-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x-pack/filebeat/module/threatintel/misp: null guard file/hash indication operations #27854
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
…ion operations It is possible for an empty Event.Attribute list to be passed in. In this case the File/Hash indicator processing will attempt to examine null type fields in attribute. This guards against that. Updates elastic#26008
573161d
to
2f0ef8c
Compare
💔 Tests Failed
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪Test errorsExpand to view the tests failures
|
Test | Results |
---|---|
Failed | 1 |
Passed | 3278 |
Skipped | 301 |
Total | 3580 |
Genuine test errors
💔 There are test failures but not known flaky tests, most likely a genuine test failure.
- Name:
Build&Test / x-pack/filebeat-pythonIntegTest / test_fileset_file_022_threatintel – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest
This pull request does not have a backport label. Could you fix it @efd6? 🙏
NOTE: |
Abandoned in favour of #28124. |
What does this PR do?
It is possible for an empty Event.Attribute list to be passed in. In this case the File/Hash indicator processing will attempt to examine null type fields in attribute. This guards against that.
Why is it important?
This partially addresses a user issue (#26008), preventing an error in cases where an event's attribute is empty.
Note that it does not address the broader problem in that issue where object attributes are dropped.
Checklist
- [ ] I have commented my code, particularly in hard-to-understand areas- [ ] I have made corresponding changes to the documentation- [ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Author's Checklist
No specific recommendations.
How to test this PR locally
Standard testing.
Related issues
Use cases
See related issue.
Screenshots
N/A
Logs
N/A