Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows/powershell: fix regexp constraints in event 800 parameter detail processing #3495

Merged
merged 1 commit into from
Jun 9, 2022
Merged

windows/powershell: fix regexp constraints in event 800 parameter detail processing #3495

merged 1 commit into from
Jun 9, 2022

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jun 9, 2022

What does this PR do?

This tightens constraints in the regular expression to prevent greedy consumption of the input and regexp complexity explosion.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:windows Windows labels Jun 9, 2022
@efd6 efd6 self-assigned this Jun 9, 2022
@efd6 efd6 marked this pull request as ready for review June 9, 2022 00:37
@efd6 efd6 requested review from a team as code owners June 9, 2022 00:37
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6 efd6 requested review from cmacknz and fearful-symmetry June 9, 2022 00:37
@elasticmachine
Copy link

elasticmachine commented Jun 9, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-06-09T00:38:00.681+0000

  • Duration: 16 min 18 sec

Test stats 🧪

Test Results
Failed 0
Passed 126
Skipped 0
Total 126

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (4/4) 💚
Files 87.5% (7/8) 👎 -9.068
Classes 87.5% (7/8) 👎 -9.068
Methods 84.884% (73/86) 👎 -4.005
Lines 93.376% (4962/5314) 👍 3.618
Conditionals 100.0% (0/0) 💚

andrewkroh
andrewkroh reviewed Jun 9, 2022
View reviewed changes
packages/windows/data_stream/powershell/elasticsearch/ingest_pipeline/default.yml
@@ -229,7 +229,7 @@ processors:
field: param3
source: |-
def parseRawDetail(String raw) {
Pattern detailRegex = /^(.+)\((.+)\)\:\s*(.+)?$/;
Pattern detailRegex = /^([^:(]+)\((.+)\)\:\s*(.+)?$/;
Copy link
Member

@andrewkroh andrewkroh Jun 9, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know the answer, but I'm wondering if these are compiled on each function invocation. If they were outside the function maybe they would only be compiled once per processor execution. No need to change anything.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just tried that and it fails to compile if they are outside the function definition.

@efd6 efd6 merged commit 0cc27d7 into elastic:main Jun 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@cmacknz cmacknz Awaiting requested review from cmacknz cmacknz is a code owner automatically assigned from elastic/elastic-agent-data-plane

@fearful-symmetry fearful-symmetry Awaiting requested review from fearful-symmetry fearful-symmetry is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@efd6 efd6

Labels
bug Something isn't working, use only for issues Integration:windows Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

windows/powershell: regexp considered too many characters for processing 800 command invocation details
3 participants
@efd6 @elasticmachine @andrewkroh