Add ability to preview entries in lookup tables (#23046)

* Add ability to preview entries in lookup tables

* cl

* Fix forbidden APIs

* Fix ApiOperation description

Author: kingzacko1

changelog/unreleased/pr-23046.toml

@@ -0,0 +1,5 @@
+type = "a"
+message = "Added data preview feature for lookup tables with supported data adapters."
+
+issues = ["graylog-plugin-enterprise#11114"]
+pulls = ["23046"]

graylog2-server/src/main/java/org/graylog2/lookup/LookupTable.java

@@ -22,6 +22,7 @@
 import org.graylog2.plugin.lookup.LookupCache;
 import org.graylog2.plugin.lookup.LookupCacheKey;
 import org.graylog2.plugin.lookup.LookupDataAdapter;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.graylog2.plugin.lookup.LookupResult;
 
 import javax.annotation.Nonnull;
@@ -133,6 +134,14 @@ public LookupResult assignTtl(@Nonnull Object key, @Nonnull Long ttlSec) {
         return result;
     }
 
+    public boolean supportsPreview() {
+        return dataAdapter().supportsPreview();
+    }
+
+    public LookupPreview getPreview(int size) {
+        return dataAdapter().getPreview(size);
+    }
+
     @AutoValue.Builder
     public abstract static class Builder {
         public abstract Builder id(String id);

graylog2-server/src/main/java/org/graylog2/lookup/LookupTableService.java

@@ -38,6 +38,7 @@
 import org.graylog2.lookup.events.LookupTablesUpdated;
 import org.graylog2.plugin.lookup.LookupCache;
 import org.graylog2.plugin.lookup.LookupDataAdapter;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.graylog2.plugin.lookup.LookupResult;
 import org.graylog2.system.SystemEntity;
 import org.graylog2.utilities.LoggingServiceListener;
@@ -732,5 +733,21 @@ public LookupResult assignTtl(Object key, Long ttlSec) {
             }
             return lookupTable.assignTtl(requireValidKey(key), ttlSec);
         }
+
+        public boolean supportsPreview() {
+            final LookupTable lookupTable = lookupTableService.getTable(lookupTableName);
+            if (lookupTable == null) {
+                return false;
+            }
+            return lookupTable.supportsPreview();
+        }
+
+        public LookupPreview getPreview(int size) {
+            final LookupTable lookupTable = lookupTableService.getTable(lookupTableName);
+            if (lookupTable == null) {
+                return LookupPreview.empty();
+            }
+            return lookupTable.getPreview(size);
+        }
     }
 }

graylog2-server/src/main/java/org/graylog2/lookup/adapters/CSVFileDataAdapter.java

@@ -41,6 +41,7 @@
 import org.graylog2.plugin.lookup.LookupCachePurge;
 import org.graylog2.plugin.lookup.LookupDataAdapter;
 import org.graylog2.plugin.lookup.LookupDataAdapterConfiguration;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.graylog2.plugin.lookup.LookupResult;
 import org.graylog2.plugin.utilities.FileInfo;
 import org.graylog2.utilities.CIDRPatriciaTrie;
@@ -60,6 +61,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
@@ -291,7 +293,29 @@ public LookupResult doGet(Object key) {
         return LookupResult.single(value);
     }
 
-    public LookupResult getResultForCIDRRange(Object ip) {
+    @Override
+    public boolean supportsPreview() {
+        return true;
+    }
+
+    @Override
+    public LookupPreview getPreview(int size) {
+        if (config.isCidrLookup()) {
+            return cidrLookupRef.get().getPreview(size);
+        } else {
+            final Map<Object, Object> result = new HashMap<>();
+            final Map<String, String> lookup = lookupRef.get();
+            for (Map.Entry<String, String> entries : lookup.entrySet()) {
+                if (result.size() == size) {
+                    break;
+                }
+                result.put(entries.getKey(), entries.getValue());
+            }
+            return new LookupPreview(lookup.size(), result);
+        }
+    }
+
+    private LookupResult getResultForCIDRRange(Object ip) {
         LookupResult result = getEmptyResult();
         try {
             final String resultValue = cidrLookupRef.get().longestPrefixRangeLookup(String.valueOf(ip));

graylog2-server/src/main/java/org/graylog2/lookup/adapters/DSVHTTPDataAdapter.java

@@ -26,13 +26,18 @@
 import com.google.common.collect.Multimap;
 import com.google.common.primitives.Ints;
 import com.google.inject.assistedinject.Assisted;
+import jakarta.inject.Inject;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.Size;
 import okhttp3.HttpUrl;
 import org.graylog.autovalue.WithBeanGetter;
 import org.graylog2.lookup.adapters.dsvhttp.DSVParser;
 import org.graylog2.lookup.adapters.dsvhttp.HTTPFileRetriever;
 import org.graylog2.plugin.lookup.LookupCachePurge;
 import org.graylog2.plugin.lookup.LookupDataAdapter;
 import org.graylog2.plugin.lookup.LookupDataAdapterConfiguration;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.graylog2.plugin.lookup.LookupResult;
 import org.graylog2.system.urlwhitelist.UrlNotWhitelistedException;
 import org.graylog2.system.urlwhitelist.UrlWhitelistNotificationService;
@@ -41,13 +46,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import jakarta.inject.Inject;
-
-import jakarta.validation.constraints.Min;
-import jakarta.validation.constraints.NotEmpty;
-import jakarta.validation.constraints.Size;
-
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
@@ -164,6 +164,24 @@ public LookupResult doGet(Object key) {
         return LookupResult.single(value);
     }
 
+    @Override
+    public boolean supportsPreview() {
+        return true;
+    }
+
+    @Override
+    public LookupPreview getPreview(int size) {
+        final Map<Object, Object> result = new HashMap<>();
+        final Map<String, String> lookup = lookupRef.get();
+        for (Map.Entry<String, String> entries : lookup.entrySet()) {
+            if (result.size() == size) {
+                break;
+            }
+            result.put(entries.getKey(), entries.getValue());
+        }
+        return new LookupPreview(lookup.size(), result);
+    }
+
     @Override
     public void set(Object key, Object value) {
         throw new UnsupportedOperationException();

graylog2-server/src/main/java/org/graylog2/plugin/lookup/LookupDataAdapter.java

@@ -237,6 +237,14 @@ public LookupResult assignTtl(Object key, Long ttlSec) {
         return resultWithError;
     }
 
+    public boolean supportsPreview() {
+        return false;
+    }
+
+    public LookupPreview getPreview(int size) {
+        return LookupPreview.empty();
+    }
+
     public LookupDataAdapterConfiguration getConfig() {
         return config;
     }

graylog2-server/src/main/java/org/graylog2/plugin/lookup/LookupPreview.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog2.plugin.lookup;
+
+import java.util.Map;
+
+public record LookupPreview(long total, Map<Object, Object> results) {
+    public static LookupPreview empty() {
+        return new LookupPreview(0, Map.of());
+    }
+}

graylog2-server/src/main/java/org/graylog2/rest/resources/system/lookup/LookupTableResource.java

@@ -69,6 +69,7 @@
 import org.graylog2.lookup.dto.LookupTableDto;
 import org.graylog2.plugin.lookup.LookupCache;
 import org.graylog2.plugin.lookup.LookupDataAdapter;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.graylog2.plugin.lookup.LookupResult;
 import org.graylog2.plugin.rest.ValidationResult;
 import org.graylog2.rest.models.SortOrder;
@@ -227,7 +228,7 @@ public LookupResult performLookup(@ApiParam(name = "name") @PathParam("name") @N
     public void performPurge(@ApiParam(name = "idOrName") @PathParam("idOrName") @NotEmpty String idOrName,
                              @ApiParam(name = "key") @QueryParam("key") String key) {
         final Optional<LookupTableDto> lookupTableDto = dbTableService.get(idOrName);
-        if (!lookupTableDto.isPresent()) {
+        if (lookupTableDto.isEmpty()) {
             throw new NotFoundException("Lookup table <" + idOrName + "> not found");
         }
 
@@ -304,7 +305,7 @@ public LookupTablePage get(@ApiParam(name = "idOrName") @PathParam("idOrName") @
                                @ApiParam(name = "resolve") @QueryParam("resolve") @DefaultValue("false") boolean resolveObjects) {
 
         Optional<LookupTableDto> lookupTableDto = dbTableService.get(idOrName);
-        if (!lookupTableDto.isPresent()) {
+        if (lookupTableDto.isEmpty()) {
             throw new NotFoundException();
         }
         LookupTableDto tableDto = lookupTableDto.get();
@@ -369,7 +370,7 @@ public LookupTableApi updateTable(@ApiParam(name = "idOrName") @PathParam("idOrN
     public LookupTableApi removeTable(@ApiParam(name = "idOrName") @PathParam("idOrName") @NotEmpty String idOrName) {
         // TODO validate that table isn't in use, how?
         Optional<LookupTableDto> lookupTableDto = dbTableService.get(idOrName);
-        if (!lookupTableDto.isPresent()) {
+        if (lookupTableDto.isEmpty()) {
             throw new NotFoundException();
         }
         checkPermission(RestPermissions.LOOKUP_TABLES_DELETE, lookupTableDto.get().id());
@@ -414,6 +415,25 @@ public ValidationResult validateTable(@ApiParam LookupTableApi toValidate) {
         return validation;
     }
 
+    @GET
+    @Path("tables/preview/{idOrName}")
+    @ApiOperation(value = "Preview the entries in a lookup table.")
+    public LookupPreview getPreview(@ApiParam(name = "idOrName") @PathParam("idOrName") @NotEmpty String idOrName,
+                                    @ApiParam(name = "size") @QueryParam("size") @DefaultValue("5") int size) {
+        Optional<LookupTableDto> lookupTableDto = dbTableService.get(idOrName);
+        if (lookupTableDto.isEmpty()) {
+            throw new NotFoundException();
+        }
+        LookupTableDto tableDto = lookupTableDto.get();
+
+        checkPermission(RestPermissions.LOOKUP_TABLES_READ, tableDto.id());
+        final var service = lookupTableService.newBuilder().lookupTable(tableDto.name()).build();
+        if (!service.supportsPreview()) {
+            throw new UnsupportedOperationException("Backing data adapter does not support preview.");
+        }
+        return service.getPreview(size);
+    }
+
     @JsonAutoDetect
     public static class LookupTablePage {
 

graylog2-server/src/main/java/org/graylog2/utilities/CIDRPatriciaTrie.java

@@ -18,9 +18,11 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.collections4.trie.PatriciaTrie;
+import org.graylog2.plugin.lookup.LookupPreview;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
 
+import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 
@@ -190,6 +192,20 @@ public void recalculateShortestPrefix(boolean isIPV6) {
         }
     }
 
+    // Gets a preview of the nodes in the trie. Since initial CIDR ranges have been converted to binary strings, the
+    // keys in the result map need to be converted back to their original format.
+    public LookupPreview getPreview(int size) {
+        final Map<Object, Object> result = new HashMap<>();
+        for (Map.Entry<String, Node> entry : trie.entrySet()) {
+            if (result.size() == size) {
+                break;
+            }
+            final String cidrRange = fromBinaryString(entry.getKey(), entry.getValue().rangeIsIPv6());
+            result.put(cidrRange, entry.getValue().rangeName);
+        }
+        return new LookupPreview(trie.size(), result);
+    }
+
     // Convert an IP address to a binary string (supports both IPv4 and IPv6)
     static String toBinaryString(String ip, int prefixLength) {
         final boolean isIPv6 = ip.contains(":");
@@ -234,6 +250,85 @@ static String toBinaryString(String ip, int prefixLength) {
         }
     }
 
+    static String fromBinaryString(String binary, boolean isIPv6) {
+        if (isIPv6) {
+            return fromBinaryIPv6(binary);
+        } else {
+            return fromBinaryIPv4(binary);
+        }
+    }
+
+    private static String fromBinaryIPv4(String binary) {
+        final int prefixLength = binary.length();
+        // Pad to 32 bits
+        binary = String.format(Locale.ROOT, "%-32s", binary).replace(' ', '0');
+        StringBuilder ip = new StringBuilder();
+        for (int i = 0; i < 32; i += 8) {
+            String octet = binary.substring(i, i + 8);
+            ip.append(Integer.parseInt(octet, 2));
+            if (i < 24) ip.append('.');
+        }
+        if (prefixLength == 32) {
+            return ip.toString();
+        }
+        return ip + "/" + prefixLength;
+    }
+
+    private static String fromBinaryIPv6(String binary) {
+        final int prefixLength = binary.length();
+        // Pad to 128 bits
+        binary = String.format(Locale.ROOT, "%-128s", binary).replace(' ', '0');
+        StringBuilder ip = new StringBuilder();
+        for (int i = 0; i < 128; i += 16) {
+            String hextet = binary.substring(i, i + 16);
+            ip.append(Integer.toHexString(Integer.parseInt(hextet, 2)));
+            if (i < 112) ip.append(':');
+        }
+
+        // Compress using "::" for longest run of zeros
+        String compressed = compressIPv6(ip.toString());
+        if (prefixLength == 128) {
+            return compressed;
+        }
+        return compressed + "/" + prefixLength;
+    }
+
+    // Utility to compress IPv6 address (e.g., turn "2001:0:0:0:0:0:0:1" into "2001::1")
+    private static String compressIPv6(String fullAddress) {
+        String[] parts = fullAddress.split(":");
+        int bestStart = -1, bestLen = 0;
+        int currStart = -1, currLen = 0;
+
+        for (int i = 0; i <= parts.length; i++) {
+            if (i < parts.length && parts[i].equals("0")) {
+                if (currStart == -1) currStart = i;
+                currLen++;
+            } else {
+                if (currLen > bestLen) {
+                    bestStart = currStart;
+                    bestLen = currLen;
+                }
+                currStart = -1;
+                currLen = 0;
+            }
+        }
+
+        if (bestLen > 1) {
+            StringBuilder sb = new StringBuilder();
+            for (int i = 0; i < bestStart; i++) {
+                sb.append(parts[i]).append(":");
+            }
+            sb.append("::");
+            for (int i = bestStart + bestLen; i < parts.length; i++) {
+                sb.append(parts[i]);
+                if (i < parts.length - 1) sb.append(":");
+            }
+            return sb.toString().replaceAll("(^:)|(:$)", "");
+        }
+
+        return fullAddress;
+    }
+
     // Used only for testing purposes.
     @VisibleForTesting
     Node getNode(String key) {