Skip to content

Commit

Permalink
[TIP] add null check to the painless script
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxcold
maxcold committed Nov 1, 2022
1 parent 23a9d78 commit aa80a04
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 31 deletions.
60 changes: 30 additions & 30 deletions x-pack/plugins/threat_intelligence/server/utils/indicator_name.test.ts
View file
Expand Up @@ -11,10 +11,10 @@ describe('display name generation', () => {
describe('threatIndicatorNamesScript()', () => {
it('should generate a valid painless script', () => {
expect(threatIndicatorNamesScript()).toMatchInlineSnapshot(`
"if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
"if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit(doc['threat.indicator.file.hash.sha256'].value) }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit(doc['threat.indicator.file.hash.sha256'].value) }
if (doc['threat.indicator.file.hash.md5'].size()!=0 && doc['threat.indicator.file.hash.md5'].value!=null) { return emit(doc['threat.indicator.file.hash.md5'].value) }
if (doc['threat.indicator.file.hash.sha1'].size()!=0 && doc['threat.indicator.file.hash.sha1'].value!=null) { return emit(doc['threat.indicator.file.hash.sha1'].value) }
if (doc['threat.indicator.file.hash.sha224'].size()!=0 && doc['threat.indicator.file.hash.sha224'].value!=null) { return emit(doc['threat.indicator.file.hash.sha224'].value) }
Expand All @@ -33,25 +33,25 @@ describe('display name generation', () => {
if (doc['threat.indicator.file.pehash'].size()!=0 && doc['threat.indicator.file.pehash'].value!=null) { return emit(doc['threat.indicator.file.pehash'].value) }
if (doc['threat.indicator.file.vhash'].size()!=0 && doc['threat.indicator.file.vhash'].value!=null) { return emit(doc['threat.indicator.file.vhash'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='url') { if (doc['threat.indicator.url.full'].size()!=0 && doc['threat.indicator.url.full'].value!=null) { return emit(doc['threat.indicator.url.full'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='url') { if (doc['threat.indicator.url.full'].size()!=0 && doc['threat.indicator.url.full'].value!=null) { return emit(doc['threat.indicator.url.full'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='domain') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit(doc['threat.indicator.url.domain'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='domain-name') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit(doc['threat.indicator.url.domain'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='domain') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit(doc['threat.indicator.url.domain'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='domain-name') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit(doc['threat.indicator.url.domain'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='x509-certificate') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit(doc['threat.indicator.x509.serial_number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='x509 serial') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit(doc['threat.indicator.x509.serial_number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='x509-certificate') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit(doc['threat.indicator.x509.serial_number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='x509 serial') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit(doc['threat.indicator.x509.serial_number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email-addr') { if (doc['threat.indicator.email.address'].size()!=0 && doc['threat.indicator.email.address'].value!=null) { return emit(doc['threat.indicator.email.address'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email-addr') { if (doc['threat.indicator.email.address'].size()!=0 && doc['threat.indicator.email.address'].value!=null) { return emit(doc['threat.indicator.email.address'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='unknown') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email-message') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='unknown') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email-message') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit(doc['_id'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='windows-registry-key') { if (doc['threat.indicator.registry.key'].size()!=0 && doc['threat.indicator.registry.key'].value!=null) { return emit(doc['threat.indicator.registry.key'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='windows-registry-key') { if (doc['threat.indicator.registry.key'].size()!=0 && doc['threat.indicator.registry.key'].value!=null) { return emit(doc['threat.indicator.registry.key'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='autonomous-system') { if (doc['threat.indicator.as.number'].size()!=0 && doc['threat.indicator.as.number'].value!=null) { return emit(doc['threat.indicator.as.number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='autonomous-system') { if (doc['threat.indicator.as.number'].size()!=0 && doc['threat.indicator.as.number'].value!=null) { return emit(doc['threat.indicator.as.number'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit(doc['threat.indicator.mac'].value) } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit(doc['threat.indicator.mac'].value) } }
return emit('')"
`);
Expand All @@ -61,10 +61,10 @@ describe('display name generation', () => {
describe('threatIndicatorNamesOriginScript()', () => {
it('should generate a valid painless script', () => {
expect(threatIndicatorNamesOriginScript()).toMatchInlineSnapshot(`
"if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
"if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit('threat.indicator.file.hash.sha256') }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit('threat.indicator.file.hash.sha256') }
if (doc['threat.indicator.file.hash.md5'].size()!=0 && doc['threat.indicator.file.hash.md5'].value!=null) { return emit('threat.indicator.file.hash.md5') }
if (doc['threat.indicator.file.hash.sha1'].size()!=0 && doc['threat.indicator.file.hash.sha1'].value!=null) { return emit('threat.indicator.file.hash.sha1') }
if (doc['threat.indicator.file.hash.sha224'].size()!=0 && doc['threat.indicator.file.hash.sha224'].value!=null) { return emit('threat.indicator.file.hash.sha224') }
Expand All @@ -83,25 +83,25 @@ describe('display name generation', () => {
if (doc['threat.indicator.file.pehash'].size()!=0 && doc['threat.indicator.file.pehash'].value!=null) { return emit('threat.indicator.file.pehash') }
if (doc['threat.indicator.file.vhash'].size()!=0 && doc['threat.indicator.file.vhash'].value!=null) { return emit('threat.indicator.file.vhash') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='url') { if (doc['threat.indicator.url.full'].size()!=0 && doc['threat.indicator.url.full'].value!=null) { return emit('threat.indicator.url.full') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='url') { if (doc['threat.indicator.url.full'].size()!=0 && doc['threat.indicator.url.full'].value!=null) { return emit('threat.indicator.url.full') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='domain') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit('threat.indicator.url.domain') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='domain-name') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit('threat.indicator.url.domain') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='domain') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit('threat.indicator.url.domain') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='domain-name') { if (doc['threat.indicator.url.domain'].size()!=0 && doc['threat.indicator.url.domain'].value!=null) { return emit('threat.indicator.url.domain') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='x509-certificate') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit('threat.indicator.x509.serial_number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='x509 serial') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit('threat.indicator.x509.serial_number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='x509-certificate') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit('threat.indicator.x509.serial_number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='x509 serial') { if (doc['threat.indicator.x509.serial_number'].size()!=0 && doc['threat.indicator.x509.serial_number'].value!=null) { return emit('threat.indicator.x509.serial_number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email-addr') { if (doc['threat.indicator.email.address'].size()!=0 && doc['threat.indicator.email.address'].value!=null) { return emit('threat.indicator.email.address') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email-addr') { if (doc['threat.indicator.email.address'].size()!=0 && doc['threat.indicator.email.address'].value!=null) { return emit('threat.indicator.email.address') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='unknown') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='email-message') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='unknown') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='email-message') { if (doc['_id'].size()!=0 && doc['_id'].value!=null) { return emit('_id') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='windows-registry-key') { if (doc['threat.indicator.registry.key'].size()!=0 && doc['threat.indicator.registry.key'].value!=null) { return emit('threat.indicator.registry.key') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='windows-registry-key') { if (doc['threat.indicator.registry.key'].size()!=0 && doc['threat.indicator.registry.key'].value!=null) { return emit('threat.indicator.registry.key') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='autonomous-system') { if (doc['threat.indicator.as.number'].size()!=0 && doc['threat.indicator.as.number'].value!=null) { return emit('threat.indicator.as.number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='autonomous-system') { if (doc['threat.indicator.as.number'].size()!=0 && doc['threat.indicator.as.number'].value!=null) { return emit('threat.indicator.as.number') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit('threat.indicator.mac') } }
if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit('threat.indicator.mac') } }
return emit('')"
`);
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/threat_intelligence/server/utils/indicator_name.ts
View file
Expand Up @@ -56,7 +56,7 @@ const mappingsArray: Mappings = [
* Generates Painless condition checking if given `type` is matched
*/
const fieldTypeCheck = (type: string) =>
`if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value.toLowerCase()=='${type.toLowerCase()}')`;
`if (doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='${type.toLowerCase()}')`;

/**
* Generates Painless condition checking if given `field` has value
Expand Down

0 comments on commit aa80a04

Please sign in to comment.