-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule #191065
[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule #191065
Conversation
/ci |
dbbf90d
to
2c171c3
Compare
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@banderror Thanks for handling this bug and extending test coverage 🙏
I left some comments which are rather nit.
|
||
// Duplicated rules are always considered custom rules | ||
const immutable = false; | ||
const immutable: InternalRuleCreate['params']['immutable'] = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious what's the point to explicitly specify types here? Usually TS is able to infer types pretty accurately (especially such simple ones) and check wether these match return type (since it's specified for the function this also the reason why it's better to have function's return type). If something is wrong TS will complain on lines 51-52.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@maximpn There are sometimes instances when TS allows to return an object from a function if the object fulfills a certain type or interface, but has additional fields as well that are not part of this type. I've seen it multiple times but I can't give you a concrete example immediately.
Here maybe you're right that these type annotations are not necessary, but I figured I'd still add them because here we return a complex rule object from the function and it's probably better if we add extra type annotations. It shouldn't hurt, anyway.
}), | ||
}) | ||
); | ||
}); | ||
|
||
it('copies setup guide as is', async () => { | ||
it('copies fields from the original rule', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do I get it correctly that we wanna test for coping of ALL fields in that unit test? And it's a desired behavior to have this test failed when a new field got added for example by Response Ops team?
WDYT about changing the test name to copies all fields from the original rule
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do I get it correctly that we wanna test for coping of ALL fields in that unit test?
@maximpn Strictly speaking, we don't copy all rule fields. We copy all parameters + some of the fields that Alerting Framework owns. Some fields get adjusted (e.g. name
), some fields get regenerated. I don't think it would be correct to rename the test to copies all fields from the original rule
.
And it's a desired behavior to have this test failed when a new field got added for example by Response Ops team?
Yes, because if they add a new top-level framework's field we need to make sure it is correctly handled by the rule duplication logic: copied, adjusted, or regenerated.
|
||
it('keeps it custom', async () => { | ||
const rule = createCustomRule(); | ||
const result = await duplicateRule({ | ||
rule, | ||
}); | ||
|
||
expect(result).toEqual( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: It should be simpler to assert result.params
directly
expect(result).toEqual( | |
expect(result.params).toEqual( | |
expect.objectContaining({ | |
requiredFields: rule.params.requiredFields, | |
immutable: false, | |
ruleSource: { | |
type: 'internal', | |
}, | |
}), | |
}) | |
); |
}, | ||
]; | ||
|
||
it('copies fields from the original rule', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: The same as before should it be renamed copies fields from the original rule
-> copies all fields from the original rule
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2c171c3
to
0941f9d
Compare
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @banderror |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fix @banderror! I have checked the implementation and tested locally. Found no issues.
Thanks @maximpn and @nikitaindik 👍 I'll respond to the comments tomorrow and open a follow-up PR, if needed. Gonna merge this one now so we have the fix in |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ed integrations and required fields from the original rule (elastic#191065) **Fixes: elastic#190628 **Related to:** elastic#173595, elastic#173594 ## Summary As stated in the bug ticket, when duplicating a prebuilt rule, the "Related Integrations" and "Required Fields" values should be inherited from the original rule, as it was specified in the Acceptance Criteria for elastic#173595 and elastic#173594. This PR: - Removes the logic that resets these fields to empty arrays for duplicated prebuilt rules - we needed this logic in the past because these fields were not editable in the UI, but we don't need it anymore. - Updates the corresponding unit tests. ## Screenshots These screenshots were taken after introducing the fixes. **Original prebuilt rule:** <img width="1463" alt="Screenshot_2024-08-23_at_13_25_07" src="https://github.com/user-attachments/assets/ad8673f5-aba3-40c8-ae91-bbd7d334b119"> **Duplicated prebuilt rule:** <img width="1469" alt="Screenshot_2024-08-23_at_13_25_43" src="https://github.com/user-attachments/assets/03761a2b-6f53-4bab-bf4c-a71c6860802b"> ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit b144c05) # Conflicts: # x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_rule.test.ts # x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_rule.ts
…y related integrations and required fields from the original rule (#191065) (#191493) # Backport This will backport the following commits from `main` to `8.15`: - [[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule (#191065)](#191065) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Georgii Gorbachev","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-08-26T13:42:52Z","message":"[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule (#191065)\n\n**Fixes: https://github.com/elastic/kibana/issues/190628**\r\n**Related to:** https://github.com/elastic/kibana/issues/173595,\r\nhttps://github.com/elastic/kibana/issues/173594\r\n\r\n## Summary\r\n\r\nAs stated in the bug ticket, when duplicating a prebuilt rule, the\r\n\"Related Integrations\" and \"Required Fields\" values should be inherited\r\nfrom the original rule, as it was specified in the Acceptance Criteria\r\nfor #173595 and\r\nhttps://github.com//issues/173594.\r\n\r\nThis PR:\r\n\r\n- Removes the logic that resets these fields to empty arrays for\r\nduplicated prebuilt rules - we needed this logic in the past because\r\nthese fields were not editable in the UI, but we don't need it anymore.\r\n- Updates the corresponding unit tests.\r\n\r\n## Screenshots\r\n\r\nThese screenshots were taken after introducing the fixes.\r\n\r\n**Original prebuilt rule:**\r\n\r\n<img width=\"1463\" alt=\"Screenshot_2024-08-23_at_13_25_07\"\r\nsrc=\"https://github.com/user-attachments/assets/ad8673f5-aba3-40c8-ae91-bbd7d334b119\">\r\n\r\n**Duplicated prebuilt rule:**\r\n\r\n<img width=\"1469\" alt=\"Screenshot_2024-08-23_at_13_25_43\"\r\nsrc=\"https://github.com/user-attachments/assets/03761a2b-6f53-4bab-bf4c-a71c6860802b\">\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"b144c05e8f39f28dd9551b7c62daa01cfa1d2cd5","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Management","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0","v8.15.1"],"number":191065,"url":"https://github.com/elastic/kibana/pull/191065","mergeCommit":{"message":"[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule (#191065)\n\n**Fixes: https://github.com/elastic/kibana/issues/190628**\r\n**Related to:** https://github.com/elastic/kibana/issues/173595,\r\nhttps://github.com/elastic/kibana/issues/173594\r\n\r\n## Summary\r\n\r\nAs stated in the bug ticket, when duplicating a prebuilt rule, the\r\n\"Related Integrations\" and \"Required Fields\" values should be inherited\r\nfrom the original rule, as it was specified in the Acceptance Criteria\r\nfor #173595 and\r\nhttps://github.com//issues/173594.\r\n\r\nThis PR:\r\n\r\n- Removes the logic that resets these fields to empty arrays for\r\nduplicated prebuilt rules - we needed this logic in the past because\r\nthese fields were not editable in the UI, but we don't need it anymore.\r\n- Updates the corresponding unit tests.\r\n\r\n## Screenshots\r\n\r\nThese screenshots were taken after introducing the fixes.\r\n\r\n**Original prebuilt rule:**\r\n\r\n<img width=\"1463\" alt=\"Screenshot_2024-08-23_at_13_25_07\"\r\nsrc=\"https://github.com/user-attachments/assets/ad8673f5-aba3-40c8-ae91-bbd7d334b119\">\r\n\r\n**Duplicated prebuilt rule:**\r\n\r\n<img width=\"1469\" alt=\"Screenshot_2024-08-23_at_13_25_43\"\r\nsrc=\"https://github.com/user-attachments/assets/03761a2b-6f53-4bab-bf4c-a71c6860802b\">\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"b144c05e8f39f28dd9551b7c62daa01cfa1d2cd5"}},"sourceBranch":"main","suggestedTargetBranches":["8.15"],"targetPullRequestStates":[{"branch":"main","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191065","number":191065,"mergeCommit":{"message":"[Security Solution] Fix prebuilt rule duplication logic to copy related integrations and required fields from the original rule (#191065)\n\n**Fixes: https://github.com/elastic/kibana/issues/190628**\r\n**Related to:** https://github.com/elastic/kibana/issues/173595,\r\nhttps://github.com/elastic/kibana/issues/173594\r\n\r\n## Summary\r\n\r\nAs stated in the bug ticket, when duplicating a prebuilt rule, the\r\n\"Related Integrations\" and \"Required Fields\" values should be inherited\r\nfrom the original rule, as it was specified in the Acceptance Criteria\r\nfor #173595 and\r\nhttps://github.com//issues/173594.\r\n\r\nThis PR:\r\n\r\n- Removes the logic that resets these fields to empty arrays for\r\nduplicated prebuilt rules - we needed this logic in the past because\r\nthese fields were not editable in the UI, but we don't need it anymore.\r\n- Updates the corresponding unit tests.\r\n\r\n## Screenshots\r\n\r\nThese screenshots were taken after introducing the fixes.\r\n\r\n**Original prebuilt rule:**\r\n\r\n<img width=\"1463\" alt=\"Screenshot_2024-08-23_at_13_25_07\"\r\nsrc=\"https://github.com/user-attachments/assets/ad8673f5-aba3-40c8-ae91-bbd7d334b119\">\r\n\r\n**Duplicated prebuilt rule:**\r\n\r\n<img width=\"1469\" alt=\"Screenshot_2024-08-23_at_13_25_43\"\r\nsrc=\"https://github.com/user-attachments/assets/03761a2b-6f53-4bab-bf4c-a71c6860802b\">\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"b144c05e8f39f28dd9551b7c62daa01cfa1d2cd5"}},{"branch":"8.15","label":"v8.15.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
Fixes: #190628
Related to: #173595, #173594
Summary
As stated in the bug ticket, when duplicating a prebuilt rule, the "Related Integrations" and "Required Fields" values should be inherited from the original rule, as it was specified in the Acceptance Criteria for #173595 and #173594.
This PR:
Screenshots
These screenshots were taken after introducing the fixes.
Original prebuilt rule:
Duplicated prebuilt rule:
Checklist