Skip to content

Commit

Permalink
[7.6] [SIEM] [Detections Engine] Import rules unit tests (#57466) (#5…
Browse files Browse the repository at this point in the history
…8019)

* [SIEM] [Detections Engine] Import rules unit tests (#57466)

* Added unit tests for detection engine import_rules_route and moved out small portion of import_rules_route into a util to be unit tested as well.

Co-authored-by: Elastic Machine <[email protected]>

* Updating tests to reflect state of 7.6. 7.7 and 8 include code from # 56814 that was not backported to 7.6

Co-authored-by: Elastic Machine <[email protected]>
  • Loading branch information
yctercero and elasticmachine authored Feb 20, 2020
1 parent 0a87f2d commit d18b21b
Show file tree
Hide file tree
Showing 8 changed files with 669 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,28 @@ export const createMockServerWithoutActionOrAlertClientDecoration = (
};
};

export const createMockServerWithoutSavedObjectDecoration = (
config: Record<string, string> = defaultConfig
) => {
const serverWithoutSavedObjectClient = new Hapi.Server({
port: 0,
});

serverWithoutSavedObjectClient.config = () => createMockKibanaConfig(config);

const actionsClient = actionsClientMock.create();
const alertsClient = alertsClientMock.create();

serverWithoutSavedObjectClient.decorate('request', 'getAlertsClient', () => alertsClient);
serverWithoutSavedObjectClient.decorate('request', 'getActionsClient', () => actionsClient);
serverWithoutSavedObjectClient.plugins.spaces = { getSpaceId: () => 'default' };
return {
serverWithoutSavedObjectClient: serverWithoutSavedObjectClient as ServerFacade & Hapi.Server,
alertsClient,
actionsClient,
};
};

export const getMockIndexName = () =>
jest.fn().mockImplementation(() => ({
callWithRequest: jest.fn().mockImplementationOnce(() => 'index-name'),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import {
} from '../../../../../common/constants';
import { RuleAlertType, IRuleSavedAttributesSavedObjectAttributes } from '../../rules/types';
import { RuleAlertParamsRest, PrepackagedRules } from '../../types';
import { TEST_BOUNDARY } from './utils';

export const mockPrepackagedRule = (): PrepackagedRules => ({
rule_id: 'rule-1',
Expand Down Expand Up @@ -223,6 +224,24 @@ export const getFindResultWithMultiHits = ({
};
};

export const getImportRulesRequest = (payload?: Buffer): ServerInjectOptions => ({
method: 'POST',
url: `${DETECTION_ENGINE_RULES_URL}/_import`,
headers: {
'Content-Type': `multipart/form-data; boundary=${TEST_BOUNDARY}`,
},
payload,
});

export const getImportRulesRequestOverwriteTrue = (payload?: Buffer): ServerInjectOptions => ({
method: 'POST',
url: `${DETECTION_ENGINE_RULES_URL}/_import?overwrite=true`,
headers: {
'Content-Type': `multipart/form-data; boundary=${TEST_BOUNDARY}`,
},
payload,
});

export const getDeleteRequest = (): ServerInjectOptions => ({
method: 'DELETE',
url: `${DETECTION_ENGINE_RULES_URL}?rule_id=rule-1`,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { OutputRuleAlertRest } from '../../types';

export const TEST_BOUNDARY = 'test_multipart_boundary';

// Not parsable due to extra colon following `name` property - name::
export const UNPARSABLE_LINE =
'{"name"::"Simple Rule Query","description":"Simple Rule Query","risk_score":1,"rule_id":"rule-1","severity":"high","type":"query","query":"user.name: root or user.name: admin"}';

/**
* This is a typical simple rule for testing that is easy for most basic testing
* @param ruleId
*/
export const getSimpleRule = (ruleId = 'rule-1'): Partial<OutputRuleAlertRest> => ({
name: 'Simple Rule Query',
description: 'Simple Rule Query',
risk_score: 1,
rule_id: ruleId,
severity: 'high',
type: 'query',
query: 'user.name: root or user.name: admin',
});

/**
* Given an array of rule_id strings this will return a ndjson buffer which is useful
* for testing uploads.
* @param ruleIds Array of strings of rule_ids
* @param isNdjson Boolean to determine file extension
*/
export const getSimpleRuleAsMultipartContent = (ruleIds: string[], isNdjson = true): Buffer => {
const arrayOfRules = ruleIds.map(ruleId => {
const simpleRule = getSimpleRule(ruleId);
return JSON.stringify(simpleRule);
});
const stringOfRules = arrayOfRules.join('\r\n');

const resultingPayload =
`--${TEST_BOUNDARY}\r\n` +
`Content-Disposition: form-data; name="file"; filename="rules.${
isNdjson ? 'ndjson' : 'json'
}\r\n` +
'Content-Type: application/octet-stream\r\n' +
'\r\n' +
`${stringOfRules}\r\n` +
`--${TEST_BOUNDARY}--\r\n`;

return Buffer.from(resultingPayload);
};
Loading

0 comments on commit d18b21b

Please sign in to comment.