Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Filebeat][Crowdstrike] Adding fix to ingest pipeline for command line array handling #36496

Merged

Conversation

P1llus
Copy link
Member

@P1llus P1llus commented Sep 4, 2023

Proposed commit message

Since Arrays.asList returns a fixed size array, while args should usually never be an emptry string, on the occasions that it is, it will produce an error because removeIf tries to modify the array, this PR returns a new ArrayList instead:

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Logs

Error example:

us"=>400, "error"=>{"type"=>"script_exception", "reason"=>"runtime error", "script_stack"=>["java.base/java.util.Iterato
r.remove(Iterator.java:102)", "java.base/java.util.Collection.removeIf(Collection.java:577)", "arg -> arg == \"\");\n\n
", "^---- HERE"], "script"=>"def commandLine = ctx?.crowdstrike?.event?.CommandLine; ...", "lang"=>"painless", "posit
ion"=>{"offset"=>220, "start"=>220, "end"=>244}, "caused_by"=>{"type"=>"unsupported_operation_exception", "reason"=>"remove"}}}}

@P1llus P1llus added Team:Security-External Integrations backport-7.17 Automated backport to the 7.17 branch with mergify bugfix labels Sep 4, 2023
@P1llus P1llus requested a review from a team as a code owner September 4, 2023 11:16
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Sep 4, 2023
@mergify mergify bot assigned P1llus Sep 4, 2023
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 4, 2023

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-09-05T11:28:47.623+0000

  • Duration: 73 min 53 sec

Test stats 🧪

Test Results
Failed 0
Passed 3158
Skipped 176
Total 3334

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@marc-gr
Copy link
Contributor

marc-gr commented Sep 4, 2023

LGTM but is it possible to add a test case?

Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@P1llus
Copy link
Member Author

P1llus commented Sep 5, 2023

Added a triple whitespace to a command line test sample together with an argument, was the only way to add an empty string to test with.

@P1llus P1llus merged commit 35fe318 into elastic:main Sep 5, 2023
mergify bot pushed a commit that referenced this pull request Sep 5, 2023
…e array handling (#36496)

* [Filebeat][Crowdstrike] Adding fix to ingest pipeline for command line args array handling

* changelog PR link update

* adding missing semicolon

* adding testdata to test the process commandline arg being an empty string

(cherry picked from commit 35fe318)
P1llus added a commit that referenced this pull request Sep 5, 2023
…e array handling (#36496) (#36504)

* [Filebeat][Crowdstrike] Adding fix to ingest pipeline for command line args array handling

* changelog PR link update

* adding missing semicolon

* adding testdata to test the process commandline arg being an empty string

(cherry picked from commit 35fe318)

Co-authored-by: Marius Iversen <[email protected]>
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
…e array handling (elastic#36496)

* [Filebeat][Crowdstrike] Adding fix to ingest pipeline for command line args array handling

* changelog PR link update

* adding missing semicolon

* adding testdata to test the process commandline arg being an empty string
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-7.17 Automated backport to the 7.17 branch with mergify bugfix
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants