From f5fc40134860a474cf1ab9fc11b5b1da15d95cbd Mon Sep 17 00:00:00 2001 From: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Date: Wed, 9 Sep 2020 13:26:19 -0400 Subject: [PATCH] [7.9] [Security Solution] add an excess validation instead of the exact match (#76472) (#76637) * [Security Solution] add an excess validation instead of the exact match (#76472) * add an excess validation instead of the exact match * fix readble type + unit test * review I * remove buildRouteValidation to use buildRouteValidationWithExcess * fix test --- .../routes/__mocks__/request_responses.ts | 16 +- .../routes/clean_draft_timelines_route.ts | 4 +- .../timeline/routes/create_timelines_route.ts | 4 +- .../routes/export_timelines_route.test.ts | 4 +- .../timeline/routes/export_timelines_route.ts | 6 +- .../routes/get_draft_timelines_route.ts | 4 +- .../lib/timeline/routes/get_timeline_route.ts | 4 +- .../routes/import_timelines_route.test.ts | 108 ++++---- .../timeline/routes/import_timelines_route.ts | 7 +- .../routes/schemas/create_timelines_schema.ts | 10 +- .../routes/schemas/export_timelines_schema.ts | 8 +- .../schemas/get_timeline_by_id_schema.ts | 11 +- .../routes/schemas/import_timelines_schema.ts | 31 ++- .../timeline/routes/update_timelines_route.ts | 4 +- .../build_validation/route_validation.test.ts | 245 +++++++++++++----- .../build_validation/route_validation.ts | 18 ++ .../server/utils/runtime_types.ts | 130 ++++++++++ 17 files changed, 442 insertions(+), 172 deletions(-) create mode 100644 x-pack/plugins/security_solution/server/utils/runtime_types.ts diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts index c5d69398b7f0c..026ec1fa847f9 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts @@ -3,8 +3,9 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ + +import path, { join, resolve } from 'path'; import * as rt from 'io-ts'; -import stream from 'stream'; import { TIMELINE_DRAFT_URL, @@ -20,8 +21,8 @@ import { requestMock } from '../../../detection_engine/routes/__mocks__'; import { updateTimelineSchema } from '../schemas/update_timelines_schema'; import { createTimelineSchema } from '../schemas/create_timelines_schema'; import { GetTimelineByIdSchemaQuery } from '../schemas/get_timeline_by_id_schema'; +import { getReadables } from '../utils/common'; -const readable = new stream.Readable(); export const getExportTimelinesRequest = () => requestMock.create({ method: 'get', @@ -34,15 +35,20 @@ export const getExportTimelinesRequest = () => }, }); -export const getImportTimelinesRequest = (filename?: string) => - requestMock.create({ +export const getImportTimelinesRequest = async (fileName?: string) => { + const dir = resolve(join(__dirname, '../../../detection_engine/rules/prepackaged_timelines')); + const file = fileName ?? 'index.ndjson'; + const dataPath = path.join(dir, file); + const readable = await getReadables(dataPath); + return requestMock.create({ method: 'post', path: TIMELINE_IMPORT_URL, query: { overwrite: false }, body: { - file: { ...readable, hapi: { filename: filename ?? 'filename.ndjson' } }, + file: { ...readable, hapi: { filename: file } }, }, }); +}; export const inputTimeline: SavedTimeline = { columns: [ diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/clean_draft_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/clean_draft_timelines_route.ts index 8cabd84a965b7..67fc3167a4a29 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/clean_draft_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/clean_draft_timelines_route.ts @@ -11,7 +11,7 @@ import { transformError, buildSiemResponse } from '../../detection_engine/routes import { TIMELINE_DRAFT_URL } from '../../../../common/constants'; import { buildFrameworkRequest } from './utils/common'; import { SetupPlugins } from '../../../plugin'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { getDraftTimeline, resetTimeline, getTimeline, persistTimeline } from '../saved_object'; import { draftTimelineDefaults } from '../default_timeline'; import { cleanDraftTimelineSchema } from './schemas/clean_draft_timelines_schema'; @@ -26,7 +26,7 @@ export const cleanDraftTimelinesRoute = ( { path: TIMELINE_DRAFT_URL, validate: { - body: buildRouteValidation(cleanDraftTimelineSchema), + body: buildRouteValidationWithExcess(cleanDraftTimelineSchema), }, options: { tags: ['access:securitySolution'], diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/create_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/create_timelines_route.ts index 7abcb390d0221..77cd49406baa1 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/create_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/create_timelines_route.ts @@ -9,7 +9,7 @@ import { TIMELINE_URL } from '../../../../common/constants'; import { ConfigType } from '../../..'; import { SetupPlugins } from '../../../plugin'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { transformError, buildSiemResponse } from '../../detection_engine/routes/utils'; @@ -31,7 +31,7 @@ export const createTimelinesRoute = ( { path: TIMELINE_URL, validate: { - body: buildRouteValidation(createTimelineSchema), + body: buildRouteValidationWithExcess(createTimelineSchema), }, options: { tags: ['access:securitySolution'], diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts index a6f0ce232fa7b..cc50ae3b167f2 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts @@ -96,7 +96,7 @@ describe('export timelines', () => { const result = server.validate(request); expect(result.badRequest.mock.calls[0][0]).toEqual( - 'Invalid value "undefined" supplied to "file_name"' + 'Invalid value {"id":"someId"}, excess properties: ["id"]' ); }); @@ -110,7 +110,7 @@ describe('export timelines', () => { const result = server.validate(request); expect(result.badRequest.mock.calls[0][0]).toEqual( - 'Invalid value "someId" supplied to "ids",Invalid value "someId" supplied to "ids",Invalid value "{"ids":"someId"}" supplied to "(Partial<{ ids: (Array | null) }> | null)"' + 'Invalid value "someId" supplied to "ids",Invalid value "someId" supplied to "ids"' ); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.ts index 89e38753ac926..38ee51fb7aa0c 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.ts @@ -14,7 +14,7 @@ import { exportTimelinesQuerySchema, exportTimelinesRequestBodySchema, } from './schemas/export_timelines_schema'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { buildFrameworkRequest } from './utils/common'; import { SetupPlugins } from '../../../plugin'; @@ -27,8 +27,8 @@ export const exportTimelinesRoute = ( { path: TIMELINE_EXPORT_URL, validate: { - query: buildRouteValidation(exportTimelinesQuerySchema), - body: buildRouteValidation(exportTimelinesRequestBodySchema), + query: buildRouteValidationWithExcess(exportTimelinesQuerySchema), + body: buildRouteValidationWithExcess(exportTimelinesRequestBodySchema), }, options: { tags: ['access:securitySolution'], diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/get_draft_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/get_draft_timelines_route.ts index 4db434ec816aa..43129f0e15f0e 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/get_draft_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/get_draft_timelines_route.ts @@ -10,7 +10,7 @@ import { transformError, buildSiemResponse } from '../../detection_engine/routes import { TIMELINE_DRAFT_URL } from '../../../../common/constants'; import { buildFrameworkRequest } from './utils/common'; import { SetupPlugins } from '../../../plugin'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { getDraftTimeline, persistTimeline } from '../saved_object'; import { draftTimelineDefaults } from '../default_timeline'; import { getDraftTimelineSchema } from './schemas/get_draft_timelines_schema'; @@ -24,7 +24,7 @@ export const getDraftTimelinesRoute = ( { path: TIMELINE_DRAFT_URL, validate: { - query: buildRouteValidation(getDraftTimelineSchema), + query: buildRouteValidationWithExcess(getDraftTimelineSchema), }, options: { tags: ['access:securitySolution'], diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/get_timeline_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/get_timeline_route.ts index f36adb648cc03..e46a644d6820e 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/get_timeline_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/get_timeline_route.ts @@ -10,7 +10,7 @@ import { TIMELINE_URL } from '../../../../common/constants'; import { ConfigType } from '../../..'; import { SetupPlugins } from '../../../plugin'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { buildSiemResponse, transformError } from '../../detection_engine/routes/utils'; @@ -28,7 +28,7 @@ export const getTimelineRoute = ( router.get( { path: `${TIMELINE_URL}`, - validate: { query: buildRouteValidation(getTimelineByIdSchemaQuery) }, + validate: { query: buildRouteValidationWithExcess(getTimelineByIdSchemaQuery) }, options: { tags: ['access:securitySolution'], }, diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.test.ts index 2ad6c5d6fff60..15862caf147ea 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.test.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.test.ts @@ -155,31 +155,31 @@ describe('import timelines', () => { }); test('should use given timelineId to check if the timeline savedObject already exist', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetTimeline.mock.calls[0][1]).toEqual(mockUniqueParsedObjects[0].savedObjectId); }); test('should Create a new timeline savedObject', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline).toHaveBeenCalled(); }); test('should Create a new timeline savedObject without timelineId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][1]).toBeNull(); }); test('should Create a new timeline savedObject without timeline version', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][2]).toBeNull(); }); test('should Create a new timeline savedObject with given timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][3]).toEqual({ ...mockParsedTimelineObject, @@ -199,7 +199,7 @@ describe('import timelines', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, @@ -219,19 +219,19 @@ describe('import timelines', () => { }); test('should Create new pinned events', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline).toHaveBeenCalled(); }); test('should Create a new pinned event without pinnedEventSavedObjectId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline.mock.calls[0][1]).toBeNull(); }); test('should Create a new pinned event with pinnedEventId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline.mock.calls[0][2]).toEqual( mockUniqueParsedObjects[0].pinnedEventIds[0] @@ -239,7 +239,7 @@ describe('import timelines', () => { }); test('should Create a new pinned event with new timelineSavedObjectId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline.mock.calls[0][3]).toEqual( mockCreatedTimeline.savedObjectId @@ -247,7 +247,7 @@ describe('import timelines', () => { }); test('should Check if note exists', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetNote.mock.calls[0][1]).toEqual( mockUniqueParsedObjects[0].globalNotes[0].noteId @@ -255,31 +255,31 @@ describe('import timelines', () => { }); test('should Create notes', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote).toHaveBeenCalled(); }); test('should provide no noteSavedObjectId when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][1]).toBeNull(); }); test('should provide new timeline version when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][1]).toBeNull(); }); test('should provide note content when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][2]).toEqual(mockCreatedTimeline.version); }); test('should provide new notes with original author info when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][3]).toEqual({ eventId: undefined, @@ -314,7 +314,7 @@ describe('import timelines', () => { mockGetNote.mockReset(); mockGetNote.mockRejectedValue(new Error()); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][3]).toEqual({ created: mockUniqueParsedObjects[0].globalNotes[0].created, @@ -346,7 +346,8 @@ describe('import timelines', () => { }); test('returns 200 when import timeline successfully', async () => { - const response = await server.inject(getImportTimelinesRequest(), context); + const mockRequest = await getImportTimelinesRequest(); + const response = await server.inject(mockRequest, context); expect(response.status).toEqual(200); }); }); @@ -379,7 +380,8 @@ describe('import timelines', () => { }); test('returns error message', async () => { - const response = await server.inject(getImportTimelinesRequest(), context); + const mockRequest = await getImportTimelinesRequest(); + const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, success_count: 0, @@ -407,7 +409,7 @@ describe('import timelines', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, @@ -436,7 +438,7 @@ describe('import timelines', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, @@ -494,10 +496,7 @@ describe('import timelines', () => { const result = server.validate(request); expect(result.badRequest).toHaveBeenCalledWith( - [ - 'Invalid value "undefined" supplied to "file"', - 'Invalid value "undefined" supplied to "file"', - ].join(',') + 'Invalid value {"id":"someId"}, excess properties: ["id"]' ); }); }); @@ -595,7 +594,7 @@ describe('import timeline templates', () => { }); test('should use given timelineId to check if the timeline savedObject already exist', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetTimeline.mock.calls[0][1]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].savedObjectId @@ -603,7 +602,7 @@ describe('import timeline templates', () => { }); test('should use given templateTimelineId to check if the timeline savedObject already exist', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetTemplateTimeline.mock.calls[0][1]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].templateTimelineId @@ -611,25 +610,25 @@ describe('import timeline templates', () => { }); test('should Create a new timeline savedObject', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline).toHaveBeenCalled(); }); test('should Create a new timeline savedObject without timelineId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][1]).toBeNull(); }); test('should Create a new timeline savedObject without timeline version', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][2]).toBeNull(); }); test('should Create a new timeline savedObject witn given timeline and skip the omitted fields', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][3]).toEqual({ ...mockParsedTemplateTimelineObject, @@ -638,25 +637,25 @@ describe('import timeline templates', () => { }); test('should NOT Create new pinned events', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline).not.toHaveBeenCalled(); }); test('should provide no noteSavedObjectId when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][1]).toBeNull(); }); test('should provide new timeline version when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][2]).toEqual(mockCreatedTemplateTimeline.version); }); test('should exclude event notes when creating notes', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][3]).toEqual({ eventId: undefined, @@ -670,7 +669,8 @@ describe('import timeline templates', () => { }); test('returns 200 when import timeline successfully', async () => { - const response = await server.inject(getImportTimelinesRequest(), context); + const mockRequest = await getImportTimelinesRequest(); + const response = await server.inject(mockRequest, context); expect(response.status).toEqual(200); }); @@ -684,7 +684,7 @@ describe('import timeline templates', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][3].templateTimelineId).toEqual( mockNewTemplateTimelineId @@ -702,7 +702,7 @@ describe('import timeline templates', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const result = await server.inject(mockRequest, context); expect(result.body).toEqual({ errors: [], @@ -746,7 +746,7 @@ describe('import timeline templates', () => { }); test('should use given timelineId to check if the timeline savedObject already exist', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetTimeline.mock.calls[0][1]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].savedObjectId @@ -754,7 +754,7 @@ describe('import timeline templates', () => { }); test('should use given templateTimelineId to check if the timeline savedObject already exist', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockGetTemplateTimeline.mock.calls[0][1]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].templateTimelineId @@ -762,13 +762,13 @@ describe('import timeline templates', () => { }); test('should UPDATE timeline savedObject', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline).toHaveBeenCalled(); }); test('should UPDATE timeline savedObject with timelineId', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][1]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].savedObjectId @@ -776,7 +776,7 @@ describe('import timeline templates', () => { }); test('should UPDATE timeline savedObject without timeline version', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][2]).toEqual( mockUniqueParsedTemplateTimelineObjects[0].version @@ -784,31 +784,31 @@ describe('import timeline templates', () => { }); test('should UPDATE a new timeline savedObject witn given timeline and skip the omitted fields', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistTimeline.mock.calls[0][3]).toEqual(mockParsedTemplateTimelineObject); }); test('should NOT Create new pinned events', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistPinnedEventOnTimeline).not.toHaveBeenCalled(); }); test('should provide noteSavedObjectId when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][1]).toBeNull(); }); test('should provide new timeline version when Creating notes for a timeline', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][2]).toEqual(mockCreatedTemplateTimeline.version); }); test('should exclude event notes when creating notes', async () => { - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); await server.inject(mockRequest, context); expect(mockPersistNote.mock.calls[0][3]).toEqual({ eventId: undefined, @@ -822,7 +822,8 @@ describe('import timeline templates', () => { }); test('returns 200 when import timeline successfully', async () => { - const response = await server.inject(getImportTimelinesRequest(), context); + const mockRequest = await getImportTimelinesRequest(); + const response = await server.inject(mockRequest, context); expect(response.status).toEqual(200); }); @@ -836,7 +837,7 @@ describe('import timeline templates', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, @@ -865,7 +866,7 @@ describe('import timeline templates', () => { }, ], ]); - const mockRequest = getImportTimelinesRequest(); + const mockRequest = await getImportTimelinesRequest(); const response = await server.inject(mockRequest, context); expect(response.body).toEqual({ success: false, @@ -923,10 +924,7 @@ describe('import timeline templates', () => { const result = server.validate(request); expect(result.badRequest).toHaveBeenCalledWith( - [ - 'Invalid value "undefined" supplied to "file"', - 'Invalid value "undefined" supplied to "file"', - ].join(',') + 'Invalid value {"id":"someId"}, excess properties: ["id"]' ); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.ts index c93983e499fb5..811d4531b86a7 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/import_timelines_route.ts @@ -5,6 +5,7 @@ */ import { extname } from 'path'; +import { Readable } from 'stream'; import { IRouter } from '../../../../../../../src/core/server'; @@ -12,7 +13,7 @@ import { TIMELINE_IMPORT_URL } from '../../../../common/constants'; import { SetupPlugins } from '../../../plugin'; import { ConfigType } from '../../../config'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { buildSiemResponse, transformError } from '../../detection_engine/routes/utils'; import { importTimelines } from './utils/import_timelines'; @@ -28,7 +29,7 @@ export const importTimelinesRoute = ( { path: `${TIMELINE_IMPORT_URL}`, validate: { - body: buildRouteValidation(ImportTimelinesPayloadSchemaRt), + body: buildRouteValidationWithExcess(ImportTimelinesPayloadSchemaRt), }, options: { tags: ['access:securitySolution'], @@ -60,7 +61,7 @@ export const importTimelinesRoute = ( const frameworkRequest = await buildFrameworkRequest(context, security, request); const res = await importTimelines( - file, + (file as unknown) as Readable, config.maxTimelineImportExportSize, frameworkRequest, isImmutable === 'true' diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/create_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/create_timelines_schema.ts index 241d266a14c78..8d542201f6108 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/create_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/create_timelines_schema.ts @@ -5,7 +5,11 @@ */ import * as rt from 'io-ts'; -import { SavedTimelineRuntimeType } from '../../../../../common/types/timeline'; +import { + SavedTimelineRuntimeType, + TimelineStatusLiteralRt, + TimelineTypeLiteralRt, +} from '../../../../../common/types/timeline'; import { unionWithNullType } from '../../../../../common/utility_types'; export const createTimelineSchema = rt.intersection([ @@ -13,7 +17,11 @@ export const createTimelineSchema = rt.intersection([ timeline: SavedTimelineRuntimeType, }), rt.partial({ + status: unionWithNullType(TimelineStatusLiteralRt), timelineId: unionWithNullType(rt.string), + templateTimelineId: unionWithNullType(rt.string), + templateTimelineVersion: unionWithNullType(rt.number), + timelineType: unionWithNullType(TimelineTypeLiteralRt), version: unionWithNullType(rt.string), }), ]); diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts index ce8eb93bdbdbd..4599d2bb571a2 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts @@ -11,8 +11,6 @@ export const exportTimelinesQuerySchema = rt.type({ file_name: rt.string, }); -export const exportTimelinesRequestBodySchema = unionWithNullType( - rt.partial({ - ids: unionWithNullType(rt.array(rt.string)), - }) -); +export const exportTimelinesRequestBodySchema = rt.partial({ + ids: unionWithNullType(rt.array(rt.string)), +}); diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/get_timeline_by_id_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/get_timeline_by_id_schema.ts index 65c956ed60440..2c6098bc75500 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/get_timeline_by_id_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/get_timeline_by_id_schema.ts @@ -4,13 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ import * as rt from 'io-ts'; -import { unionWithNullType } from '../../../../../common/utility_types'; -export const getTimelineByIdSchemaQuery = unionWithNullType( - rt.partial({ - template_timeline_id: rt.string, - id: rt.string, - }) -); +export const getTimelineByIdSchemaQuery = rt.partial({ + template_timeline_id: rt.string, + id: rt.string, +}); export type GetTimelineByIdSchemaQuery = rt.TypeOf; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/import_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/import_timelines_schema.ts index afce9d6cdcb24..89f3f9ddec1fc 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/import_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/import_timelines_schema.ts @@ -5,9 +5,6 @@ */ import * as rt from 'io-ts'; -import { Readable } from 'stream'; -import { either } from 'fp-ts/lib/Either'; - import { SavedTimelineRuntimeType } from '../../../../../common/types/timeline'; import { eventNotes, globalNotes, pinnedEventIds } from './schemas'; @@ -28,16 +25,17 @@ export const ImportTimelinesSchemaRt = rt.intersection([ export type ImportTimelinesSchema = rt.TypeOf; -const ReadableRt = new rt.Type( - 'ReadableRt', - (u): u is Readable => u instanceof Readable, - (u, c) => - either.chain(rt.object.validate(u, c), (s) => { - const d = s as Readable; - return d.readable ? rt.success(d) : rt.failure(u, c); - }), - (a) => a -); +const ReadableRt = rt.partial({ + _maxListeners: rt.unknown, + _readableState: rt.unknown, + _read: rt.unknown, + readable: rt.boolean, + _events: rt.unknown, + _eventsCount: rt.number, + _data: rt.unknown, + _position: rt.number, + _encoding: rt.string, +}); const booleanInString = rt.union([rt.literal('true'), rt.literal('false')]); @@ -46,9 +44,14 @@ export const ImportTimelinesPayloadSchemaRt = rt.intersection([ file: rt.intersection([ ReadableRt, rt.type({ - hapi: rt.type({ filename: rt.string }), + hapi: rt.type({ + filename: rt.string, + headers: rt.unknown, + }), }), ]), }), rt.partial({ isImmutable: booleanInString }), ]); + +export type ImportTimelinesPayloadSchema = rt.TypeOf; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/update_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/update_timelines_route.ts index a622ee9b15706..0cf4467a42f66 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/update_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/update_timelines_route.ts @@ -9,7 +9,7 @@ import { IRouter } from '../../../../../../../src/core/server'; import { TIMELINE_URL } from '../../../../common/constants'; import { SetupPlugins } from '../../../plugin'; -import { buildRouteValidation } from '../../../utils/build_validation/route_validation'; +import { buildRouteValidationWithExcess } from '../../../utils/build_validation/route_validation'; import { ConfigType } from '../../..'; import { transformError, buildSiemResponse } from '../../detection_engine/routes/utils'; @@ -28,7 +28,7 @@ export const updateTimelinesRoute = ( { path: TIMELINE_URL, validate: { - body: buildRouteValidation(updateTimelineSchema), + body: buildRouteValidationWithExcess(updateTimelineSchema), }, options: { tags: ['access:securitySolution'], diff --git a/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.test.ts b/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.test.ts index 9559e442e2159..ffc12d2bce261 100644 --- a/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.test.ts +++ b/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.test.ts @@ -3,84 +3,195 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - -import { buildRouteValidation } from './route_validation'; import * as rt from 'io-ts'; import { RouteValidationResultFactory } from 'src/core/server'; -describe('buildRouteValidation', () => { - const schema = rt.exact( - rt.type({ - ids: rt.array(rt.string), - }) - ); - type Schema = rt.TypeOf; - - /** - * If your schema is using exact all the way down then the validation will - * catch any additional keys that should not be present within the validation - * when the route_validation uses the exact check. - */ - const deepSchema = rt.exact( - rt.type({ - topLevel: rt.exact( - rt.type({ - secondLevel: rt.exact( - rt.type({ - thirdLevel: rt.string, - }) - ), - }) - ), - }) - ); - type DeepSchema = rt.TypeOf; - - const validationResult: RouteValidationResultFactory = { - ok: jest.fn().mockImplementation((validatedInput) => validatedInput), - badRequest: jest.fn().mockImplementation((e) => e), - }; - - beforeEach(() => { - jest.clearAllMocks(); - }); +import { buildRouteValidation, buildRouteValidationWithExcess } from './route_validation'; - test('return validation error', () => { - const input: Omit & { id: string } = { id: 'someId' }; - const result = buildRouteValidation(schema)(input, validationResult); +describe('Route Validation with ', () => { + describe('buildRouteValidation', () => { + const schema = rt.exact( + rt.type({ + ids: rt.array(rt.string), + }) + ); + type Schema = rt.TypeOf; - expect(result).toEqual('Invalid value "undefined" supplied to "ids"'); - }); + /** + * If your schema is using exact all the way down then the validation will + * catch any additional keys that should not be present within the validation + * when the route_validation uses the exact check. + */ + const deepSchema = rt.exact( + rt.type({ + topLevel: rt.exact( + rt.type({ + secondLevel: rt.exact( + rt.type({ + thirdLevel: rt.string, + }) + ), + }) + ), + }) + ); + type DeepSchema = rt.TypeOf; - test('return validated input', () => { - const input: Schema = { ids: ['someId'] }; - const result = buildRouteValidation(schema)(input, validationResult); + const validationResult: RouteValidationResultFactory = { + ok: jest.fn().mockImplementation((validatedInput) => validatedInput), + badRequest: jest.fn().mockImplementation((e) => e), + }; - expect(result).toEqual(input); - }); + beforeEach(() => { + jest.clearAllMocks(); + }); - test('returns validation error if given extra keys on input for an array', () => { - const input: Schema & { somethingExtra: string } = { - ids: ['someId'], - somethingExtra: 'hello', - }; - const result = buildRouteValidation(schema)(input, validationResult); - expect(result).toEqual('invalid keys "somethingExtra"'); - }); + test('return validation error', () => { + const input: Omit & { id: string } = { id: 'someId' }; + const result = buildRouteValidation(schema)(input, validationResult); + + expect(result).toEqual('Invalid value "undefined" supplied to "ids"'); + }); + + test('return validated input', () => { + const input: Schema = { ids: ['someId'] }; + const result = buildRouteValidation(schema)(input, validationResult); + + expect(result).toEqual(input); + }); - test('return validation input for a deep 3rd level object', () => { - const input: DeepSchema = { topLevel: { secondLevel: { thirdLevel: 'hello' } } }; - const result = buildRouteValidation(deepSchema)(input, validationResult); - expect(result).toEqual(input); + test('returns validation error if given extra keys on input for an array', () => { + const input: Schema & { somethingExtra: string } = { + ids: ['someId'], + somethingExtra: 'hello', + }; + const result = buildRouteValidation(schema)(input, validationResult); + expect(result).toEqual('invalid keys "somethingExtra"'); + }); + + test('return validation input for a deep 3rd level object', () => { + const input: DeepSchema = { topLevel: { secondLevel: { thirdLevel: 'hello' } } }; + const result = buildRouteValidation(deepSchema)(input, validationResult); + expect(result).toEqual(input); + }); + + test('return validation error for a deep 3rd level object that has an extra key value of "somethingElse"', () => { + const input: DeepSchema & { + topLevel: { secondLevel: { thirdLevel: string; somethingElse: string } }; + } = { + topLevel: { secondLevel: { thirdLevel: 'hello', somethingElse: 'extraKey' } }, + }; + const result = buildRouteValidation(deepSchema)(input, validationResult); + expect(result).toEqual('invalid keys "somethingElse"'); + }); }); - test('return validation error for a deep 3rd level object that has an extra key value of "somethingElse"', () => { - const input: DeepSchema & { - topLevel: { secondLevel: { thirdLevel: string; somethingElse: string } }; - } = { - topLevel: { secondLevel: { thirdLevel: 'hello', somethingElse: 'extraKey' } }, + describe('buildRouteValidationwithExcess', () => { + const schema = rt.type({ + ids: rt.array(rt.string), + }); + type Schema = rt.TypeOf; + + /** + * If your schema is using exact all the way down then the validation will + * catch any additional keys that should not be present within the validation + * when the route_validation uses the exact check. + */ + const deepSchema = rt.type({ + topLevel: rt.type({ + secondLevel: rt.type({ + thirdLevel: rt.string, + }), + }), + }); + type DeepSchema = rt.TypeOf; + + const validationResult: RouteValidationResultFactory = { + ok: jest.fn().mockImplementation((validatedInput) => validatedInput), + badRequest: jest.fn().mockImplementation((e) => e), }; - const result = buildRouteValidation(deepSchema)(input, validationResult); - expect(result).toEqual('invalid keys "somethingElse"'); + + beforeEach(() => { + jest.clearAllMocks(); + }); + beforeEach(() => { + jest.clearAllMocks(); + }); + + test('return validation error', () => { + const input: Omit & { id: string } = { id: 'someId' }; + const result = buildRouteValidationWithExcess(schema)(input, validationResult); + + expect(result).toEqual('Invalid value {"id":"someId"}, excess properties: ["id"]'); + }); + + test('return validation error with intersection', () => { + const schemaI = rt.intersection([ + rt.type({ + ids: rt.array(rt.string), + }), + rt.partial({ + valid: rt.array(rt.string), + }), + ]); + type SchemaI = rt.TypeOf; + const input: Omit & { id: string } = { id: 'someId', valid: ['yes'] }; + const result = buildRouteValidationWithExcess(schemaI)(input, validationResult); + + expect(result).toEqual( + 'Invalid value {"id":"someId","valid":["yes"]}, excess properties: ["id"]' + ); + }); + + test('return NO validation error with a partial intersection', () => { + const schemaI = rt.intersection([ + rt.type({ + id: rt.array(rt.string), + }), + rt.partial({ + valid: rt.array(rt.string), + }), + ]); + const input = { id: ['someId'] }; + const result = buildRouteValidationWithExcess(schemaI)(input, validationResult); + + expect(result).toEqual({ id: ['someId'] }); + }); + + test('return validated input', () => { + const input: Schema = { ids: ['someId'] }; + const result = buildRouteValidationWithExcess(schema)(input, validationResult); + + expect(result).toEqual(input); + }); + + test('returns validation error if given extra keys on input for an array', () => { + const input: Schema & { somethingExtra: string } = { + ids: ['someId'], + somethingExtra: 'hello', + }; + const result = buildRouteValidationWithExcess(schema)(input, validationResult); + expect(result).toEqual( + 'Invalid value {"ids":["someId"],"somethingExtra":"hello"}, excess properties: ["somethingExtra"]' + ); + }); + + test('return validation input for a deep 3rd level object', () => { + const input: DeepSchema = { topLevel: { secondLevel: { thirdLevel: 'hello' } } }; + const result = buildRouteValidationWithExcess(deepSchema)(input, validationResult); + expect(result).toEqual(input); + }); + + test('return validation error for a deep 3rd level object that has an extra key value of "somethingElse"', () => { + const input: DeepSchema & { + topLevel: { secondLevel: { thirdLevel: string; somethingElse: string } }; + } = { + topLevel: { secondLevel: { thirdLevel: 'hello', somethingElse: 'extraKey' } }, + }; + const result = buildRouteValidationWithExcess(deepSchema)(input, validationResult); + expect(result).toEqual( + 'Invalid value {"topLevel":{"secondLevel":{"thirdLevel":"hello","somethingElse":"extraKey"}}}, excess properties: ["somethingElse"]' + ); + }); }); }); diff --git a/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.ts b/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.ts index d7ab9affa6c1c..51f807d6aad81 100644 --- a/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.ts +++ b/x-pack/plugins/security_solution/server/utils/build_validation/route_validation.ts @@ -14,6 +14,7 @@ import { RouteValidationResultFactory, RouteValidationError, } from '../../../../../../src/core/server'; +import { excess, GenericIntersectionC } from '../runtime_types'; type RequestValidationResult = | { @@ -39,3 +40,20 @@ export const buildRouteValidation = >( (validatedInput: A) => validationResult.ok(validatedInput) ) ); + +export const buildRouteValidationWithExcess = < + T extends rt.InterfaceType | GenericIntersectionC | rt.PartialType, + A = rt.TypeOf +>( + schema: T +): RouteValidationFunction => ( + inputValue: unknown, + validationResult: RouteValidationResultFactory +) => + pipe( + excess(schema).decode(inputValue), + fold>( + (errors: rt.Errors) => validationResult.badRequest(formatErrors(errors).join()), + (validatedInput: A) => validationResult.ok(validatedInput) + ) + ); diff --git a/x-pack/plugins/security_solution/server/utils/runtime_types.ts b/x-pack/plugins/security_solution/server/utils/runtime_types.ts new file mode 100644 index 0000000000000..7177cc5765f8a --- /dev/null +++ b/x-pack/plugins/security_solution/server/utils/runtime_types.ts @@ -0,0 +1,130 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { either, fold } from 'fp-ts/lib/Either'; +import { identity } from 'fp-ts/lib/function'; +import { pipe } from 'fp-ts/lib/pipeable'; +import * as rt from 'io-ts'; +import { failure } from 'io-ts/lib/PathReporter'; +import get from 'lodash/get'; + +type ErrorFactory = (message: string) => Error; + +export type GenericIntersectionC = + // eslint-disable-next-line @typescript-eslint/no-explicit-any + | rt.IntersectionC<[any, any]> + // eslint-disable-next-line @typescript-eslint/no-explicit-any + | rt.IntersectionC<[any, any, any]> + // eslint-disable-next-line @typescript-eslint/no-explicit-any + | rt.IntersectionC<[any, any, any, any]> + // eslint-disable-next-line @typescript-eslint/no-explicit-any + | rt.IntersectionC<[any, any, any, any, any]>; + +export const createPlainError = (message: string) => new Error(message); + +export const throwErrors = (createError: ErrorFactory) => (errors: rt.Errors) => { + throw createError(failure(errors).join('\n')); +}; + +export const decodeOrThrow = ( + runtimeType: rt.Type, + createError: ErrorFactory = createPlainError +) => (inputValue: I) => + pipe(runtimeType.decode(inputValue), fold(throwErrors(createError), identity)); + +const getProps = ( + codec: + | rt.HasProps + // eslint-disable-next-line @typescript-eslint/no-explicit-any + | rt.RecordC + | GenericIntersectionC +): rt.Props | null => { + if (codec == null) { + return null; + } + switch (codec._tag) { + case 'DictionaryType': + if (codec.codomain.props != null) { + return codec.codomain.props; + } + const dTypes: rt.HasProps[] = codec.codomain.types; + return dTypes.reduce((props, type) => Object.assign(props, getProps(type)), {}); + case 'RefinementType': + case 'ReadonlyType': + return getProps(codec.type); + case 'InterfaceType': + case 'StrictType': + case 'PartialType': + return codec.props; + case 'IntersectionType': + const iTypes = codec.types as rt.HasProps[]; + return iTypes.reduce((props, type) => { + return Object.assign(props, getProps(type) as rt.Props); + }, {} as rt.Props) as rt.Props; + default: + return null; + } +}; + +const getExcessProps = ( + // eslint-disable-next-line @typescript-eslint/no-explicit-any + props: rt.Props | rt.RecordC, + // eslint-disable-next-line @typescript-eslint/no-explicit-any + r: any +): string[] => { + return Object.keys(r).reduce((acc, k) => { + const codecChildren = get(props, [k]); + const childrenProps = getProps(codecChildren); + const childrenObject = r[k] as Record; + if (codecChildren != null && childrenProps != null && codecChildren._tag === 'DictionaryType') { + const keys = Object.keys(childrenObject); + return [ + ...acc, + ...keys.reduce( + (kAcc, i) => [...kAcc, ...getExcessProps(childrenProps, childrenObject[i])], + [] + ), + ]; + } + if (codecChildren != null && childrenProps != null) { + return [...acc, ...getExcessProps(childrenProps, childrenObject)]; + } else if (codecChildren == null) { + return [...acc, k]; + } + return acc; + }, []); +}; + +export const excess = < + C extends rt.InterfaceType | GenericIntersectionC | rt.PartialType +>( + codec: C +): C => { + const codecProps = getProps(codec); + + const r = new rt.InterfaceType( + codec.name, + codec.is, + (i, c) => + either.chain(rt.UnknownRecord.validate(i, c), (s) => { + if (codecProps == null) { + return rt.failure(i, c, 'unknown codec'); + } + const ex = getExcessProps(codecProps, s); + + return ex.length > 0 + ? rt.failure( + i, + c, + `Invalid value ${JSON.stringify(i)}, excess properties: ${JSON.stringify(ex)}` + ) + : codec.validate(i, c); + }), + codec.encode, + codecProps + ); + return r as C; +};