Skip to content

modsecurity: fix handling of apache audit.details field #6620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 22, 2023
Merged

modsecurity: fix handling of apache audit.details field #6620

merged 1 commit into from
Jun 22, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jun 20, 2023

What does this PR do?

Apache provides these as an array of strings, but a flattened must be an object or array of objects. So promote the strings to an object with the string in the "value" field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:modsecurity ModSecurity Audit (Community supported) labels Jun 20, 2023
@efd6 efd6 self-assigned this Jun 20, 2023
@efd6 efd6 force-pushed the 6579-modsecurity branch from 0d4981f to ea1654a Compare June 20, 2023 08:20
@elasticmachine
Copy link

elasticmachine commented Jun 20, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-06-22T09:58:08.608+0000

  • Duration: 15 min 49 sec

Test stats 🧪

Test Results
Failed 0
Passed 7
Skipped 0
Total 7

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jun 20, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (3/3) 💚
Classes 100.0% (3/3) 💚
Methods 100.0% (30/30) 💚 3.846
Lines 91.582% (359/392) 👎 -8.418
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review June 20, 2023 09:55
@efd6 efd6 requested a review from a team as a code owner June 20, 2023 09:55
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

bhapas
bhapas reviewed Jun 22, 2023
View reviewed changes
@efd6
modsecurity: fix handling of apache audit.details field
060281e 
Apache provides these as an array of strings, but a flattened must be an
object or array of objects. So promote the strings to an object with the
string in the "value" field.
@efd6 efd6 force-pushed the 6579-modsecurity branch from ea1654a to 060281e Compare June 22, 2023 09:57
@efd6 efd6 requested a review from bhapas June 22, 2023 09:58
@efd6 efd6 merged commit d5634a8 into elastic:main Jun 22, 2023
@elasticmachine
Copy link

Package modsecurity - 1.9.1 containing this change is available at https://epr.elastic.co/search?package=modsecurity

@efd6 efd6 deleted the 6579-modsecurity branch February 5, 2025 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhapas bhapas bhapas approved these changes

Assignees

@efd6 efd6

Labels
bug Something isn't working, use only for issues Integration:modsecurity ModSecurity Audit (Community supported)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[modsecurity] parsing exception - failed to parse field [modsec.audit.details]
3 participants
@efd6 @elasticmachine @bhapas