From 250c4d5dc054624f999a6b7df38f20a2ab90e8d2 Mon Sep 17 00:00:00 2001
From: Lee Hinman <57081003+leehinman@users.noreply.github.com>
Date: Thu, 1 Oct 2020 15:36:39 -0500
Subject: [PATCH] [Winlogbeat] Move winlogbeat javascript processor to libbeat
 (#21402) (#21429)

* Move winlogbeat processor to libbeat

- needed for filebeat winlog input
- changed name to windows
- also register as winlogbeat for backwards compatibility

(cherry picked from commit fd52ca5adff8a68370e98ae89e101e4060776020)
---
 libbeat/processors/script/javascript/module/include.go |  1 +
 .../script/javascript/module/windows}/doc.go           |  6 +++---
 .../script/javascript/module/windows/windows.go        | 10 ++++++----
 .../script/javascript/module/windows/windows_test.go   |  2 +-
 winlogbeat/cmd/root.go                                 |  1 -
 .../module/powershell/config/winlogbeat-powershell.js  |  4 ++--
 .../module/security/config/winlogbeat-security.js      |  4 ++--
 .../module/sysmon/config/winlogbeat-sysmon.js          |  4 ++--
 x-pack/winlogbeat/module/testing_windows.go            |  1 -
 9 files changed, 17 insertions(+), 16 deletions(-)
 rename {winlogbeat/processors/script/javascript/module/winlogbeat => libbeat/processors/script/javascript/module/windows}/doc.go (82%)
 rename winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go => libbeat/processors/script/javascript/module/windows/windows.go (87%)
 rename winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go => libbeat/processors/script/javascript/module/windows/windows_test.go (99%)

diff --git a/libbeat/processors/script/javascript/module/include.go b/libbeat/processors/script/javascript/module/include.go
index f30e423e7a23..b498dc90e21f 100644
--- a/libbeat/processors/script/javascript/module/include.go
+++ b/libbeat/processors/script/javascript/module/include.go
@@ -24,4 +24,5 @@ import (
 	_ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/path"
 	_ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/processor"
 	_ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/require"
+	_ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/windows"
 )
diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/doc.go b/libbeat/processors/script/javascript/module/windows/doc.go
similarity index 82%
rename from winlogbeat/processors/script/javascript/module/winlogbeat/doc.go
rename to libbeat/processors/script/javascript/module/windows/doc.go
index fc782636d09e..bca46a943400 100644
--- a/winlogbeat/processors/script/javascript/module/winlogbeat/doc.go
+++ b/libbeat/processors/script/javascript/module/windows/doc.go
@@ -15,7 +15,7 @@
 // specific language governing permissions and limitations
 // under the License.
 
-// Package winlogbeat registers the winlogbeat module with the javascript script
-// processor. The module has utilities specific to Winlogbeat like parsing
+// Package windows registers the windows module with the javascript script
+// processor. The module has utilities specific to Windows like parsing
 // Windows command lines.
-package winlogbeat
+package windows
diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go b/libbeat/processors/script/javascript/module/windows/windows.go
similarity index 87%
rename from winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go
rename to libbeat/processors/script/javascript/module/windows/windows.go
index dc9439c5c673..2bbe7817fadc 100644
--- a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go
+++ b/libbeat/processors/script/javascript/module/windows/windows.go
@@ -17,7 +17,7 @@
 
 // +build windows
 
-package winlogbeat
+package windows
 
 import (
 	"syscall"
@@ -60,11 +60,11 @@ func commandLineToArgvW(in string) ([]string, error) {
 	return args, nil
 }
 
-// Require registers the winlogbeat module that has utilities specific to
-// Winlogbeat like parsing Windows command lines. It can be accessed using:
+// Require registers the windows module that has utilities specific to
+// Windows like parsing Windows command lines. It can be accessed using:
 //
 //    // javascript
-//    var winlogbeat = require('winlogbeat');
+//    var windows = require('windows');
 //
 func Require(vm *goja.Runtime, module *goja.Object) {
 	o := module.Get("exports").(*goja.Object)
@@ -74,9 +74,11 @@ func Require(vm *goja.Runtime, module *goja.Object) {
 
 // Enable adds path to the given runtime.
 func Enable(runtime *goja.Runtime) {
+	runtime.Set("windows", require.Require(runtime, "windows"))
 	runtime.Set("winlogbeat", require.Require(runtime, "winlogbeat"))
 }
 
 func init() {
+	require.RegisterNativeModule("windows", Require)
 	require.RegisterNativeModule("winlogbeat", Require)
 }
diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go b/libbeat/processors/script/javascript/module/windows/windows_test.go
similarity index 99%
rename from winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go
rename to libbeat/processors/script/javascript/module/windows/windows_test.go
index 45c339cc1f2c..be213a79ba8c 100644
--- a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go
+++ b/libbeat/processors/script/javascript/module/windows/windows_test.go
@@ -17,7 +17,7 @@
 
 // +build windows
 
-package winlogbeat
+package windows
 
 import (
 	"testing"
diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go
index 7e25e7178136..2cd26a9fe8e9 100644
--- a/winlogbeat/cmd/root.go
+++ b/winlogbeat/cmd/root.go
@@ -30,7 +30,6 @@ import (
 	// Import processors and supporting modules.
 	_ "github.com/elastic/beats/v7/libbeat/processors/script"
 	_ "github.com/elastic/beats/v7/libbeat/processors/timestamp"
-	_ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat"
 )
 
 const (
diff --git a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js
index 71ce567ccc78..4ef1155086bc 100644
--- a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js
+++ b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js
@@ -5,7 +5,7 @@
 var powershell = (function () {
     var path = require("path");
     var processor = require("processor");
-    var winlogbeat = require("winlogbeat");
+    var windows = require("windows");
 
     var normalizeCommonFieldNames = new processor.Convert({
         fields: [
@@ -183,7 +183,7 @@ var powershell = (function () {
         if (!commandLine) {
             return;
         }
-        evt.Put(target, winlogbeat.splitCommandLine(commandLine));
+        evt.Put(target, windows.splitCommandLine(commandLine));
     };
 
     var addProcessArgs = function (evt) {
diff --git a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js
index 9a117a42f6fe..2b472ef9c6bc 100644
--- a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js
+++ b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js
@@ -5,7 +5,7 @@
 var security = (function () {
     var path = require("path");
     var processor = require("processor");
-    var winlogbeat = require("winlogbeat");
+    var windows = require("windows");
 
     // Logon Types
     // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events
@@ -1669,7 +1669,7 @@ var security = (function () {
             if (!cl) {
                 return;
             }
-            evt.Put("process.args", winlogbeat.splitCommandLine(cl));
+            evt.Put("process.args", windows.splitCommandLine(cl));
             evt.Put("process.command_line", cl);
         })
         .Build();
diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js
index a491a1e67be5..ed1776779d55 100644
--- a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js
+++ b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js
@@ -15,7 +15,7 @@ if (!String.prototype.startsWith) {
 var sysmon = (function () {
     var path = require("path");
     var processor = require("processor");
-    var winlogbeat = require("winlogbeat");
+    var windows = require("windows");
     var net = require("net");
 
     // Windows error codes for DNS. This list was generated using
@@ -311,7 +311,7 @@ var sysmon = (function () {
         if (!commandLine) {
             return;
         }
-        evt.Put(target, winlogbeat.splitCommandLine(commandLine));
+        evt.Put(target, windows.splitCommandLine(commandLine));
     };
 
     var splitProcessArgs = function (evt) {
diff --git a/x-pack/winlogbeat/module/testing_windows.go b/x-pack/winlogbeat/module/testing_windows.go
index 12b2102070f1..058e2320a9de 100644
--- a/x-pack/winlogbeat/module/testing_windows.go
+++ b/x-pack/winlogbeat/module/testing_windows.go
@@ -28,7 +28,6 @@ import (
 
 	// Register javascript modules.
 	_ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module"
-	_ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat"
 )
 
 var update = flag.Bool("update", false, "update golden files")