[Osquery] Fix infinite loop (#124332)

Co-authored-by: Patryk Kopycinski <[email protected]>
elastic · Feb 14, 2022 · 1f4a7d4 · 1f4a7d4
1 parent b4855ba
commit 1f4a7d4
Show file tree

Hide file tree

Showing 15 changed files with 252 additions and 122 deletions.
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_1.ndjson b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_1.ndjson
@@ -0,0 +1,19 @@
+{
+  "attributes": {
+    "created_at": "2022-02-03T07:43:10.311Z",
+    "created_by": "elastic",
+    "description": "fdsfsd",
+    "ecs_mapping": [],
+    "id": "NOMAPPING",
+    "interval": 3600,
+    "query": "select * from uptime;",
+    "updated_at": "2022-02-03T08:22:01.662Z",
+    "updated_by": "elastic"
+  },
+  "coreMigrationVersion": "8.1.0",
+  "id": "ef31d680-84c4-11ec-991b-07bb2d53cda5",
+  "references": [],
+  "type": "osquery-saved-query",
+  "updated_at": "2022-02-03T08:22:01.668Z",
+  "version": "WzE3ODk5LDFd"
+}
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_2.ndjson b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_2.ndjson
@@ -0,0 +1,26 @@
+{
+  "attributes": {
+    "created_at": "2022-02-03T08:22:26.355Z",
+    "created_by": "elastic",
+    "description": "",
+    "ecs_mapping": [
+      {
+        "key": "client.geo.continent_name",
+        "value": {
+          "field": "seconds"
+        }
+      }
+    ],
+    "id": "ONE_MAPPING_CHANGED",
+    "interval": 3600,
+    "query": "select * from uptime;",
+    "updated_at": "2022-02-03T08:24:52.429Z",
+    "updated_by": "elastic"
+  },
+  "coreMigrationVersion": "8.1.0",
+  "id": "6b819f40-84ca-11ec-991b-07bb2d53cda5",
+  "references": [],
+  "type": "osquery-saved-query",
+  "updated_at": "2022-02-03T08:24:52.436Z",
+  "version": "WzE3OTAwLDFd"
+}
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_3.ndjson b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/ecs_mapping_3.ndjson
@@ -0,0 +1,37 @@
+{
+  "attributes": {
+    "created_at": "2022-02-03T08:22:54.372Z",
+    "created_by": "elastic",
+    "ecs_mapping": [
+      {
+        "key": "labels",
+        "value": {
+          "field": "days"
+        }
+      },
+      {
+        "key": "tags",
+        "value": {
+          "field": "seconds"
+        }
+      },
+      {
+        "key": "client.address",
+        "value": {
+          "field": "total_seconds"
+        }
+      }
+    ],
+    "id": "MULTIPLE_MAPPINGS",
+    "interval": "3600",
+    "query": "select * from uptime; ",
+    "updated_at": "2022-02-03T08:22:54.372Z",
+    "updated_by": "elastic"
+  },
+  "coreMigrationVersion": "8.1.0",
+  "id": "7c348640-84ca-11ec-991b-07bb2d53cda5",
+  "references": [],
+  "type": "osquery-saved-query",
+  "updated_at": "2022-02-03T08:22:54.375Z",
+  "version": "WzE3OTAxLDFd"
+}
diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/delete_all_ecs_mappings.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/delete_all_ecs_mappings.spec.ts
@@ -28,20 +28,16 @@ describe('SuperUser - Delete ECS Mappings', () => {
     cy.react('CustomItemAction', {
       props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } },
     }).click();
-    cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should(
-      'exist'
-    );
+    cy.contains('Custom key/value pairs.').should('exist');
     cy.contains('Hours of uptime').should('exist');
     cy.react('EuiButtonIcon', { props: { id: 'labels-trash' } }).click();
     cy.react('EuiButton').contains('Update query').click();
-    cy.wait(1000);
+    cy.wait(5000);
 
     cy.react('CustomItemAction', {
       props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } },
     }).click();
-    cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should(
-      'not.exist'
-    );
+    cy.contains('Custom key/value pairs').should('not.exist');
     cy.contains('Hours of uptime').should('not.exist');
   });
 });
diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/packs.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/packs.spec.ts
@@ -26,6 +26,9 @@ describe('SuperUser - Packs', () => {
   describe('Create and edit a pack', () => {
     before(() => {
       runKbnArchiverScript(ArchiverMethod.LOAD, 'saved_query');
+      runKbnArchiverScript(ArchiverMethod.LOAD, 'ecs_mapping_1');
+      runKbnArchiverScript(ArchiverMethod.LOAD, 'ecs_mapping_2');
+      runKbnArchiverScript(ArchiverMethod.LOAD, 'ecs_mapping_3');
     });
     beforeEach(() => {
       login();
@@ -34,6 +37,9 @@ describe('SuperUser - Packs', () => {
 
     after(() => {
       runKbnArchiverScript(ArchiverMethod.UNLOAD, 'saved_query');
+      runKbnArchiverScript(ArchiverMethod.UNLOAD, 'ecs_mapping_1');
+      runKbnArchiverScript(ArchiverMethod.UNLOAD, 'ecs_mapping_2');
+      runKbnArchiverScript(ArchiverMethod.UNLOAD, 'ecs_mapping_3');
     });
 
     it('should add a pack from a saved query', () => {
@@ -146,6 +152,46 @@ describe('SuperUser - Packs', () => {
       cy.contains(/^No items found/);
     });
 
+    it('enable changing saved queries and ecs_mappings', () => {
+      preparePack(PACK_NAME, SAVED_QUERY_ID);
+      cy.contains(/^Edit$/).click();
+
+      findAndClickButton('Add query');
+
+      cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
+        .click()
+        .type('Multiple {downArrow} {enter}');
+      cy.contains('Custom key/value pairs');
+      cy.contains('Days of uptime');
+      cy.contains('List of keywords used to tag each');
+      cy.contains('Seconds of uptime');
+      cy.contains('Client network address.');
+      cy.contains('Total uptime seconds');
+
+      cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
+        .click()
+        .type('NOMAPPING {downArrow} {enter}');
+      cy.contains('Custom key/value pairs').should('not.exist');
+      cy.contains('Days of uptime').should('not.exist');
+      cy.contains('List of keywords used to tag each').should('not.exist');
+      cy.contains('Seconds of uptime').should('not.exist');
+      cy.contains('Client network address.').should('not.exist');
+      cy.contains('Total uptime seconds').should('not.exist');
+
+      cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
+        .click()
+        .type('ONE_MAPPING {downArrow} {enter}');
+      cy.contains('Name of the continent');
+      cy.contains('Seconds of uptime');
+
+      findAndClickButton('Save');
+      cy.react('CustomItemAction', {
+        props: { index: 0, item: { id: 'ONE_MAPPING_CHANGED' } },
+      }).click();
+      cy.contains('Name of the continent');
+      cy.contains('Seconds of uptime');
+    });
+
     it('to click delete button', () => {
       preparePack(PACK_NAME, SAVED_QUERY_ID);
       findAndClickButton('Edit');
@@ -156,7 +202,7 @@ describe('SuperUser - Packs', () => {
     beforeEach(() => {
       login();
     });
-    const AGENT_NAME = 'PackTest';
+    const AGENT_NAME = 'PackTest2';
     const REMOVING_PACK = 'removing-pack';
     it('add integration', () => {
       cy.visit(FLEET_AGENT_POLICIES);
@@ -165,7 +211,7 @@ describe('SuperUser - Packs', () => {
       cy.get('.euiFlyoutFooter').contains('Create agent policy').click();
       cy.contains(`Agent policy '${AGENT_NAME}' created`);
       cy.visit(FLEET_AGENT_POLICIES);
-      cy.contains('Default Fleet Server policy').click();
+      cy.contains(AGENT_NAME).click();
       cy.contains('Add integration').click();
       cy.contains(integration).click();
       addIntegration(AGENT_NAME);
@@ -194,25 +240,9 @@ describe('SuperUser - Packs', () => {
       navigateTo('app/osquery/packs');
       cy.contains(REMOVING_PACK).click();
       cy.contains(`${REMOVING_PACK} details`);
+      cy.wait(1000);
       findAndClickButton('Edit');
       cy.react('EuiComboBoxInput', { props: { value: '' } }).should('exist');
     });
   });
-  describe.skip('Remove queries from pack', () => {
-    const TEST_PACK = 'Test-pack';
-    before(() => {
-      runKbnArchiverScript(ArchiverMethod.LOAD, 'hardware_monitoring');
-    });
-    beforeEach(() => {
-      login();
-      navigateTo('/app/osquery');
-    });
-    after(() => {
-      runKbnArchiverScript(ArchiverMethod.UNLOAD, 'hardware_monitoring');
-    });
-
-    it('should remove ALL queries', () => {
-      preparePack(TEST_PACK, SAVED_QUERY_ID);
-    });
-  });
 });
diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
@@ -227,6 +227,8 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
         if (!isEmpty(savedQuery.ecs_mapping)) {
           setFieldValue('ecs_mapping', savedQuery.ecs_mapping);
           setAdvancedContentState('open');
+        } else {
+          setFieldValue('ecs_mapping', {});
         }
       } else {
         setFieldValue('savedQueryId', null);

diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
@@ -586,33 +586,36 @@ export const ECSMappingEditorForm = forwardRef<ECSMappingEditorFormRef, ECSMappi
     const editForm = !!defaultValue;
     const multipleValuesField = useRef(false);
     const currentFormData = useRef(defaultValue);
-    const formSchema = {
-      key: {
-        type: FIELD_TYPES.COMBO_BOX,
-        fieldsToValidateOnChange: ['result.value'],
-        validations: [
-          {
-            validator: getEcsFieldValidator(editForm),
-          },
-        ],
-      },
-      result: {
-        type: {
-          defaultValue: OSQUERY_COLUMN_VALUE_TYPE_OPTIONS[0].value,
+    const formSchema = useMemo(
+      () => ({
+        key: {
           type: FIELD_TYPES.COMBO_BOX,
           fieldsToValidateOnChange: ['result.value'],
-        },
-        value: {
-          type: FIELD_TYPES.COMBO_BOX,
-          fieldsToValidateOnChange: ['key'],
           validations: [
             {
-              validator: getOsqueryResultFieldValidator(osquerySchemaOptions, editForm),
+              validator: getEcsFieldValidator(editForm),
             },
           ],
         },
-      },
-    };
+        result: {
+          type: {
+            defaultValue: OSQUERY_COLUMN_VALUE_TYPE_OPTIONS[0].value,
+            type: FIELD_TYPES.COMBO_BOX,
+            fieldsToValidateOnChange: ['result.value'],
+          },
+          value: {
+            type: FIELD_TYPES.COMBO_BOX,
+            fieldsToValidateOnChange: ['key'],
+            validations: [
+              {
+                validator: getOsqueryResultFieldValidator(osquerySchemaOptions, editForm),
+              },
+            ],
+          },
+        },
+      }),
+      [editForm, osquerySchemaOptions]
+    );
 
     const { form } = useForm({
       // @ts-expect-error update types
@@ -1009,6 +1012,14 @@ export const ECSMappingEditorField = React.memo(
       });
     }, [query]);
 
+    useEffect(() => {
+      Object.keys(formRefs.current).forEach((key) => {
+        if (!value[key]) {
+          delete formRefs.current[key];
+        }
+      });
+    }, [value]);
+
     const handleAddRow = useCallback(
       (newRow) => {
         if (newRow?.key && newRow?.value) {

diff --git a/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx b/x-pack/plugins/osquery/public/packs/queries/query_flyout.tsx
@@ -76,36 +76,35 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
 
   const handleSetQueryValue = useCallback(
     (savedQuery) => {
-      if (!savedQuery) {
-        reset();
-      }
+      reset();
 
-      setFieldValue('id', savedQuery.id);
-      setFieldValue('query', savedQuery.query);
+      if (savedQuery) {
+        setFieldValue('id', savedQuery.id);
+        setFieldValue('query', savedQuery.query);
 
-      if (savedQuery.description) {
-        setFieldValue('description', savedQuery.description);
-      }
+        if (savedQuery.description) {
+          setFieldValue('description', savedQuery.description);
+        }
 
-      if (savedQuery.interval) {
-        setFieldValue('interval', savedQuery.interval);
-      }
+        if (savedQuery.interval) {
+          setFieldValue('interval', savedQuery.interval);
+        }
 
-      if (savedQuery.platform) {
-        setFieldValue('platform', savedQuery.platform);
-      }
+        if (savedQuery.platform) {
+          setFieldValue('platform', savedQuery.platform);
+        }
 
-      if (savedQuery.version) {
-        setFieldValue('version', [savedQuery.version]);
-      }
+        if (savedQuery.version) {
+          setFieldValue('version', [savedQuery.version]);
+        }
 
-      if (savedQuery.ecs_mapping) {
-        setFieldValue('ecs_mapping', savedQuery.ecs_mapping);
+        if (savedQuery.ecs_mapping) {
+          setFieldValue('ecs_mapping', savedQuery.ecs_mapping);
+        }
       }
     },
     [setFieldValue, reset]
   );
-
   /* Avoids accidental closing of the flyout when the user clicks outside of the flyout */
   const maskProps = useMemo(() => ({ onClick: () => ({}) }), []);