Remove case_sensitive request option (#63218) (#63244)

Make EQL case sensitive by default and adapt some of the string functions Remove the case sensitive option from Between string function Add case_insensitive option to term and wildcard queries usage (cherry picked from commit 7550e06)
elastic · Oct 5, 2020 · 76bba60 · 76bba60
1 parent 1a68378
commit 76bba60
Show file tree

Hide file tree

Showing 45 changed files with 298 additions and 434 deletions.
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java
@@ -39,7 +39,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
     private QueryBuilder filter = null;
     private String timestampField = "@timestamp";
     private String eventCategoryField = "event.category";
-    private boolean isCaseSensitive = true;
 
     private int size = 10;
     private int fetchSize = 1000;
@@ -55,7 +54,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
     static final String KEY_TIMESTAMP_FIELD = "timestamp_field";
     static final String KEY_TIEBREAKER_FIELD = "tiebreaker_field";
     static final String KEY_EVENT_CATEGORY_FIELD = "event_category_field";
-    static final String KEY_CASE_SENSITIVE = "case_sensitive";
     static final String KEY_SIZE = "size";
     static final String KEY_FETCH_SIZE = "fetch_size";
     static final String KEY_QUERY = "query";
@@ -81,7 +79,6 @@ public XContentBuilder toXContent(XContentBuilder builder, ToXContent.Params par
         builder.field(KEY_EVENT_CATEGORY_FIELD, eventCategoryField());
         builder.field(KEY_SIZE, size());
         builder.field(KEY_FETCH_SIZE, fetchSize());
-        builder.field(KEY_CASE_SENSITIVE, isCaseSensitive());
 
         builder.field(KEY_QUERY, query);
         if (waitForCompletionTimeout != null) {
@@ -143,15 +140,6 @@ public EqlSearchRequest eventCategoryField(String eventCategoryField) {
         return this;
     }
 
-    public boolean isCaseSensitive() {
-        return this.isCaseSensitive;
-    }
-
-    public EqlSearchRequest isCaseSensitive(boolean isCaseSensitive) {
-        this.isCaseSensitive = isCaseSensitive;
-        return this;
-    }
-
     public int size() {
         return this.size;
     }
@@ -232,7 +220,6 @@ public boolean equals(Object o) {
                 Objects.equals(tiebreakerField, that.tiebreakerField) &&
                 Objects.equals(eventCategoryField, that.eventCategoryField) &&
                 Objects.equals(query, that.query) &&
-                Objects.equals(isCaseSensitive, that.isCaseSensitive) &&
                 Objects.equals(waitForCompletionTimeout, that.waitForCompletionTimeout) &&
                 Objects.equals(keepAlive, that.keepAlive) &&
                 Objects.equals(keepOnCompletion, that.keepOnCompletion);
@@ -250,7 +237,6 @@ public int hashCode() {
             tiebreakerField,
             eventCategoryField,
             query,
-            isCaseSensitive,
             waitForCompletionTimeout,
             keepAlive,
             keepOnCompletion);

diff --git a/docs/reference/eql/eql.asciidoc b/docs/reference/eql/eql.asciidoc
@@ -486,34 +486,6 @@ GET /my-index-000001/_eql/search
 ----
 // TEST[setup:sec_logs]
 
-[discrete]
-[[eql-search-case-sensitive]]
-=== Run a case-sensitive EQL search
-
-By default, matching for EQL queries is case-insensitive. You can use the
-`case_sensitive` parameter to toggle case sensitivity on or off.
-
-The following search request contains a query that matches `process` events
-with a `process.executable` containing `System32`.
-
-Because `case_sensitive` is `true`, this query only matches `process.executable`
-values containing `System32` with the exact same capitalization. A
-`process.executable` value containing `system32` or `SYSTEM32` would not match
-this query.
-
-[source,console]
-----
-GET /my-index-000001/_eql/search
-{
-  "keep_on_completion": true,
-  "case_sensitive": true,
-  "query": """
-    process where stringContains(process.executable, "System32")
-  """
-}
-----
-// TEST[setup:sec_logs]
-
 [discrete]
 [[eql-search-async]]
 === Run an async EQL search

diff --git a/...ck/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java b/...ck/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java
@@ -40,7 +40,6 @@ public abstract class BaseEqlSpecTestCase extends ESRestTestCase {
     private final String query;
     private final String name;
     private final long[] eventIds;
-    private final boolean caseSensitive;
 
     @Before
     private void setup() throws Exception {
@@ -74,28 +73,22 @@ protected static List<Object[]> asArray(List<EqlSpec> specs) {
                 name = "" + (counter);
             }
 
-            boolean[] values = spec.caseSensitive() == null ? new boolean[] { true, false } : new boolean[] { spec.caseSensitive() };
-
-            for (boolean sensitive : values) {
-                String prefixed = name + (sensitive ? "-sensitive" : "-insensitive");
-                results.add(new Object[] { spec.query(), prefixed, spec.expectedEventIds(), sensitive });
-            }
+            results.add(new Object[] { spec.query(), name, spec.expectedEventIds() });
         }
 
         return results;
     }
 
-    BaseEqlSpecTestCase(String index, String query, String name, long[] eventIds, boolean caseSensitive) {
+    BaseEqlSpecTestCase(String index, String query, String name, long[] eventIds) {
         this.index = index;
 
         this.query = query;
         this.name = name;
         this.eventIds = eventIds;
-        this.caseSensitive = caseSensitive;
     }
 
     public void test() throws Exception {
-        assertResponse(runQuery(index, query, caseSensitive));
+        assertResponse(runQuery(index, query));
     }
 
     protected void assertResponse(EqlSearchResponse response) {
@@ -111,9 +104,8 @@ else if (hits.sequences() != null) {
         }
     }
 
-    protected EqlSearchResponse runQuery(String index, String query, boolean isCaseSensitive) throws Exception {
+    protected EqlSearchResponse runQuery(String index, String query) throws Exception {
         EqlSearchRequest request = new EqlSearchRequest(index, query);
-        request.isCaseSensitive(isCaseSensitive);
         request.tiebreakerField("event.sequence");
         // some queries return more than 10 results
         request.size(50);

diff --git a/...k/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlExtraSpecTestCase.java b/...k/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlExtraSpecTestCase.java
@@ -20,8 +20,8 @@ public static List<Object[]> readTestSpecs() throws Exception {
         return asArray(EqlSpecLoader.load("/test_extra.toml", true, new HashSet<>()));
     }
 
-    public EqlExtraSpecTestCase(String query, String name, long[] eventIds, boolean caseSensitive) {
-        super(TEST_EXTRA_INDEX, query, name, eventIds, caseSensitive);
+    public EqlExtraSpecTestCase(String query, String name, long[] eventIds) {
+        super(TEST_EXTRA_INDEX, query, name, eventIds);
     }
 
     @Override

diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpec.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpec.java
@@ -19,12 +19,6 @@ public class EqlSpec {
     private String query;
     private long[] expectedEventIds;
 
-    // flag to dictate which modes are supported for the test
-    // null -> apply the test to both modes (case sensitive and case insensitive)
-    // TRUE -> case sensitive
-    // FALSE -> case insensitive
-    private Boolean caseSensitive = null;
-
     public String name() {
         return name;
     }
@@ -73,14 +67,6 @@ public void expectedEventIds(long[] expectedEventIds) {
         this.expectedEventIds = expectedEventIds;
     }
 
-    public void caseSensitive(Boolean caseSensitive) {
-        this.caseSensitive = caseSensitive;
-    }
-
-    public Boolean caseSensitive() {
-        return this.caseSensitive;
-    }
-
     public EqlSpec withSensitivity(boolean caseSensitive) {
         EqlSpec spec = new EqlSpec();
         spec.name = name;
@@ -90,7 +76,6 @@ public EqlSpec withSensitivity(boolean caseSensitive) {
         spec.query = query;
         spec.expectedEventIds = expectedEventIds;
 
-        spec.caseSensitive = caseSensitive;
         return spec;
     }
 
@@ -102,10 +87,6 @@ public String toString() {
         str = appendWithComma(str, "description", description);
         str = appendWithComma(str, "note", note);
 
-        if (caseSensitive != null) {
-            str = appendWithComma(str, "case_sensitive", Boolean.toString(caseSensitive));
-        }
-
         if (tags != null) {
             str = appendWithComma(str, "tags", Arrays.toString(tags));
         }
@@ -128,13 +109,12 @@ public boolean equals(Object other) {
 
         EqlSpec that = (EqlSpec) other;
 
-        return Objects.equals(this.query(), that.query())
-                && Objects.equals(this.caseSensitive, that.caseSensitive);
+        return Objects.equals(this.query(), that.query());
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(this.query, this.caseSensitive);
+        return Objects.hash(this.query);
     }
 
     private static String appendWithComma(String str, String name, String append) {

diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpecLoader.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpecLoader.java
@@ -73,20 +73,6 @@ private static List<EqlSpec> readFromStream(InputStream is, boolean supported, S
             spec.note(getTrimmedString(table, "note"));
             spec.description(getTrimmedString(table, "description"));
 
-            Boolean caseSensitive = table.getBoolean("case_sensitive");
-            Boolean caseInsensitive = table.getBoolean("case_insensitive");
-            // if case_sensitive is TRUE and case_insensitive is not TRUE (FALSE or NULL), then the test is case sensitive only
-            if (Boolean.TRUE.equals(caseSensitive)) {
-                if (Boolean.FALSE.equals(caseInsensitive) || caseInsensitive == null) {
-                    spec.caseSensitive(true);
-                }
-            }
-            // if case_sensitive is not TRUE (FALSE or NULL) and case_insensitive is TRUE, then the test is case insensitive only
-            else if (Boolean.TRUE.equals(caseInsensitive)) {
-                spec.caseSensitive(false);
-            }
-            // in all other cases, the test should run no matter the case sensitivity (should test both scenarios)
-
             List<?> arr = table.getList("tags");
             if (arr != null) {
                 String tags[] = new String[arr.size()];

diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpecTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/EqlSpecTestCase.java
@@ -51,7 +51,7 @@ protected String sequenceField() {
         return "serial_event_id";
     }
 
-    public EqlSpecTestCase(String query, String name, long[] eventIds, boolean caseSensitive) {
-        super(TEST_INDEX, query, name, eventIds, caseSensitive);
+    public EqlSpecTestCase(String query, String name, long[] eventIds) {
+        super(TEST_INDEX, query, name, eventIds);
     }
 }