Skip to content

[Security Solution] [Detections] Updates rules routes to validate "from" param on rules#76000

Merged
dhurley14 merged 6 commits intoelastic:masterfrom
dhurley14:update-from-param-validation
Aug 26, 2020
Merged

[Security Solution] [Detections] Updates rules routes to validate "from" param on rules#76000
dhurley14 merged 6 commits intoelastic:masterfrom
dhurley14:update-from-param-validation

Conversation

@dhurley14
Copy link
Contributor

@dhurley14 dhurley14 commented Aug 26, 2020
edited
Loading

Summary

updates validation on 'from' param to prevent malformed datemath strings from being accepted when creating, patching / updating, and importing rules.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@dhurley14 dhurley14 changed the title updates validation on 'from' param to prevent malformed datemath stri… [Security Solution] [Detections] Adds validation for datemath on rules api Aug 26, 2020
@dhurley14 dhurley14 changed the title [Security Solution] [Detections] Adds validation for datemath on rules api [Security Solution] [Detections] Updates rules routes to validate "from" param on rules Aug 26, 2020
dhurley14
dhurley14 commented Aug 26, 2020
View reviewed changes
x-pack/plugins/security_solution/common/detection_engine/utils.ts Outdated
Comment on lines 25 to 35
Copy link
Contributor Author

@dhurley14 dhurley14 Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved this function into common because I needed to use it in the schema validations.

@dhurley14 dhurley14 self-assigned this Aug 26, 2020
@dhurley14 dhurley14 force-pushed the update-from-param-validation branch from 42922e4 to 390d7de Compare August 26, 2020 18:01
@dhurley14 dhurley14 added Feature:Detection Rules Security Solution rules and Detection Engine release_note:skip Skip the PR/issue when compiling release notes v7.10.0 v7.9.1 v8.0.0 Team:SIEM review labels Aug 26, 2020
@dhurley14 dhurley14 marked this pull request as ready for review August 26, 2020 18:10
@dhurley14 dhurley14 requested review from a team as code owners August 26, 2020 18:10
@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 26, 2020

Pinging @elastic/siem (Team:SIEM)

rylnd
rylnd approved these changes Aug 26, 2020
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! The new codec is straightforward, tests are comprehensive, :shipit:

...s/security_solution/server/lib/detection_engine/routes/rules/create_rules_bulk_route.test.ts Outdated
const request = requestMock.create({
method: 'post',
path: `${DETECTION_ENGINE_RULES_URL}/_bulk_create`,
body: [{ from: 'now-7m', interval: '5m', ...getCreateRulesSchemaMock(), type: 'query' }],
Copy link
Contributor

@rylnd rylnd Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the mock placed in the middle of the object here?

Copy link
Contributor Author

@dhurley14 dhurley14 Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No specific reason. I can re-organize this.

...plugins/security_solution/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts
import { requestContextMock, serverMock, requestMock } from '../__mocks__';
import { patchRulesRoute } from './patch_rules_route';
import { getCreateRulesSchemaMock } from '../../../../../common/detection_engine/schemas/request/create_rules_schema.mock';
import { getPatchRulesSchemaMock } from '../../../../../common/detection_engine/schemas/request/patch_rules_schema.mock';
Copy link
Contributor

@rylnd rylnd Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 good catch on these

@kibanamachine
Copy link
Contributor

kibanamachine commented Aug 26, 2020

💚 Build Succeeded

Build metrics

async chunks size

id value diff baseline
securitySolution 9.5MB -195.0B 9.5MB

page load bundle size

id value diff baseline
securitySolution 809.9KB +2.1KB 807.8KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@dhurley14 dhurley14 merged commit 979d1db into elastic:master Aug 26, 2020
@dhurley14 dhurley14 deleted the update-from-param-validation branch August 26, 2020 22:18
This was referenced Aug 26, 2020
Merged
Merged
dhurley14 added a commit to dhurley14/kibana that referenced this pull request Aug 26, 2020
@dhurley14
[Security Solution] [Detections] Updates rules routes to validate "fr…
51ae648 
…om" param on rules (elastic#76000)

* updates validation on 'from' param to prevent malformed datemath strings from being accepted

* fix imports

* copy paste is not my friend

* missed type check somehow

* forgot to mock common utils

* updates bodies for request validation tests
dhurley14 added a commit to dhurley14/kibana that referenced this pull request Aug 26, 2020
@dhurley14
[Security Solution] [Detections] Updates rules routes to validate "fr…
b3900e2 
…om" param on rules (elastic#76000)

* updates validation on 'from' param to prevent malformed datemath strings from being accepted

* fix imports

* copy paste is not my friend

* missed type check somehow

* forgot to mock common utils

* updates bodies for request validation tests
dhurley14 added a commit that referenced this pull request Aug 27, 2020
@dhurley14
[7.x] [Security Solution] [Detections] Updates rules routes to valida…
35aea0d 
…te "from" param on rules (#76000) (#76047)

* updates validation on 'from' param to prevent malformed datemath strings from being accepted

* fix imports

* copy paste is not my friend

* missed type check somehow

* forgot to mock common utils

* updates bodies for request validation tests
dhurley14 added a commit that referenced this pull request Aug 27, 2020
@dhurley14
[7.9] [Security Solution] [Detections] Updates rules routes to valida…
f3d36a1 
…te "from" param on rules (#76000) (#76048)

* updates validation on 'from' param to prevent malformed datemath strings from being accepted

* fix imports

* copy paste is not my friend

* missed type check somehow

* forgot to mock common utils

* updates bodies for request validation tests
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rylnd rylnd rylnd approved these changes

Assignees

@dhurley14 dhurley14

Labels

Feature:Detection Rules Security Solution rules and Detection Engine release_note:skip Skip the PR/issue when compiling release notes review Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.1 v7.10.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dhurley14 @elasticmachine @kibanamachine @rylnd @MindyRS