-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Exceptions] - Tie server and client code together #70918
Changes from all commits
070b3d3
3507d77
48497d7
a2a0a9d
03fc086
f4a21f0
472730b
293a12b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
{ | ||
"id": "hand_inserted_item_id", | ||
"list_id": "list-ip", | ||
"value": "10.4.2.140" | ||
"value": "10.4.3.11" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,6 +12,8 @@ import { | |
DescriptionOrUndefined, | ||
EntriesArray, | ||
EntriesArrayOrUndefined, | ||
ExceptionListItemType, | ||
ExceptionListItemTypeOrUndefined, | ||
ExceptionListType, | ||
ExceptionListTypeOrUndefined, | ||
FilterOrUndefined, | ||
|
@@ -98,7 +100,7 @@ export interface CreateExceptionListItemOptions { | |
description: Description; | ||
meta: MetaOrUndefined; | ||
tags: Tags; | ||
type: ExceptionListType; | ||
type: ExceptionListItemType; | ||
} | ||
|
||
export interface UpdateExceptionListItemOptions { | ||
|
@@ -112,7 +114,7 @@ export interface UpdateExceptionListItemOptions { | |
description: DescriptionOrUndefined; | ||
meta: MetaOrUndefined; | ||
tags: TagsOrUndefined; | ||
type: ExceptionListTypeOrUndefined; | ||
type: ExceptionListItemTypeOrUndefined; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Before both the list and item types were just t.string so it didn't scream at us, but now that the list type and item type differ, had to update. |
||
} | ||
|
||
export interface FindExceptionListItemOptions { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,8 +10,8 @@ import { | |
DescriptionOrUndefined, | ||
EntriesArrayOrUndefined, | ||
ExceptionListItemSchema, | ||
ExceptionListItemTypeOrUndefined, | ||
ExceptionListSoSchema, | ||
ExceptionListTypeOrUndefined, | ||
IdOrUndefined, | ||
ItemIdOrUndefined, | ||
MetaOrUndefined, | ||
|
@@ -43,7 +43,7 @@ interface UpdateExceptionListItemOptions { | |
user: string; | ||
tags: TagsOrUndefined; | ||
tieBreaker?: string; | ||
type: ExceptionListTypeOrUndefined; | ||
type: ExceptionListItemTypeOrUndefined; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Before both the list and item types were just t.string so it didn't scream at us, but now that the list type and item type differ, had to update. |
||
} | ||
|
||
export const updateExceptionListItem = async ({ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,6 +21,8 @@ import { | |
NamespaceType, | ||
UpdateCommentsArrayOrUndefined, | ||
comments as commentsSchema, | ||
exceptionListItemType, | ||
exceptionListType, | ||
} from '../../../common/schemas'; | ||
import { | ||
SavedObjectType, | ||
|
@@ -80,7 +82,7 @@ export const transformSavedObjectToExceptionList = ({ | |
namespace_type: namespaceType, | ||
tags, | ||
tie_breaker_id, | ||
type, | ||
type: exceptionListType.is(type) ? type : 'detection', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a result of both the list and item |
||
updated_at: updatedAt ?? dateNow, | ||
updated_by, | ||
}; | ||
|
@@ -116,7 +118,7 @@ export const transformSavedObjectUpdateToExceptionList = ({ | |
namespace_type: namespaceType, | ||
tags: tags ?? exceptionList.tags, | ||
tie_breaker_id: exceptionList.tie_breaker_id, | ||
type: type ?? exceptionList.type, | ||
type: exceptionListType.is(type) ? type : exceptionList.type, | ||
updated_at: updatedAt ?? dateNow, | ||
updated_by: updatedBy ?? exceptionList.updated_by, | ||
}; | ||
|
@@ -168,7 +170,7 @@ export const transformSavedObjectToExceptionListItem = ({ | |
namespace_type: namespaceType, | ||
tags, | ||
tie_breaker_id, | ||
type, | ||
type: exceptionListItemType.is(type) ? type : 'simple', | ||
updated_at: updatedAt ?? dateNow, | ||
updated_by, | ||
}; | ||
|
@@ -202,6 +204,8 @@ export const transformSavedObjectUpdateToExceptionListItem = ({ | |
|
||
// TODO: Change this to do a decode and throw if the saved object is not as expected. | ||
// TODO: Do a throw if after the decode this is not the correct "list_type: list" | ||
// TODO: Update exception list and item types (perhaps separating out) so as to avoid | ||
// defaulting | ||
return { | ||
_tags: _tags ?? exceptionListItem._tags, | ||
comments: comments ?? exceptionListItem.comments, | ||
|
@@ -217,7 +221,7 @@ export const transformSavedObjectUpdateToExceptionListItem = ({ | |
namespace_type: namespaceType, | ||
tags: tags ?? exceptionListItem.tags, | ||
tie_breaker_id: exceptionListItem.tie_breaker_id, | ||
type: type ?? exceptionListItem.type, | ||
type: exceptionListItemType.is(type) ? type : exceptionListItem.type, | ||
updated_at: updatedAt ?? dateNow, | ||
updated_by: updatedBy ?? exceptionListItem.updated_by, | ||
}; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,7 +16,6 @@ import { | |
entriesExists, | ||
entriesMatch, | ||
entriesNested, | ||
entriesList, | ||
ExceptionListItemSchema, | ||
} from '../../../lists/common/schemas'; | ||
import { Language, Query } from './schemas/common/schemas'; | ||
|
@@ -182,7 +181,7 @@ export const buildExceptionItemEntries = ({ | |
}): string => { | ||
const and = getLanguageBooleanOperator({ language, value: 'and' }); | ||
const exceptionItem = lists | ||
.filter((t) => !entriesList.is(t)) | ||
.filter(({ type }) => type !== 'list') | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Starting to try to not rely on |
||
.reduce<string[]>((accum, listItem) => { | ||
const exceptionSegment = evaluateValues({ item: listItem, language }); | ||
return [...accum, exceptionSegment]; | ||
|
@@ -200,7 +199,7 @@ export const buildQueryExceptions = ({ | |
language: Language; | ||
lists: ExceptionListItemSchema[] | undefined; | ||
}): DataQuery[] => { | ||
if (lists && lists !== null) { | ||
if (lists != null) { | ||
const exceptions = lists.map((exceptionItem) => | ||
buildExceptionItemEntries({ lists: exceptionItem.entries, language }) | ||
); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before both the list and item types were just t.string so it didn't scream at us, but now that the list type and item type differ, had to update.