Deduplication of entries and items before sending to endpoint #71297
Conversation
|
👀 |
| @@ -97,10 +97,18 @@ export function translateToEndpointExceptions( | |||
| exc: FoundExceptionListItemSchema, | |||
| schemaVersion: string | |||
| ): TranslatedExceptionListItem[] { | |||
| const entrySet = new Set(); | |||
There was a problem hiding this comment.
I think this would be cleaner using reduce with an accumulator that contains both the set and the filtered list... and then just return the list at the end. Or you could use filter, but using reduce could avoid the external state.
There was a problem hiding this comment.
I was going to use filter but avoided it because I thought it would just make things worse since I have to add to the set as well after checking if it exists.
There was a problem hiding this comment.
I think filter or reduce would be preferred over forEach here. My guess is that reduce will be the best fit, but again, I'm still learning.
There was a problem hiding this comment.
I agree with @madirey here. Using reduce as she describes would be cleaner. However, I think it would be better if we pulled out the super duper deduping logic out of this function and into a separate function. That way we could test that logic independently. translateToEndpointExceptions and translateItem should do only that, translation. Deduping might be better handled elsewhere.
There was a problem hiding this comment.
Not sure if I agree, pulling this out would still force us to keep some sort of state within the translation functions, and just move the Set methods elsewhere. Not much use in testing that separately I think.
I'll look into filter or reduce
There was a problem hiding this comment.
We talked and now we like this. 💯
| @@ -124,12 +132,17 @@ function translateItem( | |||
| schemaVersion: string, | |||
| item: ExceptionListItemSchema | |||
| ): TranslatedExceptionListItem { | |||
| const itemSet = new Set(); | |||
There was a problem hiding this comment.
Again you could use a custom accumulator here to avoid the global state... not sure how much of a problem it is, maybe get another opinion on it. Looks like it will work though.
There was a problem hiding this comment.
Not too well versed on this. Does this provide us with benefits other than syntactic sugar/style?
There was a problem hiding this comment.
@alexk307 I'm not the best authority on javascript, but my understanding is that it's best practice to avoid mutable state and mixed scope. This might not be so bad because itemSet is a const, but it's introducing a block scope variable that's (probably unnecessarily?) external to the scope of the reduce function.
|
Looks great! Good tests... I think I'd avoid the global state, but happy to hear other opinions on it. |
alexk307
added
v7.9.0
release_note:enhancement
release_note:fix
and removed
release_note:enhancement
labels
💚 Build SucceededBuild metrics
To update your PR or re-run it, just comment with: |
#71349) * Deduplication of entries and items before sending to endpoint * Renaming
…11y-overlay * 'master' of github.com:elastic/kibana: (33 commits) address index templates feedback (elastic#71353) Upgrade EUI to v26.3.1 (elastic#70243) [build] Creates Linux aarch64 archive (elastic#69165) [SIEM][Detection Engine] Fixes skipped tests (elastic#71347) [SIEM][Detection Engine][Lists] Adds read_privileges route for lists and list items [kbn/optimizer] implement "requiredBundles" property of KP plugins (elastic#70911) [Security Solution][Exceptions] - Exceptions modal pt 2 (elastic#70886) [ML] DF Analytics: stop status polling when job stopped (elastic#71159) [SIEM][CASE] IBM Resilient Connector (elastic#66385) jenkins_xpack_saved_objects_field_metrics.sh expects to be run from the KIBANA_DIR in CI Deduplication of entries and items before sending to endpoint (elastic#71297) [services/remote/webdriver] fix eslint error (elastic#71346) send slack notifications on visual baseline failures fix visual regression job (elastic#70999) [Ingest Manager] Add schema to usageCollector. (elastic#71219) [ftr] use typed chromeOptions object, adding TEST_BROWSER_BINARY_PATH (elastic#71279) [Ingest Manager] Fix limited packages incorrect response (elastic#71292) Support multiple features declaring same properties (elastic#71106) [Security_Solution][Resolver]Add beta badge to Resolver panel (elastic#71183) [DOCS] Clarify trial subscription levels (elastic#70636) ...
|
Pinging @elastic/siem (Team:SIEM) |
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Implements deduplication of entries and items in exception lists before they are converted and ultimately made available to the endpoint.
Checklist
Delete any items that are not applicable to this PR.
For maintainers