[suricata] Defensive copy of parameter lists (elastic#4731)

joegallo · web-flow · commit 223059627a3e · 2022-11-29T16:21:16.000+01:00
* Defensive copy of param lists

Copy list parameters before setting them into the context, rather than
setting them directly -- this avoids leaking a 'static' mutable list
(and the resulting concurrent modification exceptions).

* Add an entry to the changelog

* Bump the version number in the manifest

* Update changelog link to the PR not the bug
diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.5.1"
+  changes:
+    - description: Defensive copy of parameter lists
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4731
 - version: "2.5.0"
   changes:
     - description: Update package to ECS 8.5.0.
diff --git a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml
@@ -231,6 +231,8 @@ processors:
                 } else {
                     ctx.network.protocol = v;
                 }
+            } else if (v instanceof List) {
+                ctx.event[k] = new ArrayList(v);
             } else {
                 ctx.event[k] = v;
             }
diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml
@@ -1,6 +1,6 @@
 name: suricata
 title: Suricata
-version: "2.5.0"
+version: "2.5.1"
 release: ga
 description: Collect logs from Suricata with Elastic Agent.
 type: integration

Original file line number	Diff line number	Diff line change
`@@ -231,6 +231,8 @@ processors:`
`231`	`231`	`} else {`
`232`	`232`	`ctx.network.protocol = v;`
`233`	`233`	`}`
	`234`	`+ } else if (v instanceof List) {`
	`235`	`+ ctx.event[k] = new ArrayList(v);`
`234`	`236`	`} else {`
`235`	`237`	`ctx.event[k] = v;`
`236`	`238`	`}`