Skip to content

packages/aws/data_stream/config: guard against null API response fields#18787

Merged
efd6 merged 1 commit intoelastic:mainfrom
efd6:aws_config_null_results
May 5, 2026
Merged

packages/aws/data_stream/config: guard against null API response fields#18787
efd6 merged 1 commit intoelastic:mainfrom
efd6:aws_config_null_results

Conversation

@efd6
Copy link
Copy Markdown
Contributor

@efd6 efd6 commented May 4, 2026

Proposed commit message

packages/aws/data_stream/config: guard against null API response fields

The CEL program calls size() on body.EvaluationResults after checking
has(), but has() returns true when the field is present with a JSON
null value. size(null) has no overload, producing a runtime error that
propagates to the ternary operator as "no such overload".

Add != null guards to all three has()+size() patterns in the program
(EvaluationResults and ConfigRules). Remove dead .orValue([]) on the
map call since the true branch already guarantees a non-empty list.

Update the test input to return null instead of an empty array for one
rule so the fix is exercised by system tests.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this May 4, 2026
@efd6 efd6 added Integration:aws AWS bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels May 4, 2026
@efd6
packages/aws/data_stream/config: guard against null API response fields
8b84c4a 
The CEL program calls size() on body.EvaluationResults after checking
has(), but has() returns true when the field is present with a JSON
null value. size(null) has no overload, producing a runtime error that
propagates to the ternary operator as "no such overload".

Add != null guards to all three has()+size() patterns in the program
(EvaluationResults and ConfigRules). Remove dead .orValue([]) on the
map call since the true branch already guarantees a non-empty list.

Update the test input to return null instead of an empty array for one
rule so the fix is exercised by system tests.
@efd6 efd6 force-pushed the aws_config_null_results branch from 932a81e to 8b84c4a Compare May 4, 2026 23:24
macroscopeapp[bot]
macroscopeapp Bot reviewed May 4, 2026
View reviewed changes
Comment thread packages/aws/changelog.yml
@efd6 efd6 mentioned this pull request May 4, 2026
Open
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 5, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 5, 2026

💚 Build Succeeded

cc @efd6

@efd6 efd6 marked this pull request as ready for review May 5, 2026 01:48
@efd6 efd6 requested review from a team as code owners May 5, 2026 01:48
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 5, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions github-actions Bot mentioned this pull request May 5, 2026
Open
@efd6 efd6 mentioned this pull request May 5, 2026
Closed
5 tasks
kcreddy
kcreddy approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@efd6 efd6 merged commit 6b8436b into elastic:main May 5, 2026
10 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 5, 2026

Package aws - 6.14.1 containing this change is available at https://epr.elastic.co/package/aws/6.14.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

@kcreddy kcreddy kcreddy approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @kcreddy