From 1d3f2d1d3585e953a58822cc32f75769c9a861df Mon Sep 17 00:00:00 2001
From: Michael Wolf <michael.wolf@elastic.co>
Date: Wed, 26 Mar 2025 14:47:20 -0700
Subject: [PATCH 1/2] Support port 0 in community_id processor

The community_id processor should support port 0 for source and
destination.

Although port 0 is usually reserved, it is a valid port
number. Users of this processor have had errors when using port 0 with
this processor. There is also no similar restriction in the original
Community ID implementation.

This updates the processor to support port 0 in source and destination.
---
 .../ingest/common/CommunityIdProcessor.java            |  4 ++--
 .../ingest/common/CommunityIdProcessorTests.java       | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
index cda21f34b575f..07f2de1a932a9 100644
--- a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
+++ b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
@@ -230,11 +230,11 @@ private static Flow buildFlow(
         switch (flow.protocol.getType()) {
             case Tcp, Udp, Sctp -> {
                 flow.sourcePort = parseIntFromObjectOrString(sourcePort.get(), "source port");
-                if (flow.sourcePort < 1 || flow.sourcePort > 65535) {
+                if (flow.sourcePort < 0 || flow.sourcePort > 65535) {
                     throw new IllegalArgumentException("invalid source port [" + sourcePort.get() + "]");
                 }
                 flow.destinationPort = parseIntFromObjectOrString(destinationPort.get(), "destination port");
-                if (flow.destinationPort < 1 || flow.destinationPort > 65535) {
+                if (flow.destinationPort < 0 || flow.destinationPort > 65535) {
                     throw new IllegalArgumentException("invalid destination port [" + destinationPort.get() + "]");
                 }
             }
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java
index dff9916093586..3f902c5d536b6 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java
@@ -79,7 +79,7 @@ public void testBeatsInvalidSourceIp() throws Exception {
     public void testBeatsInvalidSourcePort() throws Exception {
         @SuppressWarnings("unchecked")
         var source = (Map<String, Object>) event.get("source");
-        source.put("port", 0);
+        source.put("port", -1);
         IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null));
         assertThat(e.getMessage(), containsString("invalid source port"));
     }
@@ -298,9 +298,9 @@ public void testInvalidPort() throws Exception {
         event = buildEvent();
         @SuppressWarnings("unchecked")
         var source = (Map<String, Object>) event.get("source");
-        source.put("port", 0);
+        source.put("port", -1);
         IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null));
-        assertThat(e.getMessage(), containsString("invalid source port [0]"));
+        assertThat(e.getMessage(), containsString("invalid source port [-1]"));
 
         event = buildEvent();
         @SuppressWarnings("unchecked")
@@ -312,9 +312,9 @@ public void testInvalidPort() throws Exception {
         event = buildEvent();
         @SuppressWarnings("unchecked")
         var source3 = (Map<String, Object>) event.get("destination");
-        source3.put("port", 0);
+        source3.put("port", -1);
         e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null));
-        assertThat(e.getMessage(), containsString("invalid destination port [0]"));
+        assertThat(e.getMessage(), containsString("invalid destination port [-1]"));
 
         event = buildEvent();
         @SuppressWarnings("unchecked")

From c5a569f579109cb9a85dcd4c477f9ef13d20a520 Mon Sep 17 00:00:00 2001
From: Michael Wolf <michael.wolf@elastic.co>
Date: Wed, 26 Mar 2025 15:12:41 -0700
Subject: [PATCH 2/2] Convert object to invalid port number.

In parseIntFromObjectOrString, if the provided object is null, convert
it to -1, an invalid port number.
---
 .../org/elasticsearch/ingest/common/CommunityIdProcessor.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
index 07f2de1a932a9..6b8f627c0a437 100644
--- a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
+++ b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java
@@ -268,7 +268,7 @@ static byte[] toUint16(int num) {
      */
     static int parseIntFromObjectOrString(Object o, String fieldName) {
         if (o == null) {
-            return 0;
+            return -1;
         } else if (o instanceof Number number) {
             return number.intValue();
         } else if (o instanceof String string) {