Add script processor

[andrewkroh]

I recommend reading the docs then reviewing the non-vendor changes which is ~1400 lines.

The script processor executes Javascript code to process an event. The processor uses a pure
Go implementation of ECMAScript 5.1. This can be useful in situations where one of the other
processors doesn’t provide the functionality you need to filter events.

The processor can be configured by embedding Javascript in your configuration file or by pointing
the processor at external file(s). See the included documentation for the full details.

processors:
- script:
    lang: javascript
    source: >
      function process(event) {
          event.Tag("js");
      }

For observability it can add metrics with a histogram of the execution time and a counter
for the number of exceptions that occur.

Benchmark Results

Here's a benchmark to get a rough idea of how long it takes to process an event in the processor's runtime.

goos: darwin
goarch: amd64
pkg: github.com/elastic/beats/libbeat/processors/script/javascript
BenchmarkBeatEventV0/Put-12                         2000000           712 ns/op
BenchmarkBeatEventV0/Object_Put_Key-12              2000000           615 ns/op
BenchmarkBeatEventV0/Get-12                         2000000           769 ns/op
BenchmarkBeatEventV0/Get_Undefined_Key-12           1000000          1010 ns/op
BenchmarkBeatEventV0/fields_get_key-12              2000000           836 ns/op
BenchmarkBeatEventV0/Get_@metadata-12               2000000           676 ns/op
BenchmarkBeatEventV0/Put_@metadata-12               2000000           736 ns/op
BenchmarkBeatEventV0/Delete_@metadata-12            2000000           651 ns/op
BenchmarkBeatEventV0/Cancel-12                      3000000           565 ns/op
BenchmarkBeatEventV0/Tag-12                         2000000           865 ns/op
BenchmarkBeatEventV0/AppendTo-12                    2000000           630 ns/op

[webmat]

Love this!

I think it may be worth aligning option names with the equivalent names in ingest node. E.g. "code" => "source" & so on.

[ph]

Looking at the doc

Is it goroutine-safe?
No. An instance of goja.Runtime can only be used by a single goroutine at a time. You can create as many instances of Runtime as you like but it's not possible to pass object values between runtimes.

IIRC, I think this might be fine because when we call publish on the client we actually have a mutex around the processor calls. But if we ever change the contract that could cause issue.

[andrewkroh]

If we change that assumption we'll have to take a look at each processor to make sure they are thread-safe.

[ph]

We are actually opening the door for all kinds of scripts here, what comes to my mind are really long execution times or ReDoS cases, looking at the readme the VM support interruption

So I think we should set a default timeout and allow people to overrides that.

[andrewkroh]

Good idea.

[roncohen]

I love the idea of this!

However, it would be great if you could elaborate more on the motivation for adding this. I think taking on 120k lines of code and a Javascript interpreter is a pretty big deal. Especially considering:

• there's no way to selectively include it in your binary. If you use libbeat, it's going to go into your binary. That means inflated binaries, compile time, security concerns etc.
• it's a whole ECMAScript interpreter implemented more or less by a single contributor. He writes in the README:

It's very unlikely that I will be adding new functionality any time soon.

• there are some comments on timeouts. What about security in more general terms? Are we worried about people writing insecure scripts?

How about making this processor a "real module" that beats can import if they need it?

[andrewkroh]

there's no way to selectively include it in your binary. If you use libbeat, it's going to go into your binary.

Big +1 on this from me. I'd rather give each Beat the choice to opt in to importing the processor.

[andrewkroh]

I've made updates to address the comments.

• Added a timeout option.
• Removed automatic inclusion of the processor by libbeat. I imported it in the log processing beats and made the documentation conditional.
• Added a test for Geting and Object and mentioned this in the docs.

[andrewkroh]

If we change that assumption we'll have to take a look at each processor to make sure they are thread-safe.

[ph]

I am happy with the decision of keeping this experimental for now, I understand the usefulness of having the power of a scripting language in beats but I am also worried about the activity around the javascript engine that we vendor.

NIT: I would probably change the options to be close with the ingest node instead of the ruby filter, since we are usually interacting more often with pipelines.

[ph]

@andrewkroh By curiosity, what was the impact of this change in your benchmark? I am asking this because I know there is channel involved when under the hood.

[andrewkroh]

You can see the resulting benchmark in this commit:
427d5d9

[ph]

BenchmarkBeatEventV0/timeout_Put-12                 1000000          1510 ns/op
BenchmarkBeatEventV0/Object_Put_Key-12              2000000           631 ns/op

OK let's keep it as is, for now, we might be able to optimize it later.

[andrewkroh]

I am happy with the decision of keeping this experimental for now, I understand the usefulness of having the power of a scripting language in beats but I am also worried about the activity around the javascript engine that we vendor.

Yep. We can try it out. If we find a major show stopper bug with the engine that would take significant effort to fix we “cancel” the experiment.

And I’ll make the change to align the config more with the painless script processor in ingest node.

[andrewkroh]

jenkins, test this

[ph]

LGTM, let's make a followup PR to reject it from CM.

[JCMais]

This sounds really interesting! I have a question related to that, will it make their way to v6 or it will be v7 only?

[andrewkroh]

@JCMais It will be a feature in v7+ only.