Fix multiple object redefinitions in extensions #108
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PierreSedon
force-pushed
the
fix-multiple-object-redefinitions-in-extensions
branch
from
b22c330
to
0494e62
Compare
The check in cond was correct. The fix is to set observable_type_id_map to nil if there is no `observable` object defined in the schema. Signed-off-by: Rick Mouritzen <[email protected]>
rmouritzen-splunk
approved these changes
Sep 19, 2024
|
Both commits identify real issues. The first commit looks good. For the second I noticed a less complex variation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently if multiple extensions redefine the same object by adding attributes, only the modifications from the last extension to be loaded will actually be taken into account.
As an example, the core schema extends the
processobject for the linux extension. If someone was to also extendprocessin the windows extension by adding for instance atestattribute (by including a profile or just adding the attribute), thistestattribute would not show in any of the APIs nor be visible through the frontend.With the proposed fix, in the case where multiple extensions extend the same object and add the same attribute, only the last loaded extension will be taken into account which seems fine since in this case it is the schema that is poorly defined and not something the ocsf-server could really handle more gracefully.
I also included a fix for the cases where the
observable_type_id_mapis non-existent, if it makes more sense to put it in a dedicated pull request I can move it.