Skip to content

ti_opencti: fix pipeline errors due to access method from a null reference #16129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 28, 2025
Merged

ti_opencti: fix pipeline errors due to access method from a null reference #16129

merged 3 commits into from
Nov 28, 2025
+33 −28

Conversation

@chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Nov 26, 2025
edited
Loading

Proposed commit message

Pipeline tests were failing with the error:
"cannot access method/field [add] from a null def reference".

This failure was caused by script processors calling .add()
on fields whose parent object (threat.indicator) could be null.

The fix updates the ingest pipeline scripts to safely initialize
ctx.threat, ctx.threat.indicator, and the target array field before adding elements.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

Screenshots

@chemamartinez chemamartinez self-assigned this Nov 26, 2025
@chemamartinez chemamartinez added bugfix Pull request that fixes a bug issue Integration:ti_opencti OpenCTI Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Nov 26, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 26, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@chemamartinez chemamartinez marked this pull request as ready for review November 26, 2025 14:00
@chemamartinez chemamartinez requested a review from a team as a code owner November 26, 2025 14:00
@elasticmachine
Copy link

elasticmachine commented Nov 26, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6
efd6 reviewed Nov 27, 2025
View reviewed changes
packages/ti_opencti/data_stream/indicator/elasticsearch/ingest_pipeline/ecs_from_artifact.yml Outdated
Comment on lines 55 to 63
if (ctx.threat == null) {
ctx.threat = [:];
}
if (ctx.threat.indicator == null) {
ctx.threat.indicator = [:];
}
if (ctx.threat.indicator.file == null) {
ctx.threat.indicator.file = [];
}
Copy link
Contributor

@efd6 efd6 Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be less verbose:

Suggested change
if (ctx.threat == null) {
ctx.threat = [:];
}
if (ctx.threat.indicator == null) {
ctx.threat.indicator = [:];
}
if (ctx.threat.indicator.file == null) {
ctx.threat.indicator.file = [];
}
ctx.threat = ctx.threat ?: [:];
ctx.threat.indicator = ctx.threat.indicator ?: [:];
ctx.threat.indicator.file = ctx.threat.indicator.file ?: [];

Also below.

@chemamartinez chemamartinez requested a review from efd6 November 27, 2025 09:19
@elasticmachine
Copy link

elasticmachine commented Nov 27, 2025

💚 Build Succeeded

History

cc @chemamartinez

@chemamartinez chemamartinez merged commit b34c073 into elastic:main Nov 28, 2025
7 checks passed
@chemamartinez chemamartinez deleted the ti_opencti-fix-pipeline-errors branch November 28, 2025 06:49
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 28, 2025

Package ti_opencti - 2.10.1 containing this change is available at https://epr.elastic.co/package/ti_opencti/2.10.1/

This was referenced Nov 28, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Nov 28, 2025
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@chemamartinez chemamartinez

Labels

bugfix Pull request that fixes a bug issue Integration:ti_opencti OpenCTI Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

3 participants

@chemamartinez @elasticmachine @efd6