[Security_Solution][Endpoint] Refactor resolver generator for ancestr…

…y array (#70129) (#70518) * Refactor generator for ancestry support * Adding optional ancestry array * Fixing tests and type errors * Removing useAncestry field * Fixing test * An empty array will be returned because that's how ES will do it too Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
elastic · Jul 2, 2020 · 0caf1c0 · 0caf1c0
1 parent c16c37c
commit 0caf1c0
Show file tree

Hide file tree

Showing 5 changed files with 207 additions and 94 deletions.
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
@@ -101,6 +101,30 @@ describe('data generator', () => {
     expect(processEvent.process.name).not.toBeNull();
   });
 
+  describe('creates events with an empty ancestry array', () => {
+    let tree: Tree;
+    beforeEach(() => {
+      tree = generator.generateTree({
+        alwaysGenMaxChildrenPerNode: true,
+        ancestors: 3,
+        children: 3,
+        generations: 3,
+        percentTerminated: 100,
+        percentWithRelated: 100,
+        relatedEvents: 0,
+        relatedAlerts: 0,
+        ancestryArraySize: 0,
+      });
+      tree.ancestry.delete(tree.origin.id);
+    });
+
+    it('creates all events with an empty ancestry array', () => {
+      for (const event of tree.allEvents) {
+        expect(event.process.Ext.ancestry.length).toEqual(0);
+      }
+    });
+  });
+
   describe('creates an origin alert when no related alerts are requested', () => {
     let tree: Tree;
     beforeEach(() => {
@@ -113,6 +137,7 @@ describe('data generator', () => {
         percentWithRelated: 100,
         relatedEvents: 0,
         relatedAlerts: 0,
+        ancestryArraySize: ANCESTRY_LIMIT,
       });
       tree.ancestry.delete(tree.origin.id);
     });
@@ -150,6 +175,7 @@ describe('data generator', () => {
           { category: RelatedEventCategory.Network, count: 1 },
         ],
         relatedAlerts,
+        ancestryArraySize: ANCESTRY_LIMIT,
       });
     });
 
@@ -162,29 +188,46 @@ describe('data generator', () => {
     };
 
     const verifyAncestry = (event: Event, genTree: Tree) => {
-      if (event.process.Ext.ancestry.length > 0) {
-        expect(event.process.parent?.entity_id).toBe(event.process.Ext.ancestry[0]);
+      if (event.process.Ext.ancestry!.length > 0) {
+        expect(event.process.parent?.entity_id).toBe(event.process.Ext.ancestry![0]);
       }
-      for (let i = 0; i < event.process.Ext.ancestry.length; i++) {
-        const ancestor = event.process.Ext.ancestry[i];
+      for (let i = 0; i < event.process.Ext.ancestry!.length; i++) {
+        const ancestor = event.process.Ext.ancestry![i];
         const parent = genTree.children.get(ancestor) || genTree.ancestry.get(ancestor);
         expect(ancestor).toBe(parent?.lifecycle[0].process.entity_id);
 
         // the next ancestor should be the grandparent
-        if (i + 1 < event.process.Ext.ancestry.length) {
-          const grandparent = event.process.Ext.ancestry[i + 1];
+        if (i + 1 < event.process.Ext.ancestry!.length) {
+          const grandparent = event.process.Ext.ancestry![i + 1];
           expect(grandparent).toBe(parent?.lifecycle[0].process.parent?.entity_id);
         }
       }
     };
 
     it('has ancestry array defined', () => {
-      expect(tree.origin.lifecycle[0].process.Ext.ancestry.length).toBe(ANCESTRY_LIMIT);
+      expect(tree.origin.lifecycle[0].process.Ext.ancestry!.length).toBe(ANCESTRY_LIMIT);
       for (const event of tree.allEvents) {
         verifyAncestry(event, tree);
       }
     });
 
+    it('creates the right number childrenLevels', () => {
+      let totalChildren = 0;
+      for (const level of tree.childrenLevels) {
+        totalChildren += level.size;
+      }
+      expect(totalChildren).toEqual(tree.children.size);
+      expect(tree.childrenLevels.length).toEqual(generations);
+    });
+
+    it('has the right nodes in both the childrenLevels and children map', () => {
+      for (const level of tree.childrenLevels) {
+        for (const node of level.values()) {
+          expect(tree.children.get(node.id)).toEqual(node);
+        }
+      }
+    });
+
     it('has the right related events for each node', () => {
       const checkRelatedEvents = (node: TreeNode) => {
         expect(node.relatedEvents.length).toEqual(4);
@@ -290,7 +333,11 @@ describe('data generator', () => {
     let events: Event[];
 
     beforeEach(() => {
-      events = generator.createAlertEventAncestry(3, 0, 0, 0, 0);
+      events = generator.createAlertEventAncestry({
+        ancestors: 3,
+        percentTerminated: 0,
+        percentWithRelated: 0,
+      });
     });
 
     it('with n-1 process events', () => {
@@ -375,7 +422,7 @@ describe('data generator', () => {
     const timestamp = new Date().getTime();
     const root = generator.generateEvent({ timestamp });
     const generations = 2;
-    const events = [root, ...generator.descendantsTreeGenerator(root, generations)];
+    const events = [root, ...generator.descendantsTreeGenerator(root, { generations })];
     const rootNode = buildResolverTree(events);
     const visitedEvents = countResolverEvents(rootNode, generations);
     expect(visitedEvents).toEqual(events.length);