From 4e28602162ed0a4213893f601f288adf94bcc5e5 Mon Sep 17 00:00:00 2001
From: Brandon Myers <bmyers@mozilla.com>
Date: Mon, 10 Dec 2018 01:55:54 -0500
Subject: [PATCH] Move source port and destination port to details root

---
 mq/plugins/filterlog.py            | 15 ++++++---------
 tests/mq/plugins/test_filterlog.py |  8 +++-----
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/mq/plugins/filterlog.py b/mq/plugins/filterlog.py
index d9ed256d..e1c8b3a8 100644
--- a/mq/plugins/filterlog.py
+++ b/mq/plugins/filterlog.py
@@ -71,9 +71,9 @@ class message(object):
             if 'tcp' not in message['details']:
                 message['details']['tcp'] = {}
 
-            message['details']['tcp']['source_port'] = summary_items[last_index + 4]
-            message['details']['tcp']['destination_port'] = summary_items[last_index + 5]
-            message['details']['tcp']['data_length'] = summary_items[last_index + 6]
+            message['details']['source_port'] = summary_items[last_index + 4]
+            message['details']['destination_port'] = summary_items[last_index + 5]
+            message['details']['data_length'] = summary_items[last_index + 6]
             message['details']['tcp']['flags'] = summary_items[last_index + 7]
             message['details']['tcp']['seq_number'] = summary_items[last_index + 8]
             message['details']['tcp']['ack_number'] = summary_items[last_index + 9]
@@ -81,11 +81,8 @@ class message(object):
             message['details']['tcp']['urg'] = summary_items[last_index + 11]
             message['details']['tcp']['options'] = summary_items[last_index + 12]
         elif proto_id == 17:
-            if 'udp' not in message['details']:
-                message['details']['udp'] = {}
-
-            message['details']['udp']['source_port'] = summary_items[last_index + 4]
-            message['details']['udp']['destination_port'] = summary_items[last_index + 5]
-            message['details']['udp']['data_length'] = summary_items[last_index + 6]
+            message['details']['source_port'] = summary_items[last_index + 4]
+            message['details']['destination_port'] = summary_items[last_index + 5]
+            message['details']['data_length'] = summary_items[last_index + 6]
 
         return (message, metadata)
diff --git a/tests/mq/plugins/test_filterlog.py b/tests/mq/plugins/test_filterlog.py
index 84b553a2..2c123d6f 100644
--- a/tests/mq/plugins/test_filterlog.py
+++ b/tests/mq/plugins/test_filterlog.py
@@ -45,11 +45,9 @@ class TestFilterlog():
                 'sourceipaddress': '175.41.7.2',
                 'sub_rule_number': '',
                 'trackor': '1000000103',
-                'udp': {
-                    'data_length': '72',
-                    'destination_port': '33443',
-                    'source_port': '57434'
-                }
+                'data_length': '72',
+                'destination_port': '33443',
+                'source_port': '57434'
             },
             'summary': '9,,,1000000103,igb0,match,block,in,4,0x0,,6,60624,0,DF,17,udp,92,175.41.7.2,21.143.56.109,57434,33443,72'
         }