Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Detections] Adds more granular validation for nested fields #92041

Merged
merged 3 commits into from
Feb 20, 2021

Conversation

dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Feb 19, 2021

Summary

Adds more low level validation for nested fields such that one invalid field in the nested entries array won't make the entire nested entry invalid. This was causing a problem where our Ext prepopulated fields in Endpoint exceptions would sometimes be empty and invalidate the entire nested entry, even if the other fields were correct.

Example

With this code_signature field coming back from the alert, the exceptions modal would prepopulate as shown in the screenshot below

exists: false
status: "noSignature"
subject_name: ""
trusted: false

Screen Shot 2021-02-19 at 11 21 56 AM

This would cause the modal to be valid and be able to be added to the exceptions list successfully, but in reality a concatenated version was being added without the entire Process.Ext field, even though the trusted field was valid.

With this fix, the signer field will still be removed but the remaining valid fields will be passed to the final exceptions request.
Screen Shot 2021-02-19 at 11 22 23 AM

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience release_note:fix v8.0.0 v7.12.0 Team:Detections and Resp Security Detection Response Team Feature:Rule Exceptions Security Solution Detection Rule Exceptions area labels Feb 19, 2021
@dplumlee dplumlee self-assigned this Feb 19, 2021
@@ -401,7 +421,7 @@ export const getCodeSignatureValue = (
return codeSignature.map((signature) => {
return {
subjectName: signature.subject_name ?? '',
trusted: signature.trusted ?? '',
trusted: signature.trusted.toString() ?? '',
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes another bug where we were passing in a boolean type when the builder expected a string so it was marking it as invalid

@dplumlee dplumlee marked this pull request as ready for review February 19, 2021 17:02
@dplumlee dplumlee requested review from a team as code owners February 19, 2021 17:02
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

Comment on lines 182 to 185
if (validatedNestedEntry != null) {
return true;
}
return false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could just replace with return validatedNestedEntry != null

Copy link
Contributor

@dhurley14 dhurley14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@dplumlee dplumlee enabled auto-merge (squash) February 19, 2021 22:00
@dplumlee dplumlee added auto-backport Deprecated - use backport:version if exact versions are needed v7.13.0 labels Feb 19, 2021
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 7.7MB 7.7MB +743.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
lists 143.0KB 143.2KB +217.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dplumlee

@kibanamachine
Copy link
Contributor

💚 Backport successful

7.12 / #92107
7.x / #92108

Successful backport PRs will be merged automatically after passing CI.

@dplumlee dplumlee deleted the nested-field-validation-fix branch February 20, 2021 01:05
kibanamachine added a commit that referenced this pull request Feb 20, 2021
kibanamachine added a commit that referenced this pull request Feb 20, 2021
jloleysens added a commit to jloleysens/kibana that referenced this pull request Feb 22, 2021
…ndition-for-hiding-recommded-allocation

* 'master' of github.com:elastic/kibana: (117 commits)
  [coverage] ingest data in parallel (elastic#92074)
  [Lens] Drag and drop performance improvements (elastic#91641)
  A few more environment uiFilters fixes (elastic#92044)
  Enabling Uptime and Dashboard a11y test (elastic#91017)
  [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041)
  [Security Solution] [Detections] add overflow-wrap for description (elastic#91945)
  [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952)
  Skip flaky apm test elastic#91673 (elastic#92065)
  [docker] Default server.name to hostname (elastic#90799)
  Use documentation link service for snapshot restore (elastic#91596)
  [Security Solution] Clearing up all jest errors and warnings (elastic#91740)
  Add `@kbn/analytics` to UI Shared Deps (elastic#91810)
  [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920)
  [Security Solution] Adds cypress-pipe (elastic#91550)
  [ML] Fix event rate chart annotation position (elastic#91899)
  [APM] Break down error table api removing the sparklines (elastic#89138)
  docs: update dependencies table bug (elastic#91964)
  [Time to Visualize] Stay in Edit Mode After Dashboard Quicksave (elastic#91729)
  Unskip Search Sessions Management UI test (elastic#90110)
  [Fleet] Handle long text in agent details page (elastic#91776)
  ...

# Conflicts:
#	x-pack/plugins/index_lifecycle_management/__jest__/client_integration/edit_policy/edit_policy.helpers.tsx
#	x-pack/plugins/index_lifecycle_management/__jest__/components/edit_policy.test.tsx
gmmorris added a commit to gmmorris/kibana that referenced this pull request Feb 22, 2021
…bana into task-manager/docs-monitoring

* 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (29 commits)
  Update docs/developer/plugin-list.asciidoc
  Update docs/api/task-manager/health.asciidoc
  Update docs/api/task-manager/health.asciidoc
  [Lens] Load indexpatterns list from indexPattern Service (elastic#91984)
  [coverage] ingest data in parallel (elastic#92074)
  [Lens] Drag and drop performance improvements (elastic#91641)
  A few more environment uiFilters fixes (elastic#92044)
  Enabling Uptime and Dashboard a11y test (elastic#91017)
  [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041)
  [Security Solution] [Detections] add overflow-wrap for description (elastic#91945)
  [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952)
  Skip flaky apm test elastic#91673 (elastic#92065)
  [docker] Default server.name to hostname (elastic#90799)
  Use documentation link service for snapshot restore (elastic#91596)
  [Security Solution] Clearing up all jest errors and warnings (elastic#91740)
  Add `@kbn/analytics` to UI Shared Deps (elastic#91810)
  [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920)
  [Security Solution] Adds cypress-pipe (elastic#91550)
  [ML] Fix event rate chart annotation position (elastic#91899)
  [APM] Break down error table api removing the sparklines (elastic#89138)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Feb 22, 2021
* master: (36 commits)
  [Uptime] Thumbnail full screen view steps navigation fix (elastic#91895)
  Implement ScopedHistory.block (elastic#91099)
  [Lens] Fix overlowing content on a chart for charts and table (elastic#92006)
  handle source column differences in embeddable as well (elastic#91987)
  [Vega] [Map] disable map rotation using right right click /  touch rotation gesture (elastic#91996)
  [Lens] Load indexpatterns list from indexPattern Service (elastic#91984)
  [coverage] ingest data in parallel (elastic#92074)
  [Lens] Drag and drop performance improvements (elastic#91641)
  A few more environment uiFilters fixes (elastic#92044)
  Enabling Uptime and Dashboard a11y test (elastic#91017)
  [Security Solution][Detections] Adds more granular validation for nested fields (elastic#92041)
  [Security Solution] [Detections] add overflow-wrap for description (elastic#91945)
  [Security Solution] [Detections] do not truncate filename in value list table in modal (elastic#91952)
  Skip flaky apm test elastic#91673 (elastic#92065)
  [docker] Default server.name to hostname (elastic#90799)
  Use documentation link service for snapshot restore (elastic#91596)
  [Security Solution] Clearing up all jest errors and warnings (elastic#91740)
  Add `@kbn/analytics` to UI Shared Deps (elastic#91810)
  [7.12][Telemetry] Add missing fields for security telemetry (elastic#91920)
  [Security Solution] Adds cypress-pipe (elastic#91550)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Detection Rule Exceptions area release_note:fix Team:Detections and Resp Security Detection Response Team v7.12.0 v7.13.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants