[SIEM][Detection Engine] Converts from joi to use io-ts and moves the types to common #68127
Conversation
…ber and removed back end TODO
…the older joi schema and used newer mock methodologies
FrankHassanabad
changed the title
FrankHassanabad
added
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
| echo "" >> pre_packaged_rules.ndjson | ||
| done | ||
| echo "{\"exported_count\":$i,\"missing_rules\":[],\"missing_rules_count\":0}" >> pre_packaged_rules.ndjson | ||
|
|
There was a problem hiding this comment.
NOTE: This is just a helper script for ad-hoc creating pre packaged rules as ndjson and I just kind of snuck it in here with this :-)
…the create schema with regards to validation
…the stricter types for the tests
FrankHassanabad
changed the title
…ts from joi to io-ts
…ne since io-ts is slower than joi for importing
FrankHassanabad
changed the title
rylnd
left a comment
rylnd
left a comment
There was a problem hiding this comment.
Just adding some comments for now because a) I think they may be indicative of broader issues (or maybe just my misunderstanding :wink) and b) I've gotta run for the evening, but: this is an incredible amount of work that cleans things up TREMENDOUSLY and I want to thank you for the effort.
| }, | ||
| options: { | ||
| tags: ['access:securitySolution'], | ||
| tags: ['access:siem'], |
There was a problem hiding this comment.
Did we mean to revert these, or was this a bad conflict resolution?
There was a problem hiding this comment.
Bad conflict will fix and re-push.
| path: `${DETECTION_ENGINE_RULES_URL}/_bulk_create`, | ||
| validate: { | ||
| body: buildRouteValidation<RuleAlertParamsRest[]>(createRulesBulkSchema), | ||
| body: buildRouteValidation<typeof createRulesBulkSchema, CreateRulesBulkSchemaDecoded>( |
There was a problem hiding this comment.
Question: why do we need both createRulesBulkSchema and CreateRulesBulkSchemaDecoded? If our input is unknown and our output is CreateRulesBulkSchemaDecoded then we shouldn't need the intermediate type, right? (Okay, I realize why we need it right now, but having to specify both of these types feels like maybe we're doing something non-optimal here.)
There was a problem hiding this comment.
At some point, I would expect to be able to specify a single codec that converts a request (I) into our expected form (A), but I'm happy to reset that expectation given new info as well :)
There was a problem hiding this comment.
I would like that as well. I would like a way to specify the decoded type automatically without having to create one for it.
| riskScore: 80, | ||
| severity: 'low', | ||
| tags: [], | ||
| threat: [ |
There was a problem hiding this comment.
Here's that structure we were talking about today 😉
| }, | ||
| riskScore: { | ||
| type: FIELD_TYPES.RANGE, | ||
| serializer: (input: string) => Number(input), |
There was a problem hiding this comment.
Yeah, that was a good find. It makes sense, the HTML input must contain a string so they gave us a way to specify a serializer so we can convert from string to number
| * - If true is sent in then this will return an error | ||
| * - If false is sent in then this will allow it only false | ||
| */ | ||
| export const OnlyFalseAllowed: OnlyFalseAllowedC = new t.Type<boolean, boolean, unknown>( |
There was a problem hiding this comment.
I don't think you need to re-specify the generic arguments here, those should be inferred by the arguments (and enforced by OnlyFalseAllowedC)
There was a problem hiding this comment.
Yeah I can remove them in all the files, it was a pattern from io-ts I just modified from their examples.
It would be better to just use:
export const OnlyFalseAllowed = new t.Type<boolean, boolean, unknown>(
... code
);
export type OnlyFalseAllowedC = typeof OnlyFalseAllowed;And not re-type it twice everywhere. Will fix that.
|
|
||
| const decoded = addPrepackagedRulesSchema.decode(payload); | ||
| const checked = exactCheck<AddPrepackagedRulesSchema>( | ||
| (payload as unknown) as AddPrepackagedRulesSchema, |
There was a problem hiding this comment.
This is due to exactCheck requiring that original is constrained to T, right? If it were changed to unknown:
export const exactCheck = <T>(
original: unknown,
decoded: Either<t.Errors, T>
): Either<t.Errors, T> => {we wouldn't need to perform these casts. But perhaps I'm missing something?
There was a problem hiding this comment.
I think you're right, I changed it locally and it looks good. I have changed all of these everywhere and I also was able to remove a lot of the templating in a lot of spots too.
Thank you! 🙏
There was a problem hiding this comment.
nit: I think findDifferencesRecursive should also change to receive unknown, but if you wanna merge this tonight we can follow up after.
rylnd
left a comment
rylnd
left a comment
There was a problem hiding this comment.
Nothing else caught my eye, but given the size here someone else should probably take a look. Regardless, you've got my approval! 🚀 Onwards and upwards! 🚀
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
… types to common (elastic#68127) ## Summary * https://github.com/elastic/siem-team/issues/646 * Converts the detection rules and REST to use io-ts * Removes their joi counterparts * Updates all tests to use it * Fixes a bug with the risk_score that was being sent in as a string from the UI instead of a number * Fixes a bug within the exactCheck validating where it can now accept null value types for optional body messages. * Fixes a bug in the FindRoute where it did not send down fields from REST * Changes the lists plugin to utilize the io-ts types from siem rather than having them duplicated. * Makes some stronger validations * Adds a lot of codecs **Things to look out for:** * Generic testing to ensure I didn't break something that was not part of the tests. * Fix for the risk_score from string to number is in: ``` x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx ``` * Fix for the exact check (unit tests are written and added) ``` x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx ``` * Within all the types I added are there any misspelled things or copy-pasta mistakes with strings: x-pack/plugins/security_solution/common/detection_engine/schemas/types * Fix for `find_rules_route.ts:58` ``` x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts ``` **Follow on things that this PR doesn't do we need to:** * Add linter rule to forbid NodeJS code within common section * The `[object Object]` formatter issues seen in the code such as: ``` // TODO: Fix/Change the formatErrors to be better able to handle objects 'Invalid value "[object Object]" supplied to "note"', ``` * Formatter issues such as: `'Invalid value "" supplied to ""'` * Remove the hapi server object from lists plugin ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
… types to common (#68127) (#68611) ## Summary * https://github.com/elastic/siem-team/issues/646 * Converts the detection rules and REST to use io-ts * Removes their joi counterparts * Updates all tests to use it * Fixes a bug with the risk_score that was being sent in as a string from the UI instead of a number * Fixes a bug within the exactCheck validating where it can now accept null value types for optional body messages. * Fixes a bug in the FindRoute where it did not send down fields from REST * Changes the lists plugin to utilize the io-ts types from siem rather than having them duplicated. * Makes some stronger validations * Adds a lot of codecs **Things to look out for:** * Generic testing to ensure I didn't break something that was not part of the tests. * Fix for the risk_score from string to number is in: ``` x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx ``` * Fix for the exact check (unit tests are written and added) ``` x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx ``` * Within all the types I added are there any misspelled things or copy-pasta mistakes with strings: x-pack/plugins/security_solution/common/detection_engine/schemas/types * Fix for `find_rules_route.ts:58` ``` x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts ``` **Follow on things that this PR doesn't do we need to:** * Add linter rule to forbid NodeJS code within common section * The `[object Object]` formatter issues seen in the code such as: ``` // TODO: Fix/Change the formatErrors to be better able to handle objects 'Invalid value "[object Object]" supplied to "note"', ``` * Formatter issues such as: `'Invalid value "" supplied to ""'` * Remove the hapi server object from lists plugin ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
* master: (37 commits) [DOCS] Adds documentation for drilldowns (elastic#68122) [Telemetry] telemetry.sendUsageFrom: "server" by default (elastic#68071) [ML] Transforms: Support sub-aggregations (elastic#68306) Fixed pre-configured docs link points to the wrong page and functional tests configs (elastic#68606) [Ingest Manager] Update queries from `stream.*` to `dataset.*` (elastic#68322) Enable Watcher by default to fix bug in which Watcher doesn't render in the side nav (elastic#68602) Convert Index Templates API routes to snakecase. (elastic#68463) [SECURITY SOLUTION] [Detections] Add / Update e2e tests to ensure initial rule runs are successful (elastic#68441) [Ingest] OpenAPI spec file (elastic#68323) chore(NA): skip apis Endpoint plugin Endpoint policy api (elastic#68638) bumping makelogs version to v6.0.0 (elastic#66163) [SIEM] Add create template button (elastic#66613) Bump websocket-extensions from 0.1.3 to 0.1.4 (elastic#68414) [ML] Sample data modules - use event.dataset instead of index name (elastic#68538) [ML] Functional tests - fix job validation API test with maxModelMemoryLimit (elastic#68501) [ML] Functional tests - stabilize DFA job creation (elastic#68495) [TSVB] Allows the user to change the tooltip mode (elastic#67775) chore(NA): skip apis Endpoint plugin Endpoint alert API when data is in elasticsearch (elastic#68613) chore(NA): skip endpoint Endpoint Alert Page: when es has data and user has navigated to the page (elastic#68596) [SIEM][Detection Engine] Converts from joi to use io-ts and moves the types to common (elastic#68127) ...
## Summary * Smaller follow ups and bug fixes from: #68127 * Added unknown to `findDifferencesRecursive` * Added linter rule to catch NodeJS code in the common folders for both `lists` and `security_solution` * Removed the Hapi server type from the common folder of lists ### Checklist * Added unknown to the correct locations - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
## Summary * Smaller follow ups and bug fixes from: elastic#68127 * Added unknown to `findDifferencesRecursive` * Added linter rule to catch NodeJS code in the common folders for both `lists` and `security_solution` * Removed the Hapi server type from the common folder of lists ### Checklist * Added unknown to the correct locations - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
) ## Summary * Smaller follow ups and bug fixes from: #68127 * Added unknown to `findDifferencesRecursive` * Added linter rule to catch NodeJS code in the common folders for both `lists` and `security_solution` * Removed the Hapi server type from the common folder of lists ### Checklist * Added unknown to the correct locations - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
5 participants
Summary
Things to look out for:
x-pack/plugins/security_solution/common/detection_engine/schemas/types
find_rules_route.ts:58Follow on things that this PR doesn't do we need to:
[object Object]formatter issues seen in the code such as:'Invalid value "" supplied to ""'Checklist
Delete any items that are not applicable to this PR.