Cleanup embedded components

[gdiazlo]

Describe the solution you'd like
We want to ensure we use mainstream components through our application. We need to evaluate which components can we use from upstream.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

• CodeQL#9
• CodeQL#10
• CodeQL#11
• CodeQL#14
• CodeQL#19
• CodeQL#20
• CodeQL#42
• CodeQL#43

Related issues:

• Use platform editor component instead of our own #5039

[Desvelao]

Research

codemirror

CodeQL#9
CodeQL#10
CodeQL#11
CodeQL#42

These problems are related to codemirror. This is used as the API Console editor. There are some related issues with the intention to replace the current editor based in codemirror with the provided by the plugin platform.

• Use platform editor component instead of our own #5039

jquery-ui

CodeQL#14
CodeQL#19
CodeQL#20
CodeQL#43

These problems are related to the built-in jquery-ui dependency.

The current built-in jquery-ui dependency is:

Built-in dependency	version	file
jquery-ui	v1.12.1 - 2016-09-14	public/utils/jquery-ui.js

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library. Whether you're building highly interactive web applications or you just need to add a date picker to a form control, jQuery UI is the perfect choice.

web: https://jqueryui.com/

For another hand, the current compatible plugin platforms with the Wazuh plugin define the jquery dependency.

Platform	jquery
OpenSearch Dashboards 2.6.0	^3.5.0 https://github.com/opensearch-project/OpenSearch-Dashboards/blob/2.6.0/package.json#L401
Kibana 7.10.2	^3.5.0 https://github.com/elastic/kibana/blob/v7.10.2/package.json#L423
Kibana 7.16.0	^3.5.0 https://github.com/elastic/kibana/blob/v7.16.0/package.json#L260
Kibana 7.16.1	^3.5.0 https://github.com/elastic/kibana/blob/v7.16.1/package.json#L263
Kibana 7.16.2	^3.5.0 https://github.com/elastic/kibana/blob/v7.16.2/package.json#L263
Kibana 7.16.3	^3.5.0 https://github.com/elastic/kibana/blob/v7.16.3/package.json#L262
Kibana 7.17.0	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.0/package.json#L263
Kibana 7.17.1	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.1/package.json#L265
Kibana 7.17.2	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.2/package.json#L266
Kibana 7.17.3	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.3/package.json#L266
Kibana 7.17.4	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.4/package.json#L266
Kibana 7.17.5	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.5/package.json#L266
Kibana 7.17.6	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.6/package.json#L266
Kibana 7.17.7	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.7/package.json#L265
Kibana 7.17.8	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.8/package.json#L265
Kibana 7.17.9	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.9/package.json#L263
Kibana 7.17.10	^3.5.0 https://github.com/elastic/kibana/blob/v7.17.10/package.json#L259

jquery-ui dependency is not included in the plugin platform.

According to the jQuery UI documentation, the latest version is v1.13.2.

Conclusions

jquery-ui is not included in the plugin platform and jquery is.

I don't know what is the usage of jquery-ui features in the current plugin. I think we should research if it is used. If not, we could remove it.

If the plugin uses some jquery-ui feature, then we could:

• check if the latest version v1.13.2 fixes the problems detected by CodeQL

[Desvelao]

Digging

codemirror

TODO

jquery-ui

The built-in jquery-ui dependency was added in this pull request: #1362.

The reason to add it, it seems that it was using the resizable() method provided by the jquery-ui instead of the colResizable jQuery plugin.

I found these changes that could be related:

• https://github.com/wazuh/wazuh-kibana-app/pull/1362/files#diff-b4cc16e9cc9a9044b27aebd2827445b029cba50cf000ff3aac173cc91c740616R504-R512
• https://github.com/wazuh/wazuh-kibana-app/pull/1362/files#diff-b4cc16e9cc9a9044b27aebd2827445b029cba50cf000ff3aac173cc91c740616R113
• https://github.com/wazuh/wazuh-kibana-app/pull/1362/files#diff-b4cc16e9cc9a9044b27aebd2827445b029cba50cf000ff3aac173cc91c740616R121

The changes are done in the public/directives/wz-table/wz-table-directive.js, and this file is not present in the recent plugins. This means if there is no other reason to use the jquery-ui built-in dependency, then it could be removed.

I reviewed the usage of jQuery and I did not find other usage related to the extension jquery-ui of jquery. Files using jquery:

$ grep -iRl jquery --exclude-dir="node_modules" --exclude-dir="target"

Based on the current 4.6 development branch

plugins/main/public/react-services/reporting.js
plugins/main/public/components/overview/mitre/components/techniques/components/flyout-technique/flyout-technique.tsx
plugins/main/public/components/common/modules/buttons/generate_report.tsx
plugins/main/public/components/management/groups/multiple-agent-selector.tsx
plugins/main/public/components/tools/devtools/devtools.tsx
plugins/main/public/kibana-integrations/kibana-vis.js
plugins/main/public/kibana-integrations/discover/application/angular/directives/fixed_scroll.js
plugins/main/public/kibana-integrations/discover/application/angular/doc_table/components/table_row.ts
plugins/main/public/kibana-integrations/discover/application/angular/doc_table/doc_table.ts
plugins/main/public/kibana-integrations/discover/application/angular/doc_table/infinite_scroll.ts
plugins/main/public/services/reporting.js
plugins/main/public/controllers/dev-tools/dev-tools.ts

jQuery usage:

Description	Usage
select DOM elements	$(domElement)
changing CSS properties of DOM elements	$(domElement).css(property, value)
changing value of DOM elements	$(domElement).val(value)
press key down	$(domElement).keydown(function)
press key up	$(domElement).keyup(function)
set height	$(domElement).height(value)
get current position of an element (specifically its border box, which excludes margins) relative to the document	$(domElement).offset()
search through the immediately following sibling	$(domElement).next()

Conclusion

The built-in jquery-ui dependency can be removed because its features are not used anymore. The current usage of jquery dependency doesn't need the extension provided by jquery-ui.

I created a pull request to remove the unused dependency: #5592

Without the built-in dependency, the related problems detected by CodeQL are solved:

CodeQL#14
CodeQL#19
CodeQL#20
CodeQL#43

[Desvelao]

The problems related to jquery-ui dependency were solved in the pull requests

#5592
#5673
#5674

The problems related to the code mirror could be solved if replacing the editor in #5039.