[Security Solution][Exceptions] - Require non empty entries and non empty string values in exception list items #72748
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
madirey
reviewed
Jul 21, 2020
| field: FIELD, | ||
| type: NESTED, | ||
| }); | ||
| import { EntriesArray } from './entries'; |
madirey
reviewed
Jul 21, 2020
rylnd
approved these changes
Jul 21, 2020
| NamespaceType, | ||
| nonEmptyEntriesArray, |
There was a problem hiding this comment.
Nit: these seem to normally be exported as uppercase constants. I know you're exporting TypeOf with that name, but maybe we need a convention for that if there isn't one.
There was a problem hiding this comment.
Yea, spoke with @FrankHassanabad about that earlier today. He'd suggested going lowercase here to differentiate as throughout we tend to use the lowercase for io-ts. Def something we should discuss to settle on one way or the other.
| type: t.keyof({ list: null }), | ||
| }) | ||
| ); | ||
| export type EntryList = t.TypeOf<typeof entriesList>; |
There was a problem hiding this comment.
nit: Should this just be the capitalized version, i.e. EntriesList?
| const decoded = nonEmptyEntriesArray.decode(payload); | ||
| const message = pipe(decoded, foldLeftRight); | ||
|
|
||
| expect(getPaths(left(message.errors))).toEqual([ |
There was a problem hiding this comment.
Maybe I'm missing something, but why are we expecting five (5) error messages here?
There was a problem hiding this comment.
It's because it's a union, and on unions and checks each one. Def could clean up in our error formatter.
x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts
Show resolved
Hide resolved
x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.ts
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
Show resolved
Hide resolved
madirey
reviewed
Jul 21, 2020
madirey
reviewed
Jul 22, 2020
madirey
reviewed
Jul 22, 2020
| unknown | ||
| >( | ||
| 'NonEmptyNestedEntriesArray', | ||
| nestedEntriesArray.is, |
There was a problem hiding this comment.
I'm not 100% sure about this, but I think this is supposed to align with the validation below... in this case, an empty array will still test true here, but will fail to validate and thus fail to decode to a NestedEntriesArray below...
madirey
reviewed
Jul 22, 2020
| */ | ||
| export const nonEmptyOrNullableStringArray = new t.Type<string[], string[], unknown>( | ||
| 'NonEmptyOrNullableStringArray', | ||
| t.array(t.string).is, |
madirey
reviewed
Jul 22, 2020
x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts
Show resolved
Hide resolved
madirey
reviewed
Jul 22, 2020
x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts
Show resolved
Hide resolved
madirey
approved these changes
Jul 22, 2020
marshallmain
approved these changes
Jul 22, 2020
x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts
Show resolved
Hide resolved
💚 Build SucceededBuild metrics@kbn/optimizer bundle module count
async chunks size
page load bundle size
History
To update your PR or re-run it, just comment with: |
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 22, 2020
…mpty string values in exception list items (elastic#72748) ## Summary This PR updates the exception list entries schemas. - **Prior:** `entries` could be `undefined` or empty array on `ExceptionListItemSchema` - **Now:** `entries` is a required field that cannot be empty - there's really no use for an item without `entries` - **Prior:** `field` and `value` could be empty string in `EntryMatch` - **Now:** `field` and `value` can no longer be empty strings - **Prior:** `field` could be empty string and `value` could be empty array in `EntryMatchAny` - **Now:** `field` and `value` can no longer be empty string and array respectively - **Prior:** `field` and `list.id` could be empty string in `EntryList` - **Now:** `field` and `list.id` can no longer be empty strings - **Prior:** `field` could be empty string in `EntryExists` - **Now:** `field` can no longer be empty string - **Prior:** `field` could be empty string in `EntryNested` - **Now:** `field` can no longer be empty string - **Prior:** `entries` could be empty array in `EntryNested` - **Now:** `entries` can no longer be empty array
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 22, 2020
…mpty string values in exception list items (elastic#72748) ## Summary This PR updates the exception list entries schemas. - **Prior:** `entries` could be `undefined` or empty array on `ExceptionListItemSchema` - **Now:** `entries` is a required field that cannot be empty - there's really no use for an item without `entries` - **Prior:** `field` and `value` could be empty string in `EntryMatch` - **Now:** `field` and `value` can no longer be empty strings - **Prior:** `field` could be empty string and `value` could be empty array in `EntryMatchAny` - **Now:** `field` and `value` can no longer be empty string and array respectively - **Prior:** `field` and `list.id` could be empty string in `EntryList` - **Now:** `field` and `list.id` can no longer be empty strings - **Prior:** `field` could be empty string in `EntryExists` - **Now:** `field` can no longer be empty string - **Prior:** `field` could be empty string in `EntryNested` - **Now:** `field` can no longer be empty string - **Prior:** `entries` could be empty array in `EntryNested` - **Now:** `entries` can no longer be empty array
yctercero
added a commit
that referenced
this pull request
Jul 22, 2020
…mpty string values in exception list items (#72748) (#72779) ## Summary This PR updates the exception list entries schemas. - **Prior:** `entries` could be `undefined` or empty array on `ExceptionListItemSchema` - **Now:** `entries` is a required field that cannot be empty - there's really no use for an item without `entries` - **Prior:** `field` and `value` could be empty string in `EntryMatch` - **Now:** `field` and `value` can no longer be empty strings - **Prior:** `field` could be empty string and `value` could be empty array in `EntryMatchAny` - **Now:** `field` and `value` can no longer be empty string and array respectively - **Prior:** `field` and `list.id` could be empty string in `EntryList` - **Now:** `field` and `list.id` can no longer be empty strings - **Prior:** `field` could be empty string in `EntryExists` - **Now:** `field` can no longer be empty string - **Prior:** `field` could be empty string in `EntryNested` - **Now:** `field` can no longer be empty string - **Prior:** `entries` could be empty array in `EntryNested` - **Now:** `entries` can no longer be empty array
yctercero
added a commit
that referenced
this pull request
Jul 22, 2020
…mpty string values in exception list items (#72748) (#72780) ## Summary This PR updates the exception list entries schemas. - **Prior:** `entries` could be `undefined` or empty array on `ExceptionListItemSchema` - **Now:** `entries` is a required field that cannot be empty - there's really no use for an item without `entries` - **Prior:** `field` and `value` could be empty string in `EntryMatch` - **Now:** `field` and `value` can no longer be empty strings - **Prior:** `field` could be empty string and `value` could be empty array in `EntryMatchAny` - **Now:** `field` and `value` can no longer be empty string and array respectively - **Prior:** `field` and `list.id` could be empty string in `EntryList` - **Now:** `field` and `list.id` can no longer be empty strings - **Prior:** `field` could be empty string in `EntryExists` - **Now:** `field` can no longer be empty string - **Prior:** `field` could be empty string in `EntryNested` - **Now:** `field` can no longer be empty string - **Prior:** `entries` could be empty array in `EntryNested` - **Now:** `entries` can no longer be empty array
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 22, 2020
* master: (23 commits) Stabilize closing toast (elastic#72097) stabilize failing test (elastic#72086) Stabilize filter bar test (elastic#72032) Unskip vislib tests (elastic#71452) [ML] Fix layout of anomaly chart tooltip for long field values (elastic#72689) fix preAuth/preRouting mocks (elastic#72663) [Security Solution] Hide KQL bar (all pages) and alerts filters (Detections) when Resolver is full screen (elastic#72788) [Uptime] Rename Whitelist to Allowlist in parse_filter_map (elastic#71584) [Security Solution] Fixes exception modal not loading content (elastic#72770) [Security Solution][Exceptions] - Require non empty entries and non empty string values in exception list items (elastic#72748) [Detections] Add validation for Threshold value field (elastic#72611) [SIEM][Detection Engine][Lists] Adds version and immutability data structures (elastic#72730) [Security Solution][Detections] Validate file type of value lists (elastic#72746) [pre-req] New Component Layout proposal (elastic#72385) [ML] do not throw an error when agg is not supported by UI (elastic#72685) [Resolver] Origin process (elastic#72382) [Ingest Manager] Allow to force unenroll from the UI (elastic#72386) skip 6.8 branch when triggering baseline-capture builds (elastic#72706) [CI] In-progress PR comments (elastic#72211) Fix sorting of scripted string fields (elastic#72681) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 22, 2020
* master: (34 commits) Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls (elastic#67157) [Monitoring] Revert direct shipping code (elastic#72505) Use server basepath when creating reporting jobs (elastic#72722) Adding api test for transaction_groups /breakdown and /avg_duration_by_browser (elastic#72623) [Task Manager] Addresses flaky test introduced by buffered store (elastic#72815) [Observability] filter "hasData" api by processor event (elastic#72810) do not pass title as part of tsvb request (elastic#72619) [Lens] Legend config (elastic#70619) Stabilize closing toast (elastic#72097) stabilize failing test (elastic#72086) Stabilize filter bar test (elastic#72032) Unskip vislib tests (elastic#71452) [ML] Fix layout of anomaly chart tooltip for long field values (elastic#72689) fix preAuth/preRouting mocks (elastic#72663) [Security Solution] Hide KQL bar (all pages) and alerts filters (Detections) when Resolver is full screen (elastic#72788) [Uptime] Rename Whitelist to Allowlist in parse_filter_map (elastic#71584) [Security Solution] Fixes exception modal not loading content (elastic#72770) [Security Solution][Exceptions] - Require non empty entries and non empty string values in exception list items (elastic#72748) [Detections] Add validation for Threshold value field (elastic#72611) [SIEM][Detection Engine][Lists] Adds version and immutability data structures (elastic#72730) ...
1 task
yctercero
added a commit
that referenced
this pull request
Jul 30, 2020
…ort (#73865) ## Summary Addresses feedback from #72748 - Updates `plugins/lists` tests text from `should not validate` to `should FAIL validation` after feedback that previous text is a bit confusing and can be interpreted to mean that validation is not conducted - Remove unnecessary spreads from one of my late night PRs - Removes `siem_common_deps` in favor of `shared_imports` in `plugins/lists` - Updates `build_exceptions_query.test.ts` to use existing mocks
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 30, 2020
…ort (elastic#73865) ## Summary Addresses feedback from elastic#72748 - Updates `plugins/lists` tests text from `should not validate` to `should FAIL validation` after feedback that previous text is a bit confusing and can be interpreted to mean that validation is not conducted - Remove unnecessary spreads from one of my late night PRs - Removes `siem_common_deps` in favor of `shared_imports` in `plugins/lists` - Updates `build_exceptions_query.test.ts` to use existing mocks
yctercero
added a commit
that referenced
this pull request
Jul 31, 2020
…ort (#73865) (#73905) ## Summary Addresses feedback from #72748 - Updates `plugins/lists` tests text from `should not validate` to `should FAIL validation` after feedback that previous text is a bit confusing and can be interpreted to mean that validation is not conducted - Remove unnecessary spreads from one of my late night PRs - Removes `siem_common_deps` in favor of `shared_imports` in `plugins/lists` - Updates `build_exceptions_query.test.ts` to use existing mocks
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the exception list entries schemas.
Prior:
entriescould beundefinedor empty array onExceptionListItemSchemaentriesis a required field that cannot be empty - there's really no use for an item withoutentriesPrior:
fieldandvaluecould be empty string inEntryMatchfieldandvaluecan no longer be empty stringsPrior:
fieldcould be empty string andvaluecould be empty array inEntryMatchAnyfieldandvaluecan no longer be empty string and array respectivelyPrior:
fieldandlist.idcould be empty string inEntryListfieldandlist.idcan no longer be empty stringsPrior:
fieldcould be empty string inEntryExistsfieldcan no longer be empty stringPrior:
fieldcould be empty string inEntryNestedfieldcan no longer be empty stringPrior:
entriescould be empty array inEntryNestedentriescan no longer be empty array...also...
entries.tsfile so now each entry type is in its own file. @FrankHassanabad helped me find that having everything in one file was starting to cause some circular dependency issues 🎪build_exception_query.tsto allow for more than justmatchin nested types as KQL supports itChecklist
For maintainers