[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types #195318
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dplumlee
added
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
…n-customizable-fields
dplumlee
commented
Oct 7, 2024
Comment on lines
138
to
142
| if (!isEqual(ruleUpdate.author, existingRule.author)) { | ||
| throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400); | ||
| } else if (ruleUpdate.license !== existingRule.license) { | ||
| throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400); | ||
| } |
There was a problem hiding this comment.
Just to confirm update logic here, we want to throw on unsetting fields here too, correct? This is the only difference between the update and patch validation methods in this file
There was a problem hiding this comment.
Yes, that's correct. No changes should be allowed to the fields, including unsetting them.
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7104[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed. |
xcrzx
reviewed
Oct 8, 2024
Comment on lines
138
to
142
| if (!isEqual(ruleUpdate.author, existingRule.author)) { | ||
| throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400); | ||
| } else if (ruleUpdate.license !== existingRule.license) { | ||
| throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400); | ||
| } |
There was a problem hiding this comment.
Yes, that's correct. No changes should be allowed to the fields, including unsetting them.
x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
Outdated
Show resolved
Hide resolved
...rver/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
Outdated
Show resolved
Hide resolved
...ver/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11283158483 |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
cc @dplumlee |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 10, 2024
… Prebuilt rule types (elastic#195318) ## Summary Addresses elastic#180273 Adds validation in the `detectionRulesClient` to prevent the updating of non-customizable fields in Prebuilt rule types (i.e. external `rule_source`). Returns a `400` error if `author` or `license` fields are updated via `PUT` and `PATCH` endpoints for external rules. Also updates related test utils to reflect this new logic ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit 0004217)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 11, 2024
…ng for Prebuilt rule types (#195318) (#195837) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)](#195318) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-10T22:48:47Z","message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"00042177a8e976d379b5e40db3664db1e333999d","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:prev-minor","v8.16.0"],"title":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types","number":195318,"url":"https://github.com/elastic/kibana/pull/195318","mergeCommit":{"message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"00042177a8e976d379b5e40db3664db1e333999d"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195318","number":195318,"mergeCommit":{"message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"00042177a8e976d379b5e40db3664db1e333999d"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
banderror
added a commit
that referenced
this pull request
Oct 11, 2024
… fields in prebuilt rules (#195926) ## Summary The new tests added yesterday in #195318 have failed in the periodic pipeline ([build](https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-rule-management/builds/1408#019279c2-233d-405e-8758-7864b84d0524)). Skipping for now in MKI pipelines (periodic pipeline and the 2nd quality gate), otherwise it will block the next Serverless release. Ticket for unskipping: #195921
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #180273
Adds validation in the
detectionRulesClientto prevent the updating of non-customizable fields in Prebuilt rule types (i.e. externalrule_source). Returns a400error ifauthororlicensefields are updated viaPUTandPATCHendpoints for external rules.Also updates related test utils to reflect this new logic
Checklist
Delete any items that are not applicable to this PR.
For maintainers