Fix community_id processor so that ports greater than 65535 aren't valid

[legoguy1000]

What does this PR do?

This changes the community_id processor so that it doesn't accept ports > 65535 or < 1. Based off of how the ES processor works, https://github.com/elastic/elasticsearch/blob/master/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java#L175

Why is it important?

Currently the processor only checks for if the port != 0 but allows negative numbers and numbers > 65535 which is invalid.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

This is from #24620 when I moved the community_id processor from filebeat to the ingest pipeline, the ES processor does the additional checks that filebeat currently is not.

Logs

[legoguy1000]

@andrewkroh Found a bug in the community_id processor. You were the last to make changes to it so I figured I'd ping you for any comments or feedback.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: marc-gr commented: /test

• Start Time: 2021-05-05T10:55:54.126+0000

• Duration: 102 min 58 sec

• Commit: ef2ca1b

Test stats 🧪

Test	Results
Failed	0
Passed	29774
Skipped	4010
Total	33784

Trends 🧪

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	29774
Skipped	4010
Total	33784

[kvch]

jenkins run tests

[legoguy1000]

I see why the tests are failing, because of the unit16 conversion function. For numbers larger than a int16, its returning the remainder instead of just failing.

[legoguy1000]

I'm testing the tryToUint16 function and no matter what it only seems to hit the int case of the switch so the all the extra cases may be unecessary.

[legoguy1000]

I updated the function forcing the unit16 conversion and now all the tests pass. IDK if its the best way of doing it.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[marc-gr]

/test

[legoguy1000]

IDK why the community IDs are being removed from these documents when all teh pieces are valid, https://beats-ci.elastic.co/blue/organizations/jenkins/Beats%2Fbeats/detail/PR-25409/5/pipeline#step-7529-log-174. The Go tests pass just fine.

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b communityid-processor-high-ports upstream/communityid-processor-high-ports
git merge upstream/master
git push upstream communityid-processor-high-ports

[marc-gr]

I think the types you removed are the ones causing the missing community_ids, since they are going to the default case. (Do not merge my suggestion as I am quite sure they are not correctly formatted)

[marc-gr]

/test

[marc-gr]

/test

[marc-gr]

Thanks for the work!