diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/IocUploadSource.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/IocUploadSource.java index 8f79143e3..865120fac 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/IocUploadSource.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/IocUploadSource.java @@ -96,8 +96,4 @@ public void setIocs(List iocs) { public String getFileName() { return fileName; } - - public void setFileName(String fileName) { - this.fileName = fileName; - } } diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/Source.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/Source.java index a9d75c646..7f607e88a 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/Source.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/Source.java @@ -20,6 +20,7 @@ public abstract class Source { abstract String name(); public static final String S3_FIELD = "s3"; public static final String IOC_UPLOAD_FIELD = "ioc_upload"; + public static final String URL_DOWNLOAD_FIELD = "url_download"; static Source readFrom(StreamInput sin) throws IOException { Type type = sin.readEnum(Type.class); @@ -28,6 +29,8 @@ static Source readFrom(StreamInput sin) throws IOException { return new S3Source(sin); case IOC_UPLOAD: return new IocUploadSource(sin); + case URL_DOWNLOAD: + return new UrlDownloadSource(sin); default: throw new IllegalStateException("Unexpected input ["+ type + "] when reading ioc store config"); } @@ -57,7 +60,9 @@ public void writeTo(StreamOutput out) throws IOException {} enum Type { S3(), - IOC_UPLOAD(); + IOC_UPLOAD(), + + URL_DOWNLOAD(); @Override public String toString() { diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/UrlDownloadSource.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/UrlDownloadSource.java new file mode 100644 index 000000000..5e37dd17d --- /dev/null +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/UrlDownloadSource.java @@ -0,0 +1,63 @@ +package org.opensearch.securityanalytics.threatIntel.model; + +import org.opensearch.core.common.io.stream.StreamInput; +import org.opensearch.core.common.io.stream.Writeable; +import org.opensearch.core.xcontent.ToXContent; +import org.opensearch.core.xcontent.XContentBuilder; +import org.opensearch.core.xcontent.XContentParser; + +import java.io.IOException; +import java.net.URL; + +/** + * This is a Threat Intel Source config where the iocs are downloaded from the URL + */ +public class UrlDownloadSource extends Source implements Writeable, ToXContent { + public static final String URL_FIELD = "url"; + public static final String SOURCE_NAME = "URL_DOWNLOAD"; + + private final URL url; + + public UrlDownloadSource(URL url) { + this.url = url; + } + + public UrlDownloadSource(StreamInput sin) throws IOException { + this(new URL(sin.readString())); + } + + @Override + String name() { + return SOURCE_NAME; + } + + public URL getUrl() { + return url; + } + + public static UrlDownloadSource parse(XContentParser xcp) throws IOException { + URL url = null; + while (xcp.nextToken() != XContentParser.Token.END_OBJECT) { + String fieldName = xcp.currentName(); + xcp.nextToken(); + switch (fieldName) { + case URL_FIELD: + String urlString = xcp.text(); + url = new URL(urlString); + break; + default: + xcp.skipChildren(); + } + } + return new UrlDownloadSource(url); + } + + @Override + public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { + return builder.startObject() + .startObject(URL_DOWNLOAD_FIELD) + .field(URL_FIELD, url) + .endObject() + .endObject(); + } +}