Merge remote-tracking branch 'origin/release/v11.2.2' into release/v11.2.2

Author: mjabascal10

.gitignore

@@ -11,3 +11,6 @@ installer/installer
 geolocation/
 installer/public_key.crt
 .github/scripts/golang-updater/go-updater
+
+
+qodana.yaml

agent-manager/updates/updates.go

@@ -4,8 +4,8 @@ import (
 	"crypto/tls"
 	"net/http"
 	"os"
+	"time"
 
-	"github.com/gin-contrib/gzip"
 	"github.com/threatwinds/go-sdk/catcher"
 
 	"github.com/gin-gonic/gin"
@@ -23,7 +23,6 @@ func ServeDependencies() {
 	r := gin.New()
 	r.Use(
 		gin.Recovery(),
-		gzip.Gzip(gzip.DefaultCompression),
 	)
 
 	r.NoRoute(notFound)
@@ -33,20 +32,31 @@ func ServeDependencies() {
 
 	loadedCert, err := tls.LoadX509KeyPair(config.CertPath, config.CertKeyPath)
 	if err != nil {
-		catcher.Error("failed to load TLS credentials", err, map[string]any{"process": "agent-manager"})
+		_ = catcher.Error("failed to load TLS credentials", err, map[string]any{"process": "agent-manager"})
+		time.Sleep(5 * time.Second)
 		os.Exit(1)
 	}
 
 	tlsConfig := &tls.Config{
-		MinVersion:   tls.VersionTLS12,
 		Certificates: []tls.Certificate{loadedCert},
+		MinVersion:   tls.VersionTLS12,
+		MaxVersion:   tls.VersionTLS13,
 		CipherSuites: []uint16{
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			// TLS 1.2 secure cipher suites - RSA key exchange
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			// TLS 1.2 secure cipher suites - ECDSA key exchange (for ECDSA certificates)
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		},
+		CurvePreferences: []tls.CurveID{
+			tls.X25519,    // Modern and fast
+			tls.CurveP256, // NIST P-256
+			tls.CurveP384, // NIST P-384
+			tls.CurveP521, // NIST P-521
 		},
-
-		PreferServerCipherSuites: true,
 	}
 
 	server := &http.Server{
@@ -57,7 +67,7 @@ func ServeDependencies() {
 
 	catcher.Info("Starting HTTP server on port 8080", map[string]any{"process": "agent-manager"})
 	if err := server.ListenAndServeTLS("", ""); err != nil {
-		catcher.Error("error starting HTTP server", err, map[string]any{"process": "agent-manager"})
+		_ = catcher.Error("error starting HTTP server", err, map[string]any{"process": "agent-manager"})
 		return
 	}
 }

agent/updater/utils/download.go

@@ -20,7 +20,8 @@ func DownloadFile(url string, headers map[string]string, fileName string, path s
 
 	client := &http.Client{}
 	client.Transport = &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTlsVerification},
+		TLSClientConfig:    &tls.Config{InsecureSkipVerify: skipTlsVerification},
+		DisableCompression: true,
 	}
 
 	resp, err := client.Do(req)

agent/utils/download.go

@@ -21,6 +21,7 @@ func DownloadFile(url string, headers map[string]string, fileName string, path s
 	client := &http.Client{}
 	client.Transport = &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTlsVerification},
+		DisableCompression: true,
 	}
 
 	resp, err := client.Do(req)

agent/utils/files.go

@@ -8,6 +8,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"reflect"
 
 	"gopkg.in/yaml.v2"
 )
@@ -22,6 +23,15 @@ func GetMyPath() string {
 }
 
 func ReadYAML(path string, result interface{}) error {
+	if result == nil {
+		return fmt.Errorf("result interface is nil")
+	}
+
+	rv := reflect.ValueOf(result)
+	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+		return fmt.Errorf("result must be a non-nil pointer")
+	}
+
 	file, err := os.Open(path)
 	if err != nil {
 		return err

backend/src/main/resources/config/liquibase/changelog/20260126001_update_regex_for_configuration_parameter_base_url.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260126001" author="Manuel Abascal">
+
+        <update tableName="utm_configuration_parameter">
+            <column name="conf_param_regexp" value="^(?:https?:\/\/)?(?:\d{1,3}(?:\.\d{1,3}){3}|(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,})(?:\/[^\s]*)?$"/>
+            <where> conf_param_short = 'utmstack.mail.baseUrl' </where>
+        </update>
+
+    </changeSet>
+
+</databaseChangeLog>

backend/src/main/resources/config/liquibase/master.xml

@@ -319,4 +319,6 @@
 
     <include file="/config/liquibase/changelog/20260122004_update_azure_visualizations.xml" relativeToChangelogFile="false"/>
 
+    <include file="/config/liquibase/changelog/20260126001_update_regex_for_configuration_parameter_base_url.xml" relativeToChangelogFile="false"/>
+
 </databaseChangeLog>

filters/README.md

@@ -1 +1,3 @@
 # UTMStack Filters
+
+Documentation on how to create and maintain custom filters can be found in: https://github.com/utmstack/UTMStack/wiki

installer/utils/os.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"reflect"
 
 	"gopkg.in/yaml.v3"
 )
@@ -51,12 +52,12 @@ func RunCmd(command string, arg ...string) error {
 
 func RunCmdWithOutput(command string, arg ...string) ([]string, error) {
 	cmd := exec.Command(command, arg...)
-	
+
 	output, err := cmd.Output()
 	if err != nil {
 		return nil, fmt.Errorf("error running command: %v", err)
 	}
-	
+
 	lines := bytes.Split(output, []byte("\n"))
 	result := make([]string, 0, len(lines))
 	for _, line := range lines {
@@ -65,7 +66,7 @@ func RunCmdWithOutput(command string, arg ...string) ([]string, error) {
 			result = append(result, string(trimmed))
 		}
 	}
-	
+
 	return result, nil
 }
 
@@ -127,6 +128,15 @@ func WriteYAML(url string, data any) error {
 }
 
 func ReadYAML(path string, result any) error {
+	if result == nil {
+		return fmt.Errorf("result interface is nil")
+	}
+
+	rv := reflect.ValueOf(result)
+	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+		return fmt.Errorf("result must be a non-nil pointer")
+	}
+
 	file, err := os.Open(path)
 	if err != nil {
 		return err

plugins/alerts/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"regexp"
 	"strings"
@@ -86,22 +85,13 @@ func correlate(ctx context.Context,
 		}
 	}()
 
-	parentId := getPreviousAlertId(alert)
-
-	if parentId != nil {
-		if isDuplicate(alert) {
-			return nil, nil
-		}
-		return nil, newAlert(alert, parentId)
+	if isDuplicate(alert) {
+		return nil, nil
 	}
 
-	if len(alert.DeduplicateBy) > 0 {
-		if isDuplicate(alert) {
-			return nil, nil
-		}
-	}
+	parentId := getPreviousAlertId(alert)
 
-	return nil, newAlert(alert, nil)
+	return nil, newAlert(alert, parentId)
 }
 
 func isDuplicate(alert *plugins.Alert) bool {
@@ -116,6 +106,10 @@ func isDuplicate(alert *plugins.Alert) bool {
 		}
 	}()
 
+	if len(alert.DeduplicateBy) == 0 {
+		return false
+	}
+
 	alertString, err := utils.ProtoMessageToString(alert)
 	if err != nil {
 		_ = catcher.Error("cannot convert alert to string", err, map[string]any{"alert": alert.Name, "process": "plugin_com.utmstack.alerts"})
@@ -129,7 +123,7 @@ func isDuplicate(alert *plugins.Alert) bool {
 	bb := sdkos.NewBoolBuilder(ctx, indices, "plugin_com.utmstack.alerts")
 
 	// 1. Filter by Name (always)
-	bb.FilterTerm("name.keyword", alert.Name)
+	bb.FilterTerm("name", alert.Name)
 
 	// Compile regex for array index stripping
 	reArrayIndex := regexp.MustCompile(`\.[0-9]+(\.|$)`)
@@ -139,7 +133,7 @@ func isDuplicate(alert *plugins.Alert) bool {
 
 		value := gjson.Get(*alertString, d)
 		if value.Type == gjson.Null {
-			continue
+			return false
 		}
 
 		// Calculate OpenSearch field name by removing array indices
@@ -151,7 +145,7 @@ func isDuplicate(alert *plugins.Alert) bool {
 		})
 
 		if value.Type == gjson.String {
-			bb.FilterTerm(fmt.Sprintf("%s.keyword", searchField), value.String())
+			bb.FilterTerm(searchField, value.String())
 		} else if value.Type == gjson.Number {
 			bb.FilterTerm(searchField, value.Float())
 		} else if value.IsBool() {
@@ -196,12 +190,7 @@ func getPreviousAlertId(alert *plugins.Alert) *string {
 		}
 	}()
 
-	searchFields := alert.GroupBy
-	if len(searchFields) == 0 {
-		searchFields = alert.DeduplicateBy
-	}
-
-	if len(searchFields) == 0 {
+	if len(alert.GroupBy) == 0 {
 		return nil
 	}
 
@@ -218,7 +207,7 @@ func getPreviousAlertId(alert *plugins.Alert) *string {
 	bb := sdkos.NewBoolBuilder(ctx, indices, "plugin_com.utmstack.alerts")
 
 	// 1. Filter by Name (always)
-	bb.FilterTerm("name.keyword", alert.Name)
+	bb.FilterTerm("name", alert.Name)
 
 	// 2. Must NOT match existing ParentId (we want strictly the parent, or another orphan, not a child)
 	// Original logic: MustNot exists field "parentId"
@@ -227,12 +216,12 @@ func getPreviousAlertId(alert *plugins.Alert) *string {
 	// Compile regex for array index stripping
 	reArrayIndex := regexp.MustCompile(`\.[0-9]+(\.|$)`)
 
-	for _, d := range searchFields {
+	for _, d := range alert.GroupBy {
 		d = strings.TrimSuffix(d, ".keyword")
 
 		value := gjson.Get(*alertString, d)
 		if value.Type == gjson.Null {
-			continue
+			return nil
 		}
 
 		// Calculate OpenSearch field name by removing array indices
@@ -244,7 +233,7 @@ func getPreviousAlertId(alert *plugins.Alert) *string {
 		})
 
 		if value.Type == gjson.String {
-			bb.FilterTerm(fmt.Sprintf("%s.keyword", searchField), value.String())
+			bb.FilterTerm(searchField, value.String())
 		} else if value.Type == gjson.Number {
 			bb.FilterTerm(searchField, value.Float())
 		} else if value.IsBool() {