[Security Solution][Detection Engine] Fixes agnostic type bug (#108610)

## Summary Fixes agnostic type bug where in part 1 (#108225), I incorrectly used the same saved object type for both `single` and `agnostic`. Before the references for SO's were: ```json "references" : [ { "name" : "param:exceptionsList_0", "id" : "endpoint_list", "type" : "exception-list" <--- This should have been "exception-list-agnostic" type }, { "name" : "param:exceptionsList_1", "id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c", "type" : "exception-list" } ], ``` After: ```json "references" : [ { "name" : "param:exceptionsList_0", "id" : "endpoint_list", "type" : "exception-list-agnostic" <--- This should now be the "exception-list-agnostic" type }, { "name" : "param:exceptionsList_1", "id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c", "type" : "exception-list" } ], ``` Manual testing: Add a new `security_solution` alert and exception list as well as an endpoint list to it. Then save it <img width="1581" alt="Screen Shot 2021-08-13 at 5 00 39 PM" src="https://user-images.githubusercontent.com/1151048/129425847-78025aba-6d7a-4a5a-9d4f-950ec664596c.png"> <img width="1571" alt="Screen Shot 2021-08-13 at 5 00 47 PM" src="https://user-images.githubusercontent.com/1151048/129425848-42018331-cac6-4411-8153-3441a8af6f34.png"> Do this query in dev tools: ```json GET .kibana-hassanabad19/_search { "query": { "terms": { "alert.alertTypeId": [ "siem.signals" ] } }, "size": 10000 } ``` And check to ensure that the references look like the after picture where type has : `"type" : "exception-list-agnostic"` if we have an agnostic list. Ensure that on a page reload that the exception types are still there on the rule. Ensure that there are no errors in the console about not finding the correct SO type or anything else odd. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
elastic · Aug 16, 2021 · 0b44c13 · 0b44c13
1 parent 38b9d58
commit 0b44c13
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 18 deletions.
diff --git a/..._solution/server/lib/detection_engine/signals/saved_object_references/README.md b/..._solution/server/lib/detection_engine/signals/saved_object_references/README.md
@@ -58,7 +58,7 @@ to any newly saved rule:
             {
               "name" : "param:exceptionsList_0",
               "id" : "endpoint_list",
-              "type" : "exception-list"
+              "type" : "exception-list-agnostic"
             },
             {
               "name" : "param:exceptionsList_1",

diff --git a/...rver/lib/detection_engine/signals/saved_object_references/extract_exceptions_list.test.ts b/...rver/lib/detection_engine/signals/saved_object_references/extract_exceptions_list.test.ts
@@ -8,8 +8,11 @@
 import { extractExceptionsList } from './extract_exceptions_list';
 import { loggingSystemMock } from 'src/core/server/mocks';
 import { RuleParams } from '../../schemas/rule_schemas';
-import { EXCEPTION_LIST_NAMESPACE } from '@kbn/securitysolution-list-constants';
-import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils';
+import {
+  EXCEPTION_LIST_NAMESPACE,
+  EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
+} from '@kbn/securitysolution-list-constants';
+import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils/constants';
 
 describe('extract_exceptions_list', () => {
   type FuncReturn = ReturnType<typeof extractExceptionsList>;
@@ -48,21 +51,21 @@ describe('extract_exceptions_list', () => {
       {
         id: '123',
         name: `${EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME}_0`,
-        type: EXCEPTION_LIST_NAMESPACE,
+        type: EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
       },
     ]);
   });
 
-  test('It returns two exception lists transformed into a saved object references', () => {
+  test('It returns 2 exception lists transformed into a saved object references', () => {
     const twoInputs: RuleParams['exceptionsList'] = [
       mockExceptionsList()[0],
-      { ...mockExceptionsList()[0], id: '976' },
+      { ...mockExceptionsList()[0], id: '976', namespace_type: 'single' },
     ];
     expect(extractExceptionsList({ logger, exceptionsList: twoInputs })).toEqual<FuncReturn>([
       {
         id: '123',
         name: `${EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME}_0`,
-        type: EXCEPTION_LIST_NAMESPACE,
+        type: EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
       },
       {
         id: '976',

diff --git a/...on/server/lib/detection_engine/signals/saved_object_references/extract_exceptions_list.ts b/...on/server/lib/detection_engine/signals/saved_object_references/extract_exceptions_list.ts
@@ -6,7 +6,7 @@
  */
 
 import { Logger, SavedObjectReference } from 'src/core/server';
-import { EXCEPTION_LIST_NAMESPACE } from '@kbn/securitysolution-list-constants';
+import { getSavedObjectType } from '@kbn/securitysolution-list-utils';
 import { RuleParams } from '../../schemas/rule_schemas';
 import { getSavedObjectNamePatternForExceptionsList } from './utils';
 
@@ -35,7 +35,7 @@ export const extractExceptionsList = ({
     return exceptionsList.map((exceptionItem, index) => ({
       name: getSavedObjectNamePatternForExceptionsList(index),
       id: exceptionItem.id,
-      type: EXCEPTION_LIST_NAMESPACE,
+      type: getSavedObjectType({ namespaceType: exceptionItem.namespace_type }),
     }));
   }
 };
diff --git a/...on/server/lib/detection_engine/signals/saved_object_references/extract_references.test.ts b/...on/server/lib/detection_engine/signals/saved_object_references/extract_references.test.ts
@@ -8,8 +8,11 @@
 import { loggingSystemMock } from 'src/core/server/mocks';
 import { extractReferences } from './extract_references';
 import { RuleParams } from '../../schemas/rule_schemas';
-import { EXCEPTION_LIST_NAMESPACE } from '@kbn/securitysolution-list-constants';
-import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils';
+import {
+  EXCEPTION_LIST_NAMESPACE,
+  EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
+} from '@kbn/securitysolution-list-constants';
+import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils/constants';
 
 describe('extract_references', () => {
   type FuncReturn = ReturnType<typeof extractReferences>;
@@ -43,6 +46,36 @@ describe('extract_references', () => {
         {
           id: '123',
           name: `${EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME}_0`,
+          type: EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
+        },
+      ],
+    });
+  });
+
+  test('It returns params untouched and the references extracted as 2 exception list saved object references', () => {
+    const params: Partial<RuleParams> = {
+      note: 'some note',
+      exceptionsList: [
+        mockExceptionsList()[0],
+        { ...mockExceptionsList()[0], id: '456', namespace_type: 'single' },
+      ],
+    };
+    expect(
+      extractReferences({
+        logger,
+        params: params as RuleParams,
+      })
+    ).toEqual<FuncReturn>({
+      params: params as RuleParams,
+      references: [
+        {
+          id: '123',
+          name: `${EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME}_0`,
+          type: EXCEPTION_LIST_NAMESPACE_AGNOSTIC,
+        },
+        {
+          id: '456',
+          name: `${EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME}_1`,
           type: EXCEPTION_LIST_NAMESPACE,
         },
       ],

diff --git a/...erver/lib/detection_engine/signals/saved_object_references/inject_exceptions_list.test.ts b/...erver/lib/detection_engine/signals/saved_object_references/inject_exceptions_list.test.ts
@@ -7,10 +7,10 @@
 
 import { loggingSystemMock } from 'src/core/server/mocks';
 import { SavedObjectReference } from 'src/core/server';
-import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils';
 import { EXCEPTION_LIST_NAMESPACE } from '@kbn/securitysolution-list-constants';
 import { injectExceptionsReferences } from './inject_exceptions_list';
 import { RuleParams } from '../../schemas/rule_schemas';
+import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils/constants';
 
 describe('inject_exceptions_list', () => {
   type FuncReturn = ReturnType<typeof injectExceptionsReferences>;

diff --git a/...ion/server/lib/detection_engine/signals/saved_object_references/inject_references.test.ts b/...ion/server/lib/detection_engine/signals/saved_object_references/inject_references.test.ts
@@ -7,10 +7,10 @@
 
 import { loggingSystemMock } from 'src/core/server/mocks';
 import { SavedObjectReference } from 'src/core/server';
-import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils';
 import { EXCEPTION_LIST_NAMESPACE } from '@kbn/securitysolution-list-constants';
 import { injectReferences } from './inject_references';
 import { RuleParams } from '../../schemas/rule_schemas';
+import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './utils/constants';
 
 describe('inject_references', () => {
   type FuncReturn = ReturnType<typeof injectReferences>;

diff --git a/...b/detection_engine/signals/saved_object_references/utils/get_saved_object_name_pattern.ts b/...b/detection_engine/signals/saved_object_references/utils/get_saved_object_name_pattern.ts
@@ -6,7 +6,7 @@
  */
 
 /**
- * Given a name and index this will return the pattern of "${name_${index}"
+ * Given a name and index this will return the pattern of "${name}_${index}"
  * @param name The name to suffix the string
  * @param index The index to suffix the string
  * @returns The pattern "${name_${index}"

diff --git a/...ls/saved_object_references/utils/get_saved_object_name_pattern_for_exception_list.test.ts b/...ls/saved_object_references/utils/get_saved_object_name_pattern_for_exception_list.test.ts
@@ -5,10 +5,8 @@
  * 2.0.
  */
 
-import {
-  EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME,
-  getSavedObjectNamePatternForExceptionsList,
-} from '.';
+import { EXCEPTIONS_SAVED_OBJECT_REFERENCE_NAME } from './constants';
+import { getSavedObjectNamePatternForExceptionsList } from './get_saved_object_name_pattern_for_exception_list';
 
 describe('get_saved_object_name_pattern_for_exception_list', () => {
   test('returns expected pattern given a zero', () => {