Skip to content

Commit

Permalink
enabled source filtering when searching rules (#374)
Browse files Browse the repository at this point in the history 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit 2bdba83)
  • Loading branch information
@petardz @github-actions
petardz authored and github-actions[bot] committed May 2, 2023
1 parent 4202306 commit 121ed54
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
1 change: 0 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchRuleAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
Boolean isPrepackaged = request.paramAsBoolean("pre_packaged", true);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
searchSourceBuilder.parseXContent(request.contentOrSourceParamParser());
searchSourceBuilder.fetchSource(null);

QueryBuilder queryBuilder = QueryBuilders.boolQuery().must(searchSourceBuilder.query());

Expand Down
9 changes: 8 additions & 1 deletion src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,8 @@ public void testSearchingPrepackagedRulesByMitreAttackID() throws IOException {
" }\n" +
" }\n" +
" }\n" +
" }\n" +
" },\n" +
" \"_source\": [\"rule.query_field_names\"]" +
"}";

Response searchResponse = makeRequest(client(), "POST", String.format(Locale.getDefault(), "%s/_search", SecurityAnalyticsPlugin.RULE_BASE_URI), Collections.singletonMap("pre_packaged", "true"),
Expand All @@ -220,6 +221,12 @@ public void testSearchingPrepackagedRulesByMitreAttackID() throws IOException {

Map<String, Object> responseBody = asMap(searchResponse);
Assert.assertEquals(9, ((Map<String, Object>) ((Map<String, Object>) responseBody.get("hits")).get("total")).get("value"));
// Verify that _source filtering is working
List<Map<String, Object>> hits = ((List<Map<String, Object>>)((Map<String, Object>) responseBody.get("hits")).get("hits"));
Map<String, Object> sourceOfDoc0 = (Map<String, Object>)hits.get(0).get("_source");
Map<String, Object> rule = (Map<String, Object>) sourceOfDoc0.get("rule");
assertEquals(1, rule.size());
assertTrue(rule.containsKey("query_field_names"));
}

@SuppressWarnings("unchecked")
Expand Down

0 comments on commit 121ed54

Please sign in to comment.