[Security Solution] [Cases] Bugfix, properly encode externalId json (…

…#142624)
elastic · Oct 4, 2022 · df9d1e8 · df9d1e8
1 parent 1c8e0ed
commit df9d1e8
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 2 deletions.
diff --git a/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.test.ts
@@ -474,6 +474,77 @@ describe('Cases webhook service', () => {
       expect(requestMock).not.toHaveBeenCalled();
       expect(res).toBeUndefined();
     });
+
+    test('properly encodes external system id as string in request body', async () => {
+      requestMock.mockImplementation(() =>
+        createAxiosResponse({
+          data: {
+            id: '1',
+            key: 'CK-1',
+          },
+        })
+      );
+      service = createExternalService(
+        actionId,
+        {
+          config: {
+            ...config,
+            createCommentJson: '{"body":{{{case.comment}}},"id":{{{external.system.id}}}}',
+          },
+          secrets,
+        },
+        logger,
+        configurationUtilities
+      );
+      await service.createComment(commentReq);
+      expect(requestMock).toHaveBeenCalledWith({
+        axios,
+        logger,
+        method: CasesWebhookMethods.POST,
+        configurationUtilities,
+        url: 'https://coolsite.net/issue/1/comment',
+        data: `{"body":"comment","id":"1"}`,
+      });
+    });
+
+    test('properly encodes external system id as number in request body', async () => {
+      const commentReq2 = {
+        incidentId: 1 as unknown as string,
+        comment: {
+          comment: 'comment',
+          commentId: 'comment-1',
+        },
+      };
+      requestMock.mockImplementation(() =>
+        createAxiosResponse({
+          data: {
+            id: '1',
+            key: 'CK-1',
+          },
+        })
+      );
+      service = createExternalService(
+        actionId,
+        {
+          config: {
+            ...config,
+            createCommentJson: '{"body":{{{case.comment}}},"id":{{{external.system.id}}}}',
+          },
+          secrets,
+        },
+        logger,
+        configurationUtilities
+      );
+      await service.createComment(commentReq2);
+      expect(requestMock).toHaveBeenCalledWith({
+        axios,
+        logger,
+        method: CasesWebhookMethods.POST,
+        configurationUtilities,
+        url: 'https://coolsite.net/issue/1/comment',
+        data: `{"body":"comment","id":1}`,
+      });
+    });
   });
 
   describe('bad urls', () => {

diff --git a/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.ts b/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.ts
@@ -190,13 +190,15 @@ export const createExternalService = (
           },
         },
       });
+
       const normalizedUrl = validateAndNormalizeUrl(
         `${updateUrl}`,
         configurationUtilities,
         'Update case URL'
       );
 
       const { tags, title, description } = incident;
+
       const json = renderMustacheStringNoEscape(updateIncidentJson, {
         ...stringifyObjValues({
           title,
@@ -205,12 +207,13 @@ export const createExternalService = (
         }),
         external: {
           system: {
-            id: incidentId,
+            id: JSON.stringify(incidentId),
           },
         },
       });
 
       validateJson(json, 'Update case JSON body');
+
       const res = await request({
         axios: axiosInstance,
         method: updateIncidentMethod,
@@ -223,7 +226,9 @@ export const createExternalService = (
       throwDescriptiveErrorIfResponseIsNotValid({
         res,
       });
+
       const updatedIncident = await getIncident(incidentId as string);
+
       const viewUrl = renderMustacheStringNoEscape(viewIncidentUrl, {
         external: {
           system: {
@@ -232,11 +237,13 @@ export const createExternalService = (
           },
         },
       });
+
       const normalizedViewUrl = validateAndNormalizeUrl(
         `${viewUrl}`,
         configurationUtilities,
         'View case URL'
       );
+
       return {
         id: incidentId,
         title: updatedIncident.title,
@@ -253,27 +260,32 @@ export const createExternalService = (
       if (!createCommentUrl || !createCommentJson || !createCommentMethod) {
         return;
       }
+
       const commentUrl = renderMustacheStringNoEscape(createCommentUrl, {
         external: {
           system: {
             id: encodeURIComponent(incidentId),
           },
         },
       });
+
       const normalizedUrl = validateAndNormalizeUrl(
         `${commentUrl}`,
         configurationUtilities,
         'Create comment URL'
       );
+
       const json = renderMustacheStringNoEscape(createCommentJson, {
         ...stringifyObjValues({ comment: comment.comment }),
         external: {
           system: {
-            id: incidentId,
+            id: JSON.stringify(incidentId),
           },
         },
       });
+
       validateJson(json, 'Create comment JSON body');
+
       const res = await request({
         axios: axiosInstance,
         method: createCommentMethod,