wazuh · AlexRuiz7 · Feb 17, 2025 · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025
diff --git a/...ns/command-manager/src/main/java/com/wazuh/commandmanager/rest/RestPostCommandAction.java b/...ns/command-manager/src/main/java/com/wazuh/commandmanager/rest/RestPostCommandAction.java
@@ -119,8 +119,7 @@ private RestChannelConsumer handlePost(RestRequest request, final NodeClient cli
             return channel -> {
                 channel.sendResponse(
                         new BytesRestResponse(
-                                RestStatus.BAD_REQUEST,
-                                "Cannot generate orders. Invalid agent IDs or groups."));
+                                RestStatus.BAD_REQUEST, "Cannot generate orders. Invalid agent IDs or groups."));
             };
         }
 

@@ -70,6 +70,14 @@ opensearchplugin {
     noticeFile rootProject.file('NOTICE.txt')
 }
 
+dependencies {
+    implementation "org.apache.httpcomponents.client5:httpclient5:5.4"
+    implementation "org.apache.httpcomponents.core5:httpcore5-h2:5.3.1"
+    implementation "org.apache.httpcomponents.core5:httpcore5:5.3.1"
+    implementation "org.apache.logging.log4j:log4j-slf4j-impl:2.23.1"
+    implementation "org.slf4j:slf4j-api:2.0.16"
+}
+
 // No need to validate license headers since spotless checks and applies it
 licenseHeaders.enabled = false
 

@@ -16,8 +16,69 @@
  */
 package com.wazuh.contentmanager;
 
+import org.opensearch.client.Client;
+import org.opensearch.cluster.metadata.IndexNameExpressionResolver;
+import org.opensearch.cluster.node.DiscoveryNodes;
+import org.opensearch.cluster.service.ClusterService;
+import org.opensearch.common.settings.*;
+import org.opensearch.core.common.io.stream.NamedWriteableRegistry;
+import org.opensearch.core.xcontent.NamedXContentRegistry;
+import org.opensearch.env.Environment;
+import org.opensearch.env.NodeEnvironment;
+import org.opensearch.plugins.ActionPlugin;
 import org.opensearch.plugins.Plugin;
+import org.opensearch.repositories.RepositoriesService;
+import org.opensearch.rest.RestController;
+import org.opensearch.rest.RestHandler;
+import org.opensearch.script.ScriptService;
+import org.opensearch.threadpool.ThreadPool;
+import org.opensearch.watcher.ResourceWatcherService;
 
-public class ContentManagerPlugin extends Plugin {
-    // Implement the relevant Plugin Interfaces here
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.function.Supplier;
+
+import com.wazuh.contentmanager.resthandler.CatalogHandler;
+import com.wazuh.contentmanager.resthandler.ChangesHandler;
+import com.wazuh.contentmanager.settings.PluginSettings;
+
+public class ContentManagerPlugin extends Plugin implements ActionPlugin {
+
+    /** ClassConstructor * */
+    public ContentManagerPlugin() {}
+
+    @Override
+    public Collection<Object> createComponents(
+            Client client,
+            ClusterService clusterService,
+            ThreadPool threadPool,
+            ResourceWatcherService resourceWatcherService,
+            ScriptService scriptService,
+            NamedXContentRegistry xContentRegistry,
+            Environment environment,
+            NodeEnvironment nodeEnvironment,
+            NamedWriteableRegistry namedWriteableRegistry,
+            IndexNameExpressionResolver indexNameExpressionResolver,
+            Supplier<RepositoriesService> repositoriesServiceSupplier) {
+        PluginSettings.getInstance(environment.settings(), clusterService);
+        return Collections.emptyList();
+    }
+
+    @Override
+    public List<RestHandler> getRestHandlers(
+            Settings settings,
+            RestController restController,
+            ClusterSettings clusterSettings,
+            IndexScopedSettings indexScopedSettings,
+            SettingsFilter settingsFilter,
+            IndexNameExpressionResolver indexNameExpressionResolver,
+            Supplier<DiscoveryNodes> nodesInCluster) {
+        return List.of(new CatalogHandler(), new ChangesHandler());
+    }
+
+    @Override
+    public List<Setting<?>> getSettings() {
+        return Collections.singletonList(PluginSettings.CTI_BASE_URL);
+    }
 }
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2024, Wazuh Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.wazuh.contentmanager.action.cti;
+
+import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
+import org.opensearch.common.xcontent.XContentFactory;
+import org.opensearch.common.xcontent.XContentType;
+import org.opensearch.core.rest.RestStatus;
+import org.opensearch.core.xcontent.*;
+import org.opensearch.rest.BytesRestResponse;
+
+import java.io.IOException;
+
+import com.wazuh.contentmanager.client.cti.CTIClient;
+import com.wazuh.contentmanager.model.ctiapi.ContextConsumerCatalog;
+import com.wazuh.contentmanager.util.Privileged;
+
+/**
+ * Action class handling Catalog logic. This is mainly useful to get the last offset value, as well
+ * as the link of the latest snapshot
+ */
+public class GetCatalogAction {
+
+    /** Empty constructor */
+    public GetCatalogAction() {}
+
+    /**
+     * Submits a catalog query to the CTI API
+     *
+     * @return The parsed response from the CTI API
+     * @throws IOException rethrown from parse()
+     * @throws IllegalArgumentException rethrown from parse()
+     */
+    public static BytesRestResponse run() throws IOException, IllegalArgumentException {
+        XContent xContent = XContentType.JSON.xContent();
+        XContentBuilder builder = XContentFactory.jsonBuilder();
+        SimpleHttpResponse response =
+                Privileged.doPrivilegedRequest(() -> CTIClient.getInstance().getCatalog());
+        ContextConsumerCatalog.parse(
+                        xContent.createParser(
+                                NamedXContentRegistry.EMPTY,
+                                DeprecationHandler.IGNORE_DEPRECATIONS,
+                                response.getBodyBytes()))
+                .toXContent(builder, ToXContent.EMPTY_PARAMS);
+        return new BytesRestResponse(RestStatus.fromCode(response.getCode()), builder.toString());
+    }
+}
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2024, Wazuh Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.wazuh.contentmanager.action.cti;
+
+import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.opensearch.common.xcontent.XContentFactory;
+import org.opensearch.common.xcontent.XContentType;
+import org.opensearch.core.rest.RestStatus;
+import org.opensearch.core.xcontent.*;
+import org.opensearch.rest.BytesRestResponse;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.wazuh.contentmanager.client.commandmanager.CommandManagerClient;
+import com.wazuh.contentmanager.client.cti.CTIClient;
+import com.wazuh.contentmanager.model.commandmanager.Command;
+import com.wazuh.contentmanager.model.ctiapi.Offsets;
+import com.wazuh.contentmanager.util.Privileged;
+
+/**
+ * Action class handling Offsets logic. This is used to get the json patches to the current
+ * vulnerability data
+ */
+public class GetChangesAction {
+    private static final Logger log = LogManager.getLogger(GetChangesAction.class);
+
+    private static String FROM_OFFSET_FIELD = "from_offset";
+    private static String TO_OFFSET_FIELD = "to_offset";
+    private static String WITH_EMPTIES_FIELD = "with_empties";
+    private String fromOffset = null;
+    private String toOffset = null;
+    private String withEmpties = null;
+
+    /** Constructor method */
+    public GetChangesAction(String fromOffset, String toOffset, String withEmpties) {
+        this.fromOffset = fromOffset;
+        this.toOffset = toOffset;
+        this.withEmpties = withEmpties;
+    }
+
+    /**
+     * Submits a changes query to the CTI API
+     *
+     * @return The parsed response from the CTI API
+     * @throws IOException rethrown from parse()
+     * @throws IllegalArgumentException rethrown from parse()
+     */
+    public BytesRestResponse run() throws IOException, IllegalArgumentException {
+        XContent xContent = XContentType.JSON.xContent();
+        XContentBuilder builder = XContentFactory.jsonBuilder();
+        SimpleHttpResponse response =
+                Privileged.doPrivilegedRequest(() -> CTIClient.getInstance().getChanges(buildQueryParametersMap()));
+        Offsets.parse(
+                        xContent.createParser(
+                                NamedXContentRegistry.EMPTY,
+                                DeprecationHandler.IGNORE_DEPRECATIONS,
+                                response.getBodyBytes()))
+                .toXContent(builder, ToXContent.EMPTY_PARAMS);
+        SimpleHttpResponse commandResponse =
+                CommandManagerClient.getInstance()
+                        .postCommand(Command.generateCtiCommand("Offset_version"));
+        log.info("Command Manager response: {}", commandResponse);
+        return new BytesRestResponse(RestStatus.fromCode(response.getCode()), builder.toString());
+    }
+
+    /**
+     * Builds a Map with the query parameters for the CTI API call
+     *
+     * @return The map with the parameters
+     */
+    private Map<String, String> buildQueryParametersMap() {
+        Map<String, String> params = new HashMap<>();
+        params.put(FROM_OFFSET_FIELD, fromOffset);
+        params.put(TO_OFFSET_FIELD, toOffset);
+        params.put(WITH_EMPTIES_FIELD, withEmpties);
+        return params;
+    }
+}