model.DetectorTrigger;