Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] API users can create rules with blank name and description #81319

Closed
MadameSheema opened this issue Oct 21, 2020 · 0 comments · Fixed by #82087
Closed

[Security Solution] API users can create rules with blank name and description #81319

MadameSheema opened this issue Oct 21, 2020 · 0 comments · Fixed by #82087
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0

Comments

@MadameSheema
Copy link
Member

MadameSheema commented Oct 21, 2020
edited
Loading

Bug originally reported by: @rylnd

Describe the bug
API users can create rules with name and/or description fields of "" (empty string). While the UI forms prevent this, the backend allows it. While I haven't yet seen any errors (since the fields are still strings), it does cause some weird UI bugs:

When the rule renders in the Rules table, there is no name to display and thus no link to Details is clickable: 136c07f5-8bec-476b-8fb3-29cc62d45b2d_-_Kibana

When detection alerts are generated, the Rule column is empty: 136c07f5-8bec-476b-8fb3-29cc62d45b2d_-_Kibana

Alert fields display: name is -- while description is (Empty String): 136c07f5-8bec-476b-8fb3-29cc62d45b2d_-_Kibana

Preconditions
Kibana 7.7+

To Reproduce
Steps to reproduce the behavior:

  1. POST to the "create rule" endpoint (api/detection_engine/rules) with the following body:
{
  "description": "",
  "name": "",
  "severity": "low",
  "risk_score": 50,
  "type": "query",
  "enabled": false
}

Expected behavior
The request is rejected with a 4xx

On 2 Sep @spong commented:
Note, linking #65764 as the Rule column displayed as -- is the result of a separate issue.
@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience v7.11.0 Team:Detections and Resp Security Detection Response Team labels Oct 21, 2020
@peluja1012 peluja1012 assigned rylnd and unassigned rylnd Oct 26, 2020
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
@peluja1012 peluja1012 added the impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. label Oct 28, 2020
rylnd added a commit to rylnd/kibana that referenced this issue Oct 29, 2020
@rylnd
Prevent rules from being created with a blank name or description
9f22c27 
Our validations were a little lax here. While the fields did not cause
any errors as they're still strings, the lack of content causes some UX
weirdness that we should prevent.

Closes elastic#81319
@rylnd rylnd mentioned this issue Oct 29, 2020
Merged
2 tasks
rylnd added a commit that referenced this issue Nov 2, 2020
@rylnd @kibanamachine
[Security Solution][Detections] Prevent rules from being created with…
039b44f 
… a blank name or description (#82087)

* Prevent rules from being created with a blank name or description

Our validations were a little lax here. While the fields did not cause
any errors as they're still strings, the lack of content causes some UX
weirdness that we should prevent.

Closes #81319

* Fix unit tests for rule updates

Adding in the other required fields here to get a more concise error.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
rylnd added a commit that referenced this issue Nov 2, 2020
@rylnd @kibanamachine
[Security Solution][Detections] Prevent rules from being created with…
3aec8c3 
… a blank name or description (#82087) (#82319)

* Prevent rules from being created with a blank name or description

Our validations were a little lax here. While the fields did not cause
any errors as they're still strings, the lack of content causes some UX
weirdness that we should prevent.

Closes #81319

* Fix unit tests for rule updates

Adding in the other required fields here to get a more concise error.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0
Projects
None yet
Milestone
No milestone
4 participants
@peluja1012 @rylnd @MindyRS @MadameSheema