2323import java .security .MessageDigest ;
2424import java .security .NoSuchAlgorithmException ;
2525import java .util .Base64 ;
26- import java .util .HashMap ;
2726import java .util .List ;
2827import java .util .Locale ;
2928import java .util .Map ;
3029import java .util .function .Supplier ;
3130
31+ import static java .util .Map .entry ;
3232import static org .elasticsearch .ingest .ConfigurationUtils .newConfigurationException ;
3333import static org .elasticsearch .ingest .ConfigurationUtils .readBooleanProperty ;
3434
@@ -131,26 +131,26 @@ public boolean getIgnoreMissing() {
131131 }
132132
133133 @ Override
134- public IngestDocument execute (IngestDocument ingestDocument ) throws Exception {
135- String sourceIp = ingestDocument .getFieldValue (sourceIpField , String .class , ignoreMissing );
136- String destinationIp = ingestDocument .getFieldValue (destinationIpField , String .class , ignoreMissing );
137- Object ianaNumber = ingestDocument .getFieldValue (ianaNumberField , Object .class , true );
138- Supplier <Object > transport = () -> ingestDocument .getFieldValue (transportField , Object .class , ignoreMissing );
139- Supplier <Object > sourcePort = () -> ingestDocument .getFieldValue (sourcePortField , Object .class , ignoreMissing );
140- Supplier <Object > destinationPort = () -> ingestDocument .getFieldValue (destinationPortField , Object .class , ignoreMissing );
141- Object icmpType = ingestDocument .getFieldValue (icmpTypeField , Object .class , true );
142- Object icmpCode = ingestDocument .getFieldValue (icmpCodeField , Object .class , true );
134+ public IngestDocument execute (IngestDocument document ) throws Exception {
135+ String sourceIp = document .getFieldValue (sourceIpField , String .class , ignoreMissing );
136+ String destinationIp = document .getFieldValue (destinationIpField , String .class , ignoreMissing );
137+ Object ianaNumber = document .getFieldValue (ianaNumberField , Object .class , true );
138+ Supplier <Object > transport = () -> document .getFieldValue (transportField , Object .class , ignoreMissing );
139+ Supplier <Object > sourcePort = () -> document .getFieldValue (sourcePortField , Object .class , ignoreMissing );
140+ Supplier <Object > destinationPort = () -> document .getFieldValue (destinationPortField , Object .class , ignoreMissing );
141+ Object icmpType = document .getFieldValue (icmpTypeField , Object .class , true );
142+ Object icmpCode = document .getFieldValue (icmpCodeField , Object .class , true );
143143 Flow flow = buildFlow (sourceIp , destinationIp , ianaNumber , transport , sourcePort , destinationPort , icmpType , icmpCode );
144144 if (flow == null ) {
145145 if (ignoreMissing ) {
146- return ingestDocument ;
146+ return document ;
147147 } else {
148148 throw new IllegalArgumentException ("unable to construct flow from document" );
149149 }
150150 }
151151
152- ingestDocument .setFieldValue (targetField , flow .toCommunityId (seed ));
153- return ingestDocument ;
152+ document .setFieldValue (targetField , flow .toCommunityId (seed ));
153+ return document ;
154154 }
155155
156156 public static String apply (
@@ -164,7 +164,6 @@ public static String apply(
164164 Object icmpCode ,
165165 int seed
166166 ) {
167-
168167 Flow flow = buildFlow (
169168 sourceIpAddrString ,
170169 destIpAddrString ,
@@ -256,6 +255,7 @@ public String getType() {
256255 /**
257256 * Converts an integer in the range of an unsigned 16-bit integer to a big-endian byte pair
258257 */
258+ // visible for testing
259259 static byte [] toUint16 (int num ) {
260260 if (num < 0 || num > 65535 ) {
261261 throw new IllegalStateException ("number [" + num + "] must be a value between 0 and 65535" );
@@ -266,7 +266,7 @@ static byte[] toUint16(int num) {
266266 /**
267267 * Attempts to coerce an object to an integer
268268 */
269- static int parseIntFromObjectOrString (Object o , String fieldName ) {
269+ private static int parseIntFromObjectOrString (Object o , String fieldName ) {
270270 if (o == null ) {
271271 return 0 ;
272272 } else if (o instanceof Number number ) {
@@ -296,28 +296,28 @@ public static final class Factory implements Processor.Factory {
296296 @ Override
297297 public CommunityIdProcessor create (
298298 Map <String , Processor .Factory > registry ,
299- String processorTag ,
299+ String tag ,
300300 String description ,
301301 Map <String , Object > config ,
302302 ProjectId projectId
303303 ) throws Exception {
304- String sourceIpField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "source_ip" , DEFAULT_SOURCE_IP );
305- String sourcePortField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "source_port" , DEFAULT_SOURCE_PORT );
306- String destIpField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "destination_ip" , DEFAULT_DEST_IP );
307- String destPortField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "destination_port" , DEFAULT_DEST_PORT );
308- String ianaNumberField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "iana_number" , DEFAULT_IANA_NUMBER );
309- String transportField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "transport" , DEFAULT_TRANSPORT );
310- String icmpTypeField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "icmp_type" , DEFAULT_ICMP_TYPE );
311- String icmpCodeField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "icmp_code" , DEFAULT_ICMP_CODE );
312- String targetField = ConfigurationUtils .readStringProperty (TYPE , processorTag , config , "target_field" , DEFAULT_TARGET );
313- int seedInt = ConfigurationUtils .readIntProperty (TYPE , processorTag , config , "seed" , 0 );
304+ String sourceIpField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "source_ip" , DEFAULT_SOURCE_IP );
305+ String sourcePortField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "source_port" , DEFAULT_SOURCE_PORT );
306+ String destIpField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "destination_ip" , DEFAULT_DEST_IP );
307+ String destPortField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "destination_port" , DEFAULT_DEST_PORT );
308+ String ianaNumberField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "iana_number" , DEFAULT_IANA_NUMBER );
309+ String transportField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "transport" , DEFAULT_TRANSPORT );
310+ String icmpTypeField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "icmp_type" , DEFAULT_ICMP_TYPE );
311+ String icmpCodeField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "icmp_code" , DEFAULT_ICMP_CODE );
312+ String targetField = ConfigurationUtils .readStringProperty (TYPE , tag , config , "target_field" , DEFAULT_TARGET );
313+ int seedInt = ConfigurationUtils .readIntProperty (TYPE , tag , config , "seed" , 0 );
314314 if (seedInt < 0 || seedInt > 65535 ) {
315- throw newConfigurationException (TYPE , processorTag , "seed" , "must be a value between 0 and 65535" );
315+ throw newConfigurationException (TYPE , tag , "seed" , "must be a value between 0 and 65535" );
316316 }
317317
318- boolean ignoreMissing = readBooleanProperty (TYPE , processorTag , config , "ignore_missing" , true );
318+ boolean ignoreMissing = readBooleanProperty (TYPE , tag , config , "ignore_missing" , true );
319319 return new CommunityIdProcessor (
320- processorTag ,
320+ tag ,
321321 description ,
322322 sourceIpField ,
323323 sourcePortField ,
@@ -335,9 +335,13 @@ public CommunityIdProcessor create(
335335 }
336336
337337 /**
338- * Represents flow data per https://github.com/corelight/community-id-spec
338+ * Represents flow data per the <a href=" https://github.com/corelight/community-id-spec">Community ID</a> spec.
339339 */
340- public static final class Flow {
340+ private static final class Flow {
341+
342+ private Flow () {
343+ // this is only constructable from inside this file
344+ }
341345
342346 private static final List <Transport .Type > TRANSPORTS_WITH_PORTS = List .of (
343347 Transport .Type .Tcp ,
@@ -357,7 +361,7 @@ public static final class Flow {
357361
358362 /**
359363 * @return true iff the source address/port is numerically less than the destination address/port as described
360- * at https://github.com/corelight/community-id-spec
364+ * in the <a href=" https://github.com/corelight/community-id-spec">Community ID</a> spec.
361365 */
362366 boolean isOrdered () {
363367 int result = new BigInteger (1 , source .getAddress ()).compareTo (new BigInteger (1 , destination .getAddress ()));
@@ -401,7 +405,7 @@ String toCommunityId(byte[] seed) {
401405 }
402406 }
403407
404- static class Transport {
408+ static final class Transport {
405409 public enum Type {
406410 Unknown (-1 ),
407411 Icmp (1 ),
@@ -417,22 +421,19 @@ public enum Type {
417421
418422 private final int transportNumber ;
419423
420- private static final Map <String , Type > TRANSPORT_NAMES ;
421-
422- static {
423- TRANSPORT_NAMES = new HashMap <>();
424- TRANSPORT_NAMES .put ("icmp" , Icmp );
425- TRANSPORT_NAMES .put ("igmp" , Igmp );
426- TRANSPORT_NAMES .put ("tcp" , Tcp );
427- TRANSPORT_NAMES .put ("udp" , Udp );
428- TRANSPORT_NAMES .put ("gre" , Gre );
429- TRANSPORT_NAMES .put ("ipv6-icmp" , IcmpIpV6 );
430- TRANSPORT_NAMES .put ("icmpv6" , IcmpIpV6 );
431- TRANSPORT_NAMES .put ("eigrp" , Eigrp );
432- TRANSPORT_NAMES .put ("ospf" , Ospf );
433- TRANSPORT_NAMES .put ("pim" , Pim );
434- TRANSPORT_NAMES .put ("sctp" , Sctp );
435- }
424+ private static final Map <String , Type > TRANSPORT_NAMES = Map .ofEntries (
425+ entry ("icmp" , Icmp ),
426+ entry ("igmp" , Igmp ),
427+ entry ("tcp" , Tcp ),
428+ entry ("udp" , Udp ),
429+ entry ("gre" , Gre ),
430+ entry ("ipv6-icmp" , IcmpIpV6 ),
431+ entry ("icmpv6" , IcmpIpV6 ),
432+ entry ("eigrp" , Eigrp ),
433+ entry ("ospf" , Ospf ),
434+ entry ("pim" , Pim ),
435+ entry ("sctp" , Sctp )
436+ );
436437
437438 Type (int transportNumber ) {
438439 this .transportNumber = transportNumber ;
@@ -443,15 +444,15 @@ public int getTransportNumber() {
443444 }
444445 }
445446
446- private Type type ;
447- private int transportNumber ;
447+ private final Type type ;
448+ private final int transportNumber ;
448449
449- Transport (int transportNumber , Type type ) { // Change constructor to public
450+ private Transport (int transportNumber , Type type ) {
450451 this .transportNumber = transportNumber ;
451452 this .type = type ;
452453 }
453454
454- Transport (Type type ) { // Change constructor to public
455+ private Transport (Type type ) {
455456 this .transportNumber = type .getTransportNumber ();
456457 this .type = type ;
457458 }
@@ -464,7 +465,8 @@ public int getTransportNumber() {
464465 return transportNumber ;
465466 }
466467
467- public static Transport fromNumber (int transportNumber ) {
468+ // visible for testing
469+ static Transport fromNumber (int transportNumber ) {
468470 if (transportNumber < 0 || transportNumber >= 255 ) {
469471 // transport numbers range https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
470472 throw new IllegalArgumentException ("invalid transport protocol number [" + transportNumber + "]" );
@@ -487,7 +489,7 @@ public static Transport fromNumber(int transportNumber) {
487489 return new Transport (transportNumber , type );
488490 }
489491
490- public static Transport fromObject (Object o ) {
492+ private static Transport fromObject (Object o ) {
491493 if (o instanceof Number number ) {
492494 return fromNumber (number .intValue ());
493495 } else if (o instanceof String protocolStr ) {
@@ -537,34 +539,31 @@ public enum IcmpType {
537539 V6HomeAddressDiscoveryRequest (144 ),
538540 V6HomeAddressDiscoveryResponse (145 );
539541
540- private static final Map <Integer , Integer > ICMP_V4_CODE_EQUIVALENTS ;
541- private static final Map <Integer , Integer > ICMP_V6_CODE_EQUIVALENTS ;
542-
543- static {
544- ICMP_V4_CODE_EQUIVALENTS = new HashMap <>();
545- ICMP_V4_CODE_EQUIVALENTS .put (EchoRequest .getType (), EchoReply .getType ());
546- ICMP_V4_CODE_EQUIVALENTS .put (EchoReply .getType (), EchoRequest .getType ());
547- ICMP_V4_CODE_EQUIVALENTS .put (TimestampRequest .getType (), TimestampReply .getType ());
548- ICMP_V4_CODE_EQUIVALENTS .put (TimestampReply .getType (), TimestampRequest .getType ());
549- ICMP_V4_CODE_EQUIVALENTS .put (InfoRequest .getType (), InfoReply .getType ());
550- ICMP_V4_CODE_EQUIVALENTS .put (RouterSolicitation .getType (), RouterAdvertisement .getType ());
551- ICMP_V4_CODE_EQUIVALENTS .put (RouterAdvertisement .getType (), RouterSolicitation .getType ());
552- ICMP_V4_CODE_EQUIVALENTS .put (AddressMaskRequest .getType (), AddressMaskReply .getType ());
553- ICMP_V4_CODE_EQUIVALENTS .put (AddressMaskReply .getType (), AddressMaskRequest .getType ());
554-
555- ICMP_V6_CODE_EQUIVALENTS = new HashMap <>();
556- ICMP_V6_CODE_EQUIVALENTS .put (V6EchoRequest .getType (), V6EchoReply .getType ());
557- ICMP_V6_CODE_EQUIVALENTS .put (V6EchoReply .getType (), V6EchoRequest .getType ());
558- ICMP_V6_CODE_EQUIVALENTS .put (V6RouterSolicitation .getType (), V6RouterAdvertisement .getType ());
559- ICMP_V6_CODE_EQUIVALENTS .put (V6RouterAdvertisement .getType (), V6RouterSolicitation .getType ());
560- ICMP_V6_CODE_EQUIVALENTS .put (V6NeighborAdvertisement .getType (), V6NeighborSolicitation .getType ());
561- ICMP_V6_CODE_EQUIVALENTS .put (V6NeighborSolicitation .getType (), V6NeighborAdvertisement .getType ());
562- ICMP_V6_CODE_EQUIVALENTS .put (V6MLDv1MulticastListenerQueryMessage .getType (), V6MLDv1MulticastListenerReportMessage .getType ());
563- ICMP_V6_CODE_EQUIVALENTS .put (V6WhoAreYouRequest .getType (), V6WhoAreYouReply .getType ());
564- ICMP_V6_CODE_EQUIVALENTS .put (V6WhoAreYouReply .getType (), V6WhoAreYouRequest .getType ());
565- ICMP_V6_CODE_EQUIVALENTS .put (V6HomeAddressDiscoveryRequest .getType (), V6HomeAddressDiscoveryResponse .getType ());
566- ICMP_V6_CODE_EQUIVALENTS .put (V6HomeAddressDiscoveryResponse .getType (), V6HomeAddressDiscoveryRequest .getType ());
567- }
542+ private static final Map <Integer , Integer > ICMP_V4_CODE_EQUIVALENTS = Map .ofEntries (
543+ entry (EchoRequest .getType (), EchoReply .getType ()),
544+ entry (EchoReply .getType (), EchoRequest .getType ()),
545+ entry (TimestampRequest .getType (), TimestampReply .getType ()),
546+ entry (TimestampReply .getType (), TimestampRequest .getType ()),
547+ entry (InfoRequest .getType (), InfoReply .getType ()),
548+ entry (RouterSolicitation .getType (), RouterAdvertisement .getType ()),
549+ entry (RouterAdvertisement .getType (), RouterSolicitation .getType ()),
550+ entry (AddressMaskRequest .getType (), AddressMaskReply .getType ()),
551+ entry (AddressMaskReply .getType (), AddressMaskRequest .getType ())
552+ );
553+
554+ private static final Map <Integer , Integer > ICMP_V6_CODE_EQUIVALENTS = Map .ofEntries (
555+ entry (V6EchoRequest .getType (), V6EchoReply .getType ()),
556+ entry (V6EchoReply .getType (), V6EchoRequest .getType ()),
557+ entry (V6RouterSolicitation .getType (), V6RouterAdvertisement .getType ()),
558+ entry (V6RouterAdvertisement .getType (), V6RouterSolicitation .getType ()),
559+ entry (V6NeighborAdvertisement .getType (), V6NeighborSolicitation .getType ()),
560+ entry (V6NeighborSolicitation .getType (), V6NeighborAdvertisement .getType ()),
561+ entry (V6MLDv1MulticastListenerQueryMessage .getType (), V6MLDv1MulticastListenerReportMessage .getType ()),
562+ entry (V6WhoAreYouRequest .getType (), V6WhoAreYouReply .getType ()),
563+ entry (V6WhoAreYouReply .getType (), V6WhoAreYouRequest .getType ()),
564+ entry (V6HomeAddressDiscoveryRequest .getType (), V6HomeAddressDiscoveryResponse .getType ()),
565+ entry (V6HomeAddressDiscoveryResponse .getType (), V6HomeAddressDiscoveryRequest .getType ())
566+ );
568567
569568 private final int type ;
570569
@@ -606,7 +605,7 @@ public static IcmpType fromNumber(int type) {
606605 };
607606 }
608607
609- public static Integer codeEquivalent (int icmpType , boolean isIpV6 ) {
608+ private static Integer codeEquivalent (int icmpType , boolean isIpV6 ) {
610609 return isIpV6 ? ICMP_V6_CODE_EQUIVALENTS .get (icmpType ) : ICMP_V4_CODE_EQUIVALENTS .get (icmpType );
611610 }
612611 }
0 commit comments