Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.9] [SIEM] [Detections] Reject on value list + other exception entries in single exception item (#73158) #73504

Merged
merged 2 commits into from Jul 29, 2020
Merged

[7.9] [SIEM] [Detections] Reject on value list + other exception entries in single exception item (#73158) #73504

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8004db9
[SIEM] [Detections] Reject on value list + other exception entries in…
dhurley14 Jul 28, 2020
9823313
Merge branch '7.9' into backport/7.9/pr-73158
elasticmachine Jul 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 13 additions & 1 deletion x-pack/plugins/lists/common/schemas/types/entries.mock.ts
View file
Open in desktop
Expand Up @@ -11,10 +11,22 @@ import { getEntryListMock } from './entry_list.mock';
import { getEntryExistsMock } from './entry_exists.mock';
import { getEntryNestedMock } from './entry_nested.mock';

export const getEntriesArrayMock = (): EntriesArray => [
export const getListAndNonListEntriesArrayMock = (): EntriesArray => [
{ ...getEntryMatchMock() },
{ ...getEntryMatchAnyMock() },
{ ...getEntryListMock() },
{ ...getEntryExistsMock() },
{ ...getEntryNestedMock() },
];

export const getListEntriesArrayMock = (): EntriesArray => [
{ ...getEntryListMock() },
{ ...getEntryListMock() },
];

export const getEntriesArrayMock = (): EntriesArray => [
{ ...getEntryMatchMock() },
{ ...getEntryMatchAnyMock() },
{ ...getEntryExistsMock() },
{ ...getEntryNestedMock() },
];
18 changes: 15 additions & 3 deletions x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.test.ts
View file
Open in desktop
Expand Up @@ -11,10 +11,13 @@ import { foldLeftRight, getPaths } from '../../siem_common_deps';

import { getEntryMatchMock } from './entry_match.mock';
import { getEntryMatchAnyMock } from './entry_match_any.mock';
import { getEntryListMock } from './entry_list.mock';
import { getEntryExistsMock } from './entry_exists.mock';
import { getEntryNestedMock } from './entry_nested.mock';
import { getEntriesArrayMock } from './entries.mock';
import {
getEntriesArrayMock,
getListAndNonListEntriesArrayMock,
getListEntriesArrayMock,
} from './entries.mock';
import { nonEmptyEntriesArray } from './non_empty_entries_array';
import { EntriesArray } from './entries';

Expand Down Expand Up @@ -80,7 +83,7 @@ describe('non_empty_entries_array', () => {
});

test('it should validate an array of "list" entries', () => {
const payload: EntriesArray = [{ ...getEntryListMock() }, { ...getEntryListMock() }];
const payload: EntriesArray = [...getListEntriesArrayMock()];
const decoded = nonEmptyEntriesArray.decode(payload);
const message = pipe(decoded, foldLeftRight);

Expand All @@ -106,6 +109,15 @@ describe('non_empty_entries_array', () => {
expect(message.schema).toEqual(payload);
});

test('it should NOT validate an array of entries of value list and non-value list entries', () => {
const payload: EntriesArray = [...getListAndNonListEntriesArrayMock()];
const decoded = nonEmptyEntriesArray.decode(payload);
const message = pipe(decoded, foldLeftRight);

expect(getPaths(left(message.errors))).toEqual(['Cannot have entry of type list and other']);
expect(message.schema).toEqual({});
});

test('it should NOT validate an array of non entries', () => {
const payload = [1];
const decoded = nonEmptyEntriesArray.decode(payload);
Expand Down
9 changes: 9 additions & 0 deletions x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.ts
View file
Open in desktop
Expand Up @@ -8,6 +8,7 @@ import * as t from 'io-ts';
import { Either } from 'fp-ts/lib/Either';

import { EntriesArray, entriesArray } from './entries';
import { entriesList } from './entry_list';

/**
* Types the nonEmptyEntriesArray as:
Expand All @@ -21,6 +22,14 @@ export const nonEmptyEntriesArray = new t.Type<EntriesArray, EntriesArray, unkno
if (Array.isArray(input) && input.length === 0) {
return t.failure(input, context);
} else {
if (
Array.isArray(input) &&
input.some((entry) => entriesList.is(entry)) &&
input.some((entry) => !entriesList.is(entry))
) {
// fail when an exception item contains both a value list entry and a non-value list entry
return t.failure(input, context, 'Cannot have entry of type list and other');
}
return entriesArray.validate(input, context);
}
},
Expand Down
6 changes: 0 additions & 6 deletions x-pack/plugins/security_solution/public/common/components/exceptions/viewer/helpers.test.tsx
View file
Open in desktop
Expand Up @@ -93,12 +93,6 @@ describe('Exception viewer helpers', () => {
operator: 'is one of',
value: ['some host name'],
},
{
fieldName: 'host.name',
isNested: false,
operator: 'is in list',
value: 'some-list-id',
},
{
fieldName: 'host.name',
isNested: false,
Expand Down