Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Handle invalid savedSearchId #182937

Merged

Conversation

logeekal
Copy link
Contributor

@logeekal logeekal commented May 8, 2024

Summary

Handles #182823

This PR resolves the issue where user opens a timeline with a savedSearchId which no longer exists.

Desk Testing Guide

  1. Create an Untitled Timeline and add ESQL query and save the timeline.
  2. Make sure Saved Objects in Stack Management contains a new saved object. with name - Saved search for timeline - <name_of_timeline_above>.
  3. Export the above created timeline as ndjson as shown below.
    Screenshot 2024-05-08 at 14 26 21
  4. Delete the above created timeline
  5. Make sure that corresponding saved objects is also deleted in Saved Objects in Stack Management.
  6. Import the timeline export in Step 3 on the Timelines Page.
  7. Once imported.. Navigate to ESQL tab and save a arbitrary query.
  8. Save the timeline... Switch to another timeline and then back.
  9. The query you saved should be restored.

@logeekal logeekal added release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Investigations Team backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels May 8, 2024
@logeekal logeekal requested review from a team as code owners May 8, 2024 12:29
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

savedSearchAppState = getAppStateFromSavedSearch(localSavedSearch);
} catch (e) {
// eslint-disable-next-line no-console
console.error('Stale Saved search Id which no longer exists', e);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to keep this log in prod?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep.. I was thinking the same and decided to keep it.

Co-authored-by: Jan Monschke <janmonschke@fastmail.com>
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.3MB 15.3MB +222.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 519 520 +1

Total ESLint disabled count

id before after diff
securitySolution 597 598 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Desk tested and code LGTM!

This actually fixes a related issue I just noticed while testing:

  • create a timeline with an ESQL query
  • verify the saved search object exists
  • delete the timeline
  • verify the saved search object is deleted
  • create a new timeline and save it with the same name

The saved search object isn't created again...
This PR fixes that, awesome job!

Copy link
Contributor

@christineweng christineweng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Desk tested and it is working as expected. Just had a nit comment for a typo

@@ -117,6 +122,12 @@ export const DiscoverTabContent: FC<DiscoverTabContentProps> = ({ timelineId })

useEffect(() => {
if (isFetching) return;
if (savedSearchByIdStatus === 'error' && savedSearchId) {
// when a timeline json is uploaded with a saved search Id that not longer
// exists, we need to reset the saved search Id in the timeline and remove th saved search
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove the saved search?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.. will try to do it... In follow up PR.

@logeekal logeekal merged commit 02a22fd into elastic:main May 9, 2024
35 checks passed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 9, 2024
## Summary

Handles elastic#182823

This PR resolves the issue where user opens a timeline with a
`savedSearchId` which no longer exists.

## Desk Testing Guide

1. Create an `Untitled Timeline` and add `ESQL` query and save the
timeline.
2. Make sure `Saved Objects` in Stack Management contains a new saved
object. with name - `Saved search for timeline -
<name_of_timeline_above>`.
3. Export the above created timeline as `ndjson` as shown below.
![Screenshot 2024-05-08 at 14 26
21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)
5. Delete the above created timeline
6. Make sure that corresponding saved objects is also deleted in `Saved
Objects` in Stack Management.
7. `Import` the timeline export in Step 3 on the Timelines Page.
8. Once imported.. Navigate to ESQL tab and save a arbitrary query.
9. Save the timeline... Switch to another timeline and then back.
10. The query you saved should be restored.

---------

Co-authored-by: Jan Monschke <janmonschke@fastmail.com>
(cherry picked from commit 02a22fd)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.14

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request May 9, 2024
…83059)

# Backport

This will backport the following commits from `main` to `8.14`:
- [[Security Solution] Handle invalid savedSearchId
(#182937)](#182937)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jatin
Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T15:44:33Z","message":"[Security
Solution] Handle invalid savedSearchId (#182937)\n\n##
Summary\n\nHandles
https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the
issue where user opens a timeline with a\n`savedSearchId` which no
longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled
Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure
`Saved Objects` in Stack Management contains a new saved\nobject. with
name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3.
Export the above created timeline as `ndjson` as shown below.
\n![Screenshot 2024-05-08 at 14
26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5.
Delete the above created timeline\n6. Make sure that corresponding saved
objects is also deleted in `Saved\nObjects` in Stack Management.\n7.
`Import` the timeline export in Step 3 on the Timelines Page. \n8. Once
imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the
timeline... Switch to another timeline and then back.\n10. The query you
saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke
<janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat
Hunting:Investigations","backport:prev-minor","v8.15.0"],"title":"[Security
Solution] Handle invalid
savedSearchId","number":182937,"url":"https://github.com/elastic/kibana/pull/182937","mergeCommit":{"message":"[Security
Solution] Handle invalid savedSearchId (#182937)\n\n##
Summary\n\nHandles
https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the
issue where user opens a timeline with a\n`savedSearchId` which no
longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled
Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure
`Saved Objects` in Stack Management contains a new saved\nobject. with
name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3.
Export the above created timeline as `ndjson` as shown below.
\n![Screenshot 2024-05-08 at 14
26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5.
Delete the above created timeline\n6. Make sure that corresponding saved
objects is also deleted in `Saved\nObjects` in Stack Management.\n7.
`Import` the timeline export in Step 3 on the Timelines Page. \n8. Once
imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the
timeline... Switch to another timeline and then back.\n10. The query you
saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke
<janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/182937","number":182937,"mergeCommit":{"message":"[Security
Solution] Handle invalid savedSearchId (#182937)\n\n##
Summary\n\nHandles
https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the
issue where user opens a timeline with a\n`savedSearchId` which no
longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled
Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure
`Saved Objects` in Stack Management contains a new saved\nobject. with
name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3.
Export the above created timeline as `ndjson` as shown below.
\n![Screenshot 2024-05-08 at 14
26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5.
Delete the above created timeline\n6. Make sure that corresponding saved
objects is also deleted in `Saved\nObjects` in Stack Management.\n7.
`Import` the timeline export in Step 3 on the Timelines Page. \n8. Once
imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the
timeline... Switch to another timeline and then back.\n10. The query you
saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke
<janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}}]}]
BACKPORT-->

Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Investigations Team v8.14.0 v8.15.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants