-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections] Adds more granular validation for nested fields #92041
[Security Solution][Detections] Adds more granular validation for nested fields #92041
Conversation
x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.ts
Outdated
Show resolved
Hide resolved
@@ -401,7 +421,7 @@ export const getCodeSignatureValue = ( | |||
return codeSignature.map((signature) => { | |||
return { | |||
subjectName: signature.subject_name ?? '', | |||
trusted: signature.trusted ?? '', | |||
trusted: signature.trusted.toString() ?? '', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixes another bug where we were passing in a boolean
type when the builder expected a string so it was marking it as invalid
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
if (validatedNestedEntry != null) { | ||
return true; | ||
} | ||
return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: could just replace with return validatedNestedEntry != null
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @dplumlee |
…ted fields (#92041) (#92108) Co-authored-by: Davis Plumlee <[email protected]>
…ted fields (#92041) (#92107) Co-authored-by: Davis Plumlee <[email protected]>
…ndition-for-hiding-recommded-allocation * 'master' of github.com:elastic/kibana: (117 commits) [coverage] ingest data in parallel (elastic#92074) [Lens] Drag and drop performance improvements (elastic#91641) A few more environment uiFilters fixes (elastic#92044) Enabling Uptime and Dashboard a11y test (elastic#91017) [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041) [Security Solution] [Detections] add overflow-wrap for description (elastic#91945) [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952) Skip flaky apm test elastic#91673 (elastic#92065) [docker] Default server.name to hostname (elastic#90799) Use documentation link service for snapshot restore (elastic#91596) [Security Solution] Clearing up all jest errors and warnings (elastic#91740) Add `@kbn/analytics` to UI Shared Deps (elastic#91810) [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920) [Security Solution] Adds cypress-pipe (elastic#91550) [ML] Fix event rate chart annotation position (elastic#91899) [APM] Break down error table api removing the sparklines (elastic#89138) docs: update dependencies table bug (elastic#91964) [Time to Visualize] Stay in Edit Mode After Dashboard Quicksave (elastic#91729) Unskip Search Sessions Management UI test (elastic#90110) [Fleet] Handle long text in agent details page (elastic#91776) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/__jest__/client_integration/edit_policy/edit_policy.helpers.tsx # x-pack/plugins/index_lifecycle_management/__jest__/components/edit_policy.test.tsx
…bana into task-manager/docs-monitoring * 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (29 commits) Update docs/developer/plugin-list.asciidoc Update docs/api/task-manager/health.asciidoc Update docs/api/task-manager/health.asciidoc [Lens] Load indexpatterns list from indexPattern Service (elastic#91984) [coverage] ingest data in parallel (elastic#92074) [Lens] Drag and drop performance improvements (elastic#91641) A few more environment uiFilters fixes (elastic#92044) Enabling Uptime and Dashboard a11y test (elastic#91017) [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041) [Security Solution] [Detections] add overflow-wrap for description (elastic#91945) [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952) Skip flaky apm test elastic#91673 (elastic#92065) [docker] Default server.name to hostname (elastic#90799) Use documentation link service for snapshot restore (elastic#91596) [Security Solution] Clearing up all jest errors and warnings (elastic#91740) Add `@kbn/analytics` to UI Shared Deps (elastic#91810) [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920) [Security Solution] Adds cypress-pipe (elastic#91550) [ML] Fix event rate chart annotation position (elastic#91899) [APM] Break down error table api removing the sparklines (elastic#89138) ...
* master: (36 commits) [Uptime] Thumbnail full screen view steps navigation fix (elastic#91895) Implement ScopedHistory.block (elastic#91099) [Lens] Fix overlowing content on a chart for charts and table (elastic#92006) handle source column differences in embeddable as well (elastic#91987) [Vega] [Map] disable map rotation using right right click / touch rotation gesture (elastic#91996) [Lens] Load indexpatterns list from indexPattern Service (elastic#91984) [coverage] ingest data in parallel (elastic#92074) [Lens] Drag and drop performance improvements (elastic#91641) A few more environment uiFilters fixes (elastic#92044) Enabling Uptime and Dashboard a11y test (elastic#91017) [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041) [Security Solution] [Detections] add overflow-wrap for description (elastic#91945) [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952) Skip flaky apm test elastic#91673 (elastic#92065) [docker] Default server.name to hostname (elastic#90799) Use documentation link service for snapshot restore (elastic#91596) [Security Solution] Clearing up all jest errors and warnings (elastic#91740) Add `@kbn/analytics` to UI Shared Deps (elastic#91810) [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920) [Security Solution] Adds cypress-pipe (elastic#91550) ...
Summary
Adds more low level validation for nested fields such that one invalid field in the nested entries array won't make the entire nested entry invalid. This was causing a problem where our
Ext
prepopulated fields in Endpoint exceptions would sometimes be empty and invalidate the entire nested entry, even if the other fields were correct.Example
With this
code_signature
field coming back from the alert, the exceptions modal would prepopulate as shown in the screenshot belowThis would cause the modal to be valid and be able to be added to the exceptions list successfully, but in reality a concatenated version was being added without the entire
Process.Ext
field, even though thetrusted
field was valid.With this fix, the
signer
field will still be removed but the remaining valid fields will be passed to the final exceptions request.Checklist
Delete any items that are not applicable to this PR.
For maintainers