From 7642b44fcc1e30ae5f9457d7624e3412f414cf81 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Fri, 18 Dec 2020 14:58:56 -0500 Subject: [PATCH 1/7] Add network direction processor --- .../xpack/core/common/network}/CIDRUtils.java | 12 +- .../core/common/network}/CIDRUtilsTests.java | 2 +- .../string/CIDRMatchFunctionProcessor.java | 8 +- .../ingest/NetworkDirectionProcessor.java | 263 ++++++++++++++++++ ...NetworkDirectionProcessorFactoryTests.java | 80 ++++++ .../NetworkDirectionProcessorTests.java | 126 +++++++++ 6 files changed, 480 insertions(+), 11 deletions(-) rename x-pack/plugin/{eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string => core/src/main/java/org/elasticsearch/xpack/core/common/network}/CIDRUtils.java (88%) rename x-pack/plugin/{eql/src/test/java/org/elasticsearch/xpack/eql/expression/function/scalar/string => core/src/test/java/org/elasticsearch/xpack/core/common/network}/CIDRUtilsTests.java (97%) create mode 100644 x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java create mode 100644 x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java create mode 100644 x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/common/network/CIDRUtils.java similarity index 88% rename from x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtils.java rename to x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/common/network/CIDRUtils.java index e0905ca9df7b8..ec712ccfe406b 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtils.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/common/network/CIDRUtils.java @@ -4,11 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.eql.expression.function.scalar.string; +package org.elasticsearch.xpack.core.common.network; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.network.InetAddresses; -import org.elasticsearch.xpack.eql.EqlIllegalArgumentException; import java.net.InetAddress; import java.util.Arrays; @@ -21,7 +20,6 @@ private CIDRUtils() { } public static boolean isInRange(String address, String... cidrAddresses) { - try { // Check if address is parsable first byte[] addr = InetAddresses.forString(address).getAddress(); @@ -42,10 +40,6 @@ public static boolean isInRange(String address, String... cidrAddresses) { } if (isBetween(addr, lower, upper)) return true; } - } catch (IllegalArgumentException e) { - throw new EqlIllegalArgumentException(e.getMessage()); - } - return false; } @@ -55,7 +49,7 @@ private static Tuple getLowerUpper(Tuple c if (prefixLength < 0 || prefixLength > 8 * value.getAddress().length) { throw new IllegalArgumentException("illegal prefixLength '" + prefixLength + - "'. Must be 0-32 for IPv4 ranges, 0-128 for IPv6 ranges"); + "'. Must be 0-32 for IPv4 ranges, 0-128 for IPv6 ranges"); } byte[] lower = value.getAddress(); @@ -77,7 +71,7 @@ private static boolean isBetween(byte[] addr, byte[] lower, byte[] upper) { upper = encode(upper); } return Arrays.compareUnsigned(lower, addr) <= 0 && - Arrays.compareUnsigned(upper, addr) >= 0; + Arrays.compareUnsigned(upper, addr) >= 0; } // Borrowed from Lucene to make this consistent IP fields matching for the mix of IPv4 and IPv6 values diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtilsTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/network/CIDRUtilsTests.java similarity index 97% rename from x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtilsTests.java rename to x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/network/CIDRUtilsTests.java index 140ad8ebf38c0..4210038c376e0 100644 --- a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRUtilsTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/network/CIDRUtilsTests.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.eql.expression.function.scalar.string; +package org.elasticsearch.xpack.core.common.network; import org.elasticsearch.test.ESTestCase; diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRMatchFunctionProcessor.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRMatchFunctionProcessor.java index fe23d607f1fc0..807555677b7c7 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRMatchFunctionProcessor.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/CIDRMatchFunctionProcessor.java @@ -7,7 +7,9 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; +import org.elasticsearch.xpack.eql.EqlIllegalArgumentException; import org.elasticsearch.xpack.ql.expression.gen.processor.Processor; +import org.elasticsearch.xpack.core.common.network.CIDRUtils; import org.elasticsearch.xpack.ql.util.Check; import java.io.IOException; @@ -66,7 +68,11 @@ public static Object doProcess(Object source, List addresses) { Check.isString(address); arr[i++] = (String)address; } - return CIDRUtils.isInRange((String)source, arr); + try { + return CIDRUtils.isInRange((String)source, arr); + } catch (IllegalArgumentException e) { + throw new EqlIllegalArgumentException(e.getMessage()); + } } protected Processor source() { diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java new file mode 100644 index 0000000000000..c95e16278ecb9 --- /dev/null +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -0,0 +1,263 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +package org.elasticsearch.xpack.ingest; + +import org.elasticsearch.ingest.AbstractProcessor; +import org.elasticsearch.ingest.ConfigurationUtils; +import org.elasticsearch.ingest.IngestDocument; +import org.elasticsearch.ingest.Processor; +import org.elasticsearch.common.network.InetAddresses; +import org.elasticsearch.xpack.core.common.network.CIDRUtils; + +import java.util.*; + +import static org.elasticsearch.ingest.ConfigurationUtils.readBooleanProperty; + +public class NetworkDirectionProcessor extends AbstractProcessor { + static final byte[] UNDEFINED_IP = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + static final byte[] BROADCAST_IP4 = new byte[]{(byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff}; + + public static final String TYPE = "network_direction"; + + public static final String DIRECTION_INTERNAL = "internal"; + public static final String DIRECTION_EXTERNAL = "external"; + public static final String DIRECTION_INBOUND = "inbound"; + public static final String DIRECTION_OUTBOUND = "outbound"; + + private static final String LOOPBACK_NAMED_NETWORK = "loopback"; + private static final String GLOBAL_UNICAST_NAMED_NETWORK = "global_unicast"; + private static final String UNICAST_NAMED_NETWORK = "unicast"; + private static final String LINK_LOCAL_UNICAST_NAMED_NETWORK = "link_local_unicast"; + private static final String INTERFACE_LOCAL_NAMED_NETWORK = "interface_local_multicast"; + private static final String LINK_LOCAL_MULTICAST_NAMED_NETWORK = "link_local_multicast"; + private static final String MULTICAST_NAMED_NETWORK = "multicast"; + private static final String UNSPECIFIED_NAMED_NETWORK = "unspecified"; + private static final String PRIVATE_NAMED_NETWORK = "private"; + private static final String PUBLIC_NAMED_NETWORK = "public"; + + private final String sourceIpField; + private final String destinationIpField; + private final String targetField; + private final List internalNetworks; + private final boolean ignoreMissing; + + NetworkDirectionProcessor( + String tag, + String description, + String sourceIpField, + String destinationIpField, + String targetField, + List internalNetworks, + boolean ignoreMissing + ) { + super(tag, description); + this.sourceIpField = sourceIpField; + this.destinationIpField = destinationIpField; + this.targetField = targetField; + this.internalNetworks = internalNetworks; + this.ignoreMissing = ignoreMissing; + } + + public String getSourceIpField() { + return sourceIpField; + } + + public String getDestinationIpField() { + return destinationIpField; + } + + public String getTargetField() { + return targetField; + } + + public List getInternalNetworks() { + return internalNetworks; + } + + public boolean getIgnoreMissing() { + return ignoreMissing; + } + + @Override + public IngestDocument execute(IngestDocument ingestDocument) throws Exception { + String direction = getDirection(ingestDocument); + if (direction == null) { + if (ignoreMissing) { + return ingestDocument; + } else { + throw new IllegalArgumentException("unable to calculate network direction from document"); + } + } + + ingestDocument.setFieldValue(targetField, direction); + return ingestDocument; + } + + private String getDirection(IngestDocument d) { + if (internalNetworks == null) { + return null; + } + + String sourceIpAddrString = d.getFieldValue(sourceIpField, String.class, ignoreMissing); + if (sourceIpAddrString == null) { + return null; + } + + String destIpAddrString = d.getFieldValue(destinationIpField, String.class, ignoreMissing); + if (destIpAddrString == null) { + return null; + } + + boolean sourceInternal = isInternal(sourceIpAddrString); + boolean destinationInternal = isInternal(destIpAddrString); + + if (sourceInternal && destinationInternal) { + return DIRECTION_INTERNAL; + } + if (sourceInternal) { + return DIRECTION_OUTBOUND; + } + if (destinationInternal) { + return DIRECTION_INBOUND; + } + return DIRECTION_EXTERNAL; + } + + private boolean isInternal(String ip) { + for (String network : internalNetworks) { + if (inNetwork(ip, network)) { + return true; + } + } + return false; + } + + private boolean inNetwork(String ip, String network) { + switch (network) + { + case LOOPBACK_NAMED_NETWORK: + return isLoopback(ip); + case GLOBAL_UNICAST_NAMED_NETWORK: + case UNICAST_NAMED_NETWORK: + return isUnicast(ip); + case LINK_LOCAL_UNICAST_NAMED_NETWORK: + return isLinkLocalUnicast(ip); + case INTERFACE_LOCAL_NAMED_NETWORK: + return isInterfaceLocalMulticast(ip); + case LINK_LOCAL_MULTICAST_NAMED_NETWORK: + return isLinkLocalMulticast(ip); + case MULTICAST_NAMED_NETWORK: + return isMulticast(ip); + case UNSPECIFIED_NAMED_NETWORK: + return isUnspecified(ip); + case PRIVATE_NAMED_NETWORK: + return isPrivate(ip); + case PUBLIC_NAMED_NETWORK: + return isPublic(ip); + default: + return CIDRUtils.isInRange(ip, network); + } + } + + // loopback - done + private boolean isLoopback(String ip) { + return InetAddresses.forString(ip).isLoopbackAddress(); + } + + // global_unicast, unicast - done + private boolean isUnicast(String ip) { + var address = InetAddresses.forString(ip); + return !Arrays.equals(address.getAddress(), BROADCAST_IP4) && + !isUnspecified(ip) && + !isLoopback(ip) && + !isMulticast(ip) && + !isLinkLocalUnicast(ip); + } + + // link_local_unicast - done + private boolean isLinkLocalUnicast(String ip) { + return InetAddresses.forString(ip).isLinkLocalAddress(); + } + + // interface_local_multicast - done + private boolean isInterfaceLocalMulticast(String ip) { + return InetAddresses.forString(ip).isMCNodeLocal(); + } + + // link_local_multicast - done + private boolean isLinkLocalMulticast(String ip) { + return InetAddresses.forString(ip).isMCLinkLocal(); + } + + // multicast - done + private boolean isMulticast(String ip) { + return InetAddresses.forString(ip).isMulticastAddress(); + } + + // unspecified - done + private boolean isUnspecified(String ip) { + var address = InetAddresses.forString(ip).getAddress(); + return Arrays.equals(UNDEFINED_IP, address); + } + + // private + private boolean isPrivate(String ip) { + return CIDRUtils.isInRange(ip, "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fd00::/8"); + } + + // public + private boolean isPublic(String ip) { + return !isLocalOrPrivate(ip); + } + + private boolean isLocalOrPrivate(String ip) { + var address = InetAddresses.forString(ip); + return isPrivate(ip) || + isLoopback(ip) || + isUnspecified(ip) || + isLinkLocalUnicast(ip) || + isLinkLocalMulticast(ip) || + isInterfaceLocalMulticast(ip) || + Arrays.equals(address.getAddress(), BROADCAST_IP4); + } + + @Override + public String getType() { + return TYPE; + } + + public static final class Factory implements Processor.Factory { + + static final String DEFAULT_SOURCE_IP = "source.ip"; + static final String DEFAULT_DEST_IP = "destination.ip"; + static final String DEFAULT_TARGET = "network.direction"; + + @Override + public NetworkDirectionProcessor create( + Map registry, + String processorTag, + String description, + Map config + ) throws Exception { + String sourceIpField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "source_ip", DEFAULT_SOURCE_IP); + String destIpField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "destination_ip", DEFAULT_DEST_IP); + String targetField = ConfigurationUtils.readStringProperty(TYPE, processorTag, config, "target_field", DEFAULT_TARGET); + List internalNetworks = ConfigurationUtils.readList(TYPE, processorTag, config, "internal_networks"); + boolean ignoreMissing = readBooleanProperty(TYPE, processorTag, config, "ignore_missing", true); + + return new NetworkDirectionProcessor( + processorTag, + description, + sourceIpField, + destIpField, + targetField, + internalNetworks, + ignoreMissing + ); + } + } +} diff --git a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java new file mode 100644 index 0000000000000..3bf1c7da10c01 --- /dev/null +++ b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java @@ -0,0 +1,80 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +package org.elasticsearch.xpack.ingest; + +import org.elasticsearch.ElasticsearchParseException; +import org.elasticsearch.test.ESTestCase; +import org.junit.Before; + +import java.util.HashMap; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.*; +import static org.hamcrest.CoreMatchers.equalTo; + +public class NetworkDirectionProcessorFactoryTests extends ESTestCase { + + private NetworkDirectionProcessor.Factory factory; + + @Before + public void init() { + factory = new NetworkDirectionProcessor.Factory(); + } + + public void testCreate() throws Exception { + Map config = new HashMap<>(); + + String sourceIpField = randomAlphaOfLength(6); + config.put("source_ip", sourceIpField); + String destIpField = randomAlphaOfLength(6); + config.put("destination_ip", destIpField); + String targetField = randomAlphaOfLength(6); + config.put("target_field", targetField); + List internalNetworks = new ArrayList<>(); + internalNetworks.add("10.0.0.0/8"); + config.put("internal_networks", internalNetworks); + boolean ignoreMissing = randomBoolean(); + config.put("ignore_missing", ignoreMissing); + + String processorTag = randomAlphaOfLength(10); + NetworkDirectionProcessor networkProcessor = factory.create(null, processorTag, null, config); + assertThat(networkProcessor.getTag(), equalTo(processorTag)); + assertThat(networkProcessor.getSourceIpField(), equalTo(sourceIpField)); + assertThat(networkProcessor.getDestinationIpField(), equalTo(destIpField)); + assertThat(networkProcessor.getTargetField(), equalTo(targetField)); + assertThat(networkProcessor.getInternalNetworks(), equalTo(internalNetworks)); + assertThat(networkProcessor.getIgnoreMissing(), equalTo(ignoreMissing)); + } + + public void testRequiredFields() throws Exception { + HashMap config = new HashMap<>(); + String processorTag = randomAlphaOfLength(10); + try { + factory.create(null, processorTag, null, config); + fail("factory create should have failed"); + } catch (ElasticsearchParseException e) { + assertThat(e.getMessage(), equalTo("[internal_networks] required property is missing")); + } + } + + public void testDefaultFields() throws Exception { + HashMap config = new HashMap<>(); + String processorTag = randomAlphaOfLength(10); + List internalNetworks = new ArrayList<>(); + internalNetworks.add("10.0.0.0/8"); + config.put("internal_networks", internalNetworks); + + NetworkDirectionProcessor networkProcessor = factory.create(null, processorTag, null, config); + assertThat(networkProcessor.getTag(), equalTo(processorTag)); + assertThat(networkProcessor.getSourceIpField(), equalTo(DEFAULT_SOURCE_IP)); + assertThat(networkProcessor.getDestinationIpField(), equalTo(DEFAULT_DEST_IP)); + assertThat(networkProcessor.getTargetField(), equalTo(DEFAULT_TARGET)); + assertThat(networkProcessor.getIgnoreMissing(), equalTo(true)); + } +} diff --git a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java new file mode 100644 index 0000000000000..9c8c39548435b --- /dev/null +++ b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java @@ -0,0 +1,126 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +package org.elasticsearch.xpack.ingest; + +import org.elasticsearch.ingest.IngestDocument; +import org.elasticsearch.test.ESTestCase; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_DEST_IP; +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_SOURCE_IP; +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_TARGET; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.equalTo; + +public class NetworkDirectionProcessorTests extends ESTestCase { + private Map buildEvent() { + return buildEvent("128.232.110.120"); + } + + private Map buildEvent(String source) { + return buildEvent(source, "66.35.250.204"); + } + + private Map buildEvent(String source, String destination) { + return new HashMap<>(){{ + put("source", new HashMap(){{ + put("ip", source); + }}); + put("destination", new HashMap(){{ + put("ip", destination); + }}); + }}; + } + + public void testNoInternalNetworks() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent(), null)); + assertThat(e.getMessage(), containsString("unable to calculate network direction from document")); + } + + public void testNoSource() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent(null), new String[]{"10.0.0.0/8"})); + assertThat(e.getMessage(), containsString("unable to calculate network direction from document")); + } + + public void testNoDestination() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", null), new String[]{"10.0.0.0/8"})); + assertThat(e.getMessage(), containsString("unable to calculate network direction from document")); + } + + public void testIgnoreMissing() throws Exception { + testNetworkDirectionProcessor(buildEvent(null), new String[]{"10.0.0.0/8"}, null, true); + } + + public void testInvalidSource() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("invalid"), new String[]{"10.0.0.0/8"})); + assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); + } + + public void testInvalidDestination() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "invalid"), new String[]{"10.0.0.0/8"})); + assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); + } + + public void testInvalidNetwork() throws Exception { + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.1"), new String[]{"10.0.0.0/8", "invalid"})); + assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); + } + + public void testCIDR() throws Exception { + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"10.0.0.0/8"}, "outbound"); + testNetworkDirectionProcessor(buildEvent("192.168.1.2", "10.0.1.1"), new String[]{"10.0.0.0/8"}, "inbound"); + } + + public void testNetworkPrivate() throws Exception { + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[]{"private"}, "internal"); + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"private"}, "internal"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[]{"private"}, "internal"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[]{"private"}, "internal"); + } + + public void testNetworkPublic() throws Exception { + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[]{"public"}, "external"); + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"public"}, "external"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[]{"public"}, "external"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[]{"public"}, "external"); + } + + private void testNetworkDirectionProcessor(Map source, String[] internalNetworks) throws Exception { + testNetworkDirectionProcessor(source, internalNetworks, ""); + } + + private void testNetworkDirectionProcessor(Map source, String[] internalNetworks, String expectedDirection) throws Exception { + testNetworkDirectionProcessor(source, internalNetworks, expectedDirection, false); + } + + private void testNetworkDirectionProcessor(Map source, String[] internalNetworks, String expectedDirection, boolean ignoreMissing) + throws Exception { + List networks = null; + + if (internalNetworks != null) networks = Arrays.asList(internalNetworks); + + var processor = new NetworkDirectionProcessor( + null, + null, + DEFAULT_SOURCE_IP, + DEFAULT_DEST_IP, + DEFAULT_TARGET, + networks, + ignoreMissing + ); + + IngestDocument input = new IngestDocument(source, Map.of()); + IngestDocument output = processor.execute(input); + + String hash = output.getFieldValue(DEFAULT_TARGET, String.class, ignoreMissing); + assertThat(hash, equalTo(expectedDirection)); + } +} From 2b9a771526417c55822e9f92438e84062fd3f632 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Fri, 18 Dec 2020 15:10:26 -0500 Subject: [PATCH 2/7] reformat and add unspecified test --- .../ingest/NetworkDirectionProcessor.java | 78 ++++++++--------- .../NetworkDirectionProcessorTests.java | 85 +++++++++++++------ 2 files changed, 97 insertions(+), 66 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java index c95e16278ecb9..49abf8249828d 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -18,8 +18,9 @@ import static org.elasticsearch.ingest.ConfigurationUtils.readBooleanProperty; public class NetworkDirectionProcessor extends AbstractProcessor { - static final byte[] UNDEFINED_IP = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - static final byte[] BROADCAST_IP4 = new byte[]{(byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff}; + static final byte[] UNDEFINED_IP4 = new byte[] { 0, 0, 0, 0 }; + static final byte[] UNDEFINED_IP6 = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + static final byte[] BROADCAST_IP4 = new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff }; public static final String TYPE = "network_direction"; @@ -137,30 +138,29 @@ private boolean isInternal(String ip) { } private boolean inNetwork(String ip, String network) { - switch (network) - { - case LOOPBACK_NAMED_NETWORK: - return isLoopback(ip); - case GLOBAL_UNICAST_NAMED_NETWORK: - case UNICAST_NAMED_NETWORK: - return isUnicast(ip); - case LINK_LOCAL_UNICAST_NAMED_NETWORK: - return isLinkLocalUnicast(ip); - case INTERFACE_LOCAL_NAMED_NETWORK: - return isInterfaceLocalMulticast(ip); - case LINK_LOCAL_MULTICAST_NAMED_NETWORK: - return isLinkLocalMulticast(ip); - case MULTICAST_NAMED_NETWORK: - return isMulticast(ip); - case UNSPECIFIED_NAMED_NETWORK: - return isUnspecified(ip); - case PRIVATE_NAMED_NETWORK: - return isPrivate(ip); - case PUBLIC_NAMED_NETWORK: - return isPublic(ip); - default: - return CIDRUtils.isInRange(ip, network); - } + switch (network) { + case LOOPBACK_NAMED_NETWORK: + return isLoopback(ip); + case GLOBAL_UNICAST_NAMED_NETWORK: + case UNICAST_NAMED_NETWORK: + return isUnicast(ip); + case LINK_LOCAL_UNICAST_NAMED_NETWORK: + return isLinkLocalUnicast(ip); + case INTERFACE_LOCAL_NAMED_NETWORK: + return isInterfaceLocalMulticast(ip); + case LINK_LOCAL_MULTICAST_NAMED_NETWORK: + return isLinkLocalMulticast(ip); + case MULTICAST_NAMED_NETWORK: + return isMulticast(ip); + case UNSPECIFIED_NAMED_NETWORK: + return isUnspecified(ip); + case PRIVATE_NAMED_NETWORK: + return isPrivate(ip); + case PUBLIC_NAMED_NETWORK: + return isPublic(ip); + default: + return CIDRUtils.isInRange(ip, network); + } } // loopback - done @@ -171,11 +171,11 @@ private boolean isLoopback(String ip) { // global_unicast, unicast - done private boolean isUnicast(String ip) { var address = InetAddresses.forString(ip); - return !Arrays.equals(address.getAddress(), BROADCAST_IP4) && - !isUnspecified(ip) && - !isLoopback(ip) && - !isMulticast(ip) && - !isLinkLocalUnicast(ip); + return !Arrays.equals(address.getAddress(), BROADCAST_IP4) + && !isUnspecified(ip) + && !isLoopback(ip) + && !isMulticast(ip) + && !isLinkLocalUnicast(ip); } // link_local_unicast - done @@ -201,7 +201,7 @@ private boolean isMulticast(String ip) { // unspecified - done private boolean isUnspecified(String ip) { var address = InetAddresses.forString(ip).getAddress(); - return Arrays.equals(UNDEFINED_IP, address); + return Arrays.equals(UNDEFINED_IP4, address) || Arrays.equals(UNDEFINED_IP6, address); } // private @@ -216,13 +216,13 @@ private boolean isPublic(String ip) { private boolean isLocalOrPrivate(String ip) { var address = InetAddresses.forString(ip); - return isPrivate(ip) || - isLoopback(ip) || - isUnspecified(ip) || - isLinkLocalUnicast(ip) || - isLinkLocalMulticast(ip) || - isInterfaceLocalMulticast(ip) || - Arrays.equals(address.getAddress(), BROADCAST_IP4); + return isPrivate(ip) + || isLoopback(ip) + || isUnspecified(ip) + || isLinkLocalUnicast(ip) + || isLinkLocalMulticast(ip) + || isInterfaceLocalMulticast(ip) + || Arrays.equals(address.getAddress(), BROADCAST_IP4); } @Override diff --git a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java index 9c8c39548435b..4d46c909d345e 100644 --- a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java +++ b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorTests.java @@ -30,14 +30,20 @@ private Map buildEvent(String source) { } private Map buildEvent(String source, String destination) { - return new HashMap<>(){{ - put("source", new HashMap(){{ - put("ip", source); - }}); - put("destination", new HashMap(){{ - put("ip", destination); - }}); - }}; + return new HashMap<>() { + { + put("source", new HashMap() { + { + put("ip", source); + } + }); + put("destination", new HashMap() { + { + put("ip", destination); + } + }); + } + }; } public void testNoInternalNetworks() throws Exception { @@ -46,63 +52,88 @@ public void testNoInternalNetworks() throws Exception { } public void testNoSource() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent(null), new String[]{"10.0.0.0/8"})); + IllegalArgumentException e = expectThrows( + IllegalArgumentException.class, + () -> testNetworkDirectionProcessor(buildEvent(null), new String[] { "10.0.0.0/8" }) + ); assertThat(e.getMessage(), containsString("unable to calculate network direction from document")); } public void testNoDestination() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", null), new String[]{"10.0.0.0/8"})); + IllegalArgumentException e = expectThrows( + IllegalArgumentException.class, + () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", null), new String[] { "10.0.0.0/8" }) + ); assertThat(e.getMessage(), containsString("unable to calculate network direction from document")); } public void testIgnoreMissing() throws Exception { - testNetworkDirectionProcessor(buildEvent(null), new String[]{"10.0.0.0/8"}, null, true); + testNetworkDirectionProcessor(buildEvent(null), new String[] { "10.0.0.0/8" }, null, true); } public void testInvalidSource() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("invalid"), new String[]{"10.0.0.0/8"})); + IllegalArgumentException e = expectThrows( + IllegalArgumentException.class, + () -> testNetworkDirectionProcessor(buildEvent("invalid"), new String[] { "10.0.0.0/8" }) + ); assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); } public void testInvalidDestination() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "invalid"), new String[]{"10.0.0.0/8"})); + IllegalArgumentException e = expectThrows( + IllegalArgumentException.class, + () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "invalid"), new String[] { "10.0.0.0/8" }) + ); assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); } public void testInvalidNetwork() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.1"), new String[]{"10.0.0.0/8", "invalid"})); + IllegalArgumentException e = expectThrows( + IllegalArgumentException.class, + () -> testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.1"), new String[] { "10.0.0.0/8", "invalid" }) + ); assertThat(e.getMessage(), containsString("'invalid' is not an IP string literal.")); } public void testCIDR() throws Exception { - testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"10.0.0.0/8"}, "outbound"); - testNetworkDirectionProcessor(buildEvent("192.168.1.2", "10.0.1.1"), new String[]{"10.0.0.0/8"}, "inbound"); + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[] { "10.0.0.0/8" }, "outbound"); + testNetworkDirectionProcessor(buildEvent("192.168.1.2", "10.0.1.1"), new String[] { "10.0.0.0/8" }, "inbound"); + } + + public void testUnspecified() throws Exception { + testNetworkDirectionProcessor(buildEvent("0.0.0.0", "0.0.0.0"), new String[] { "unspecified" }, "internal"); + testNetworkDirectionProcessor(buildEvent("::", "::"), new String[] { "unspecified" }, "internal"); } public void testNetworkPrivate() throws Exception { - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[]{"private"}, "internal"); - testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"private"}, "internal"); - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[]{"private"}, "internal"); - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[]{"private"}, "internal"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[] { "private" }, "internal"); + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[] { "private" }, "internal"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[] { "private" }, "internal"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[] { "private" }, "internal"); } public void testNetworkPublic() throws Exception { - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[]{"public"}, "external"); - testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[]{"public"}, "external"); - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[]{"public"}, "external"); - testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[]{"public"}, "external"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "192.168.1.2"), new String[] { "public" }, "external"); + testNetworkDirectionProcessor(buildEvent("10.0.1.1", "192.168.1.2"), new String[] { "public" }, "external"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "172.16.0.1"), new String[] { "public" }, "external"); + testNetworkDirectionProcessor(buildEvent("192.168.1.1", "fd12:3456:789a:1::1"), new String[] { "public" }, "external"); } private void testNetworkDirectionProcessor(Map source, String[] internalNetworks) throws Exception { testNetworkDirectionProcessor(source, internalNetworks, ""); } - private void testNetworkDirectionProcessor(Map source, String[] internalNetworks, String expectedDirection) throws Exception { + private void testNetworkDirectionProcessor(Map source, String[] internalNetworks, String expectedDirection) + throws Exception { testNetworkDirectionProcessor(source, internalNetworks, expectedDirection, false); } - private void testNetworkDirectionProcessor(Map source, String[] internalNetworks, String expectedDirection, boolean ignoreMissing) - throws Exception { + private void testNetworkDirectionProcessor( + Map source, + String[] internalNetworks, + String expectedDirection, + boolean ignoreMissing + ) throws Exception { List networks = null; if (internalNetworks != null) networks = Arrays.asList(internalNetworks); From 6b6b27a0c805d0ed85d8d72d8f3c73b12237c6cf Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Fri, 18 Dec 2020 15:32:01 -0500 Subject: [PATCH 3/7] Add processor to ingest --- .../java/org/elasticsearch/xpack/ingest/IngestPlugin.java | 7 ++++++- .../xpack/ingest/NetworkDirectionProcessor.java | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java index 9f673b34d5119..a5525f7158379 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java @@ -15,6 +15,11 @@ public class IngestPlugin extends Plugin implements org.elasticsearch.plugins.In @Override public Map getProcessors(Processor.Parameters parameters) { - return Map.of(UriPartsProcessor.TYPE, new UriPartsProcessor.Factory()); + return Map.of( + UriPartsProcessor.TYPE, + new UriPartsProcessor.Factory(), + NetworkDirectionProcessor.TYPE, + new NetworkDirectionProcessor.Factory() + ); } } diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java index 49abf8249828d..10371ee5cdaa6 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -13,7 +13,9 @@ import org.elasticsearch.common.network.InetAddresses; import org.elasticsearch.xpack.core.common.network.CIDRUtils; -import java.util.*; +import java.util.List; +import java.util.Map; +import java.util.Arrays; import static org.elasticsearch.ingest.ConfigurationUtils.readBooleanProperty; From c962fa38f74be24feb9572c9f7f6b66ba2bb05b5 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Fri, 18 Dec 2020 15:38:26 -0500 Subject: [PATCH 4/7] Remove stray comments --- .../xpack/ingest/NetworkDirectionProcessor.java | 9 --------- 1 file changed, 9 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java index 10371ee5cdaa6..142ece54e79c7 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -165,12 +165,10 @@ private boolean inNetwork(String ip, String network) { } } - // loopback - done private boolean isLoopback(String ip) { return InetAddresses.forString(ip).isLoopbackAddress(); } - // global_unicast, unicast - done private boolean isUnicast(String ip) { var address = InetAddresses.forString(ip); return !Arrays.equals(address.getAddress(), BROADCAST_IP4) @@ -180,38 +178,31 @@ private boolean isUnicast(String ip) { && !isLinkLocalUnicast(ip); } - // link_local_unicast - done private boolean isLinkLocalUnicast(String ip) { return InetAddresses.forString(ip).isLinkLocalAddress(); } - // interface_local_multicast - done private boolean isInterfaceLocalMulticast(String ip) { return InetAddresses.forString(ip).isMCNodeLocal(); } - // link_local_multicast - done private boolean isLinkLocalMulticast(String ip) { return InetAddresses.forString(ip).isMCLinkLocal(); } - // multicast - done private boolean isMulticast(String ip) { return InetAddresses.forString(ip).isMulticastAddress(); } - // unspecified - done private boolean isUnspecified(String ip) { var address = InetAddresses.forString(ip).getAddress(); return Arrays.equals(UNDEFINED_IP4, address) || Arrays.equals(UNDEFINED_IP6, address); } - // private private boolean isPrivate(String ip) { return CIDRUtils.isInRange(ip, "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fd00::/8"); } - // public private boolean isPublic(String ip) { return !isLocalOrPrivate(ip); } From 6b9b22eadbe7093fd7641d4f7ec37a9821f58eda Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Fri, 18 Dec 2020 15:46:22 -0500 Subject: [PATCH 5/7] Less ip address parsing --- .../ingest/NetworkDirectionProcessor.java | 55 ++++++++++--------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java index 142ece54e79c7..c82c150562816 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -13,6 +13,7 @@ import org.elasticsearch.common.network.InetAddresses; import org.elasticsearch.xpack.core.common.network.CIDRUtils; +import java.net.InetAddress; import java.util.List; import java.util.Map; import java.util.Arrays; @@ -140,22 +141,23 @@ private boolean isInternal(String ip) { } private boolean inNetwork(String ip, String network) { + InetAddress address = InetAddresses.forString(ip); switch (network) { case LOOPBACK_NAMED_NETWORK: - return isLoopback(ip); + return isLoopback(address); case GLOBAL_UNICAST_NAMED_NETWORK: case UNICAST_NAMED_NETWORK: - return isUnicast(ip); + return isUnicast(address); case LINK_LOCAL_UNICAST_NAMED_NETWORK: - return isLinkLocalUnicast(ip); + return isLinkLocalUnicast(address); case INTERFACE_LOCAL_NAMED_NETWORK: - return isInterfaceLocalMulticast(ip); + return isInterfaceLocalMulticast(address); case LINK_LOCAL_MULTICAST_NAMED_NETWORK: - return isLinkLocalMulticast(ip); + return isLinkLocalMulticast(address); case MULTICAST_NAMED_NETWORK: - return isMulticast(ip); + return isMulticast(address); case UNSPECIFIED_NAMED_NETWORK: - return isUnspecified(ip); + return isUnspecified(address); case PRIVATE_NAMED_NETWORK: return isPrivate(ip); case PUBLIC_NAMED_NETWORK: @@ -165,37 +167,36 @@ private boolean inNetwork(String ip, String network) { } } - private boolean isLoopback(String ip) { - return InetAddresses.forString(ip).isLoopbackAddress(); + private boolean isLoopback(InetAddress ip) { + return ip.isLoopbackAddress(); } - private boolean isUnicast(String ip) { - var address = InetAddresses.forString(ip); - return !Arrays.equals(address.getAddress(), BROADCAST_IP4) + private boolean isUnicast(InetAddress ip) { + return !Arrays.equals(ip.getAddress(), BROADCAST_IP4) && !isUnspecified(ip) && !isLoopback(ip) && !isMulticast(ip) && !isLinkLocalUnicast(ip); } - private boolean isLinkLocalUnicast(String ip) { - return InetAddresses.forString(ip).isLinkLocalAddress(); + private boolean isLinkLocalUnicast(InetAddress ip) { + return ip.isLinkLocalAddress(); } - private boolean isInterfaceLocalMulticast(String ip) { - return InetAddresses.forString(ip).isMCNodeLocal(); + private boolean isInterfaceLocalMulticast(InetAddress ip) { + return ip.isMCNodeLocal(); } - private boolean isLinkLocalMulticast(String ip) { - return InetAddresses.forString(ip).isMCLinkLocal(); + private boolean isLinkLocalMulticast(InetAddress ip) { + return ip.isMCLinkLocal(); } - private boolean isMulticast(String ip) { - return InetAddresses.forString(ip).isMulticastAddress(); + private boolean isMulticast(InetAddress ip) { + return ip.isMulticastAddress(); } - private boolean isUnspecified(String ip) { - var address = InetAddresses.forString(ip).getAddress(); + private boolean isUnspecified(InetAddress ip) { + var address = ip.getAddress(); return Arrays.equals(UNDEFINED_IP4, address) || Arrays.equals(UNDEFINED_IP6, address); } @@ -210,11 +211,11 @@ private boolean isPublic(String ip) { private boolean isLocalOrPrivate(String ip) { var address = InetAddresses.forString(ip); return isPrivate(ip) - || isLoopback(ip) - || isUnspecified(ip) - || isLinkLocalUnicast(ip) - || isLinkLocalMulticast(ip) - || isInterfaceLocalMulticast(ip) + || isLoopback(address) + || isUnspecified(address) + || isLinkLocalUnicast(address) + || isLinkLocalMulticast(address) + || isInterfaceLocalMulticast(address) || Arrays.equals(address.getAddress(), BROADCAST_IP4); } From e4c0e8863979ad223aaf682e1bd55a6364c1b7b8 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Wed, 13 Jan 2021 17:28:41 -0500 Subject: [PATCH 6/7] Fix missed checkstyle checks --- .../java/org/elasticsearch/xpack/ingest/IngestPlugin.java | 2 +- .../xpack/ingest/NetworkDirectionProcessorFactoryTests.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java index 5fbdd789b2d2d..8219d290b24fa 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/IngestPlugin.java @@ -19,7 +19,7 @@ public Map getProcessors(Processor.Parameters paramet UriPartsProcessor.TYPE, new UriPartsProcessor.Factory(), NetworkDirectionProcessor.TYPE, - new NetworkDirectionProcessor.Factory() + new NetworkDirectionProcessor.Factory(), CommunityIdProcessor.TYPE, new CommunityIdProcessor.Factory() ); diff --git a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java index 3bf1c7da10c01..f442f1f40e869 100644 --- a/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java +++ b/x-pack/plugin/ingest/src/test/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessorFactoryTests.java @@ -15,7 +15,9 @@ import java.util.List; import java.util.Map; -import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.*; +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_DEST_IP; +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_SOURCE_IP; +import static org.elasticsearch.xpack.ingest.NetworkDirectionProcessor.Factory.DEFAULT_TARGET; import static org.hamcrest.CoreMatchers.equalTo; public class NetworkDirectionProcessorFactoryTests extends ESTestCase { From 7bf11deca5726fcea9e8a43f29b137999b729c72 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 19 Jan 2021 15:48:36 -0500 Subject: [PATCH 7/7] Switch from ! to == false --- .../xpack/ingest/NetworkDirectionProcessor.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java index c82c150562816..6518183de5ecb 100644 --- a/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java +++ b/x-pack/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java @@ -172,11 +172,11 @@ private boolean isLoopback(InetAddress ip) { } private boolean isUnicast(InetAddress ip) { - return !Arrays.equals(ip.getAddress(), BROADCAST_IP4) - && !isUnspecified(ip) - && !isLoopback(ip) - && !isMulticast(ip) - && !isLinkLocalUnicast(ip); + return Arrays.equals(ip.getAddress(), BROADCAST_IP4) == false + && isUnspecified(ip) == false + && isLoopback(ip) == false + && isMulticast(ip) == false + && isLinkLocalUnicast(ip) == false; } private boolean isLinkLocalUnicast(InetAddress ip) { @@ -205,7 +205,7 @@ private boolean isPrivate(String ip) { } private boolean isPublic(String ip) { - return !isLocalOrPrivate(ip); + return isLocalOrPrivate(ip) == false; } private boolean isLocalOrPrivate(String ip) {