Skip to content

Commit

Permalink
[8.16] [Security Solution] [Security assistant] Fixes errors when cre…
Browse files Browse the repository at this point in the history 
…ating conversations with special characters in the title (elastic#197319) (elastic#197495)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] [Security assistant] Fixes errors when creating
conversations with special characters in the title
(elastic#197319)](elastic#197319)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Andrew
Macri","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-23T16:13:19Z","message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (elastic#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](elastic/security-team#10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","v8.16.0","backport:version"],"title":"[Security Solution] [Security
assistant] Fixes errors when creating conversations with special
characters in the
title","number":197319,"url":"https://github.com/elastic/kibana/pull/197319","mergeCommit":{"message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (elastic#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](elastic/security-team#10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197319","number":197319,"mergeCommit":{"message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (elastic#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](elastic/security-team#10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Andrew Macri <[email protected]>
  • Loading branch information
@kibanamachine @andrew-goldstein
kibanamachine and andrew-goldstein authored Oct 23, 2024
1 parent 3d98f6c commit 8df3967
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 1 deletion.
46 changes: 46 additions & 0 deletions x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,52 @@ describe('Create conversation route', () => {

expect(result.badRequest).toHaveBeenCalled();
});

test('escapes colons when querying for existing titles', async () => {
const request = requestMock.create({
method: 'post',
path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL,
body: {
...getCreateConversationSchemaMock(),
title: 'test: Malware infection: with credential theft attempt - 2875e', // <-- contains colons
},
});

await server.inject(request, requestContextMock.convertContext(context));

expect(
clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments
).toHaveBeenCalledWith({
fields: ['title'],
filter:
'users:{ name: "my_username" } AND title:test\\: Malware infection\\: with credential theft attempt - 2875e',
page: 1,
perPage: 100,
});
});

test('escapes quotes when querying for existing titles', async () => {
const request = requestMock.create({
method: 'post',
path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL,
body: {
...getCreateConversationSchemaMock(),
title: '"Malware infection with credential theft attempt - 2875e"', // <-- contains quotes
},
});

await server.inject(request, requestContextMock.convertContext(context));

expect(
clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments
).toHaveBeenCalledWith({
fields: ['title'],
filter:
'users:{ name: "my_username" } AND title:\\"Malware infection with credential theft attempt - 2875e\\"',
page: 1,
perPage: 100,
});
});
});
describe('conversation containing messages', () => {
const getMessage = (role: string = 'user') => ({
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ import {
API_VERSIONS,
} from '@kbn/elastic-assistant-common';
import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
import { escapeKuery } from '@kbn/es-query';

import { ElasticAssistantPluginRouter } from '../../types';
import { buildResponse } from '../utils';
import { performChecks } from '../helpers';
Expand Down Expand Up @@ -58,10 +60,13 @@ export const createConversationRoute = (router: ElasticAssistantPluginRouter): v
const userFilter = currentUser?.username
? `name: "${currentUser?.username}"`
: `id: "${currentUser?.profile_uid}"`;

const escapedTitle = escapeKuery(request.body.title);

const result = await dataClient?.findDocuments({
perPage: 100,
page: 1,
filter: `users:{ ${userFilter} } AND title:${request.body.title}`,
filter: `users:{ ${userFilter} } AND title:${escapedTitle}`,
fields: ['title'],
});
if (result?.data != null && result.total > 0) {
Expand Down

0 comments on commit 8df3967

Please sign in to comment.