Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decode_json_field: do not process arrays when flag not set #11318

Merged
merged 8 commits into from
Mar 25, 2019
Merged

decode_json_field: do not process arrays when flag not set #11318

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ae7c839
wong assumption?
michalpristas Mar 19, 2019
bb6bef5
indicate skip for arrays
michalpristas Mar 19, 2019
30530aa
changelog
michalpristas Mar 19, 2019
193fb05
make one liner
michalpristas Mar 19, 2019
6c33788
Merge branch 'master' of https://github.com/elastic/beats into fix-ar…
michalpristas Mar 21, 2019
dd8c447
not marking as breaking change
michalpristas Mar 22, 2019
11da2be
Merge branch 'master' into fix-arrays-processor
michalpristas Mar 22, 2019
ad68468
Merge branch 'master' into fix-arrays-processor
michalpristas Mar 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions CHANGELOG.next.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- On Google Cloud Engine (GCE) the add_cloud_metadata will now trim the project
info from the cloud.machine.type and cloud.availability_zone. {issue}10968[10968]
- Rename `migration.enabled` config to `migration.6_to_7.enabled`. {pull}11284[11284]

- decode_json_field: do not process arrays when flag not set. {pull}11318[11318]
michalpristas marked this conversation as resolved.
Show resolved Hide resolved
*Auditbeat*

- Rename `process.exe` to `process.executable` in auditd module to align with ECS. {pull}9949[9949]
Expand Down Expand Up @@ -170,7 +170,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix a bug when converting NetFlow fields to snake_case. {pull}10950[10950]
- Add on_failure handler for Zeek ingest pipelines. Fix one field name error for notice and add an additional test case. {issue}11004[11004] {pull}11105[11105]
- Fix issue preventing docker container events to be stored if the container has a network interface without ip address. {issue}11225[11225] {pull}11247[11247]
- Add on_failure handler for Zeek ingest pipelines. Fix one field name error for notice and add an additional test
- Add on_failure handler for Zeek ingest pipelines. Fix one field name error for notice and add an additional test
case. {issue}11004[11004] {pull}11105[11105]
- Change URLPATH grok pattern to support brackets. {issue}11135[11135] {pull}11252[11252]
- Add support for iis log with different address format. {issue}11255[11255] {pull}11256[11256]
Expand Down
5 changes: 3 additions & 2 deletions libbeat/processors/actions/decode_json_fields.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ var (
MaxDepth: 1,
ProcessArray: false,
}
errProcessingSkipped = errors.New("processing skipped")
)

var debug = logp.MakeDebug("filters")
Expand Down Expand Up @@ -149,7 +150,7 @@ func unmarshal(maxDepth int, text string, fields *interface{}, processArray bool
var tmp interface{}
err := unmarshal(maxDepth, str, &tmp, processArray)
if err != nil {
return v, false
return v, err == errProcessingSkipped
}

return tmp, true
Expand All @@ -166,7 +167,7 @@ func unmarshal(maxDepth int, text string, fields *interface{}, processArray bool
// We want to process arrays here
case []interface{}:
if !processArray {
break
return errProcessingSkipped
}

for i, v := range O {
Expand Down
47 changes: 47 additions & 0 deletions libbeat/processors/actions/decode_json_fields_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,53 @@ func TestTargetRootOption(t *testing.T) {
assert.Equal(t, expected.String(), actual.String())
}

func TestArrayWithArraysDisabled(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind adding test cases for decoding array when process_array is set to true? Also, it would be nice to see tests for max_depth. The coverage of decode_json_fields is pretty thin. :(

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here it is: https://github.com/elastic/beats/pull/11318/files/193fb05581182455aa63ddadf8b998bfda8fb6c5#diff-baa231b1fdf8858ba8a286d1cc957e82R235

input := common.MapStr{
"msg": `{
"arrayOfMap": "[{\"a\":\"b\"}]"
}`,
}

testConfig, _ = common.NewConfigFrom(map[string]interface{}{
"fields": fields,
"max_depth": 10,
"process_array": false,
})

actual := getActualValue(t, testConfig, input)

expected := common.MapStr{
"msg": common.MapStr{
"arrayOfMap": "[{\"a\":\"b\"}]",
},
}

assert.Equal(t, expected.String(), actual.String())
}
func TestArrayWithArraysEnabled(t *testing.T) {
input := common.MapStr{
"msg": `{
"arrayOfMap": "[{\"a\":\"b\"}]"
}`,
}

testConfig, _ = common.NewConfigFrom(map[string]interface{}{
"fields": fields,
"max_depth": 10,
"process_array": true,
})

actual := getActualValue(t, testConfig, input)

expected := common.MapStr{
"msg": common.MapStr{
"arrayOfMap": []common.MapStr{common.MapStr{"a": "b"}},
},
}

assert.Equal(t, expected.String(), actual.String())
}

func getActualValue(t *testing.T, config *common.Config, input common.MapStr) common.MapStr {
logp.TestingSetup()

Expand Down