Move exceptions builder to lists plugin (elastic#94002)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine · Mar 9, 2021 · 1015d8b · 1015d8b
1 parent 57dd7d0
commit 1015d8b
Show file tree

Hide file tree

Showing 10 changed files with 149 additions and 113 deletions.
diff --git a/...on_engine/build_exceptions_filter.test.ts → ...xceptions/build_exceptions_filter.test.ts b/...on_engine/build_exceptions_filter.test.ts → ...xceptions/build_exceptions_filter.test.ts
diff --git a/...tection_engine/build_exceptions_filter.ts → ...mon/exceptions/build_exceptions_filter.ts b/...tection_engine/build_exceptions_filter.ts → ...mon/exceptions/build_exceptions_filter.ts
@@ -9,17 +9,18 @@ import { chunk } from 'lodash/fp';
 
 import { Filter } from '../../../../../src/plugins/data/common';
 import {
-  ExceptionListItemSchema,
   CreateExceptionListItemSchema,
+  EntryExists,
   EntryMatch,
   EntryMatchAny,
   EntryNested,
+  ExceptionListItemSchema,
+  entriesExists,
   entriesMatch,
   entriesMatchAny,
-  entriesExists,
   entriesNested,
-  EntryExists,
-} from '../../../lists/common';
+} from '../schemas';
+
 import { BooleanFilter, NestedFilter } from './types';
 import { hasLargeValueList } from './utils';
 
@@ -83,8 +84,8 @@ export const buildExceptionFilter = ({
   const exceptionFilter: Filter = {
     meta: {
       alias: null,
-      negate: excludeExceptions,
       disabled: false,
+      negate: excludeExceptions,
     },
     query: {
       bool: {
@@ -108,8 +109,8 @@ export const buildExceptionFilter = ({
       return {
         meta: {
           alias: null,
-          negate: false,
           disabled: false,
+          negate: false,
         },
         query: {
           bool: {
@@ -124,8 +125,8 @@ export const buildExceptionFilter = ({
     return {
       meta: {
         alias: null,
-        negate: excludeExceptions,
         disabled: false,
+        negate: excludeExceptions,
       },
       query: {
         bool: {
@@ -148,14 +149,14 @@ export const buildMatchClause = (entry: EntryMatch): BooleanFilter => {
   const { field, operator, value } = entry;
   const matchClause = {
     bool: {
+      minimum_should_match: 1,
       should: [
         {
           match_phrase: {
             [field]: value,
           },
         },
       ],
-      minimum_should_match: 1,
     },
   };
 
@@ -172,35 +173,35 @@ export const getBaseMatchAnyClause = (entry: EntryMatchAny): BooleanFilter => {
   if (value.length === 1) {
     return {
       bool: {
+        minimum_should_match: 1,
         should: [
           {
             match_phrase: {
               [field]: value[0],
             },
           },
         ],
-        minimum_should_match: 1,
       },
     };
   }
 
   return {
     bool: {
+      minimum_should_match: 1,
       should: value.map((val) => {
         return {
           bool: {
+            minimum_should_match: 1,
             should: [
               {
                 match_phrase: {
                   [field]: val,
                 },
               },
             ],
-            minimum_should_match: 1,
           },
         };
       }),
-      minimum_should_match: 1,
     },
   };
 };
@@ -220,14 +221,14 @@ export const buildExistsClause = (entry: EntryExists): BooleanFilter => {
   const { field, operator } = entry;
   const existsClause = {
     bool: {
+      minimum_should_match: 1,
       should: [
         {
           exists: {
             field,
           },
         },
       ],
-      minimum_should_match: 1,
     },
   };
 

diff --git a/x-pack/plugins/lists/common/exceptions/index.ts b/x-pack/plugins/lists/common/exceptions/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './build_exceptions_filter';
diff --git a/x-pack/plugins/lists/common/exceptions/types.ts b/x-pack/plugins/lists/common/exceptions/types.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export interface BooleanFilter {
+  bool: {
+    must?: unknown | unknown[];
+    must_not?: unknown | unknown[];
+    should?: unknown[];
+    filter?: unknown | unknown[];
+    minimum_should_match?: number;
+  };
+}
+
+export interface NestedFilter {
+  nested: {
+    path: string;
+    query: unknown | unknown[];
+    score_mode: string;
+  };
+}
diff --git a/x-pack/plugins/lists/common/exceptions/utils.ts b/x-pack/plugins/lists/common/exceptions/utils.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CreateExceptionListItemSchema, EntriesArray, ExceptionListItemSchema } from '../schemas';
+
+export const hasLargeValueItem = (
+  exceptionItems: Array<ExceptionListItemSchema | CreateExceptionListItemSchema>
+): boolean => {
+  return exceptionItems.some((exceptionItem) => hasLargeValueList(exceptionItem.entries));
+};
+
+export const hasLargeValueList = (entries: EntriesArray): boolean => {
+  const found = entries.filter(({ type }) => type === 'list');
+  return found.length > 0;
+};
+
+export const hasNestedEntry = (entries: EntriesArray): boolean => {
+  const found = entries.filter(({ type }) => type === 'nested');
+  return found.length > 0;
+};
diff --git a/x-pack/plugins/lists/common/shared_exports.ts b/x-pack/plugins/lists/common/shared_exports.ts
@@ -48,4 +48,6 @@ export {
   OsTypeArray,
 } from './schemas';
 
+export { buildExceptionFilter } from './exceptions';
+
 export { ENDPOINT_LIST_ID, ENDPOINT_TRUSTED_APPS_LIST_ID } from './constants';
diff --git a/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts b/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts
@@ -16,7 +16,7 @@ import {
   CreateExceptionListItemSchema,
 } from '../../../lists/common/schemas';
 import { ESBoolQuery } from '../typed_json';
-import { buildExceptionFilter } from './build_exceptions_filter';
+import { buildExceptionFilter } from '../shared_imports';
 import { Query, Language, Index, TimestampOverrideOrUndefined } from './schemas/common/schemas';
 
 export const getQueryFilter = (

diff --git a/x-pack/plugins/security_solution/common/detection_engine/types.ts b/x-pack/plugins/security_solution/common/detection_engine/types.ts
@@ -56,21 +56,3 @@ export interface EqlSearchResponse<T> {
     events?: Array<BaseHit<T>>;
   };
 }
-
-export interface BooleanFilter {
-  bool: {
-    must?: unknown | unknown[];
-    must_not?: unknown | unknown[];
-    should?: unknown[];
-    filter?: unknown | unknown[];
-    minimum_should_match?: number;
-  };
-}
-
-export interface NestedFilter {
-  nested: {
-    path: string;
-    query: unknown | unknown[];
-    score_mode: string;
-  };
-}
diff --git a/x-pack/plugins/security_solution/common/shared_imports.ts b/x-pack/plugins/security_solution/common/shared_imports.ts
@@ -47,4 +47,5 @@ export {
   ENDPOINT_TRUSTED_APPS_LIST_ID,
   osTypeArray,
   OsTypeArray,
+  buildExceptionFilter,
 } from '../../lists/common';
diff --git a/x-pack/plugins/security_solution/server/lib/machine_learning/index.ts b/x-pack/plugins/security_solution/server/lib/machine_learning/index.ts
@@ -7,7 +7,7 @@
 
 import { RequestParams } from '@elastic/elasticsearch';
 
-import { buildExceptionFilter } from '../../../common/detection_engine/build_exceptions_filter';
+import { buildExceptionFilter } from '../../../common/shared_imports';
 import { ExceptionListItemSchema } from '../../../../lists/common';
 import { AnomalyRecordDoc as Anomaly } from '../../../../ml/server';
 import { SearchResponse } from '../types';