-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes runtime error with meta when it is missing (#75844)
## Summary Found in 7.9.0, if you post a rule with an action that has a missing "meta" then you are going to get errors in your UI that look something like: ```ts An error occurred during rule execution: message: "Cannot read property 'kibana_siem_app_url' of null" name: "Unusual Windows Remote User" id: "1cc27e7e-d7c7-4f6a-b918-8c272fc6b1a3" rule id: "1781d055-5c66-4adf-9e93-fc0fa69550c9" signals index: ".siem-signals-default" ``` This fixes the accidental referencing of the null/undefined property and adds both integration and unit tests in that area of code. If you have an action id handy you can manually test this by editing the json file of: ```ts test_cases/queries/action_without_meta.json ``` to have your action id and then posting it like so: ```ts ./post_rule.sh ./rules/test_cases/queries/action_without_meta.json ``` ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- Loading branch information
1 parent
36d24b9
commit 98ce1a3
Showing
8 changed files
with
402 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
...ion/server/lib/detection_engine/scripts/rules/test_cases/queries/action_without_meta.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"type": "query", | ||
"index": [ | ||
"apm-*-transaction*", | ||
"auditbeat-*", | ||
"endgame-*", | ||
"filebeat-*", | ||
"logs-*", | ||
"packetbeat-*", | ||
"winlogbeat-*" | ||
], | ||
"filters": [], | ||
"language": "kuery", | ||
"query": "host.name: *", | ||
"author": [], | ||
"false_positives": [], | ||
"references": [], | ||
"risk_score": 50, | ||
"risk_score_mapping": [], | ||
"severity": "low", | ||
"severity_mapping": [], | ||
"threat": [], | ||
"name": "Host Name Test", | ||
"description": "Host Name Test", | ||
"tags": [], | ||
"license": "", | ||
"interval": "5m", | ||
"from": "now-30s", | ||
"to": "now", | ||
"actions": [ | ||
{ | ||
"group": "default", | ||
"id": "4c42ecf2-5e9b-4ce6-8a7a-ab620fd8b169", | ||
"params": { | ||
"body": "{}" | ||
}, | ||
"action_type_id": ".webhook" | ||
} | ||
], | ||
"enabled": true, | ||
"throttle": "rule" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
134 changes: 134 additions & 0 deletions
134
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_actions.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import expect from '@kbn/expect'; | ||
|
||
import { DETECTION_ENGINE_RULES_URL } from '../../../../plugins/security_solution/common/constants'; | ||
import { FtrProviderContext } from '../../common/ftr_provider_context'; | ||
import { | ||
createSignalsIndex, | ||
deleteAllAlerts, | ||
deleteSignalsIndex, | ||
removeServerGeneratedProperties, | ||
waitFor, | ||
getWebHookAction, | ||
getRuleWithWebHookAction, | ||
getSimpleRuleOutputWithWebHookAction, | ||
} from '../../utils'; | ||
import { CreateRulesSchema } from '../../../../plugins/security_solution/common/detection_engine/schemas/request/create_rules_schema'; | ||
|
||
// eslint-disable-next-line import/no-default-export | ||
export default ({ getService }: FtrProviderContext) => { | ||
const supertest = getService('supertest'); | ||
const es = getService('es'); | ||
|
||
describe('add_actions', () => { | ||
describe('adding actions', () => { | ||
beforeEach(async () => { | ||
await createSignalsIndex(supertest); | ||
}); | ||
|
||
afterEach(async () => { | ||
await deleteSignalsIndex(supertest); | ||
await deleteAllAlerts(es); | ||
}); | ||
|
||
it('should be able to create a new webhook action and attach it to a rule', async () => { | ||
// create a new action | ||
const { body: hookAction } = await supertest | ||
.post('/api/actions/action') | ||
.set('kbn-xsrf', 'true') | ||
.send(getWebHookAction()) | ||
.expect(200); | ||
|
||
// create a rule with the action attached | ||
const { body } = await supertest | ||
.post(DETECTION_ENGINE_RULES_URL) | ||
.set('kbn-xsrf', 'true') | ||
.send(getRuleWithWebHookAction(hookAction.id)) | ||
.expect(200); | ||
|
||
const bodyToCompare = removeServerGeneratedProperties(body); | ||
expect(bodyToCompare).to.eql( | ||
getSimpleRuleOutputWithWebHookAction(`${bodyToCompare?.actions?.[0].id}`) | ||
); | ||
}); | ||
|
||
it('should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly', async () => { | ||
// create a new action | ||
const { body: hookAction } = await supertest | ||
.post('/api/actions/action') | ||
.set('kbn-xsrf', 'true') | ||
.send(getWebHookAction()) | ||
.expect(200); | ||
|
||
// create a rule with the action attached | ||
const { body: rule } = await supertest | ||
.post(DETECTION_ENGINE_RULES_URL) | ||
.set('kbn-xsrf', 'true') | ||
.send(getRuleWithWebHookAction(hookAction.id)) | ||
.expect(200); | ||
|
||
// wait for Task Manager to execute the rule and its update status | ||
await waitFor(async () => { | ||
const { body } = await supertest | ||
.post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) | ||
.set('kbn-xsrf', 'true') | ||
.send({ ids: [rule.id] }) | ||
.expect(200); | ||
return body[rule.id].current_status?.status === 'succeeded'; | ||
}); | ||
|
||
// expected result for status should be 'succeeded' | ||
const { body } = await supertest | ||
.post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) | ||
.set('kbn-xsrf', 'true') | ||
.send({ ids: [rule.id] }) | ||
.expect(200); | ||
expect(body[rule.id].current_status.status).to.eql('succeeded'); | ||
}); | ||
|
||
it('should be able to create a new webhook action and attach it to a rule with a meta field and run it correctly', async () => { | ||
// create a new action | ||
const { body: hookAction } = await supertest | ||
.post('/api/actions/action') | ||
.set('kbn-xsrf', 'true') | ||
.send(getWebHookAction()) | ||
.expect(200); | ||
|
||
// create a rule with the action attached and a meta field | ||
const ruleWithAction: CreateRulesSchema = { | ||
...getRuleWithWebHookAction(hookAction.id), | ||
meta: {}, | ||
}; | ||
|
||
const { body: rule } = await supertest | ||
.post(DETECTION_ENGINE_RULES_URL) | ||
.set('kbn-xsrf', 'true') | ||
.send(ruleWithAction) | ||
.expect(200); | ||
|
||
// wait for Task Manager to execute the rule and update status | ||
await waitFor(async () => { | ||
const { body } = await supertest | ||
.post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) | ||
.set('kbn-xsrf', 'true') | ||
.send({ ids: [rule.id] }) | ||
.expect(200); | ||
return body[rule.id].current_status?.status === 'succeeded'; | ||
}); | ||
|
||
// expected result for status should be 'succeeded' | ||
const { body } = await supertest | ||
.post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) | ||
.set('kbn-xsrf', 'true') | ||
.send({ ids: [rule.id] }) | ||
.expect(200); | ||
expect(body[rule.id].current_status.status).to.eql('succeeded'); | ||
}); | ||
}); | ||
}); | ||
}; |
Oops, something went wrong.