Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Winlogbeat] Fix AccessList & AccessMask processing in security data_stream #29016

Merged
merged 1 commit into from
Nov 19, 2021
Merged

[Winlogbeat] Fix AccessList & AccessMask processing in security data_stream #29016

merged 1 commit into from
Nov 19, 2021

Conversation

leehinman
Copy link
Contributor

What does this PR do?

  • According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  • Retain old behavior if AccessMask contains a space separated
    list of access masks
  • Add new code to parse AccessList as space separated list of
    access masks
  • Add new code to parse AccessMask if an integer

Why is it important?

Sometimes AccessList and AccessMask were parsed incorrectly

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

cd x-pack\winlogbeat\module\security\test
go test -v

Related issues

@leehinman leehinman requested a review from a team as a code owner November 18, 2021 00:31
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Nov 18, 2021
@mergify
Copy link
Contributor

mergify bot commented Nov 18, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b windows_4663 upstream/windows_4663
git merge upstream/master
git push upstream windows_4663

@mergify
Copy link
Contributor

mergify bot commented Nov 18, 2021

This pull request does not have a backport label. Could you fix it @leehinman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip Skip notification from the automated backport with mergify label Nov 18, 2021
@leehinman leehinman added bug Team:Security-External Integrations and removed backport-skip Skip notification from the automated backport with mergify labels Nov 18, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Nov 18, 2021
@mergify
Copy link
Contributor

mergify bot commented Nov 18, 2021

This pull request does not have a backport label. Could you fix it @leehinman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@leehinman leehinman added backport-v7.16.0 Automated backport with mergify backport-v8.0.0 Automated backport with mergify labels Nov 18, 2021
@mergify mergify bot added backport-skip Skip notification from the automated backport with mergify and removed backport-skip Skip notification from the automated backport with mergify labels Nov 18, 2021
andrewkroh
andrewkroh approved these changes Nov 18, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@leehinman
Fix AccessList & AccessMask processing in security data_stream
b3d6698 
  - According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  - Retain old behavior if AccessMask contains a space separated
    list of access masks
  - Add new code to parse AccessList as space separated list of
    access masks
  - Add new code to parse AccessMask if an integer
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-11-19T17:30:50.662+0000

  • Duration: 57 min 52 sec

  • Commit: b3d6698

Test stats 🧪

Test Results
Failed 0
Passed 883
Skipped 0
Total 883

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@leehinman leehinman merged commit 7323a63 into elastic:master Nov 19, 2021
@leehinman leehinman deleted the windows_4663 branch November 19, 2021 22:52
mergify bot pushed a commit that referenced this pull request Nov 19, 2021
@leehinman
Fix AccessList & AccessMask processing in security data_stream (#29016)
84ec8e5 
- According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  - Retain old behavior if AccessMask contains a space separated
    list of access masks
  - Add new code to parse AccessList as space separated list of
    access masks
  - Add new code to parse AccessMask if an integer

(cherry picked from commit 7323a63)
@mergify mergify bot mentioned this pull request Nov 19, 2021
Merged
mergify bot pushed a commit that referenced this pull request Nov 19, 2021
@leehinman
Fix AccessList & AccessMask processing in security data_stream (#29016)
f2dadad 
- According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  - Retain old behavior if AccessMask contains a space separated
    list of access masks
  - Add new code to parse AccessList as space separated list of
    access masks
  - Add new code to parse AccessMask if an integer

(cherry picked from commit 7323a63)
@mergify mergify bot mentioned this pull request Nov 19, 2021
Merged
leehinman added a commit that referenced this pull request Nov 20, 2021
@mergify @leehinman
Fix AccessList & AccessMask processing in security data_stream (#29016)…
0704677 
… (#29056)

- According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  - Retain old behavior if AccessMask contains a space separated
    list of access masks
  - Add new code to parse AccessList as space separated list of
    access masks
  - Add new code to parse AccessMask if an integer

(cherry picked from commit 7323a63)

Co-authored-by: Lee E Hinman <[email protected]>
leehinman added a commit that referenced this pull request Nov 20, 2021
@mergify @leehinman
Fix AccessList & AccessMask processing in security data_stream (#29016)…
6497af6 
… (#29055)

- According to MS documentation examples AccessList contains a space
    separated list of access masks and AccessMask contains an integer.
  - Retain old behavior if AccessMask contains a space separated
    list of access masks
  - Add new code to parse AccessList as space separated list of
    access masks
  - Add new code to parse AccessMask if an integer

(cherry picked from commit 7323a63)

Co-authored-by: Lee E Hinman <[email protected]>
v1v added a commit to v1v/beats that referenced this pull request Nov 22, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/support-a…
bb20e3d 
…ws-on-file-changes

* upstream/master:
  Fix discovery of Nomad allocations (elastic#28700)
  Add null (`\u0000`) as a valid line terminator (elastic#28998)
  Remove `logging.files.suffix` option and always use datetime suffixes (elastic#28927)
  x-pack/filebeat/module: add note for default var.input (elastic#28324)
  Fix AccessList & AccessMask processing in security data_stream (elastic#29016)
  [Metricbeat] Fix wrong mapping on "info" subkey (elastic#28782)
  ci: daily/weekly jobs (elastic#29050)
  [mergify] report open backported PRs once a week (elastic#28964)
@a03nikki a03nikki mentioned this pull request May 17, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
backport-v7.16.0 Automated backport with mergify backport-v8.0.0 Automated backport with mergify bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leehinman @elasticmachine @andrewkroh