From c6d5dbe9fd4e9df3e785dea4c75e6574246f1a0f Mon Sep 17 00:00:00 2001
From: Aleksandar Djindjic <djindjic@gmail.com>
Date: Wed, 21 Dec 2022 23:26:39 +0100
Subject: [PATCH] Cypress checking on rule YAML content (#248)

* check yaml rule content

Signed-off-by: Aleksandar Djindjic <djindjic@gmail.com>

* update snapshot

Signed-off-by: Aleksandar Djindjic <djindjic@gmail.com>

* fix typo

Signed-off-by: Aleksandar Djindjic <djindjic@gmail.com>

Signed-off-by: Aleksandar Djindjic <djindjic@gmail.com>
---
 cypress/integration/2_rules.spec.js           | 42 ++++++++++++-------
 .../RuleContentYamlViewer.tsx                 |  2 +-
 .../RuleContentYamlViewer.test.tsx.snap       | 21 +++++++++-
 3 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/cypress/integration/2_rules.spec.js b/cypress/integration/2_rules.spec.js
index 2420396e3..36fef1ecb 100644
--- a/cypress/integration/2_rules.spec.js
+++ b/cypress/integration/2_rules.spec.js
@@ -9,7 +9,7 @@ const uniqueId = Cypress._.random(0, 1e6);
 const SAMPLE_RULE = {
   name: `Cypress test rule ${uniqueId}`,
   logType: 'windows',
-  description: 'This is a rule used to test the rule creation workflow. Not for production use.',
+  description: 'This is a rule used to test the rule creation workflow.',
   detection:
     'selection:\n  Provider_Name: Service Control Manager\nEventID: 7045\nServiceName: ZzNetSvc\n{backspace}{backspace}condition: selection',
   detectionLine: [
@@ -28,22 +28,23 @@ const SAMPLE_RULE = {
 };
 
 const YAML_RULE_LINES = [
+  `id:`,
+  `logsource:`,
+  `product: ${SAMPLE_RULE.logType}`,
   `title: ${SAMPLE_RULE.name}`,
-  `description:`,
-  `${SAMPLE_RULE.description}`,
-  `level: ${SAMPLE_RULE.severity}`,
+  `description: ${SAMPLE_RULE.description}`,
   `tags:`,
   `- ${SAMPLE_RULE.tags[0]}`,
   `- ${SAMPLE_RULE.tags[1]}`,
   `- ${SAMPLE_RULE.tags[2]}`,
-  `references:`,
-  `- '${SAMPLE_RULE.references}'`,
   `falsepositives:`,
   `- ${SAMPLE_RULE.falsePositive}`,
-  `author: ${SAMPLE_RULE.author}`,
+  `level: ${SAMPLE_RULE.severity}`,
   `status: ${SAMPLE_RULE.status}`,
-  `logsource:`,
-  `product: ${SAMPLE_RULE.logType}`,
+  `references:`,
+  `- '${SAMPLE_RULE.references}'`,
+  `author: ${SAMPLE_RULE.author}`,
+  `detection:`,
   ...SAMPLE_RULE.detection.replaceAll('  ', '').replaceAll('{backspace}', '').split('\n'),
 ];
 
@@ -222,11 +223,24 @@ describe('Rules', () => {
             force: true,
           });
 
-          YAML_RULE_LINES.forEach((line) =>
-            cy
-              .get('[data-test-subj="rule_flyout_yaml_rule"]', TWENTY_SECONDS_TIMEOUT)
-              .contains(line, TWENTY_SECONDS_TIMEOUT)
-          );
+          cy.get('[data-test-subj="rule_flyout_yaml_rule"]')
+            .get('[class="euiCodeBlock__line"]')
+            .each((lineElement, lineIndex) => {
+              if (lineIndex >= YAML_RULE_LINES.length) {
+                return;
+              }
+              let line = lineElement.text().replaceAll('\n', '').trim();
+              let expectedLine = YAML_RULE_LINES[lineIndex];
+
+              // The document ID field is generated when the document is added to the index,
+              // so this test just checks that the line starts with the ID key.
+              if (expectedLine.startsWith('id:')) {
+                expectedLine = 'id:';
+                expect(line, `Sigma rule line ${lineIndex}`).to.contain(expectedLine);
+              } else {
+                expect(line, `Sigma rule line ${lineIndex}`).to.equal(expectedLine);
+              }
+            });
 
           // Close the flyout
           cy.get('[data-test-subj="close-rule-details-flyout"]', TWENTY_SECONDS_TIMEOUT).click({
diff --git a/public/pages/Rules/components/RuleContentViewer/RuleContentYamlViewer.tsx b/public/pages/Rules/components/RuleContentViewer/RuleContentYamlViewer.tsx
index bf92ea056..2ef66cc0c 100644
--- a/public/pages/Rules/components/RuleContentViewer/RuleContentYamlViewer.tsx
+++ b/public/pages/Rules/components/RuleContentViewer/RuleContentYamlViewer.tsx
@@ -17,7 +17,7 @@ export const RuleContentYamlViewer: React.FC<RuleContentYamlViewerProps> = ({ ru
   const ruleYaml = mapYamlObjectToYamlString(yamlObject);
 
   return (
-    <EuiCodeBlock language="yaml" data-test-subj={'rule_flyout_yaml_rule'}>
+    <EuiCodeBlock language="yaml" data-test-subj={'rule_flyout_yaml_rule'} isCopyable={true}>
       {ruleYaml}
     </EuiCodeBlock>
   );
diff --git a/public/pages/Rules/components/RuleContentViewer/__snapshots__/RuleContentYamlViewer.test.tsx.snap b/public/pages/Rules/components/RuleContentViewer/__snapshots__/RuleContentYamlViewer.test.tsx.snap
index 4dd890090..6b1c742ef 100644
--- a/public/pages/Rules/components/RuleContentViewer/__snapshots__/RuleContentYamlViewer.test.tsx.snap
+++ b/public/pages/Rules/components/RuleContentViewer/__snapshots__/RuleContentYamlViewer.test.tsx.snap
@@ -2,7 +2,7 @@
 
 exports[`<RuleContentYamlViewer /> spec renders the component 1`] = `
 <div
-  class="euiCodeBlock euiCodeBlock--fontSmall euiCodeBlock--paddingLarge prismjs language-yaml"
+  class="euiCodeBlock euiCodeBlock--fontSmall euiCodeBlock--paddingLarge euiCodeBlock--hasControls prismjs language-yaml"
 >
   <pre
     class="euiCodeBlock__pre euiCodeBlock__pre--whiteSpacePreWrap"
@@ -403,5 +403,24 @@ exports[`<RuleContentYamlViewer /> spec renders the component 1`] = `
       </span>
     </code>
   </pre>
+  <div
+    class="euiCodeBlock__controls"
+  >
+    <div
+      class="euiCodeBlock__copyButton"
+    >
+      <span
+        class="euiToolTipAnchor"
+      >
+        <button
+          aria-label="Copy"
+          class="euiButtonIcon euiButtonIcon--text euiButtonIcon--empty euiButtonIcon--xSmall"
+          type="button"
+        >
+          EuiIconMock
+        </button>
+      </span>
+    </div>
+  </div>
 </div>
 `;