diff --git a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java index cda21f34b575f..f37fcf46979dc 100644 --- a/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java +++ b/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java @@ -23,12 +23,12 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Base64; -import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.function.Supplier; +import static java.util.Map.entry; import static org.elasticsearch.ingest.ConfigurationUtils.newConfigurationException; import static org.elasticsearch.ingest.ConfigurationUtils.readBooleanProperty; @@ -131,26 +131,26 @@ public boolean getIgnoreMissing() { } @Override - public IngestDocument execute(IngestDocument ingestDocument) throws Exception { - String sourceIp = ingestDocument.getFieldValue(sourceIpField, String.class, ignoreMissing); - String destinationIp = ingestDocument.getFieldValue(destinationIpField, String.class, ignoreMissing); - Object ianaNumber = ingestDocument.getFieldValue(ianaNumberField, Object.class, true); - Supplier transport = () -> ingestDocument.getFieldValue(transportField, Object.class, ignoreMissing); - Supplier sourcePort = () -> ingestDocument.getFieldValue(sourcePortField, Object.class, ignoreMissing); - Supplier destinationPort = () -> ingestDocument.getFieldValue(destinationPortField, Object.class, ignoreMissing); - Object icmpType = ingestDocument.getFieldValue(icmpTypeField, Object.class, true); - Object icmpCode = ingestDocument.getFieldValue(icmpCodeField, Object.class, true); + public IngestDocument execute(IngestDocument document) throws Exception { + String sourceIp = document.getFieldValue(sourceIpField, String.class, ignoreMissing); + String destinationIp = document.getFieldValue(destinationIpField, String.class, ignoreMissing); + Object ianaNumber = document.getFieldValue(ianaNumberField, Object.class, true); + Supplier transport = () -> document.getFieldValue(transportField, Object.class, ignoreMissing); + Supplier sourcePort = () -> document.getFieldValue(sourcePortField, Object.class, ignoreMissing); + Supplier destinationPort = () -> document.getFieldValue(destinationPortField, Object.class, ignoreMissing); + Object icmpType = document.getFieldValue(icmpTypeField, Object.class, true); + Object icmpCode = document.getFieldValue(icmpCodeField, Object.class, true); Flow flow = buildFlow(sourceIp, destinationIp, ianaNumber, transport, sourcePort, destinationPort, icmpType, icmpCode); if (flow == null) { if (ignoreMissing) { - return ingestDocument; + return document; } else { throw new IllegalArgumentException("unable to construct flow from document"); } } - ingestDocument.setFieldValue(targetField, flow.toCommunityId(seed)); - return ingestDocument; + document.setFieldValue(targetField, flow.toCommunityId(seed)); + return document; } public static String apply( @@ -164,7 +164,6 @@ public static String apply( Object icmpCode, int seed ) { - Flow flow = buildFlow( sourceIpAddrString, destIpAddrString, @@ -256,6 +255,7 @@ public String getType() { /** * Converts an integer in the range of an unsigned 16-bit integer to a big-endian byte pair */ + // visible for testing static byte[] toUint16(int num) { if (num < 0 || num > 65535) { throw new IllegalStateException("number [" + num + "] must be a value between 0 and 65535"); @@ -266,7 +266,7 @@ static byte[] toUint16(int num) { /** * Attempts to coerce an object to an integer */ - static int parseIntFromObjectOrString(Object o, String fieldName) { + private static int parseIntFromObjectOrString(Object o, String fieldName) { if (o == null) { return 0; } else if (o instanceof Number number) { @@ -296,28 +296,28 @@ public static final class Factory implements Processor.Factory { @Override public CommunityIdProcessor create( Map registry, - String processorTag, + String tag, String description, Map config, ProjectId projectId ) throws Exception { - String sourceIpField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "source_ip", DEFAULT_SOURCE_IP); - String sourcePortField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "source_port", DEFAULT_SOURCE_PORT); - String destIpField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "destination_ip", DEFAULT_DEST_IP); - String destPortField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "destination_port", DEFAULT_DEST_PORT); - String ianaNumberField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "iana_number", DEFAULT_IANA_NUMBER); - String transportField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "transport", DEFAULT_TRANSPORT); - String icmpTypeField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "icmp_type", DEFAULT_ICMP_TYPE); - String icmpCodeField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "icmp_code", DEFAULT_ICMP_CODE); - String targetField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "target_field", DEFAULT_TARGET); - int seedInt = ConfigurationUtils.readIntProperty(TYPE, processorTag, config, "seed", 0); + String sourceIpField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "source_ip", DEFAULT_SOURCE_IP); + String sourcePortField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "source_port", DEFAULT_SOURCE_PORT); + String destIpField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "destination_ip", DEFAULT_DEST_IP); + String destPortField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "destination_port", DEFAULT_DEST_PORT); + String ianaNumberField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "iana_number", DEFAULT_IANA_NUMBER); + String transportField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "transport", DEFAULT_TRANSPORT); + String icmpTypeField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "icmp_type", DEFAULT_ICMP_TYPE); + String icmpCodeField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "icmp_code", DEFAULT_ICMP_CODE); + String targetField = ConfigurationUtils.readStringProperty(TYPE, tag, config, "target_field", DEFAULT_TARGET); + int seedInt = ConfigurationUtils.readIntProperty(TYPE, tag, config, "seed", 0); if (seedInt < 0 || seedInt > 65535) { - throw newConfigurationException(TYPE, processorTag, "seed", "must be a value between 0 and 65535"); + throw newConfigurationException(TYPE, tag, "seed", "must be a value between 0 and 65535"); } - boolean ignoreMissing = readBooleanProperty(TYPE, processorTag, config, "ignore_missing", true); + boolean ignoreMissing = readBooleanProperty(TYPE, tag, config, "ignore_missing", true); return new CommunityIdProcessor( - processorTag, + tag, description, sourceIpField, sourcePortField, @@ -335,9 +335,13 @@ public CommunityIdProcessor create( } /** - * Represents flow data per https://github.com/corelight/community-id-spec + * Represents flow data per the Community ID spec. */ - public static final class Flow { + private static final class Flow { + + private Flow() { + // this is only constructable from inside this file + } private static final List TRANSPORTS_WITH_PORTS = List.of( Transport.Type.Tcp, @@ -357,7 +361,7 @@ public static final class Flow { /** * @return true iff the source address/port is numerically less than the destination address/port as described - * at https://github.com/corelight/community-id-spec + * in the Community ID spec. */ boolean isOrdered() { int result = new BigInteger(1, source.getAddress()).compareTo(new BigInteger(1, destination.getAddress())); @@ -401,7 +405,7 @@ String toCommunityId(byte[] seed) { } } - static class Transport { + static final class Transport { public enum Type { Unknown(-1), Icmp(1), @@ -417,22 +421,19 @@ public enum Type { private final int transportNumber; - private static final Map TRANSPORT_NAMES; - - static { - TRANSPORT_NAMES = new HashMap<>(); - TRANSPORT_NAMES.put("icmp", Icmp); - TRANSPORT_NAMES.put("igmp", Igmp); - TRANSPORT_NAMES.put("tcp", Tcp); - TRANSPORT_NAMES.put("udp", Udp); - TRANSPORT_NAMES.put("gre", Gre); - TRANSPORT_NAMES.put("ipv6-icmp", IcmpIpV6); - TRANSPORT_NAMES.put("icmpv6", IcmpIpV6); - TRANSPORT_NAMES.put("eigrp", Eigrp); - TRANSPORT_NAMES.put("ospf", Ospf); - TRANSPORT_NAMES.put("pim", Pim); - TRANSPORT_NAMES.put("sctp", Sctp); - } + private static final Map TRANSPORT_NAMES = Map.ofEntries( + entry("icmp", Icmp), + entry("igmp", Igmp), + entry("tcp", Tcp), + entry("udp", Udp), + entry("gre", Gre), + entry("ipv6-icmp", IcmpIpV6), + entry("icmpv6", IcmpIpV6), + entry("eigrp", Eigrp), + entry("ospf", Ospf), + entry("pim", Pim), + entry("sctp", Sctp) + ); Type(int transportNumber) { this.transportNumber = transportNumber; @@ -443,15 +444,15 @@ public int getTransportNumber() { } } - private Type type; - private int transportNumber; + private final Type type; + private final int transportNumber; - Transport(int transportNumber, Type type) { // Change constructor to public + private Transport(int transportNumber, Type type) { this.transportNumber = transportNumber; this.type = type; } - Transport(Type type) { // Change constructor to public + private Transport(Type type) { this.transportNumber = type.getTransportNumber(); this.type = type; } @@ -464,7 +465,8 @@ public int getTransportNumber() { return transportNumber; } - public static Transport fromNumber(int transportNumber) { + // visible for testing + static Transport fromNumber(int transportNumber) { if (transportNumber < 0 || transportNumber >= 255) { // transport numbers range https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml throw new IllegalArgumentException("invalid transport protocol number [" + transportNumber + "]"); @@ -487,7 +489,7 @@ public static Transport fromNumber(int transportNumber) { return new Transport(transportNumber, type); } - public static Transport fromObject(Object o) { + private static Transport fromObject(Object o) { if (o instanceof Number number) { return fromNumber(number.intValue()); } else if (o instanceof String protocolStr) { @@ -537,34 +539,31 @@ public enum IcmpType { V6HomeAddressDiscoveryRequest(144), V6HomeAddressDiscoveryResponse(145); - private static final Map ICMP_V4_CODE_EQUIVALENTS; - private static final Map ICMP_V6_CODE_EQUIVALENTS; - - static { - ICMP_V4_CODE_EQUIVALENTS = new HashMap<>(); - ICMP_V4_CODE_EQUIVALENTS.put(EchoRequest.getType(), EchoReply.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(EchoReply.getType(), EchoRequest.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(TimestampRequest.getType(), TimestampReply.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(TimestampReply.getType(), TimestampRequest.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(InfoRequest.getType(), InfoReply.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(RouterSolicitation.getType(), RouterAdvertisement.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(RouterAdvertisement.getType(), RouterSolicitation.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(AddressMaskRequest.getType(), AddressMaskReply.getType()); - ICMP_V4_CODE_EQUIVALENTS.put(AddressMaskReply.getType(), AddressMaskRequest.getType()); - - ICMP_V6_CODE_EQUIVALENTS = new HashMap<>(); - ICMP_V6_CODE_EQUIVALENTS.put(V6EchoRequest.getType(), V6EchoReply.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6EchoReply.getType(), V6EchoRequest.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6RouterSolicitation.getType(), V6RouterAdvertisement.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6RouterAdvertisement.getType(), V6RouterSolicitation.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6NeighborAdvertisement.getType(), V6NeighborSolicitation.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6NeighborSolicitation.getType(), V6NeighborAdvertisement.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6MLDv1MulticastListenerQueryMessage.getType(), V6MLDv1MulticastListenerReportMessage.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6WhoAreYouRequest.getType(), V6WhoAreYouReply.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6WhoAreYouReply.getType(), V6WhoAreYouRequest.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6HomeAddressDiscoveryRequest.getType(), V6HomeAddressDiscoveryResponse.getType()); - ICMP_V6_CODE_EQUIVALENTS.put(V6HomeAddressDiscoveryResponse.getType(), V6HomeAddressDiscoveryRequest.getType()); - } + private static final Map ICMP_V4_CODE_EQUIVALENTS = Map.ofEntries( + entry(EchoRequest.getType(), EchoReply.getType()), + entry(EchoReply.getType(), EchoRequest.getType()), + entry(TimestampRequest.getType(), TimestampReply.getType()), + entry(TimestampReply.getType(), TimestampRequest.getType()), + entry(InfoRequest.getType(), InfoReply.getType()), + entry(RouterSolicitation.getType(), RouterAdvertisement.getType()), + entry(RouterAdvertisement.getType(), RouterSolicitation.getType()), + entry(AddressMaskRequest.getType(), AddressMaskReply.getType()), + entry(AddressMaskReply.getType(), AddressMaskRequest.getType()) + ); + + private static final Map ICMP_V6_CODE_EQUIVALENTS = Map.ofEntries( + entry(V6EchoRequest.getType(), V6EchoReply.getType()), + entry(V6EchoReply.getType(), V6EchoRequest.getType()), + entry(V6RouterSolicitation.getType(), V6RouterAdvertisement.getType()), + entry(V6RouterAdvertisement.getType(), V6RouterSolicitation.getType()), + entry(V6NeighborAdvertisement.getType(), V6NeighborSolicitation.getType()), + entry(V6NeighborSolicitation.getType(), V6NeighborAdvertisement.getType()), + entry(V6MLDv1MulticastListenerQueryMessage.getType(), V6MLDv1MulticastListenerReportMessage.getType()), + entry(V6WhoAreYouRequest.getType(), V6WhoAreYouReply.getType()), + entry(V6WhoAreYouReply.getType(), V6WhoAreYouRequest.getType()), + entry(V6HomeAddressDiscoveryRequest.getType(), V6HomeAddressDiscoveryResponse.getType()), + entry(V6HomeAddressDiscoveryResponse.getType(), V6HomeAddressDiscoveryRequest.getType()) + ); private final int type; @@ -606,7 +605,7 @@ public static IcmpType fromNumber(int type) { }; } - public static Integer codeEquivalent(int icmpType, boolean isIpV6) { + private static Integer codeEquivalent(int icmpType, boolean isIpV6) { return isIpV6 ? ICMP_V6_CODE_EQUIVALENTS.get(icmpType) : ICMP_V4_CODE_EQUIVALENTS.get(icmpType); } } diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorFactoryTests.java index 3426e9894c2b1..2f47d1cf5b6e8 100644 --- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorFactoryTests.java +++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorFactoryTests.java @@ -64,61 +64,60 @@ public void testCreate() throws Exception { boolean ignoreMissing = randomBoolean(); config.put("ignore_missing", ignoreMissing); - String processorTag = randomAlphaOfLength(10); - CommunityIdProcessor communityIdProcessor = factory.create(null, processorTag, null, config, null); - assertThat(communityIdProcessor.getTag(), equalTo(processorTag)); - assertThat(communityIdProcessor.getSourceIpField(), equalTo(sourceIpField)); - assertThat(communityIdProcessor.getSourcePortField(), equalTo(sourcePortField)); - assertThat(communityIdProcessor.getDestinationIpField(), equalTo(destIpField)); - assertThat(communityIdProcessor.getDestinationPortField(), equalTo(destPortField)); - assertThat(communityIdProcessor.getIanaNumberField(), equalTo(ianaNumberField)); - assertThat(communityIdProcessor.getTransportField(), equalTo(transportField)); - assertThat(communityIdProcessor.getIcmpTypeField(), equalTo(icmpTypeField)); - assertThat(communityIdProcessor.getIcmpCodeField(), equalTo(icmpCodeField)); - assertThat(communityIdProcessor.getTargetField(), equalTo(targetField)); - assertThat(communityIdProcessor.getSeed(), equalTo(toUint16(seedInt))); - assertThat(communityIdProcessor.getIgnoreMissing(), equalTo(ignoreMissing)); + String tag = randomAlphaOfLength(10); + CommunityIdProcessor processor = factory.create(null, tag, null, config, null); + assertThat(processor.getTag(), equalTo(tag)); + assertThat(processor.getSourceIpField(), equalTo(sourceIpField)); + assertThat(processor.getSourcePortField(), equalTo(sourcePortField)); + assertThat(processor.getDestinationIpField(), equalTo(destIpField)); + assertThat(processor.getDestinationPortField(), equalTo(destPortField)); + assertThat(processor.getIanaNumberField(), equalTo(ianaNumberField)); + assertThat(processor.getTransportField(), equalTo(transportField)); + assertThat(processor.getIcmpTypeField(), equalTo(icmpTypeField)); + assertThat(processor.getIcmpCodeField(), equalTo(icmpCodeField)); + assertThat(processor.getTargetField(), equalTo(targetField)); + assertThat(processor.getSeed(), equalTo(toUint16(seedInt))); + assertThat(processor.getIgnoreMissing(), equalTo(ignoreMissing)); } public void testSeed() throws Exception { Map config = new HashMap<>(); - String processorTag = randomAlphaOfLength(10); + String tag = randomAlphaOfLength(10); // negative seeds are rejected int tooSmallSeed = randomIntBetween(Integer.MIN_VALUE, -1); config.put("seed", Integer.toString(tooSmallSeed)); - ElasticsearchException e = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, null, config, null)); + ElasticsearchException e = expectThrows(ElasticsearchException.class, () -> factory.create(null, tag, null, config, null)); assertThat(e.getMessage(), containsString("must be a value between 0 and 65535")); // seeds >= 2^16 are rejected int tooBigSeed = randomIntBetween(65536, Integer.MAX_VALUE); config.put("seed", Integer.toString(tooBigSeed)); - e = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, null, config, null)); + e = expectThrows(ElasticsearchException.class, () -> factory.create(null, tag, null, config, null)); assertThat(e.getMessage(), containsString("must be a value between 0 and 65535")); // seeds between 0 and 2^16-1 are accepted int justRightSeed = randomIntBetween(0, 65535); byte[] expectedSeed = new byte[] { (byte) (justRightSeed >> 8), (byte) justRightSeed }; config.put("seed", Integer.toString(justRightSeed)); - CommunityIdProcessor communityIdProcessor = factory.create(null, processorTag, null, config, null); - assertThat(communityIdProcessor.getSeed(), equalTo(expectedSeed)); + CommunityIdProcessor processor = factory.create(null, tag, null, config, null); + assertThat(processor.getSeed(), equalTo(expectedSeed)); } public void testRequiredFields() throws Exception { - HashMap config = new HashMap<>(); - String processorTag = randomAlphaOfLength(10); - CommunityIdProcessor communityIdProcessor = factory.create(null, processorTag, null, config, null); - assertThat(communityIdProcessor.getTag(), equalTo(processorTag)); - assertThat(communityIdProcessor.getSourceIpField(), equalTo(DEFAULT_SOURCE_IP)); - assertThat(communityIdProcessor.getSourcePortField(), equalTo(DEFAULT_SOURCE_PORT)); - assertThat(communityIdProcessor.getDestinationIpField(), equalTo(DEFAULT_DEST_IP)); - assertThat(communityIdProcessor.getDestinationPortField(), equalTo(DEFAULT_DEST_PORT)); - assertThat(communityIdProcessor.getIanaNumberField(), equalTo(DEFAULT_IANA_NUMBER)); - assertThat(communityIdProcessor.getTransportField(), equalTo(DEFAULT_TRANSPORT)); - assertThat(communityIdProcessor.getIcmpTypeField(), equalTo(DEFAULT_ICMP_TYPE)); - assertThat(communityIdProcessor.getIcmpCodeField(), equalTo(DEFAULT_ICMP_CODE)); - assertThat(communityIdProcessor.getTargetField(), equalTo(DEFAULT_TARGET)); - assertThat(communityIdProcessor.getSeed(), equalTo(toUint16(0))); - assertThat(communityIdProcessor.getIgnoreMissing(), equalTo(true)); + String tag = randomAlphaOfLength(10); + CommunityIdProcessor processor = factory.create(null, tag, null, new HashMap<>(), null); + assertThat(processor.getTag(), equalTo(tag)); + assertThat(processor.getSourceIpField(), equalTo(DEFAULT_SOURCE_IP)); + assertThat(processor.getSourcePortField(), equalTo(DEFAULT_SOURCE_PORT)); + assertThat(processor.getDestinationIpField(), equalTo(DEFAULT_DEST_IP)); + assertThat(processor.getDestinationPortField(), equalTo(DEFAULT_DEST_PORT)); + assertThat(processor.getIanaNumberField(), equalTo(DEFAULT_IANA_NUMBER)); + assertThat(processor.getTransportField(), equalTo(DEFAULT_TRANSPORT)); + assertThat(processor.getIcmpTypeField(), equalTo(DEFAULT_ICMP_TYPE)); + assertThat(processor.getIcmpCodeField(), equalTo(DEFAULT_ICMP_CODE)); + assertThat(processor.getTargetField(), equalTo(DEFAULT_TARGET)); + assertThat(processor.getSeed(), equalTo(toUint16(0))); + assertThat(processor.getIgnoreMissing(), equalTo(true)); } } diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java index dff9916093586..72771275743b0 100644 --- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java +++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java @@ -9,6 +9,7 @@ package org.elasticsearch.ingest.common; +import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.ingest.IngestDocument; import org.elasticsearch.ingest.TestIngestDocument; import org.elasticsearch.test.ESTestCase; @@ -32,7 +33,7 @@ public class CommunityIdProcessorTests extends ESTestCase { // NOTE: all test methods beginning with "testBeats" are intended to duplicate the unit tests for the Beats - // community_id processor (see Github link below) to ensure that this processor produces the same values. To + // community_id processor (see GitHub link below) to ensure that this processor produces the same values. To // the extent possible, these tests should be kept in sync. // // https://github.com/elastic/beats/blob/master/libbeat/processors/communityid/communityid_test.go @@ -40,77 +41,80 @@ public class CommunityIdProcessorTests extends ESTestCase { private Map event; @Before - public void setup() throws Exception { + public void setup() { event = buildEvent(); } private Map buildEvent() { - event = new HashMap<>(); var source = new HashMap(); source.put("ip", "128.232.110.120"); source.put("port", 34855); - event.put("source", source); + var destination = new HashMap(); destination.put("ip", "66.35.250.204"); destination.put("port", 80); - event.put("destination", destination); + var network = new HashMap(); network.put("transport", "TCP"); + + var event = new HashMap(); + event.put("source", source); + event.put("destination", destination); event.put("network", network); return event; } - public void testBeatsValid() throws Exception { - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + public void testBeatsValid() { + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); } - public void testBeatsSeed() throws Exception { - testCommunityIdProcessor(event, 123, "1:hTSGlFQnR58UCk+NfKRZzA32dPg="); + public void testBeatsSeed() { + testProcessor(event, 123, "1:hTSGlFQnR58UCk+NfKRZzA32dPg="); } - public void testBeatsInvalidSourceIp() throws Exception { + public void testBeatsInvalidSourceIp() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.put("ip", 2162716280L); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("field [source.ip] of type [java.lang.Long] cannot be cast to [java.lang.String]")); } - public void testBeatsInvalidSourcePort() throws Exception { + public void testBeatsInvalidSourcePort() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.put("port", 0); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("invalid source port")); } - public void testBeatsInvalidDestinationIp() throws Exception { + public void testBeatsInvalidDestinationIp() { @SuppressWarnings("unchecked") var destination = (Map) event.get("destination"); String invalidIp = "308.111.1.2.3"; destination.put("ip", invalidIp); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("'" + invalidIp + "' is not an IP string literal")); } - public void testBeatsInvalidDestinationPort() throws Exception { + public void testBeatsInvalidDestinationPort() { @SuppressWarnings("unchecked") var destination = (Map) event.get("destination"); destination.put("port", null); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); // slightly modified from the beats test in that this one reports the actual invalid value rather than '0' assertThat(e.getMessage(), containsString("invalid destination port [null]")); } - public void testBeatsUnknownProtocol() throws Exception { + public void testBeatsUnknownProtocol() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "xyz"); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("could not convert string [xyz] to transport protocol")); } - public void testBeatsIcmp() throws Exception { + public void testBeatsIcmp() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "icmp"); @@ -118,17 +122,17 @@ public void testBeatsIcmp() throws Exception { icmp.put("type", 3); icmp.put("code", 3); event.put("icmp", icmp); - testCommunityIdProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); + testProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); } - public void testBeatsIcmpWithoutTypeOrCode() throws Exception { + public void testBeatsIcmpWithoutTypeOrCode() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "icmp"); - testCommunityIdProcessor(event, "1:PAE85ZfR4SbNXl5URZwWYyDehwU="); + testProcessor(event, "1:PAE85ZfR4SbNXl5URZwWYyDehwU="); } - public void testBeatsIgmp() throws Exception { + public void testBeatsIgmp() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "igmp"); @@ -138,10 +142,10 @@ public void testBeatsIgmp() throws Exception { @SuppressWarnings("unchecked") var destination = (Map) event.get("destination"); destination.remove("port"); - testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); + testProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); } - public void testBeatsProtocolNumberAsString() throws Exception { + public void testBeatsProtocolNumberAsString() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.remove("port"); @@ -151,10 +155,10 @@ public void testBeatsProtocolNumberAsString() throws Exception { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "2"); - testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); + testProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); } - public void testBeatsProtocolNumber() throws Exception { + public void testBeatsProtocolNumber() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.remove("port"); @@ -164,18 +168,18 @@ public void testBeatsProtocolNumber() throws Exception { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", 2); - testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); + testProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); } - public void testBeatsIanaNumberProtocolTCP() throws Exception { + public void testBeatsIanaNumberProtocolTCP() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.remove("transport"); network.put("iana_number", CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber()); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); } - public void testBeatsIanaNumberProtocolIPv4() throws Exception { + public void testBeatsIanaNumberProtocolIPv4() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("iana_number", "4"); @@ -188,20 +192,20 @@ public void testBeatsIanaNumberProtocolIPv4() throws Exception { var destination = (Map) event.get("destination"); destination.put("ip", "10.1.2.3"); destination.remove("port"); - testCommunityIdProcessor(event, "1:KXQzmk3bdsvD6UXj7dvQ4bM6Zvw="); + testProcessor(event, "1:KXQzmk3bdsvD6UXj7dvQ4bM6Zvw="); } - public void testIpv6() throws Exception { + public void testIpv6() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.put("ip", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"); @SuppressWarnings("unchecked") var destination = (Map) event.get("destination"); destination.put("ip", "2001:0:9d38:6ab8:1c48:3a1c:a95a:b1c2"); - testCommunityIdProcessor(event, "1:YC1+javPJ2LpK5xVyw1udfT83Qs="); + testProcessor(event, "1:YC1+javPJ2LpK5xVyw1udfT83Qs="); } - public void testIcmpWithCodeEquivalent() throws Exception { + public void testIcmpWithCodeEquivalent() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.put("transport", "icmp"); @@ -209,20 +213,20 @@ public void testIcmpWithCodeEquivalent() throws Exception { icmp.put("type", 10); icmp.put("code", 3); event.put("icmp", icmp); - testCommunityIdProcessor(event, "1:L8wnzpmRHIESLqLBy+zTqW3Pmqs="); + testProcessor(event, "1:L8wnzpmRHIESLqLBy+zTqW3Pmqs="); } - public void testStringAndNumber() throws Exception { + public void testStringAndNumber() { // iana event = buildEvent(); @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.remove("transport"); network.put("iana_number", CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber()); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); network.put("iana_number", Integer.toString(CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber())); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); // protocol number event = buildEvent(); @@ -235,30 +239,30 @@ public void testStringAndNumber() throws Exception { @SuppressWarnings("unchecked") var network2 = (Map) event.get("network"); network2.put("transport", 2); - testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); + testProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); network2.put("transport", "2"); - testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); + testProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI="); // source port event = buildEvent(); @SuppressWarnings("unchecked") var source2 = (Map) event.get("source"); source2.put("port", 34855); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); source2.put("port", "34855"); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); // dest port event = buildEvent(); @SuppressWarnings("unchecked") var dest2 = (Map) event.get("destination"); dest2.put("port", 80); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); dest2.put("port", "80"); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); // icmp type and code event = buildEvent(); @@ -269,89 +273,87 @@ public void testStringAndNumber() throws Exception { icmp.put("type", 3); icmp.put("code", 3); event.put("icmp", icmp); - testCommunityIdProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); + testProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); - icmp = new HashMap(); + icmp = new HashMap<>(); icmp.put("type", "3"); icmp.put("code", "3"); event.put("icmp", icmp); - testCommunityIdProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); + testProcessor(event, "1:KF3iG9XD24nhlSy4r1TcYIr5mfE="); } - public void testLongsForNumericValues() throws Exception { + public void testLongsForNumericValues() { event = buildEvent(); @SuppressWarnings("unchecked") var source2 = (Map) event.get("source"); source2.put("port", 34855L); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); } - public void testFloatsForNumericValues() throws Exception { + public void testFloatsForNumericValues() { event = buildEvent(); @SuppressWarnings("unchecked") var source2 = (Map) event.get("source"); source2.put("port", 34855.0); - testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); + testProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg="); } - public void testInvalidPort() throws Exception { + public void testInvalidPort() { event = buildEvent(); @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.put("port", 0); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("invalid source port [0]")); event = buildEvent(); @SuppressWarnings("unchecked") var source2 = (Map) event.get("source"); source2.put("port", 65536); - e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("invalid source port [65536]")); event = buildEvent(); @SuppressWarnings("unchecked") var source3 = (Map) event.get("destination"); source3.put("port", 0); - e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("invalid destination port [0]")); event = buildEvent(); @SuppressWarnings("unchecked") var source4 = (Map) event.get("destination"); source4.put("port", 65536); - e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, null)); + e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, null)); assertThat(e.getMessage(), containsString("invalid destination port [65536]")); } - public void testIgnoreMissing() throws Exception { + public void testIgnoreMissing() { @SuppressWarnings("unchecked") var network = (Map) event.get("network"); network.remove("transport"); - testCommunityIdProcessor(event, 0, null, true); + testProcessor(event, 0, null, true); } - public void testIgnoreMissingIsFalse() throws Exception { + public void testIgnoreMissingIsFalse() { @SuppressWarnings("unchecked") var source = (Map) event.get("source"); source.remove("ip"); - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testCommunityIdProcessor(event, 0, null, false)); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testProcessor(event, 0, null, false)); assertThat(e.getMessage(), containsString("field [ip] not present as part of path [source.ip]")); } - private void testCommunityIdProcessor(Map source, String expectedHash) throws Exception { - testCommunityIdProcessor(source, 0, expectedHash); + private static void testProcessor(Map source, String expectedHash) { + testProcessor(source, 0, expectedHash); } - private void testCommunityIdProcessor(Map source, int seed, String expectedHash) throws Exception { - testCommunityIdProcessor(source, seed, expectedHash, false); + private static void testProcessor(Map source, int seed, String expectedHash) { + testProcessor(source, seed, expectedHash, false); } - private void testCommunityIdProcessor(Map source, int seed, String expectedHash, boolean ignoreMissing) - throws Exception { - + private static void testProcessor(Map source, int seed, String expectedHash, boolean ignoreMissing) { var processor = new CommunityIdProcessor( null, null, @@ -369,7 +371,12 @@ private void testCommunityIdProcessor(Map source, int seed, Stri ); IngestDocument input = TestIngestDocument.withDefaultVersion(source); - IngestDocument output = processor.execute(input); + IngestDocument output; + try { + output = processor.execute(input); + } catch (Exception e) { + throw ExceptionsHelper.convertToRuntime(e); + } String hash = output.getFieldValue(DEFAULT_TARGET, String.class, ignoreMissing); assertThat(hash, equalTo(expectedHash));