Skip to content

Commit

Permalink
[Security Solution] [Detections] Display rule type query text for non…
Browse files Browse the repository at this point in the history
…-custom query rule types (#178821)

## Summary

Ref: #174581

Fixes UI bug where "Custom query" would be displayed instead of the
actual rule type of "EQL Query" or "ESQL Query"

---------

Co-authored-by: Vitalii Dmyterko <[email protected]>
  • Loading branch information
dhurley14 and vitaliidm authored Mar 19, 2024
1 parent 674a750 commit 28c9753
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import {
buildNoteDescription,
buildRuleTypeDescription,
buildHighlightedFieldsOverrideDescription,
getQueryLabel,
} from './helpers';
import type { ListItems } from './types';

Expand Down Expand Up @@ -533,4 +534,35 @@ describe('helpers', () => {
expect(result).toHaveLength(0);
});
});

describe('getQueryLabel', () => {
test('returns query label for unknown rule type', () => {
const label = getQueryLabel(undefined);
expect(label).toEqual(i18n.QUERY_LABEL);
});
test('returns query label for query rule type', () => {
const label = getQueryLabel('query');
expect(label).toEqual(i18n.QUERY_LABEL);
});
test('returns query label for eql rule type', () => {
const label = getQueryLabel('eql');
expect(label).toEqual(i18n.EQL_QUERY_LABEL);
});
test('returns query label for saved_query rule type', () => {
const label = getQueryLabel('saved_query');
expect(label).toEqual(i18n.SAVED_QUERY_LABEL);
});
test('returns query label for threshold rule type', () => {
const label = getQueryLabel('threshold');
expect(label).toEqual(i18n.QUERY_LABEL);
});
test('returns query label for new_terms rule type', () => {
const label = getQueryLabel('new_terms');
expect(label).toEqual(i18n.QUERY_LABEL);
});
test('returns query label for esql rule type', () => {
const label = getQueryLabel('esql');
expect(label).toEqual(i18n.ESQL_QUERY_LABEL);
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,19 @@ const Query = styled.div`
white-space: pre-wrap;
`;

export const getQueryLabel = (ruleType: Type | undefined): string => {
switch (ruleType) {
case 'eql':
return i18n.EQL_QUERY_LABEL;
case 'saved_query':
return i18n.SAVED_QUERY_LABEL;
case 'esql':
return i18n.ESQL_QUERY_LABEL;
default:
return i18n.QUERY_LABEL;
}
};

export const buildQueryBarDescription = ({
field,
filters,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,29 @@ describe('description_step', () => {
mockQueryBar.queryBar.query.query
);
});

test('returns correct field name when queryBar exist', () => {
const mockQueryBar = {
ruleType: 'eql',
queryBar: {
query: {
query: 'user.name: root or user.name: admin',
language: 'kuery',
},
filters: null,
saved_id: null,
},
};
const result: ListItems[] = getDescriptionItem(
'queryBar',
'Query bar label',
mockQueryBar,
mockFilterManager,
mockLicenseService
);

expect(result[0].title).toEqual(<>{i18n.EQL_QUERY_LABEL}</>);
});
});

describe('threat', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ import {
buildAlertSuppressionWindowDescription,
buildAlertSuppressionMissingFieldsDescription,
buildHighlightedFieldsOverrideDescription,
getQueryLabel,
} from './helpers';
import * as i18n from './translations';
import { buildMlJobsDescription } from './build_ml_jobs_description';
Expand Down Expand Up @@ -200,11 +201,14 @@ export const getDescriptionItem = (
const query = get('queryBar.query.query', data);
const savedId = get('queryBar.saved_id', data);
const savedQueryName = get('queryBar.title', data);
const ruleType: Type = get('ruleType', data);
const queryLabel = getQueryLabel(ruleType);
return buildQueryBarDescription({
field,
filters,
filterManager,
query,
queryLabel,
savedId,
savedQueryName,
indexPatterns,
Expand Down

0 comments on commit 28c9753

Please sign in to comment.