forked from opensearch-project/security-analytics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adds new tif source config type - url download (opensearch-project#1142…
…) (opensearch-project#1155) * adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- Loading branch information
Showing
16 changed files
with
534 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
117 changes: 117 additions & 0 deletions
117
src/main/java/org/opensearch/securityanalytics/threatIntel/model/UrlDownloadSource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
package org.opensearch.securityanalytics.threatIntel.model; | ||
|
||
import org.opensearch.core.common.io.stream.StreamInput; | ||
import org.opensearch.core.common.io.stream.StreamOutput; | ||
import org.opensearch.core.common.io.stream.Writeable; | ||
import org.opensearch.core.xcontent.ToXContent; | ||
import org.opensearch.core.xcontent.XContentBuilder; | ||
import org.opensearch.core.xcontent.XContentParser; | ||
|
||
import java.io.IOException; | ||
import java.net.URL; | ||
|
||
/** | ||
* This is a Threat Intel Source config where the iocs are downloaded from the URL | ||
*/ | ||
public class UrlDownloadSource extends Source implements Writeable, ToXContent { | ||
public static final String URL_FIELD = "url"; | ||
public static final String FEED_FORMAT_FIELD = "feed_format"; | ||
public static final String HAS_CSV_HEADER_FIELD = "has_csv_header_field"; | ||
public static final String CSV_IOC_VALUE_COLUMN_NUM_FIELD = "csv_ioc_value_colum_num"; | ||
public static final String SOURCE_NAME = "URL_DOWNLOAD"; | ||
|
||
private final URL url; | ||
private final String feedFormat; | ||
private final Boolean hasCsvHeader; | ||
private final Integer csvIocValueColumnNo; | ||
|
||
public UrlDownloadSource(URL url, String feedFormat, Boolean hasCsvHeader, Integer csvIocValueColumnNo) { | ||
this.url = url; | ||
this.feedFormat = feedFormat; | ||
this.hasCsvHeader = hasCsvHeader; | ||
this.csvIocValueColumnNo = csvIocValueColumnNo; | ||
|
||
} | ||
|
||
public UrlDownloadSource(StreamInput sin) throws IOException { | ||
this( | ||
new URL(sin.readString()), | ||
sin.readString(), | ||
sin.readOptionalBoolean(), | ||
sin.readOptionalInt() | ||
); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeString(url.toString()); | ||
out.writeString(feedFormat); | ||
out.writeOptionalBoolean(hasCsvHeader); | ||
out.writeOptionalInt(csvIocValueColumnNo); | ||
} | ||
|
||
@Override | ||
String name() { | ||
return SOURCE_NAME; | ||
} | ||
|
||
public URL getUrl() { | ||
return url; | ||
} | ||
|
||
public static UrlDownloadSource parse(XContentParser xcp) throws IOException { | ||
URL url = null; | ||
String feedFormat = null; | ||
Boolean hasCsvHeader = false; | ||
Integer csvIocValueColumnNo = null; | ||
while (xcp.nextToken() != XContentParser.Token.END_OBJECT) { | ||
String fieldName = xcp.currentName(); | ||
xcp.nextToken(); | ||
switch (fieldName) { | ||
case URL_FIELD: | ||
String urlString = xcp.text(); | ||
url = new URL(urlString); | ||
break; | ||
case FEED_FORMAT_FIELD: | ||
feedFormat = xcp.text(); | ||
break; | ||
case HAS_CSV_HEADER_FIELD: | ||
hasCsvHeader = xcp.booleanValue(); | ||
break; | ||
case CSV_IOC_VALUE_COLUMN_NUM_FIELD: | ||
if (xcp.currentToken() == null) | ||
xcp.skipChildren(); | ||
else | ||
csvIocValueColumnNo = xcp.intValue(); | ||
break; | ||
default: | ||
xcp.skipChildren(); | ||
} | ||
} | ||
return new UrlDownloadSource(url, feedFormat, hasCsvHeader, csvIocValueColumnNo); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { | ||
return builder.startObject() | ||
.startObject(URL_DOWNLOAD_FIELD) | ||
.field(URL_FIELD, url.toString()) | ||
.field(FEED_FORMAT_FIELD, feedFormat) | ||
.field(HAS_CSV_HEADER_FIELD, hasCsvHeader) | ||
.field(CSV_IOC_VALUE_COLUMN_NUM_FIELD, csvIocValueColumnNo) | ||
.endObject() | ||
.endObject(); | ||
} | ||
|
||
public String getFeedFormat() { | ||
return feedFormat; | ||
} | ||
|
||
public boolean hasCsvHeader() { | ||
return hasCsvHeader; | ||
} | ||
|
||
public Integer getCsvIocValueColumnNo() { | ||
return csvIocValueColumnNo; | ||
} | ||
} |
Oops, something went wrong.