-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types #195318
[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types #195318
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
…n-customizable-fields
if (!isEqual(ruleUpdate.author, existingRule.author)) { | ||
throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400); | ||
} else if (ruleUpdate.license !== existingRule.license) { | ||
throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to confirm update
logic here, we want to throw on unsetting fields here too, correct? This is the only difference between the update and patch validation methods in this file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that's correct. No changes should be allowed to the fields, including unsetting them.
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7104[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed. |
if (!isEqual(ruleUpdate.author, existingRule.author)) { | ||
throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400); | ||
} else if (ruleUpdate.license !== existingRule.license) { | ||
throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that's correct. No changes should be allowed to the fields, including unsetting them.
x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
Outdated
Show resolved
Hide resolved
...rver/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
Outdated
Show resolved
Hide resolved
...ver/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
@elasticmachine merge upstream |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11283158483 |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
cc @dplumlee |
… Prebuilt rule types (elastic#195318) ## Summary Addresses elastic#180273 Adds validation in the `detectionRulesClient` to prevent the updating of non-customizable fields in Prebuilt rule types (i.e. external `rule_source`). Returns a `400` error if `author` or `license` fields are updated via `PUT` and `PATCH` endpoints for external rules. Also updates related test utils to reflect this new logic ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 0004217)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ng for Prebuilt rule types (#195318) (#195837) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)](#195318) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-10T22:48:47Z","message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"00042177a8e976d379b5e40db3664db1e333999d","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:prev-minor","v8.16.0"],"title":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types","number":195318,"url":"https://github.com/elastic/kibana/pull/195318","mergeCommit":{"message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"00042177a8e976d379b5e40db3664db1e333999d"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195318","number":195318,"mergeCommit":{"message":"[Security Solution] Prevent non-customizable fields from updating for Prebuilt rule types (#195318)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180273\r\n\r\nAdds validation in the `detectionRulesClient` to prevent the updating of\r\nnon-customizable fields in Prebuilt rule types (i.e. external\r\n`rule_source`). Returns a `400` error if `author` or `license` fields\r\nare updated via `PUT` and `PATCH` endpoints for external rules.\r\n\r\nAlso updates related test utils to reflect this new logic\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"00042177a8e976d379b5e40db3664db1e333999d"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
… fields in prebuilt rules (#195926) ## Summary The new tests added yesterday in #195318 have failed in the periodic pipeline ([build](https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-rule-management/builds/1408#019279c2-233d-405e-8758-7864b84d0524)). Skipping for now in MKI pipelines (periodic pipeline and the 2nd quality gate), otherwise it will block the next Serverless release. Ticket for unskipping: #195921
Summary
Addresses #180273
Adds validation in the
detectionRulesClient
to prevent the updating of non-customizable fields in Prebuilt rule types (i.e. externalrule_source
). Returns a400
error ifauthor
orlicense
fields are updated viaPUT
andPATCH
endpoints for external rules.Also updates related test utils to reflect this new logic
Checklist
Delete any items that are not applicable to this PR.
For maintainers