-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Handle invalid savedSearchId #182937
[Security Solution] Handle invalid savedSearchId #182937
Conversation
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/esql/index.tsx
Outdated
Show resolved
Hide resolved
savedSearchAppState = getAppStateFromSavedSearch(localSavedSearch); | ||
} catch (e) { | ||
// eslint-disable-next-line no-console | ||
console.error('Stale Saved search Id which no longer exists', e); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to keep this log in prod?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep.. I was thinking the same and decided to keep it.
Co-authored-by: Jan Monschke <janmonschke@fastmail.com>
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Desk tested and code LGTM!
This actually fixes a related issue I just noticed while testing:
- create a timeline with an ESQL query
- verify the saved search object exists
- delete the timeline
- verify the saved search object is deleted
- create a new timeline and save it with the same name
The saved search object isn't created again...
This PR fixes that, awesome job!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Desk tested and it is working as expected. Just had a nit comment for a typo
@@ -117,6 +122,12 @@ export const DiscoverTabContent: FC<DiscoverTabContentProps> = ({ timelineId }) | |||
|
|||
useEffect(() => { | |||
if (isFetching) return; | |||
if (savedSearchByIdStatus === 'error' && savedSearchId) { | |||
// when a timeline json is uploaded with a saved search Id that not longer | |||
// exists, we need to reset the saved search Id in the timeline and remove th saved search |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: remove the saved search?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.. will try to do it... In follow up PR.
## Summary Handles elastic#182823 This PR resolves the issue where user opens a timeline with a `savedSearchId` which no longer exists. ## Desk Testing Guide 1. Create an `Untitled Timeline` and add `ESQL` query and save the timeline. 2. Make sure `Saved Objects` in Stack Management contains a new saved object. with name - `Saved search for timeline - <name_of_timeline_above>`. 3. Export the above created timeline as `ndjson` as shown below. ![Screenshot 2024-05-08 at 14 26 21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9) 5. Delete the above created timeline 6. Make sure that corresponding saved objects is also deleted in `Saved Objects` in Stack Management. 7. `Import` the timeline export in Step 3 on the Timelines Page. 8. Once imported.. Navigate to ESQL tab and save a arbitrary query. 9. Save the timeline... Switch to another timeline and then back. 10. The query you saved should be restored. --------- Co-authored-by: Jan Monschke <janmonschke@fastmail.com> (cherry picked from commit 02a22fd)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…83059) # Backport This will backport the following commits from `main` to `8.14`: - [[Security Solution] Handle invalid savedSearchId (#182937)](#182937) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jatin Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T15:44:33Z","message":"[Security Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n![Screenshot 2024-05-08 at 14 26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","backport:prev-minor","v8.15.0"],"title":"[Security Solution] Handle invalid savedSearchId","number":182937,"url":"https://github.com/elastic/kibana/pull/182937","mergeCommit":{"message":"[Security Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n![Screenshot 2024-05-08 at 14 26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/182937","number":182937,"mergeCommit":{"message":"[Security Solution] Handle invalid savedSearchId (#182937)\n\n## Summary\n\nHandles https://github.com/elastic/kibana/issues/182823\n\nThis PR resolves the issue where user opens a timeline with a\n`savedSearchId` which no longer exists.\n\n\n## Desk Testing Guide\n\n1. Create an `Untitled Timeline` and add `ESQL` query and save the\ntimeline.\n2. Make sure `Saved Objects` in Stack Management contains a new saved\nobject. with name - `Saved search for timeline -\n<name_of_timeline_above>`.\n3. Export the above created timeline as `ndjson` as shown below. \n![Screenshot 2024-05-08 at 14 26\n21](https://github.com/elastic/kibana/assets/7485038/cc134d53-7d07-40d9-8ee8-7e4e7a0c2cc9)\n5. Delete the above created timeline\n6. Make sure that corresponding saved objects is also deleted in `Saved\nObjects` in Stack Management.\n7. `Import` the timeline export in Step 3 on the Timelines Page. \n8. Once imported.. Navigate to ESQL tab and save a arbitrary query.\n9. Save the timeline... Switch to another timeline and then back.\n10. The query you saved should be restored.\n\n---------\n\nCo-authored-by: Jan Monschke <janmonschke@fastmail.com>","sha":"02a22fd01acb56ff60512a31d4ed824b56b48d4e"}}]}] BACKPORT--> Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
Summary
Handles #182823
This PR resolves the issue where user opens a timeline with a
savedSearchId
which no longer exists.Desk Testing Guide
Untitled Timeline
and addESQL
query and save the timeline.Saved Objects
in Stack Management contains a new saved object. with name -Saved search for timeline - <name_of_timeline_above>
.ndjson
as shown below.Saved Objects
in Stack Management.Import
the timeline export in Step 3 on the Timelines Page.