Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Value list exception support for all rule types #133254

Merged
merged 64 commits into from
Sep 19, 2022
Merged
Changes from 1 commit
Commits
Show all changes
64 commits
Select commit Hold shift + click to select a range
372a57b
first pass
dplumlee May 31, 2022
aae255f
adds more stuff
dplumlee Jun 1, 2022
aba9529
adds backend versions of existing logic
dplumlee Jun 27, 2022
f950db6
finishes exceptions route file
dplumlee Jun 28, 2022
ff92e13
updates frontend to use api
dplumlee Jun 29, 2022
9c994e2
fixes promise bug
dplumlee Jul 5, 2022
3235519
fixes some bugs
dplumlee Jul 13, 2022
05688a6
fixes merge conflicts
dplumlee Jul 20, 2022
c79d18e
adds ip_range list clause
dplumlee Aug 3, 2022
1e3793a
fixes merge stuff
dplumlee Aug 8, 2022
cbad017
modifies listClient and adds findAll api
dplumlee Aug 16, 2022
c59b42d
fix some stuff
dplumlee Aug 16, 2022
ec0e2aa
fix merge stuff
dplumlee Aug 16, 2022
32b2c3b
updates tests
dplumlee Aug 16, 2022
1a6f4cd
gets rid of unused files
dplumlee Aug 16, 2022
4c2f115
fixes some errors
dplumlee Aug 16, 2022
1ed2549
fix types
dplumlee Aug 16, 2022
57a5c24
fixes some tests
dplumlee Aug 18, 2022
866dffd
fixes more tests
dplumlee Aug 18, 2022
cd58786
fixes some more tests
dplumlee Aug 18, 2022
9f70d89
fixes logic on findAllListItems
dplumlee Aug 22, 2022
aaa816c
fixes some tests
dplumlee Aug 22, 2022
44c9549
fixes rest of jest tests
dplumlee Aug 22, 2022
599e634
just kidding now fixes rest of jest tests
dplumlee Aug 23, 2022
c9ecde6
fixes functional tests
dplumlee Aug 23, 2022
501d05c
adds unprocessable logic to build_exception_filter
dplumlee Aug 23, 2022
8c92237
makes unprocessedExceptions logic a bit cleaner
dplumlee Aug 24, 2022
e8d7dc3
fixes jest tests
dplumlee Aug 24, 2022
7c3c930
fixes other list types
dplumlee Aug 24, 2022
be6fd15
fix async problems
dplumlee Aug 24, 2022
f9a499d
omits text type list
dplumlee Aug 25, 2022
356dc95
changes some api stuff
dplumlee Aug 29, 2022
ea639f0
gets rid of consolelog
dplumlee Aug 29, 2022
cecffbd
removes timeout
dplumlee Aug 30, 2022
ea77f01
factors out exceptions logic to security wrapper
dplumlee Aug 30, 2022
9e4832d
fix merge stuff
dplumlee Aug 30, 2022
73c2f16
fix types
dplumlee Aug 30, 2022
0c1e91d
adds and fixes executor tests
dplumlee Aug 30, 2022
cf2d414
addresses comments
dplumlee Sep 7, 2022
13a804b
fix import
dplumlee Sep 7, 2022
99687ca
updates translations
dplumlee Sep 7, 2022
9bc36eb
updates names
dplumlee Sep 7, 2022
717f326
addresses other comments
dplumlee Sep 7, 2022
1164c79
fixes route init
dplumlee Sep 8, 2022
1a0709b
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 8, 2022
c0345f7
fixes text list bug
dplumlee Sep 10, 2022
b0c645f
fixes order
dplumlee Sep 10, 2022
6d6ca3c
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 12, 2022
185a479
addresses some comments
dplumlee Sep 12, 2022
eb9fc15
remove console log
dplumlee Sep 12, 2022
2f3c95b
fix type
dplumlee Sep 12, 2022
8e4d9c9
changes up chunking processes in build exception filter
dplumlee Sep 13, 2022
a81f3eb
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 13, 2022
b40936d
adds runtime mapping fields
dplumlee Sep 14, 2022
3644117
adds tests and changes api name
dplumlee Sep 14, 2022
e01d5a5
fixes types and imports
dplumlee Sep 14, 2022
48071ea
fixes types for sure this time
dplumlee Sep 14, 2022
1c3811c
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 15, 2022
28ea835
adds tests
dplumlee Sep 15, 2022
257c3f6
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 16, 2022
58a4829
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 19, 2022
235a099
Merge remote-tracking branch 'upstream/main' into value-list-exceptions
dplumlee Sep 19, 2022
903bfbd
fixes merge problems
dplumlee Sep 19, 2022
170cc51
fixes merge types
dplumlee Sep 19, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix types
dplumlee committed Sep 7, 2022
commit 73c2f1657258afdf0b9329fcd7c1e000c4674fef
Original file line number Diff line number Diff line change
@@ -6,11 +6,8 @@
*/

import type { ESFilter } from '@kbn/core/types/elasticsearch';
import { getExceptionListItemSchemaMock } from '@kbn/lists-plugin/common/schemas/response/exception_list_item_schema.mock';
import type { AnomaliesSearchParams } from '.';
import { getAnomalies } from '.';
import type { ListClient } from '@kbn/lists-plugin/server';
import { getListClientMock } from '@kbn/lists-plugin/server/services/lists/list_client.mock';

const getFiltersFromMock = (mock: jest.Mock) => {
const [[searchParams]] = mock.mock.calls;
@@ -22,29 +19,27 @@ const getBoolCriteriaFromFilters = (filters: ESFilter[]) =>

describe('getAnomalies', () => {
let searchParams: AnomaliesSearchParams;
let listClientMock: ListClient;

beforeEach(() => {
searchParams = {
jobIds: ['jobId1'],
threshold: 5,
earliestMs: 1588517231429,
latestMs: 1588617231429,
exceptionItems: [getExceptionListItemSchemaMock(), getExceptionListItemSchemaMock()],
filter: undefined,
};
listClientMock = getListClientMock();
});

it('calls the provided mlAnomalySearch function', async () => {
const mockMlAnomalySearch = jest.fn();
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);

expect(mockMlAnomalySearch).toHaveBeenCalled();
});

it('passes anomalyThreshold as part of the query', async () => {
const mockMlAnomalySearch = jest.fn();
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);
const filters = getFiltersFromMock(mockMlAnomalySearch);
const criteria = getBoolCriteriaFromFilters(filters);

@@ -55,7 +50,7 @@ describe('getAnomalies', () => {

it('passes time range as part of the query', async () => {
const mockMlAnomalySearch = jest.fn();
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);
const filters = getFiltersFromMock(mockMlAnomalySearch);
const criteria = getBoolCriteriaFromFilters(filters);

@@ -76,7 +71,7 @@ describe('getAnomalies', () => {

it('passes a single jobId as part of the query', async () => {
const mockMlAnomalySearch = jest.fn();
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);
const filters = getFiltersFromMock(mockMlAnomalySearch);
const criteria = getBoolCriteriaFromFilters(filters);

@@ -95,7 +90,7 @@ describe('getAnomalies', () => {
it('passes multiple jobIds as part of the query', async () => {
const mockMlAnomalySearch = jest.fn();
searchParams.jobIds = ['jobId1', 'jobId2'];
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);
const filters = getFiltersFromMock(mockMlAnomalySearch);
const criteria = getBoolCriteriaFromFilters(filters);

@@ -113,7 +108,7 @@ describe('getAnomalies', () => {

it('ignores anomalies that do not have finalized scores', async () => {
const mockMlAnomalySearch = jest.fn();
await getAnomalies(searchParams, mockMlAnomalySearch, listClientMock);
await getAnomalies(searchParams, mockMlAnomalySearch);
const filters = getFiltersFromMock(mockMlAnomalySearch);

expect(filters).toEqual(