From a9a6c0a635d4200d407aadfca4747c319db9609a Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Tue, 30 Nov 2021 21:34:22 +1030 Subject: [PATCH] winlogbeat/sys/winevent: use reflect IsZero method (#29190) (cherry picked from commit 180e7f3e6d285f715880b87a4062981712cc1799) --- winlogbeat/sys/winevent/event_test.go | 22 ++++++++++++++++++---- winlogbeat/sys/winevent/maputil.go | 26 +++++++------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/winlogbeat/sys/winevent/event_test.go b/winlogbeat/sys/winevent/event_test.go index 4ed391b91be..b6d893957ed 100644 --- a/winlogbeat/sys/winevent/event_test.go +++ b/winlogbeat/sys/winevent/event_test.go @@ -26,6 +26,8 @@ import ( "time" "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/common" ) const allXML = ` @@ -79,9 +81,10 @@ const allXML = ` func TestXML(t *testing.T) { allXMLTimeCreated, _ := time.Parse(time.RFC3339Nano, "2016-01-28T20:33:27.990735300Z") - var tests = []struct { - xml string - event Event + tests := []struct { + xml string + event Event + mapstr common.MapStr }{ { xml: allXML, @@ -150,6 +153,14 @@ func TestXML(t *testing.T) { }, }, }, + mapstr: common.MapStr{ + "event_id": "0", + "time_created": time.Time{}, + "user_data": common.MapStr{ + "Id": "{00000000-0000-0000-0000-000000000000}", + "xml_name": "Operation_ClientFailure", + }, + }, }, } @@ -160,6 +171,9 @@ func TestXML(t *testing.T) { continue } assert.Equal(t, test.event, event) + if test.mapstr != nil { + assert.Equal(t, test.mapstr, event.Fields()) + } if testing.Verbose() { json, err := json.MarshalIndent(event, "", " ") @@ -174,7 +188,7 @@ func TestXML(t *testing.T) { // Tests that control characters other than CR and LF are escaped // when the event is decoded. func TestInvalidXML(t *testing.T) { - evXML := strings.Replace(allXML, "%1", "\t \n\x1b", -1) + evXML := strings.ReplaceAll(allXML, "%1", "\t \n\x1b") ev, err := UnmarshalXML([]byte(evXML)) assert.Equal(t, nil, err) assert.Equal(t, "Creating WSMan shell on server with ResourceUri: \t\r\n\\u001b", ev.Message) diff --git a/winlogbeat/sys/winevent/maputil.go b/winlogbeat/sys/winevent/maputil.go index 45a265ae8c6..82ae2ad2a3c 100644 --- a/winlogbeat/sys/winevent/maputil.go +++ b/winlogbeat/sys/winevent/maputil.go @@ -20,6 +20,7 @@ package winevent import ( "fmt" "reflect" + "time" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/winlogbeat/sys" @@ -80,25 +81,12 @@ func AddPairs(m common.MapStr, key string, pairs []KeyValue) common.MapStr { // isZero return true if the given value is the zero value for its type. func isZero(i interface{}) bool { - if i == nil { + switch i := i.(type) { + case nil: return true + case time.Time: + return false + default: + return reflect.ValueOf(i).IsZero() } - - v := reflect.ValueOf(i) - switch v.Kind() { - case reflect.Array, reflect.String: - return v.Len() == 0 - case reflect.Bool: - return !v.Bool() - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return v.Int() == 0 - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return v.Uint() == 0 - case reflect.Float32, reflect.Float64: - return v.Float() == 0 - case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: - return v.IsNil() - } - - return false }