Skip to content

Commit

Permalink
fix update url download and add test
Browse files Browse the repository at this point in the history 
Signed-off-by: Joanne Wang <[email protected]>
  • Loading branch information
@jowg-amazon
jowg-amazon committed Aug 8, 2024
1 parent 8dcd6d2 commit 8a8de87
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 11 deletions.
11 changes: 8 additions & 3 deletions .../opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,15 @@
import org.opensearch.securityanalytics.model.STIX2IOCDto;
import org.opensearch.securityanalytics.services.STIX2IOCFetchService;
import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
import org.opensearch.securityanalytics.threatIntel.common.SourceConfigType;
import org.opensearch.securityanalytics.threatIntel.common.TIFJobState;
import org.opensearch.securityanalytics.threatIntel.common.TIFLockService;
import org.opensearch.securityanalytics.threatIntel.model.DefaultIocStoreConfig;
import org.opensearch.securityanalytics.threatIntel.model.IocStoreConfig;
import org.opensearch.securityanalytics.threatIntel.model.IocUploadSource;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfig;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfigDto;
import org.opensearch.securityanalytics.threatIntel.model.UrlDownloadSource;
import org.opensearch.securityanalytics.util.SecurityAnalyticsException;

import java.time.Instant;
Expand Down Expand Up @@ -306,14 +308,17 @@ public void updateIocAndTIFSourceConfig(
}, e -> {
String action = saTifSourceConfigDto.isEnabledForScan() ? "activate" : "deactivate";
log.error(String.format("Failed to %s tif source config %s", action, retrievedSaTifSourceConfig.getId()), e);
listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(
String.format(Locale.getDefault(), "Invalid threat intel source config state. Expecting %s or %s but received %s", TIFJobState.AVAILABLE, TIFJobState.REFRESH_FAILED, retrievedSaTifSourceConfig.getState()),
RestStatus.BAD_REQUEST)));
listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchException(String.format("Failed to %s tif source config %s", action, retrievedSaTifSourceConfig.getId()), e)));
return;
}
));
return;
} else if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource) { // fail if enabled_for_scan isn't changed and type is url download
log.error("Unsupported Threat intel Source Config Type passed - " + saTifSourceConfigDto.getType());
listener.onFailure(new UnsupportedOperationException("Unsupported Threat intel Source Config Type passed - " + saTifSourceConfigDto.getType()));
return;
}

if (TIFJobState.AVAILABLE.equals(retrievedSaTifSourceConfig.getState()) == false && TIFJobState.REFRESH_FAILED.equals(retrievedSaTifSourceConfig.getState()) == false) {
log.error("Invalid threat intel source config state. Expecting {} or {} but received {}", TIFJobState.AVAILABLE, TIFJobState.REFRESH_FAILED, retrievedSaTifSourceConfig.getState());
listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(
Expand Down
6 changes: 0 additions & 6 deletions ...ensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,12 +99,6 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques
}
try {
SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto();
if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource
&& request.getMethod().equals(RestRequest.Method.POST)) {
lockService.releaseLock(lock);
listener.onFailure(new UnsupportedOperationException("Unsupported Threat intel Source Config Type passed - " + saTifSourceConfigDto.getType()));
return;
}
saTifSourceConfigManagementService.createOrUpdateTifSourceConfig(
saTifSourceConfigDto,
lock,
Expand Down
67 changes: 65 additions & 2 deletions ...est/java/org/opensearch/securityanalytics/resthandler/SourceConfigWithoutS3RestApiIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -496,6 +496,71 @@ public void testActivateDeactivateIocUploadSourceConfig() throws IOException, In
Thread.sleep(10000);
}

public void testActivateDeactivateUrlDownloadSourceConfig() throws IOException, InterruptedException {
// Search source configs when none are created
String request = "{\n" +
" \"query\" : {\n" +
" \"match_all\":{\n" +
" }\n" +
" }\n" +
"}";

// Search all source configs
Response sourceConfigResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI + "/_search", Collections.emptyMap(), new StringEntity(request), new BasicHeader("Content-type", "application/json"));
Assert.assertEquals(RestStatus.OK, restStatus(sourceConfigResponse));
Map<String, Object> responseBody = asMap(sourceConfigResponse);

// Expected value is 1 - only default source config
Assert.assertEquals(1, ((Map<String, Object>) ((Map<String, Object>) responseBody.get("hits")).get("total")).get("value"));

// Update default source config
String feedName = "test_update_default";
String feedFormat = "STIX";
SourceConfigType sourceConfigType = SourceConfigType.URL_DOWNLOAD;
UrlDownloadSource urlDownloadSource = new UrlDownloadSource(new URL("https://reputation.alienvault.com/reputation.generic"), "csv", false,0);
Boolean enabled = false;
List<String> iocTypes = List.of("ipv4-addr");
IntervalSchedule schedule = new IntervalSchedule(Instant.now(), 1, ChronoUnit.DAYS);
String id = "alienvault_reputation_ip_database";
SATIFSourceConfigDto saTifSourceConfigDto = new SATIFSourceConfigDto(
id,
null,
feedName,
feedFormat,
sourceConfigType,
null,
null,
null,
urlDownloadSource,
null,
null,
schedule,
null,
null,
null,
null,
enabled,
iocTypes, false
);

// update default source config with enabled_for_scan updated
Response response = makeRequest(client(), "PUT", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI +"/" + id, Collections.emptyMap(), toHttpEntity(saTifSourceConfigDto));
Assert.assertEquals(RestStatus.OK, restStatus(response));

// Ensure that only 1 ioc index is present from default source
List<String> findingIndices = getIocIndices();
Assert.assertEquals(1, findingIndices.size());

Thread.sleep(100); // TODO: pass in action listener when releasing lock

// try to update default source config again to ensure operation is not accepted when enabled_for_scan is unchanged
try {
makeRequest(client(), "PUT", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI +"/" + id, Collections.emptyMap(), toHttpEntity(saTifSourceConfigDto));
} catch (Exception e) {
Assert.assertTrue(e.getMessage().contains("unsupported_operation_exception"));
}
}

public void testDeleteIocUploadSourceConfigAndAllIocs() throws IOException {
String feedName = "test_ioc_upload";
String feedFormat = "STIX";
Expand Down Expand Up @@ -753,9 +818,7 @@ public void testUpdateDefaultSourceConfigThrowsError() throws IOException, Inter
// Search all source configs
Response sourceConfigResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI + "/_search", Collections.emptyMap(), new StringEntity(request), new BasicHeader("Content-type", "application/json"));
Assert.assertEquals(RestStatus.OK, restStatus(sourceConfigResponse));
log.error(sourceConfigResponse);
Map<String, Object> responseBody = asMap(sourceConfigResponse);
log.error(responseBody);

// Expected value is 1 - only default source config
Assert.assertEquals(1, ((Map<String, Object>) ((Map<String, Object>) responseBody.get("hits")).get("total")).get("value"));
Expand Down

0 comments on commit 8a8de87

Please sign in to comment.