imperva_cloud_waf: handle case where cursor state cannot be found in log file index

efd6 · efd6 · commit db3793ac5dc6 · 2025-06-24T07:20:25.000+09:30
The previous code assumes that it is possible to determine the remainder
of work to be done by splitting on the last log file that was collected.
This fails when the last log file collected is not in the log files that
the index returns for whatever reason.

In that case, use the complete index to start again on the basis that
the cursor log file state has gone stale relative to the index returned
by the API.
diff --git a/packages/imperva_cloud_waf/changelog.yml b/packages/imperva_cloud_waf/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.12.2"
+  changes:
+    - description: Fix handling of API requests when the cursor state cannot be found in the log file index returned by Imperva.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14298
 - version: "1.12.1"
   changes:
     - description: Fix ingest pipeline to handle whitespace in request URL.
diff --git a/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs b/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs
@@ -31,13 +31,20 @@ program: |
           "Authorization": ["Basic "+string(base64(state.user+":"+state.password))],
         }
       }).do_request().as(resp, resp.StatusCode == 200 ?
-        bytes(resp.Body).as(body, {
+        resp.Body.as(body, {
           "worklist": (
-            has(state.cursor) && has(state.cursor.log_file) && state.cursor.log_file != null
-            ?
-              string(body).split(state.cursor.log_file)[1].split("\n").filter(x,x!="").map(x,{"filename":x})
+            has(state.?cursor.log_file) && state.cursor.log_file != null ?
+              string(body).split(state.cursor.log_file)[?1].optMap(f,
+                f.split("\n").map(x, x != "",
+                  {"filename":x}
+                )
+              ).orValue(string(body).split("\n").map(x,
+                {"filename":x}
+              ))
             :
-              string(body).split("\n").map(x,{"filename":x})
+              string(body).split("\n").map(x,
+                {"filename":x}
+              )
           ),
           "next": 0,
         })
@@ -71,7 +78,7 @@ program: |
           "Authorization": ["Basic "+string(base64(state.user + ":" + state.password))],
         }
       }).do_request().as(resp, resp.StatusCode == 200 ?
-        bytes(resp.Body).as(body, {
+        resp.Body.as(body, {
           "events": try(string(body), "error").as(body, type(body) == type("") ?
             dyn((body+"|==|").split("|==|")[1].split("\n").filter(x,x!="").map(x,{"message":x}))
           :
@@ -90,8 +97,7 @@ program: |
           ),
           "cursor": {
             "log_file": (
-              has(state.cursor) && has(state.cursor.log_file) && state.cursor.log_file != null
-              ?
+              has(state.?cursor.log_file) && state.cursor.log_file != null ?
                 (
                   (v.worklist[v.next].filename).split(".")[0] != (state.cursor.log_file).split(".")[0] ?
                     v.worklist[v.next].filename
diff --git a/packages/imperva_cloud_waf/manifest.yml b/packages/imperva_cloud_waf/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.0.3
 name: imperva_cloud_waf
 title: Imperva Cloud WAF
-version: "1.12.1"
+version: "1.12.2"
 description: Collect logs from Imperva Cloud WAF with Elastic Agent.
 type: integration
 categories:
