Skip to content

Commit

Permalink
Merge branch 'main' into alertsInCorrelations
Browse files Browse the repository at this point in the history
Signed-off-by: Riya <[email protected]>
  • Loading branch information
riysaxen-amzn authored May 22, 2024
2 parents 439e0c0 + 3793f5c commit e2530f5
Show file tree
Hide file tree
Showing 494 changed files with 13,367 additions and 6,488 deletions.
12 changes: 12 additions & 0 deletions .codecov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
codecov:
require_ci_to_pass: yes

coverage:
precision: 2
round: down
range: "75...100"
status:
project:
default:
target: 75% # the required coverage value
threshold: 1% # the leniency in hitting the target
18 changes: 18 additions & 0 deletions .github/ISSUE_TEMPLATE/office_hours.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
name: 🎆 Office Hours
about: Discuss project issues, feature requests/ enhancements, PRs
title: '[OFFICE HOURS]'
labels: 'office hours, untriaged'
assignees: ''
---
**Is your topic related to a problem?**
A clear and concise description of what the problem is, e.g. _I'm always frustrated when [...]_

**What would you like to review?**
A clear and concise description of what you want to happen.

**What alternatives have you considered?**
A clear and concise description of any alternative solutions or features you've considered.

**Do you have any additional context?**
Add any other context or screenshots about the topic here.
4 changes: 3 additions & 1 deletion .github/workflows/backport.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,9 @@ jobs:
installation_id: 22958780

- name: Backport
uses: VachaShah/backport@v1.1.4
uses: VachaShah/backport@v2.2.0
with:
github_token: ${{ steps.github_app_token.outputs.token }}
branch_name: backport/backport-${{ github.event.number }}
labels_template: "<%= JSON.stringify([...labels, 'autocut']) %>"
failure_labels: "failed backport"
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ jobs:
os: [ windows-latest, macos-latest ]
include:
- os: windows-latest
os_build_args: -x jacocoTestReport
os_build_args: -x integTest
working_directory: X:\
os_java_options: -Xmx4096M
- os: macos-latest
Expand Down
2 changes: 1 addition & 1 deletion MAINTAINERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
| Joanne Wang | [jowg-amazon](https://github.com/jowg-amazon) | Amazon |
| Chase Engelbrecht | [engechas](https://github.com/engechas) | Amazon |
| Megha Goyal | [goyamegh](https://github.com/goyamegh) | Amazon |
| Riya Saxena | [riysaxen-amzn](https://github.com/riysaxen-amzn)) | Amazon |
| Riya Saxena | [riysaxen-amzn](https://github.com/riysaxen-amzn) | Amazon |
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
[![Test Workflow](https://github.com/opensearch-project/security-analytics/workflows/Test%20Workflow/badge.svg)](https://github.com/opensearch-project/security-analytics/actions)
[![codecov](https://codecov.io/gh/opensearch-project/security-analytics/branch/main/graph/badge.svg)](https://codecov.io/gh/opensearch-project/security-analytics)
![Documentation](https://img.shields.io/badge/api-reference-blue.svg)
![Chat](https://img.shields.io/badge/chat-on%20forums-blue)
![PRs welcome!](https://img.shields.io/badge/PRs-welcome!-success)
Expand Down
57 changes: 47 additions & 10 deletions build-tools/opensearchplugin-coverage.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@
* SPDX-License-Identifier: Apache-2.0
*/

apply plugin: 'jacoco'

/**
* OpenSearch Plugin build tools don't work with the Gradle Jacoco Plugin to report coverage out of the box.
* https://github.com/elastic/elasticsearch/issues/28867.
*
* This code sets up coverage reporting manually for OpenSearch plugin tests. This is complicated because:
* 1. The OpenSearch integTest Task doesn't implement Gradle's JavaForkOptions so we have to manually start the jacoco agent with the test JVM
Expand All @@ -14,13 +15,13 @@
*
* To workaround these we start the cluster with jmx enabled and then use Jacoco's JMX MBean to get the execution data before the
* cluster is stopped and dump it to a file. Luckily our current security policy seems to allow this. This will also probably
* break if there are multiple nodes in the integTestCluster. But for now... it sorta works.
* break if there are multiple nodes in the integTestCluster. But for now... it sorta works.
*/
apply plugin: 'jacoco'

// Get gradle to generate the required jvm agent arg for us using a dummy tasks of type Test. Unfortunately Elastic's
// testing tasks don't derive from Test so the jacoco plugin can't do this automatically.
def jacocoDir = "${buildDir}/jacoco"

task dummyTest(type: Test) {
enabled = false
workingDir = file("/") // Force absolute path to jacoco agent jar
Expand All @@ -31,19 +32,55 @@ task dummyTest(type: Test) {
}
}

task dummyIntegTest(type: Test) {
enabled = false
workingDir = file("/") // Force absolute path to jacoco agent jar
jacoco {
destinationFile = file("${jacocoDir}/integTest.exec")
destinationFile.parentFile.mkdirs()
jmx = true
}
}
task dummyIntegTestRunner(type: Test) {
enabled = false
workingDir = file("/") // Force absolute path to jacoco agent jar
jacoco {
destinationFile = file("${jacocoDir}/integTestRunner.exec")
destinationFile.parentFile.mkdirs()
jmx = true
}
}

integTest {
systemProperty 'jacoco.dir', "${jacocoDir}"
}

jacocoTestReport {
dependsOn test
executionData dummyTest.jacoco.destinationFile
getSourceDirectories().from(sourceSets.main.allSource)
getClassDirectories().from(sourceSets.main.output)
dependsOn integTest, test
executionData.from dummyTest.jacoco.destinationFile, dummyIntegTest.jacoco.destinationFile, dummyIntegTestRunner.jacoco.destinationFile
sourceDirectories.from = "src/main/java"
classDirectories.from = sourceSets.main.output
reports {
html.required = true // human readable
csv.required = true
xml.required = true // for coverlay
}
}

project.gradle.projectsEvaluated {
jacocoTestReport.dependsOn test

allprojects {
afterEvaluate {
jacocoTestReport.dependsOn integTest

testClusters.integTest {
jvmArgs " ${dummyIntegTest.jacoco.getAsJvmArg()}".replace('javaagent:', 'javaagent:/')
systemProperty 'com.sun.management.jmxremote', "true"
systemProperty 'com.sun.management.jmxremote.authenticate', "false"
systemProperty 'com.sun.management.jmxremote.port', "7777"
systemProperty 'com.sun.management.jmxremote.ssl', "false"
systemProperty 'java.rmi.server.hostname', "127.0.0.1"
}
}
}

check.dependsOn jacocoTestReport
check.dependsOn jacocoTestReport
6 changes: 5 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ apply plugin: 'opensearch.opensearchplugin'
apply plugin: 'opensearch.testclusters'
apply plugin: 'opensearch.java-rest-test'
apply plugin: 'opensearch.pluginzip'
apply from: 'build-tools/opensearchplugin-coverage.gradle'
apply from: 'gradle/formatting.gradle'

ext {
Expand Down Expand Up @@ -306,6 +305,11 @@ testClusters.integTest {
plugins.add(firstPlugin)
}
}
def usingRemoteCluster = System.properties.containsKey('tests.rest.cluster') || System.properties.containsKey('tests.cluster')
def usingMultiNode = project.properties.containsKey('numNodes')
if (!usingRemoteCluster && !usingMultiNode) {
apply from: 'build-tools/opensearchplugin-coverage.gradle'
}

run {
doFirst {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
## Version 2.14.0.0 2024-04-30

Compatible with OpenSearch 2.14.0

### Maintenance
* Increment version to 2.14.0-SNAPSHOT. ([#1007](https://github.com/opensearch-project/security-analytics/pull/1007))
* Updates sample cert and admin keystore ([#864](https://github.com/opensearch-project/security-analytics/pull/864))

### Features
* Add latest sigma rules ([#942](https://github.com/opensearch-project/security-analytics/pull/942))

### Bug Fixes
* Fix integ tests after add latest sigma rules ([#950](https://github.com/opensearch-project/security-analytics/pull/950))
* Fix keywords bug and add comments ([#964](https://github.com/opensearch-project/security-analytics/pull/964))
* Changes doc level query name field from id to rule name and adds validation ([#972](https://github.com/opensearch-project/security-analytics/pull/972))
* Fix check for agg rules in detector trigger condition to create chained findings monitor ([#992](https://github.com/opensearch-project/security-analytics/pull/992))

### Refactoring
* Allow detectors to be stopped if underlying workflow is deleted. Don't allow them to then be started/edited ([#810](https://github.com/opensearch-project/security-analytics/pull/810))

### Documentation
* Added 2.14.0 release notes. ([#1009](https://github.com/opensearch-project/security-analytics/pull/1009))
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
package org.opensearch.securityanalytics.action;

import java.io.IOException;
import java.time.Instant;
import java.util.List;
import java.util.Locale;
import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionRequestValidationException;
Expand All @@ -18,9 +20,14 @@

public class GetFindingsRequest extends ActionRequest {

private List<String> findingIds;
private Instant startTime;
private Instant endTime;
private String logType;
private String detectorId;
private Table table;
private String severity;
private String detectionType;

public static final String DETECTOR_ID = "detector_id";

Expand All @@ -32,22 +39,36 @@ public GetFindingsRequest(StreamInput sin) throws IOException {
this(
sin.readOptionalString(),
sin.readOptionalString(),
Table.readFrom(sin)
Table.readFrom(sin),
sin.readOptionalString(),
sin.readOptionalString(),
sin.readOptionalStringList(),
sin.readOptionalInstant(),
sin.readOptionalInstant()
);
}

public GetFindingsRequest(String detectorId, String logType, Table table) {
public GetFindingsRequest(String detectorId, String logType, Table table, String severity, String detectionType, List<String> findingIds, Instant startTime, Instant endTime) {
this.detectorId = detectorId;
this.logType = logType;
this.table = table;
this.severity = severity;
this.detectionType = detectionType;
this.findingIds = findingIds;
this.startTime = startTime;
this.endTime = endTime;
}

@Override
public ActionRequestValidationException validate() {
ActionRequestValidationException validationException = null;
if ((detectorId == null || detectorId.length() == 0) && logType == null) {
if (detectorId != null && detectorId.length() == 0) {
validationException = addValidationError(String.format(Locale.getDefault(),
"detector_id is missing"),
validationException);
} else if(startTime != null && endTime != null && startTime.isAfter(endTime)) {
validationException = addValidationError(String.format(Locale.getDefault(),
"At least one of detector type or detector id needs to be passed", DETECTOR_ID),
"startTime should be less than endTime"),
validationException);
}
return validationException;
Expand All @@ -58,17 +79,42 @@ public void writeTo(StreamOutput out) throws IOException {
out.writeOptionalString(detectorId);
out.writeOptionalString(logType);
table.writeTo(out);
out.writeOptionalString(severity);
out.writeOptionalString(detectionType);
out.writeOptionalStringCollection(findingIds);
out.writeOptionalInstant(startTime);
out.writeOptionalInstant(endTime);
}

public String getDetectorId() {
return detectorId;
}

public String getSeverity() {
return severity;
}

public String getDetectionType() {
return detectionType;
}

public String getLogType() {
return logType;
}

public Table getTable() {
return table;
}

public List<String> getFindingIds() {
return findingIds;
}

public Instant getStartTime() {
return startTime;
}

public Instant getEndTime() {
return endTime;
}
}
Loading

0 comments on commit e2530f5

Please sign in to comment.