From 0797a64da081ae1609fdbf831b6b3878b4075e88 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 6 Mar 2024 12:12:04 +1030 Subject: [PATCH] x-pack/filebeat/input/{cel,websocket}: prevent addition of regexp extension when no patterns are provided (#38181) In the case of cel, the extension was always being added, and then was conditionally added when a pattern was configured, resulting in a failed configuration. In the case of websocket the conditional addition was not being performed, so no failure occurred, but additional look-up load was being added. So unify the approaches to the correct conditional addition. --- CHANGELOG.next.asciidoc | 1 + x-pack/filebeat/input/cel/config_test.go | 14 ++++++++++++++ x-pack/filebeat/input/cel/input.go | 1 - x-pack/filebeat/input/websocket/cel.go | 4 +++- x-pack/filebeat/input/websocket/config_test.go | 13 +++++++++++++ 5 files changed, 31 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 77e78868b6a..f11f88e491c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -99,6 +99,7 @@ fields added to events containing the Beats version. {pull}37553[37553] - Fix a race condition that could crash Filebeat with a "negative WaitGroup counter" error {pull}38094[38094] - Prevent HTTPJSON holding response bodies between executions. {issue}35219[35219] {pull}38116[38116] - Fix "failed processing S3 event for object key" error on aws-s3 input when key contains the "+" character {issue}38012[38012] {pull}38125[38125] +- Fix duplicated addition of regexp extension in CEL input. {pull}38181[38181] *Heartbeat* diff --git a/x-pack/filebeat/input/cel/config_test.go b/x-pack/filebeat/input/cel/config_test.go index e4c98b78dc5..7acf74df08c 100644 --- a/x-pack/filebeat/input/cel/config_test.go +++ b/x-pack/filebeat/input/cel/config_test.go @@ -12,6 +12,7 @@ import ( "os" "reflect" "testing" + "time" "github.com/google/go-cmp/cmp" "golang.org/x/oauth2/google" @@ -38,6 +39,19 @@ func TestGetProviderIsCanonical(t *testing.T) { } } +func TestRegexpConfig(t *testing.T) { + cfg := config{ + Interval: time.Minute, + Program: `{}`, + Resource: &ResourceConfig{URL: &urlConfig{URL: &url.URL{}}}, + Regexps: map[string]string{"regex_cve": `[Cc][Vv][Ee]-[0-9]{4}-[0-9]{4,7}`}, + } + err := cfg.Validate() + if err != nil { + t.Errorf("failed to validate config with regexps: %v", err) + } +} + func TestIsEnabled(t *testing.T) { type enabler interface { isEnabled() bool diff --git a/x-pack/filebeat/input/cel/input.go b/x-pack/filebeat/input/cel/input.go index 12dd4c4dcec..edd7c053018 100644 --- a/x-pack/filebeat/input/cel/input.go +++ b/x-pack/filebeat/input/cel/input.go @@ -918,7 +918,6 @@ func newProgram(ctx context.Context, src, root string, client *http.Client, limi lib.Debug(debug(log, trace)), lib.File(mimetypes), lib.MIME(mimetypes), - lib.Regexp(patterns), lib.Limit(limitPolicies), lib.Globals(map[string]interface{}{ "useragent": userAgent, diff --git a/x-pack/filebeat/input/websocket/cel.go b/x-pack/filebeat/input/websocket/cel.go index 11c2e7ad8f1..0938da05353 100644 --- a/x-pack/filebeat/input/websocket/cel.go +++ b/x-pack/filebeat/input/websocket/cel.go @@ -63,11 +63,13 @@ func newProgram(ctx context.Context, src, root string, patterns map[string]*rege lib.Try(), lib.Debug(debug(log)), lib.MIME(mimetypes), - lib.Regexp(patterns), lib.Globals(map[string]interface{}{ "useragent": userAgent, }), } + if len(patterns) != 0 { + opts = append(opts, lib.Regexp(patterns)) + } env, err := cel.NewEnv(opts...) if err != nil { diff --git a/x-pack/filebeat/input/websocket/config_test.go b/x-pack/filebeat/input/websocket/config_test.go index 021bf89056f..c1aaac97328 100644 --- a/x-pack/filebeat/input/websocket/config_test.go +++ b/x-pack/filebeat/input/websocket/config_test.go @@ -6,6 +6,7 @@ package websocket import ( "fmt" + "net/url" "testing" "github.com/stretchr/testify/assert" @@ -119,3 +120,15 @@ func TestConfig(t *testing.T) { }) } } + +func TestRegexpConfig(t *testing.T) { + cfg := config{ + Program: `{}`, + URL: &urlConfig{URL: &url.URL{Scheme: "ws"}}, + Regexps: map[string]string{"regex_cve": `[Cc][Vv][Ee]-[0-9]{4}-[0-9]{4,7}`}, + } + err := cfg.Validate() + if err != nil { + t.Errorf("failed to validate config with regexps: %v", err) + } +}