in_elasticsearch: check map size before accessing first entry

[TristanInSec]

get_write_op() accesses kv[0] without checking that the map has at
least one entry. When the bulk API receives an empty JSON object {}
as the meta line, msgpack unpacks it as a map with size 0 and the
kv[0] access reads past the map allocation.

Add an early return when map size is zero.

Summary by CodeRabbit

• Bug Fixes
  • Improved handling of empty or malformed data in the Elasticsearch plugin to prevent errors during processing.
  • Reduces risk of crashes or failed writes when encountering unexpected empty inputs, improving overall stability and reliability.
  • Enhances robustness of data ingestion so operations continue smoothly when edge-case payloads are received.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 858cc21d-2fb1-4158-803c-91c954b6169d

📥 Commits

Reviewing files that changed from the base of the PR and between 0d9f75a and 60f3c6d.

📒 Files selected for processing (1)

• plugins/in_elasticsearch/in_elasticsearch_bulk_prot.c

🚧 Files skipped from review as they are similar to previous changes (1)

• plugins/in_elasticsearch/in_elasticsearch_bulk_prot.c

---

📝 Walkthrough

Walkthrough

This PR adds defensive handling for empty msgpack maps in the Elasticsearch bulk protocol handler by returning early from get_write_op() when the input map contains no entries.

Changes

Elasticsearch bulk protocol empty map handling

Layer / File(s)	Summary
Empty msgpack map guard in write operation plugins/in_elasticsearch/in_elasticsearch_bulk_prot.c	get_write_op() returns FLB_FALSE early when the msgpack map size is zero, preventing downstream code from attempting to access expected key/value entries that do not exist.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A tiny guard so wise and true,
When maps are empty through and through,
The function checks and takes a breath,
Returns safe, avoiding wrath,
The rabbit cheers — no crash today! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately and specifically describes the main change: adding a map size check before accessing the first entry in the Elasticsearch plugin.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[edsiper]

@TristanInSec would you please sign off the commits ? (DCO error / git commit -s ...)