From 715ff2adb2d2be275c6ca785198bb871d6f79b85 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 21 Jul 2020 22:57:34 -0400 Subject: [PATCH] [Security Solution][Exceptions] - Require non empty entries and non empty string values in exception list items (#72748) (#72780) ## Summary This PR updates the exception list entries schemas. - **Prior:** `entries` could be `undefined` or empty array on `ExceptionListItemSchema` - **Now:** `entries` is a required field that cannot be empty - there's really no use for an item without `entries` - **Prior:** `field` and `value` could be empty string in `EntryMatch` - **Now:** `field` and `value` can no longer be empty strings - **Prior:** `field` could be empty string and `value` could be empty array in `EntryMatchAny` - **Now:** `field` and `value` can no longer be empty string and array respectively - **Prior:** `field` and `list.id` could be empty string in `EntryList` - **Now:** `field` and `list.id` can no longer be empty strings - **Prior:** `field` could be empty string in `EntryExists` - **Now:** `field` can no longer be empty string - **Prior:** `field` could be empty string in `EntryNested` - **Now:** `field` can no longer be empty string - **Prior:** `entries` could be empty array in `EntryNested` - **Now:** `entries` can no longer be empty array --- .../create_endpoint_list_item_schema.test.ts | 8 +- .../create_endpoint_list_item_schema.ts | 4 +- .../create_exception_list_item_schema.test.ts | 8 +- .../create_exception_list_item_schema.ts | 4 +- .../update_endpoint_list_item_schema.test.ts | 8 +- .../update_endpoint_list_item_schema.ts | 4 +- .../update_exception_list_item_schema.test.ts | 8 +- .../update_exception_list_item_schema.ts | 4 +- .../types/default_entries_array.test.ts | 99 ------ .../schemas/types/default_entries_array.ts | 22 -- .../common/schemas/types/entries.mock.ts | 70 +--- .../common/schemas/types/entries.test.ts | 334 ++++-------------- .../lists/common/schemas/types/entries.ts | 57 +-- .../common/schemas/types/entry_exists.mock.ts | 15 + .../common/schemas/types/entry_exists.test.ts | 79 +++++ .../common/schemas/types/entry_exists.ts | 21 ++ .../common/schemas/types/entry_list.mock.ts | 16 + .../common/schemas/types/entry_list.test.ts | 95 +++++ .../lists/common/schemas/types/entry_list.ts | 22 ++ .../common/schemas/types/entry_match.mock.ts | 16 + .../common/schemas/types/entry_match.test.ts | 107 ++++++ .../lists/common/schemas/types/entry_match.ts | 22 ++ .../schemas/types/entry_match_any.mock.ts | 16 + .../schemas/types/entry_match_any.test.ts | 105 ++++++ .../common/schemas/types/entry_match_any.ts | 24 ++ .../common/schemas/types/entry_nested.mock.ts | 17 + .../common/schemas/types/entry_nested.test.ts | 124 +++++++ .../common/schemas/types/entry_nested.ts | 22 ++ .../lists/common/schemas/types/index.ts | 9 +- .../types/non_empty_entries_array.test.ts | 123 +++++++ .../schemas/types/non_empty_entries_array.ts | 31 ++ .../non_empty_nested_entries_array.test.ts | 131 +++++++ .../types/non_empty_nested_entries_array.ts | 40 +++ ...non_empty_or_nullable_string_array.test.ts | 69 ++++ .../non_empty_or_nullable_string_array.ts | 34 ++ .../new/exception_list_item.json | 2 +- .../exception_list_client_types.ts | 5 +- .../update_exception_list_item.ts | 4 +- .../build_exceptions_query.test.ts | 95 ++++- .../build_exceptions_query.ts | 2 +- .../common/components/autocomplete/field.tsx | 7 +- .../autocomplete/field_value_lists.tsx | 5 + .../autocomplete/field_value_match.tsx | 8 +- .../autocomplete/field_value_match_any.tsx | 8 +- .../components/autocomplete/helpers.test.ts | 8 +- .../common/components/autocomplete/helpers.ts | 2 +- .../builder/builder_exception_item.test.tsx | 6 +- .../exceptions/builder/entry_item.tsx | 4 + .../components/exceptions/helpers.test.tsx | 107 +++++- .../common/components/exceptions/helpers.tsx | 16 +- .../endpoint/lib/artifacts/lists.test.ts | 2 +- .../server/endpoint/lib/artifacts/lists.ts | 2 +- 52 files changed, 1481 insertions(+), 570 deletions(-) delete mode 100644 x-pack/plugins/lists/common/schemas/types/default_entries_array.test.ts delete mode 100644 x-pack/plugins/lists/common/schemas/types/default_entries_array.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_exists.mock.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_exists.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_exists.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_list.mock.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_list.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_list.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match.mock.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match_any.mock.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match_any.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_match_any.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_nested.mock.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_nested.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/entry_nested.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.test.ts create mode 100644 x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.ts diff --git a/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.test.ts b/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.test.ts index 916e8db483454..5de9fbb0d5b50 100644 --- a/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.test.ts +++ b/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.test.ts @@ -142,7 +142,7 @@ describe('create_endpoint_list_item_schema', () => { expect(message.schema).toEqual({}); }); - test('it should validate an undefined for "entries" but return an array', () => { + test('it should NOT validate an undefined for "entries"', () => { const inputPayload = getCreateEndpointListItemSchemaMock(); const outputPayload = getCreateEndpointListItemSchemaMock(); delete inputPayload.entries; @@ -151,8 +151,10 @@ describe('create_endpoint_list_item_schema', () => { const checked = exactCheck(inputPayload, decoded); const message = pipe(checked, foldLeftRight); delete (message.schema as CreateEndpointListItemSchema).item_id; - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(outputPayload); + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "entries"', + ]); + expect(message.schema).toEqual({}); }); test('it should validate an undefined for "tags" but return an array and generate a correct body not counting the auto generated uuid', () => { diff --git a/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.ts b/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.ts index 3f0e1a12894d4..ab30e8e35548d 100644 --- a/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.ts +++ b/x-pack/plugins/lists/common/schemas/request/create_endpoint_list_item_schema.ts @@ -20,7 +20,7 @@ import { tags, } from '../common/schemas'; import { RequiredKeepUndefined } from '../../types'; -import { CreateCommentsArray, DefaultCreateCommentsArray, DefaultEntryArray } from '../types'; +import { CreateCommentsArray, DefaultCreateCommentsArray, nonEmptyEntriesArray } from '../types'; import { EntriesArray } from '../types/entries'; import { DefaultUuid } from '../../siem_common_deps'; @@ -28,6 +28,7 @@ export const createEndpointListItemSchema = t.intersection([ t.exact( t.type({ description, + entries: nonEmptyEntriesArray, name, type: exceptionListItemType, }) @@ -36,7 +37,6 @@ export const createEndpointListItemSchema = t.intersection([ t.partial({ _tags, // defaults to empty array if not set during decode comments: DefaultCreateCommentsArray, // defaults to empty array if not set during decode - entries: DefaultEntryArray, // defaults to empty array if not set during decode item_id: DefaultUuid, // defaults to GUID (uuid v4) if not set during decode meta, // defaults to undefined if not set during decode tags, // defaults to empty array if not set during decode diff --git a/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.test.ts b/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.test.ts index 34551b74d8c9f..08f3966af08d9 100644 --- a/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.test.ts +++ b/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.test.ts @@ -130,7 +130,7 @@ describe('create_exception_list_item_schema', () => { expect(message.schema).toEqual({}); }); - test('it should validate an undefined for "entries" but return an array', () => { + test('it should NOT validate an undefined for "entries"', () => { const inputPayload = getCreateExceptionListItemSchemaMock(); const outputPayload = getCreateExceptionListItemSchemaMock(); delete inputPayload.entries; @@ -139,8 +139,10 @@ describe('create_exception_list_item_schema', () => { const checked = exactCheck(inputPayload, decoded); const message = pipe(checked, foldLeftRight); delete (message.schema as CreateExceptionListItemSchema).item_id; - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(outputPayload); + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "entries"', + ]); + expect(message.schema).toEqual({}); }); test('it should validate an undefined for "namespace_type" but return enum "single" and generate a correct body not counting the auto generated uuid', () => { diff --git a/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.ts b/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.ts index c2ccf18ed8720..c3f41cac90c64 100644 --- a/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.ts +++ b/x-pack/plugins/lists/common/schemas/request/create_exception_list_item_schema.ts @@ -25,8 +25,8 @@ import { RequiredKeepUndefined } from '../../types'; import { CreateCommentsArray, DefaultCreateCommentsArray, - DefaultEntryArray, NamespaceType, + nonEmptyEntriesArray, } from '../types'; import { EntriesArray } from '../types/entries'; import { DefaultUuid } from '../../siem_common_deps'; @@ -35,6 +35,7 @@ export const createExceptionListItemSchema = t.intersection([ t.exact( t.type({ description, + entries: nonEmptyEntriesArray, list_id, name, type: exceptionListItemType, @@ -44,7 +45,6 @@ export const createExceptionListItemSchema = t.intersection([ t.partial({ _tags, // defaults to empty array if not set during decode comments: DefaultCreateCommentsArray, // defaults to empty array if not set during decode - entries: DefaultEntryArray, // defaults to empty array if not set during decode item_id: DefaultUuid, // defaults to GUID (uuid v4) if not set during decode meta, // defaults to undefined if not set during decode namespace_type, // defaults to 'single' if not set during decode diff --git a/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.test.ts b/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.test.ts index 838cb81d84c1d..db5bc45ad028b 100644 --- a/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.test.ts +++ b/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.test.ts @@ -97,7 +97,7 @@ describe('update_endpoint_list_item_schema', () => { expect(message.schema).toEqual(outputPayload); }); - test('it should accept an undefined for "entries" but return an array', () => { + test('it should NOT accept an undefined for "entries"', () => { const inputPayload = getUpdateEndpointListItemSchemaMock(); const outputPayload = getUpdateEndpointListItemSchemaMock(); delete inputPayload.entries; @@ -105,8 +105,10 @@ describe('update_endpoint_list_item_schema', () => { const decoded = updateEndpointListItemSchema.decode(inputPayload); const checked = exactCheck(inputPayload, decoded); const message = pipe(checked, foldLeftRight); - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(outputPayload); + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "entries"', + ]); + expect(message.schema).toEqual({}); }); test('it should accept an undefined for "tags" but return an array', () => { diff --git a/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.ts b/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.ts index 4430aa98b8e3d..5bf0cb3b7984e 100644 --- a/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.ts +++ b/x-pack/plugins/lists/common/schemas/request/update_endpoint_list_item_schema.ts @@ -22,16 +22,17 @@ import { } from '../common/schemas'; import { RequiredKeepUndefined } from '../../types'; import { - DefaultEntryArray, DefaultUpdateCommentsArray, EntriesArray, UpdateCommentsArray, + nonEmptyEntriesArray, } from '../types'; export const updateEndpointListItemSchema = t.intersection([ t.exact( t.type({ description, + entries: nonEmptyEntriesArray, name, type: exceptionListItemType, }) @@ -41,7 +42,6 @@ export const updateEndpointListItemSchema = t.intersection([ _tags, // defaults to empty array if not set during decode _version, // defaults to undefined if not set during decode comments: DefaultUpdateCommentsArray, // defaults to empty array if not set during decode - entries: DefaultEntryArray, // defaults to empty array if not set during decode id, // defaults to undefined if not set during decode item_id: t.union([t.string, t.undefined]), meta, // defaults to undefined if not set during decode diff --git a/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.test.ts b/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.test.ts index 2592e44888ff6..ce589fb097a60 100644 --- a/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.test.ts +++ b/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.test.ts @@ -97,7 +97,7 @@ describe('update_exception_list_item_schema', () => { expect(message.schema).toEqual(outputPayload); }); - test('it should accept an undefined for "entries" but return an array', () => { + test('it should NOT accept an undefined for "entries"', () => { const inputPayload = getUpdateExceptionListItemSchemaMock(); const outputPayload = getUpdateExceptionListItemSchemaMock(); delete inputPayload.entries; @@ -105,8 +105,10 @@ describe('update_exception_list_item_schema', () => { const decoded = updateExceptionListItemSchema.decode(inputPayload); const checked = exactCheck(inputPayload, decoded); const message = pipe(checked, foldLeftRight); - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(outputPayload); + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "entries"', + ]); + expect(message.schema).toEqual({}); }); test('it should accept an undefined for "namespace_type" but return enum "single"', () => { diff --git a/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.ts b/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.ts index 9e0a1759fc9f4..7fbd5cd65f04d 100644 --- a/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.ts +++ b/x-pack/plugins/lists/common/schemas/request/update_exception_list_item_schema.ts @@ -23,17 +23,18 @@ import { } from '../common/schemas'; import { RequiredKeepUndefined } from '../../types'; import { - DefaultEntryArray, DefaultUpdateCommentsArray, EntriesArray, NamespaceType, UpdateCommentsArray, + nonEmptyEntriesArray, } from '../types'; export const updateExceptionListItemSchema = t.intersection([ t.exact( t.type({ description, + entries: nonEmptyEntriesArray, name, type: exceptionListItemType, }) @@ -43,7 +44,6 @@ export const updateExceptionListItemSchema = t.intersection([ _tags, // defaults to empty array if not set during decode _version, // defaults to undefined if not set during decode comments: DefaultUpdateCommentsArray, // defaults to empty array if not set during decode - entries: DefaultEntryArray, // defaults to empty array if not set during decode id, // defaults to undefined if not set during decode item_id: t.union([t.string, t.undefined]), meta, // defaults to undefined if not set during decode diff --git a/x-pack/plugins/lists/common/schemas/types/default_entries_array.test.ts b/x-pack/plugins/lists/common/schemas/types/default_entries_array.test.ts deleted file mode 100644 index 21115690c0a5f..0000000000000 --- a/x-pack/plugins/lists/common/schemas/types/default_entries_array.test.ts +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { pipe } from 'fp-ts/lib/pipeable'; -import { left } from 'fp-ts/lib/Either'; - -import { foldLeftRight, getPaths } from '../../siem_common_deps'; - -import { DefaultEntryArray } from './default_entries_array'; -import { EntriesArray } from './entries'; -import { getEntriesArrayMock, getEntryMatchMock, getEntryNestedMock } from './entries.mock'; - -// NOTE: This may seem weird, but when validating schemas that use a union -// it checks against every item in that union. Since entries consist of 5 -// different entry types, it returns 5 of these. To make more readable, -// extracted here. -const returnedSchemaError = - '"Array<({| field: string, operator: "excluded" | "included", type: "match", value: string |} | {| field: string, operator: "excluded" | "included", type: "match_any", value: DefaultStringArray |} | {| field: string, list: {| id: string, type: "binary" | "boolean" | "byte" | "date" | "date_nanos" | "date_range" | "double" | "double_range" | "float" | "float_range" | "geo_point" | "geo_shape" | "half_float" | "integer" | "integer_range" | "ip" | "ip_range" | "keyword" | "long" | "long_range" | "shape" | "short" | "text" |}, operator: "excluded" | "included", type: "list" |} | {| field: string, operator: "excluded" | "included", type: "exists" |} | {| entries: Array<{| field: string, operator: "excluded" | "included", type: "match", value: string |}>, field: string, type: "nested" |})>"'; - -describe('default_entries_array', () => { - test('it should validate an empty array', () => { - const payload: EntriesArray = []; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should validate an array of regular and nested entries', () => { - const payload: EntriesArray = getEntriesArrayMock(); - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should validate an array of nested entries', () => { - const payload: EntriesArray = [{ ...getEntryNestedMock() }]; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should validate an array of non nested entries', () => { - const payload: EntriesArray = [{ ...getEntryMatchMock() }]; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should NOT validate an array of numbers', () => { - const payload = [1]; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - // TODO: Known weird error formatting that is on our list to address - expect(getPaths(left(message.errors))).toEqual([ - `Invalid value "1" supplied to ${returnedSchemaError}`, - `Invalid value "1" supplied to ${returnedSchemaError}`, - `Invalid value "1" supplied to ${returnedSchemaError}`, - `Invalid value "1" supplied to ${returnedSchemaError}`, - `Invalid value "1" supplied to ${returnedSchemaError}`, - ]); - expect(message.schema).toEqual({}); - }); - - test('it should NOT validate an array of strings', () => { - const payload = ['some string']; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - `Invalid value "some string" supplied to ${returnedSchemaError}`, - `Invalid value "some string" supplied to ${returnedSchemaError}`, - `Invalid value "some string" supplied to ${returnedSchemaError}`, - `Invalid value "some string" supplied to ${returnedSchemaError}`, - `Invalid value "some string" supplied to ${returnedSchemaError}`, - ]); - expect(message.schema).toEqual({}); - }); - - test('it should return a default array entry', () => { - const payload = null; - const decoded = DefaultEntryArray.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual([]); - }); -}); diff --git a/x-pack/plugins/lists/common/schemas/types/default_entries_array.ts b/x-pack/plugins/lists/common/schemas/types/default_entries_array.ts deleted file mode 100644 index a85fdf8537f39..0000000000000 --- a/x-pack/plugins/lists/common/schemas/types/default_entries_array.ts +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import * as t from 'io-ts'; -import { Either } from 'fp-ts/lib/Either'; - -import { EntriesArray, entriesArray } from './entries'; - -/** - * Types the DefaultEntriesArray as: - * - If null or undefined, then a default array of type entry will be set - */ -export const DefaultEntryArray = new t.Type( - 'DefaultEntryArray', - entriesArray.is, - (input): Either => - input == null ? t.success([]) : entriesArray.decode(input), - t.identity -); diff --git a/x-pack/plugins/lists/common/schemas/types/entries.mock.ts b/x-pack/plugins/lists/common/schemas/types/entries.mock.ts index 8af18c970c6ae..3ed3f4e7ff88f 100644 --- a/x-pack/plugins/lists/common/schemas/types/entries.mock.ts +++ b/x-pack/plugins/lists/common/schemas/types/entries.mock.ts @@ -4,65 +4,17 @@ * you may not use this file except in compliance with the Elastic License. */ -import { - ENTRY_VALUE, - EXISTS, - FIELD, - LIST, - LIST_ID, - MATCH, - MATCH_ANY, - NESTED, - OPERATOR, - TYPE, -} from '../../constants.mock'; - -import { - EntriesArray, - EntryExists, - EntryList, - EntryMatch, - EntryMatchAny, - EntryNested, -} from './entries'; - -export const getEntryMatchMock = (): EntryMatch => ({ - field: FIELD, - operator: OPERATOR, - type: MATCH, - value: ENTRY_VALUE, -}); - -export const getEntryMatchAnyMock = (): EntryMatchAny => ({ - field: FIELD, - operator: OPERATOR, - type: MATCH_ANY, - value: [ENTRY_VALUE], -}); - -export const getEntryListMock = (): EntryList => ({ - field: FIELD, - list: { id: LIST_ID, type: TYPE }, - operator: OPERATOR, - type: LIST, -}); - -export const getEntryExistsMock = (): EntryExists => ({ - field: FIELD, - operator: OPERATOR, - type: EXISTS, -}); - -export const getEntryNestedMock = (): EntryNested => ({ - entries: [getEntryMatchMock(), getEntryMatchMock()], - field: FIELD, - type: NESTED, -}); +import { EntriesArray } from './entries'; +import { getEntryMatchMock } from './entry_match.mock'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { getEntryListMock } from './entry_list.mock'; +import { getEntryExistsMock } from './entry_exists.mock'; +import { getEntryNestedMock } from './entry_nested.mock'; export const getEntriesArrayMock = (): EntriesArray => [ - getEntryMatchMock(), - getEntryMatchAnyMock(), - getEntryListMock(), - getEntryExistsMock(), - getEntryNestedMock(), + { ...getEntryMatchMock() }, + { ...getEntryMatchAnyMock() }, + { ...getEntryListMock() }, + { ...getEntryExistsMock() }, + { ...getEntryNestedMock() }, ]; diff --git a/x-pack/plugins/lists/common/schemas/types/entries.test.ts b/x-pack/plugins/lists/common/schemas/types/entries.test.ts index 01f82f12f2b2c..cad94220a232c 100644 --- a/x-pack/plugins/lists/common/schemas/types/entries.test.ts +++ b/x-pack/plugins/lists/common/schemas/types/entries.test.ts @@ -9,359 +9,147 @@ import { left } from 'fp-ts/lib/Either'; import { foldLeftRight, getPaths } from '../../siem_common_deps'; -import { - getEntryExistsMock, - getEntryListMock, - getEntryMatchAnyMock, - getEntryMatchMock, - getEntryNestedMock, -} from './entries.mock'; -import { - EntryExists, - EntryList, - EntryMatch, - EntryMatchAny, - EntryNested, - entriesExists, - entriesList, - entriesMatch, - entriesMatchAny, - entriesNested, -} from './entries'; +import { getEntryMatchMock } from './entry_match.mock'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { getEntryListMock } from './entry_list.mock'; +import { getEntryExistsMock } from './entry_exists.mock'; +import { getEntryNestedMock } from './entry_nested.mock'; +import { getEntriesArrayMock } from './entries.mock'; +import { entriesArray, entriesArrayOrUndefined, entry } from './entries'; describe('Entries', () => { - describe('entriesMatch', () => { - test('it should validate an entry', () => { - const payload = getEntryMatchMock(); - const decoded = entriesMatch.decode(payload); + describe('entry', () => { + test('it should validate a match entry', () => { + const payload = { ...getEntryMatchMock() }; + const decoded = entry.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when operator is "included"', () => { - const payload = getEntryMatchMock(); - const decoded = entriesMatch.decode(payload); + test('it should validate a match_any entry', () => { + const payload = { ...getEntryMatchAnyMock() }; + const decoded = entry.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when "operator" is "excluded"', () => { - const payload = getEntryMatchMock(); - payload.operator = 'excluded'; - const decoded = entriesMatch.decode(payload); + test('it should validate a exists entry', () => { + const payload = { ...getEntryExistsMock() }; + const decoded = entry.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should not validate when "value" is not string', () => { - const payload: Omit & { value: string[] } = { - ...getEntryMatchMock(), - value: ['some value'], - }; - const decoded = entriesMatch.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "["some value"]" supplied to "value"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should not validate when "type" is not "match"', () => { - const payload: Omit & { type: string } = { - ...getEntryMatchMock(), - type: 'match_any', - }; - const decoded = entriesMatch.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "match_any" supplied to "type"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should strip out extra keys', () => { - const payload: EntryMatch & { - extraKey?: string; - } = getEntryMatchMock(); - payload.extraKey = 'some value'; - const decoded = entriesMatch.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(getEntryMatchMock()); - }); - }); - - describe('entriesMatchAny', () => { - test('it should validate an entry', () => { - const payload = getEntryMatchAnyMock(); - const decoded = entriesMatchAny.decode(payload); + test('it should validate a list entry', () => { + const payload = { ...getEntryListMock() }; + const decoded = entry.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when operator is "included"', () => { - const payload = getEntryMatchAnyMock(); - const decoded = entriesMatchAny.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should validate when operator is "excluded"', () => { - const payload = getEntryMatchAnyMock(); - payload.operator = 'excluded'; - const decoded = entriesMatchAny.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(payload); - }); - - test('it should not validate when value is not string array', () => { - const payload: Omit & { value: string } = { - ...getEntryMatchAnyMock(), - value: 'some string', - }; - const decoded = entriesMatchAny.decode(payload); + test('it should NOT validate a nested entry', () => { + const payload = { ...getEntryNestedMock() }; + const decoded = entry.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "some string" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "list"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', ]); expect(message.schema).toEqual({}); }); - - test('it should not validate when "type" is not "match_any"', () => { - const payload: Omit & { type: string } = { - ...getEntryMatchAnyMock(), - type: 'match', - }; - const decoded = entriesMatchAny.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); - expect(message.schema).toEqual({}); - }); - - test('it should strip out extra keys', () => { - const payload: EntryMatchAny & { - extraKey?: string; - } = getEntryMatchAnyMock(); - payload.extraKey = 'some extra key'; - const decoded = entriesMatchAny.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(getEntryMatchAnyMock()); - }); }); - describe('entriesExists', () => { - test('it should validate an entry', () => { - const payload = getEntryExistsMock(); - const decoded = entriesExists.decode(payload); + describe('entriesArray', () => { + test('it should validate an array with match entry', () => { + const payload = [{ ...getEntryMatchMock() }]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when "operator" is "included"', () => { - const payload = getEntryExistsMock(); - const decoded = entriesExists.decode(payload); + test('it should validate an array with match_any entry', () => { + const payload = [{ ...getEntryMatchAnyMock() }]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when "operator" is "excluded"', () => { - const payload = getEntryExistsMock(); - payload.operator = 'excluded'; - const decoded = entriesExists.decode(payload); + test('it should validate an array with exists entry', () => { + const payload = [{ ...getEntryExistsMock() }]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should strip out extra keys', () => { - const payload: EntryExists & { - extraKey?: string; - } = getEntryExistsMock(); - payload.extraKey = 'some extra key'; - const decoded = entriesExists.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(getEntryExistsMock()); - }); - - test('it should not validate when "type" is not "exists"', () => { - const payload: Omit & { type: string } = { - ...getEntryExistsMock(), - type: 'match', - }; - const decoded = entriesExists.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); - expect(message.schema).toEqual({}); - }); - }); - - describe('entriesList', () => { - test('it should validate an entry', () => { - const payload = getEntryListMock(); - const decoded = entriesList.decode(payload); + test('it should validate an array with list entry', () => { + const payload = [{ ...getEntryListMock() }]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when operator is "included"', () => { - const payload = getEntryListMock(); - const decoded = entriesList.decode(payload); + test('it should validate an array with nested entry', () => { + const payload = [{ ...getEntryNestedMock() }]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should validate when "operator" is "excluded"', () => { - const payload = getEntryListMock(); - payload.operator = 'excluded'; - const decoded = entriesList.decode(payload); + test('it should validate an array with all types of entries', () => { + const payload = [...getEntriesArrayMock()]; + const decoded = entriesArray.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - - test('it should not validate when "list" is not expected value', () => { - const payload: Omit & { list: string } = { - ...getEntryListMock(), - list: 'someListId', - }; - const decoded = entriesList.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "someListId" supplied to "list"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should not validate when "type" is not "lists"', () => { - const payload: Omit & { type: 'match_any' } = { - ...getEntryListMock(), - type: 'match_any', - }; - const decoded = entriesList.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "match_any" supplied to "type"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should strip out extra keys', () => { - const payload: EntryList & { - extraKey?: string; - } = getEntryListMock(); - payload.extraKey = 'some extra key'; - const decoded = entriesList.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(getEntryListMock()); - }); }); - describe('entriesNested', () => { - test('it should validate a nested entry', () => { - const payload = getEntryNestedMock(); - const decoded = entriesNested.decode(payload); + describe('entriesArrayOrUndefined', () => { + test('it should validate undefined', () => { + const payload = undefined; + const decoded = entriesArrayOrUndefined.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); expect(message.schema).toEqual(payload); }); - test('it should NOT validate when "type" is not "nested"', () => { - const payload: Omit & { type: 'match' } = { - ...getEntryNestedMock(), - type: 'match', - }; - const decoded = entriesNested.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); - expect(message.schema).toEqual({}); - }); - - test('it should NOT validate when "field" is not a string', () => { - const payload: Omit & { - field: number; - } = { ...getEntryNestedMock(), field: 1 }; - const decoded = entriesNested.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual(['Invalid value "1" supplied to "field"']); - expect(message.schema).toEqual({}); - }); - - test('it should NOT validate when "entries" is not a an array', () => { - const payload: Omit & { - entries: string; - } = { ...getEntryNestedMock(), entries: 'im a string' }; - const decoded = entriesNested.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "im a string" supplied to "entries"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should NOT validate when "entries" contains an entry item that is not type "match"', () => { - const payload: Omit & { - entries: EntryMatchAny[]; - } = { ...getEntryNestedMock(), entries: [getEntryMatchAnyMock()] }; - const decoded = entriesNested.decode(payload); - const message = pipe(decoded, foldLeftRight); - - expect(getPaths(left(message.errors))).toEqual([ - 'Invalid value "match_any" supplied to "entries,type"', - 'Invalid value "["some host name"]" supplied to "entries,value"', - ]); - expect(message.schema).toEqual({}); - }); - - test('it should strip out extra keys', () => { - const payload: EntryNested & { - extraKey?: string; - } = getEntryNestedMock(); - payload.extraKey = 'some extra key'; - const decoded = entriesNested.decode(payload); + test('it should validate an array with nested entry', () => { + const payload = [{ ...getEntryNestedMock() }]; + const decoded = entriesArrayOrUndefined.decode(payload); const message = pipe(decoded, foldLeftRight); expect(getPaths(left(message.errors))).toEqual([]); - expect(message.schema).toEqual(getEntryNestedMock()); + expect(message.schema).toEqual(payload); }); }); }); diff --git a/x-pack/plugins/lists/common/schemas/types/entries.ts b/x-pack/plugins/lists/common/schemas/types/entries.ts index c379f77b862c8..4f20b9278d3ff 100644 --- a/x-pack/plugins/lists/common/schemas/types/entries.ts +++ b/x-pack/plugins/lists/common/schemas/types/entries.ts @@ -8,62 +8,19 @@ import * as t from 'io-ts'; -import { operator, type } from '../common/schemas'; -import { DefaultStringArray } from '../../siem_common_deps'; - -export const entriesMatch = t.exact( - t.type({ - field: t.string, - operator, - type: t.keyof({ match: null }), - value: t.string, - }) -); -export type EntryMatch = t.TypeOf; - -export const entriesMatchAny = t.exact( - t.type({ - field: t.string, - operator, - type: t.keyof({ match_any: null }), - value: DefaultStringArray, - }) -); -export type EntryMatchAny = t.TypeOf; - -export const entriesList = t.exact( - t.type({ - field: t.string, - list: t.exact(t.type({ id: t.string, type })), - operator, - type: t.keyof({ list: null }), - }) -); -export type EntryList = t.TypeOf; - -export const entriesExists = t.exact( - t.type({ - field: t.string, - operator, - type: t.keyof({ exists: null }), - }) -); -export type EntryExists = t.TypeOf; - -export const entriesNested = t.exact( - t.type({ - entries: t.array(entriesMatch), - field: t.string, - type: t.keyof({ nested: null }), - }) -); -export type EntryNested = t.TypeOf; +import { entriesMatchAny } from './entry_match_any'; +import { entriesMatch } from './entry_match'; +import { entriesExists } from './entry_exists'; +import { entriesList } from './entry_list'; +import { entriesNested } from './entry_nested'; export const entry = t.union([entriesMatch, entriesMatchAny, entriesList, entriesExists]); export type Entry = t.TypeOf; + export const entriesArray = t.array( t.union([entriesMatch, entriesMatchAny, entriesList, entriesExists, entriesNested]) ); export type EntriesArray = t.TypeOf; + export const entriesArrayOrUndefined = t.union([entriesArray, t.undefined]); export type EntriesArrayOrUndefined = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/entry_exists.mock.ts b/x-pack/plugins/lists/common/schemas/types/entry_exists.mock.ts new file mode 100644 index 0000000000000..aa93eee6374a4 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_exists.mock.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { EXISTS, FIELD, OPERATOR } from '../../constants.mock'; + +import { EntryExists } from './entry_exists'; + +export const getEntryExistsMock = (): EntryExists => ({ + field: FIELD, + operator: OPERATOR, + type: EXISTS, +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_exists.test.ts b/x-pack/plugins/lists/common/schemas/types/entry_exists.test.ts new file mode 100644 index 0000000000000..9d5b669333db8 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_exists.test.ts @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryExistsMock } from './entry_exists.mock'; +import { EntryExists, entriesExists } from './entry_exists'; + +describe('entriesExists', () => { + test('it should validate an entry', () => { + const payload = { ...getEntryExistsMock() }; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when "operator" is "included"', () => { + const payload = { ...getEntryExistsMock() }; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when "operator" is "excluded"', () => { + const payload = { ...getEntryExistsMock() }; + payload.operator = 'excluded'; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should not validate when "field" is empty string', () => { + const payload: Omit & { field: string } = { + ...getEntryExistsMock(), + field: '', + }; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "field"']); + expect(message.schema).toEqual({}); + }); + + test('it should strip out extra keys', () => { + const payload: EntryExists & { + extraKey?: string; + } = { ...getEntryExistsMock() }; + payload.extraKey = 'some extra key'; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ ...getEntryExistsMock() }); + }); + + test('it should not validate when "type" is not "exists"', () => { + const payload: Omit & { type: string } = { + ...getEntryExistsMock(), + type: 'match', + }; + const decoded = entriesExists.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); + expect(message.schema).toEqual({}); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_exists.ts b/x-pack/plugins/lists/common/schemas/types/entry_exists.ts new file mode 100644 index 0000000000000..05c82d2532218 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_exists.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* eslint-disable @typescript-eslint/camelcase */ + +import * as t from 'io-ts'; + +import { NonEmptyString } from '../../siem_common_deps'; +import { operator } from '../common/schemas'; + +export const entriesExists = t.exact( + t.type({ + field: NonEmptyString, + operator, + type: t.keyof({ exists: null }), + }) +); +export type EntryExists = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/entry_list.mock.ts b/x-pack/plugins/lists/common/schemas/types/entry_list.mock.ts new file mode 100644 index 0000000000000..d5166b7984c93 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_list.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { FIELD, LIST, LIST_ID, OPERATOR, TYPE } from '../../constants.mock'; + +import { EntryList } from './entry_list'; + +export const getEntryListMock = (): EntryList => ({ + field: FIELD, + list: { id: LIST_ID, type: TYPE }, + operator: OPERATOR, + type: LIST, +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_list.test.ts b/x-pack/plugins/lists/common/schemas/types/entry_list.test.ts new file mode 100644 index 0000000000000..14857edad5e3b --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_list.test.ts @@ -0,0 +1,95 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryListMock } from './entry_list.mock'; +import { EntryList, entriesList } from './entry_list'; + +describe('entriesList', () => { + test('it should validate an entry', () => { + const payload = { ...getEntryListMock() }; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when operator is "included"', () => { + const payload = { ...getEntryListMock() }; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when "operator" is "excluded"', () => { + const payload = { ...getEntryListMock() }; + payload.operator = 'excluded'; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should not validate when "list" is not expected value', () => { + const payload: Omit & { list: string } = { + ...getEntryListMock(), + list: 'someListId', + }; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "someListId" supplied to "list"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "list.id" is empty string', () => { + const payload: Omit & { list: { id: string; type: 'ip' } } = { + ...getEntryListMock(), + list: { id: '', type: 'ip' }, + }; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "list,id"']); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "type" is not "lists"', () => { + const payload: Omit & { type: 'match_any' } = { + ...getEntryListMock(), + type: 'match_any', + }; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "match_any" supplied to "type"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should strip out extra keys', () => { + const payload: EntryList & { + extraKey?: string; + } = { ...getEntryListMock() }; + payload.extraKey = 'some extra key'; + const decoded = entriesList.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ ...getEntryListMock() }); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_list.ts b/x-pack/plugins/lists/common/schemas/types/entry_list.ts new file mode 100644 index 0000000000000..ae9de967db027 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_list.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* eslint-disable @typescript-eslint/camelcase */ + +import * as t from 'io-ts'; + +import { NonEmptyString } from '../../siem_common_deps'; +import { operator, type } from '../common/schemas'; + +export const entriesList = t.exact( + t.type({ + field: NonEmptyString, + list: t.exact(t.type({ id: NonEmptyString, type })), + operator, + type: t.keyof({ list: null }), + }) +); +export type EntryList = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match.mock.ts b/x-pack/plugins/lists/common/schemas/types/entry_match.mock.ts new file mode 100644 index 0000000000000..5f3a09f17eb3b --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { ENTRY_VALUE, FIELD, MATCH, OPERATOR } from '../../constants.mock'; + +import { EntryMatch } from './entry_match'; + +export const getEntryMatchMock = (): EntryMatch => ({ + field: FIELD, + operator: OPERATOR, + type: MATCH, + value: ENTRY_VALUE, +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match.test.ts b/x-pack/plugins/lists/common/schemas/types/entry_match.test.ts new file mode 100644 index 0000000000000..2c64592518eb7 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match.test.ts @@ -0,0 +1,107 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryMatchMock } from './entry_match.mock'; +import { EntryMatch, entriesMatch } from './entry_match'; + +describe('entriesMatch', () => { + test('it should validate an entry', () => { + const payload = { ...getEntryMatchMock() }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when operator is "included"', () => { + const payload = { ...getEntryMatchMock() }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when "operator" is "excluded"', () => { + const payload = { ...getEntryMatchMock() }; + payload.operator = 'excluded'; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should not validate when "field" is empty string', () => { + const payload: Omit & { field: string } = { + ...getEntryMatchMock(), + field: '', + }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "field"']); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "value" is not string', () => { + const payload: Omit & { value: string[] } = { + ...getEntryMatchMock(), + value: ['some value'], + }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "["some value"]" supplied to "value"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "value" is empty string', () => { + const payload: Omit & { value: string } = { + ...getEntryMatchMock(), + value: '', + }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "value"']); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "type" is not "match"', () => { + const payload: Omit & { type: string } = { + ...getEntryMatchMock(), + type: 'match_any', + }; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "match_any" supplied to "type"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should strip out extra keys', () => { + const payload: EntryMatch & { + extraKey?: string; + } = { ...getEntryMatchMock() }; + payload.extraKey = 'some value'; + const decoded = entriesMatch.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ ...getEntryMatchMock() }); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match.ts b/x-pack/plugins/lists/common/schemas/types/entry_match.ts new file mode 100644 index 0000000000000..a21f83f317e35 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* eslint-disable @typescript-eslint/camelcase */ + +import * as t from 'io-ts'; + +import { NonEmptyString } from '../../siem_common_deps'; +import { operator } from '../common/schemas'; + +export const entriesMatch = t.exact( + t.type({ + field: NonEmptyString, + operator, + type: t.keyof({ match: null }), + value: NonEmptyString, + }) +); +export type EntryMatch = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match_any.mock.ts b/x-pack/plugins/lists/common/schemas/types/entry_match_any.mock.ts new file mode 100644 index 0000000000000..ac4ef69207c8c --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match_any.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { ENTRY_VALUE, FIELD, MATCH_ANY, OPERATOR } from '../../constants.mock'; + +import { EntryMatchAny } from './entry_match_any'; + +export const getEntryMatchAnyMock = (): EntryMatchAny => ({ + field: FIELD, + operator: OPERATOR, + type: MATCH_ANY, + value: [ENTRY_VALUE], +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match_any.test.ts b/x-pack/plugins/lists/common/schemas/types/entry_match_any.test.ts new file mode 100644 index 0000000000000..4dab2f45711f0 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match_any.test.ts @@ -0,0 +1,105 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { EntryMatchAny, entriesMatchAny } from './entry_match_any'; + +describe('entriesMatchAny', () => { + test('it should validate an entry', () => { + const payload = { ...getEntryMatchAnyMock() }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when operator is "included"', () => { + const payload = { ...getEntryMatchAnyMock() }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate when operator is "excluded"', () => { + const payload = { ...getEntryMatchAnyMock() }; + payload.operator = 'excluded'; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should not validate when field is empty string', () => { + const payload: Omit & { field: string } = { + ...getEntryMatchAnyMock(), + field: '', + }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "field"']); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when value is empty array', () => { + const payload: Omit & { value: string[] } = { + ...getEntryMatchAnyMock(), + value: [], + }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "[]" supplied to "value"']); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when value is not string array', () => { + const payload: Omit & { value: string } = { + ...getEntryMatchAnyMock(), + value: 'some string', + }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "some string" supplied to "value"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should not validate when "type" is not "match_any"', () => { + const payload: Omit & { type: string } = { + ...getEntryMatchAnyMock(), + type: 'match', + }; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); + expect(message.schema).toEqual({}); + }); + + test('it should strip out extra keys', () => { + const payload: EntryMatchAny & { + extraKey?: string; + } = { ...getEntryMatchAnyMock() }; + payload.extraKey = 'some extra key'; + const decoded = entriesMatchAny.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ ...getEntryMatchAnyMock() }); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_match_any.ts b/x-pack/plugins/lists/common/schemas/types/entry_match_any.ts new file mode 100644 index 0000000000000..e93ad4aa131d1 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_match_any.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* eslint-disable @typescript-eslint/camelcase */ + +import * as t from 'io-ts'; + +import { NonEmptyString } from '../../siem_common_deps'; +import { operator } from '../common/schemas'; + +import { nonEmptyOrNullableStringArray } from './non_empty_or_nullable_string_array'; + +export const entriesMatchAny = t.exact( + t.type({ + field: NonEmptyString, + operator, + type: t.keyof({ match_any: null }), + value: nonEmptyOrNullableStringArray, + }) +); +export type EntryMatchAny = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/entry_nested.mock.ts b/x-pack/plugins/lists/common/schemas/types/entry_nested.mock.ts new file mode 100644 index 0000000000000..f645bc9e40d78 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_nested.mock.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { FIELD, NESTED } from '../../constants.mock'; + +import { EntryNested } from './entry_nested'; +import { getEntryMatchMock } from './entry_match.mock'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; + +export const getEntryNestedMock = (): EntryNested => ({ + entries: [{ ...getEntryMatchMock() }, { ...getEntryMatchAnyMock() }], + field: FIELD, + type: NESTED, +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_nested.test.ts b/x-pack/plugins/lists/common/schemas/types/entry_nested.test.ts new file mode 100644 index 0000000000000..d9b58855413b1 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_nested.test.ts @@ -0,0 +1,124 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryNestedMock } from './entry_nested.mock'; +import { EntryNested, entriesNested } from './entry_nested'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { getEntryExistsMock } from './entry_exists.mock'; + +describe('entriesNested', () => { + test('it should validate a nested entry', () => { + const payload = { ...getEntryNestedMock() }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should NOT validate when "type" is not "nested"', () => { + const payload: Omit & { type: 'match' } = { + ...getEntryNestedMock(), + type: 'match', + }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "match" supplied to "type"']); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate when "field" is empty string', () => { + const payload: Omit & { + field: string; + } = { ...getEntryNestedMock(), field: '' }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "" supplied to "field"']); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate when "field" is not a string', () => { + const payload: Omit & { + field: number; + } = { ...getEntryNestedMock(), field: 1 }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual(['Invalid value "1" supplied to "field"']); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate when "entries" is not a an array', () => { + const payload: Omit & { + entries: string; + } = { ...getEntryNestedMock(), entries: 'im a string' }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "im a string" supplied to "entries"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should validate when "entries" contains an entry item that is type "match"', () => { + const payload = { ...getEntryNestedMock(), entries: [{ ...getEntryMatchAnyMock() }] }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ + entries: [ + { + field: 'host.name', + operator: 'included', + type: 'match_any', + value: ['some host name'], + }, + ], + field: 'host.name', + type: 'nested', + }); + }); + + test('it should validate when "entries" contains an entry item that is type "exists"', () => { + const payload = { ...getEntryNestedMock(), entries: [{ ...getEntryExistsMock() }] }; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ + entries: [ + { + field: 'host.name', + operator: 'included', + type: 'exists', + }, + ], + field: 'host.name', + type: 'nested', + }); + }); + + test('it should strip out extra keys', () => { + const payload: EntryNested & { + extraKey?: string; + } = { ...getEntryNestedMock() }; + payload.extraKey = 'some extra key'; + const decoded = entriesNested.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual({ ...getEntryNestedMock() }); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/entry_nested.ts b/x-pack/plugins/lists/common/schemas/types/entry_nested.ts new file mode 100644 index 0000000000000..9989f501d4338 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/entry_nested.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* eslint-disable @typescript-eslint/camelcase */ + +import * as t from 'io-ts'; + +import { NonEmptyString } from '../../siem_common_deps'; + +import { nonEmptyNestedEntriesArray } from './non_empty_nested_entries_array'; + +export const entriesNested = t.exact( + t.type({ + entries: nonEmptyNestedEntriesArray, + field: NonEmptyString, + type: t.keyof({ nested: null }), + }) +); +export type EntryNested = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/index.ts b/x-pack/plugins/lists/common/schemas/types/index.ts index 16433e00f2b16..463f7cfe51ce3 100644 --- a/x-pack/plugins/lists/common/schemas/types/index.ts +++ b/x-pack/plugins/lists/common/schemas/types/index.ts @@ -10,5 +10,12 @@ export * from './default_comments_array'; export * from './default_create_comments_array'; export * from './default_update_comments_array'; export * from './default_namespace'; -export * from './default_entries_array'; export * from './entries'; +export * from './entry_match'; +export * from './entry_match_any'; +export * from './entry_list'; +export * from './entry_exists'; +export * from './entry_nested'; +export * from './non_empty_entries_array'; +export * from './non_empty_or_nullable_string_array'; +export * from './non_empty_nested_entries_array'; diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.test.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.test.ts new file mode 100644 index 0000000000000..ab7002982cf28 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.test.ts @@ -0,0 +1,123 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryMatchMock } from './entry_match.mock'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { getEntryListMock } from './entry_list.mock'; +import { getEntryExistsMock } from './entry_exists.mock'; +import { getEntryNestedMock } from './entry_nested.mock'; +import { getEntriesArrayMock } from './entries.mock'; +import { nonEmptyEntriesArray } from './non_empty_entries_array'; +import { EntriesArray } from './entries'; + +describe('non_empty_entries_array', () => { + test('it should NOT validate an empty array', () => { + const payload: EntriesArray = []; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "[]" supplied to "NonEmptyEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "undefined"', () => { + const payload = undefined; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "NonEmptyEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "null"', () => { + const payload = null; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "null" supplied to "NonEmptyEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should validate an array of "match" entries', () => { + const payload: EntriesArray = [{ ...getEntryMatchMock() }, { ...getEntryMatchMock() }]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "match_any" entries', () => { + const payload: EntriesArray = [{ ...getEntryMatchAnyMock() }, { ...getEntryMatchAnyMock() }]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "exists" entries', () => { + const payload: EntriesArray = [{ ...getEntryExistsMock() }, { ...getEntryExistsMock() }]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "list" entries', () => { + const payload: EntriesArray = [{ ...getEntryListMock() }, { ...getEntryListMock() }]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "nested" entries', () => { + const payload: EntriesArray = [{ ...getEntryNestedMock() }, { ...getEntryNestedMock() }]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of entries', () => { + const payload: EntriesArray = [...getEntriesArrayMock()]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should NOT validate an array of non entries', () => { + const payload = [1]; + const decoded = nonEmptyEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "1" supplied to "NonEmptyEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.ts new file mode 100644 index 0000000000000..1370fe022c258 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_entries_array.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as t from 'io-ts'; +import { Either } from 'fp-ts/lib/Either'; + +import { EntriesArray, entriesArray } from './entries'; + +/** + * Types the nonEmptyEntriesArray as: + * - An array of entries of length 1 or greater + * + */ +export const nonEmptyEntriesArray = new t.Type( + 'NonEmptyEntriesArray', + entriesArray.is, + (input, context): Either => { + if (Array.isArray(input) && input.length === 0) { + return t.failure(input, context); + } else { + return entriesArray.validate(input, context); + } + }, + t.identity +); + +export type NonEmptyEntriesArray = t.OutputOf; +export type NonEmptyEntriesArrayDecoded = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts new file mode 100644 index 0000000000000..1154f2b6098da --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.test.ts @@ -0,0 +1,131 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { getEntryMatchMock } from './entry_match.mock'; +import { getEntryMatchAnyMock } from './entry_match_any.mock'; +import { getEntryExistsMock } from './entry_exists.mock'; +import { getEntryNestedMock } from './entry_nested.mock'; +import { nonEmptyNestedEntriesArray } from './non_empty_nested_entries_array'; +import { EntriesArray } from './entries'; + +describe('non_empty_nested_entries_array', () => { + test('it should NOT validate an empty array', () => { + const payload: EntriesArray = []; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "[]" supplied to "NonEmptyNestedEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "undefined"', () => { + const payload = undefined; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "NonEmptyNestedEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "null"', () => { + const payload = null; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "null" supplied to "NonEmptyNestedEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should validate an array of "match" entries', () => { + const payload: EntriesArray = [{ ...getEntryMatchMock() }, { ...getEntryMatchMock() }]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "match_any" entries', () => { + const payload: EntriesArray = [{ ...getEntryMatchAnyMock() }, { ...getEntryMatchAnyMock() }]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should validate an array of "exists" entries', () => { + const payload: EntriesArray = [{ ...getEntryExistsMock() }, { ...getEntryExistsMock() }]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should NOT validate an array of "nested" entries', () => { + const payload: EntriesArray = [{ ...getEntryNestedMock() }, { ...getEntryNestedMock() }]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + 'Invalid value "undefined" supplied to "value"', + 'Invalid value "undefined" supplied to "operator"', + 'Invalid value "nested" supplied to "type"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should validate an array of entries', () => { + const payload: EntriesArray = [ + { ...getEntryExistsMock() }, + { ...getEntryMatchAnyMock() }, + { ...getEntryMatchMock() }, + ]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([]); + expect(message.schema).toEqual(payload); + }); + + test('it should NOT validate an array of non entries', () => { + const payload = [1]; + const decoded = nonEmptyNestedEntriesArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "1" supplied to "NonEmptyNestedEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyNestedEntriesArray"', + 'Invalid value "1" supplied to "NonEmptyNestedEntriesArray"', + ]); + expect(message.schema).toEqual({}); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.ts new file mode 100644 index 0000000000000..88a0f09b3cef0 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_nested_entries_array.ts @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as t from 'io-ts'; +import { Either } from 'fp-ts/lib/Either'; + +import { entriesMatchAny } from './entry_match_any'; +import { entriesMatch } from './entry_match'; +import { entriesExists } from './entry_exists'; + +export const nestedEntriesArray = t.array(t.union([entriesMatch, entriesMatchAny, entriesExists])); +export type NestedEntriesArray = t.TypeOf; + +/** + * Types the nonEmptyNestedEntriesArray as: + * - An array of entries of length 1 or greater + * + */ +export const nonEmptyNestedEntriesArray = new t.Type< + NestedEntriesArray, + NestedEntriesArray, + unknown +>( + 'NonEmptyNestedEntriesArray', + nestedEntriesArray.is, + (input, context): Either => { + if (Array.isArray(input) && input.length === 0) { + return t.failure(input, context); + } else { + return nestedEntriesArray.validate(input, context); + } + }, + t.identity +); + +export type NonEmptyNestedEntriesArray = t.OutputOf; +export type NonEmptyNestedEntriesArrayDecoded = t.TypeOf; diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.test.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.test.ts new file mode 100644 index 0000000000000..e3cc9104853e5 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.test.ts @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { pipe } from 'fp-ts/lib/pipeable'; +import { left } from 'fp-ts/lib/Either'; + +import { foldLeftRight, getPaths } from '../../siem_common_deps'; + +import { nonEmptyOrNullableStringArray } from './non_empty_or_nullable_string_array'; + +describe('nonEmptyOrNullableStringArray', () => { + test('it should NOT validate an empty array', () => { + const payload: string[] = []; + const decoded = nonEmptyOrNullableStringArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "[]" supplied to "NonEmptyOrNullableStringArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "undefined"', () => { + const payload = undefined; + const decoded = nonEmptyOrNullableStringArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "undefined" supplied to "NonEmptyOrNullableStringArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate "null"', () => { + const payload = null; + const decoded = nonEmptyOrNullableStringArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "null" supplied to "NonEmptyOrNullableStringArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate an array of with an empty string', () => { + const payload: string[] = ['im good', '']; + const decoded = nonEmptyOrNullableStringArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "["im good",""]" supplied to "NonEmptyOrNullableStringArray"', + ]); + expect(message.schema).toEqual({}); + }); + + test('it should NOT validate an array of non strings', () => { + const payload = [1]; + const decoded = nonEmptyOrNullableStringArray.decode(payload); + const message = pipe(decoded, foldLeftRight); + + expect(getPaths(left(message.errors))).toEqual([ + 'Invalid value "[1]" supplied to "NonEmptyOrNullableStringArray"', + ]); + expect(message.schema).toEqual({}); + }); +}); diff --git a/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.ts b/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.ts new file mode 100644 index 0000000000000..f8ae1701e1322 --- /dev/null +++ b/x-pack/plugins/lists/common/schemas/types/non_empty_or_nullable_string_array.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as t from 'io-ts'; +import { Either } from 'fp-ts/lib/Either'; + +/** + * Types the nonEmptyOrNullableStringArray as: + * - An array of non empty strings of length 1 or greater + * - This differs from NonEmptyStringArray in that both input and output are type array + * + */ +export const nonEmptyOrNullableStringArray = new t.Type( + 'NonEmptyOrNullableStringArray', + t.array(t.string).is, + (input, context): Either => { + const emptyValueFound = Array.isArray(input) && input.some((value) => value === ''); + const nonStringValueFound = + Array.isArray(input) && input.some((value) => typeof value !== 'string'); + + if (Array.isArray(input) && (emptyValueFound || nonStringValueFound || input.length === 0)) { + return t.failure(input, context); + } else { + return t.array(t.string).validate(input, context); + } + }, + t.identity +); + +export type NonEmptyOrNullableStringArray = t.OutputOf; +export type NonEmptyOrNullableStringArrayDecoded = t.TypeOf; diff --git a/x-pack/plugins/lists/server/scripts/exception_lists/new/exception_list_item.json b/x-pack/plugins/lists/server/scripts/exception_lists/new/exception_list_item.json index eede855aab199..5fbfcc10bcc3c 100644 --- a/x-pack/plugins/lists/server/scripts/exception_lists/new/exception_list_item.json +++ b/x-pack/plugins/lists/server/scripts/exception_lists/new/exception_list_item.json @@ -8,7 +8,7 @@ "name": "Sample Endpoint Exception List", "entries": [ { - "field": "actingProcess.file.signer", + "field": "host.ip", "operator": "excluded", "type": "exists" }, diff --git a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client_types.ts b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client_types.ts index 51e3a7ee8046f..555b9c5e95a77 100644 --- a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client_types.ts +++ b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client_types.ts @@ -14,7 +14,6 @@ import { Description, DescriptionOrUndefined, EntriesArray, - EntriesArrayOrUndefined, ExceptionListItemType, ExceptionListItemTypeOrUndefined, ExceptionListType, @@ -140,7 +139,7 @@ export interface UpdateExceptionListItemOptions { _tags: _TagsOrUndefined; _version: _VersionOrUndefined; comments: UpdateCommentsArray; - entries: EntriesArrayOrUndefined; + entries: EntriesArray; id: IdOrUndefined; itemId: ItemIdOrUndefined; namespaceType: NamespaceType; @@ -155,7 +154,7 @@ export interface UpdateEndpointListItemOptions { _tags: _TagsOrUndefined; _version: _VersionOrUndefined; comments: UpdateCommentsArray; - entries: EntriesArrayOrUndefined; + entries: EntriesArray; id: IdOrUndefined; itemId: ItemIdOrUndefined; name: NameOrUndefined; diff --git a/x-pack/plugins/lists/server/services/exception_lists/update_exception_list_item.ts b/x-pack/plugins/lists/server/services/exception_lists/update_exception_list_item.ts index f26dd7e18dd5c..ccb74e8796705 100644 --- a/x-pack/plugins/lists/server/services/exception_lists/update_exception_list_item.ts +++ b/x-pack/plugins/lists/server/services/exception_lists/update_exception_list_item.ts @@ -8,7 +8,7 @@ import { SavedObjectsClientContract } from 'kibana/server'; import { DescriptionOrUndefined, - EntriesArrayOrUndefined, + EntriesArray, ExceptionListItemSchema, ExceptionListItemTypeOrUndefined, ExceptionListSoSchema, @@ -37,7 +37,7 @@ interface UpdateExceptionListItemOptions { _version: _VersionOrUndefined; name: NameOrUndefined; description: DescriptionOrUndefined; - entries: EntriesArrayOrUndefined; + entries: EntriesArray; savedObjectsClient: SavedObjectsClientContract; namespaceType: NamespaceType; itemId: ItemIdOrUndefined; diff --git a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts index caf2dfb761ed0..1c7a2a5de6594 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.test.ts @@ -25,6 +25,9 @@ import { Operator, } from '../../../lists/common/schemas'; import { getExceptionListItemSchemaMock } from '../../../lists/common/schemas/response/exception_list_item_schema.mock'; +import { getEntryMatchMock } from '../../../lists/common/schemas/types/entry_match.mock'; +import { getEntryMatchAnyMock } from '../../../lists/common/schemas/types/entry_match_any.mock'; +import { getEntryExistsMock } from '../../../lists/common/schemas/types/entry_exists.mock'; describe('build_exceptions_query', () => { let exclude: boolean; @@ -295,20 +298,95 @@ describe('build_exceptions_query', () => { const item: EntryNested = { field: 'parent', type: 'nested', - entries: [makeMatchEntry({ field: 'nestedField', operator: 'included' })], + entries: [ + { + ...getEntryMatchMock(), + field: 'nestedField', + operator: 'included', + value: 'value-1', + }, + ], }; const result = buildNested({ item, language: 'kuery' }); expect(result).toEqual('parent:{ nestedField:"value-1" }'); }); + test('it returns formatted query when entry item is "exists"', () => { + const item: EntryNested = { + field: 'parent', + type: 'nested', + entries: [{ ...getEntryExistsMock(), field: 'nestedField', operator: 'included' }], + }; + const result = buildNested({ item, language: 'kuery' }); + + expect(result).toEqual('parent:{ nestedField:* }'); + }); + + test('it returns formatted query when entry item is "exists" and operator is "excluded"', () => { + const item: EntryNested = { + field: 'parent', + type: 'nested', + entries: [{ ...getEntryExistsMock(), field: 'nestedField', operator: 'excluded' }], + }; + const result = buildNested({ item, language: 'kuery' }); + + expect(result).toEqual('parent:{ not nestedField:* }'); + }); + + test('it returns formatted query when entry item is "match_any"', () => { + const item: EntryNested = { + field: 'parent', + type: 'nested', + entries: [ + { + ...getEntryMatchAnyMock(), + field: 'nestedField', + operator: 'included', + value: ['value1', 'value2'], + }, + ], + }; + const result = buildNested({ item, language: 'kuery' }); + + expect(result).toEqual('parent:{ nestedField:("value1" or "value2") }'); + }); + + test('it returns formatted query when entry item is "match_any" and operator is "excluded"', () => { + const item: EntryNested = { + field: 'parent', + type: 'nested', + entries: [ + { + ...getEntryMatchAnyMock(), + field: 'nestedField', + operator: 'excluded', + value: ['value1', 'value2'], + }, + ], + }; + const result = buildNested({ item, language: 'kuery' }); + + expect(result).toEqual('parent:{ not nestedField:("value1" or "value2") }'); + }); + test('it returns formatted query when multiple items in nested entry', () => { const item: EntryNested = { field: 'parent', type: 'nested', entries: [ - makeMatchEntry({ field: 'nestedField', operator: 'included' }), - makeMatchEntry({ field: 'nestedFieldB', operator: 'included', value: 'value-2' }), + { + ...getEntryMatchMock(), + field: 'nestedField', + operator: 'included', + value: 'value-1', + }, + { + ...getEntryMatchMock(), + field: 'nestedFieldB', + operator: 'included', + value: 'value-2', + }, ], }; const result = buildNested({ item, language: 'kuery' }); @@ -514,7 +592,7 @@ describe('build_exceptions_query', () => { entries, }); const expectedQuery = - 'b:("value-1" OR "value-2") AND parent:{ nestedField:"value-3" } AND NOT _exists_e'; + 'b:("value-1" OR "value-2") AND parent:{ NOT nestedField:"value-3" } AND NOT _exists_e'; expect(query).toEqual(expectedQuery); }); @@ -576,7 +654,7 @@ describe('build_exceptions_query', () => { language: 'kuery', entries, }); - const expectedQuery = 'b:* and parent:{ c:"value-1" and d:"value-2" } and e:*'; + const expectedQuery = 'b:* and parent:{ not c:"value-1" and d:"value-2" } and e:*'; expect(query).toEqual(expectedQuery); }); @@ -642,7 +720,8 @@ describe('build_exceptions_query', () => { language: 'kuery', entries, }); - const expectedQuery = 'b:"value" and parent:{ c:"valueC" and d:"valueD" } and e:"valueE"'; + const expectedQuery = + 'b:"value" and parent:{ not c:"valueC" and not d:"valueD" } and e:"valueE"'; expect(query).toEqual(expectedQuery); }); @@ -684,7 +763,7 @@ describe('build_exceptions_query', () => { language: 'kuery', entries, }); - const expectedQuery = 'not b:("value-1" or "value-2") and parent:{ c:"valueC" }'; + const expectedQuery = 'not b:("value-1" or "value-2") and parent:{ not c:"valueC" }'; expect(query).toEqual(expectedQuery); }); @@ -800,7 +879,7 @@ describe('build_exceptions_query', () => { exclude, }); const expectedQuery = - '(some.parentField:{ nested.field:"some value" } and some.not.nested.field:"some value") or (b:("value-1" or "value-2") and parent:{ c:"valueC" and d:"valueD" } and e:("value-1" or "value-2"))'; + '(some.parentField:{ nested.field:"some value" } and some.not.nested.field:"some value") or (b:("value-1" or "value-2") and parent:{ not c:"valueC" and not d:"valueD" } and e:("value-1" or "value-2"))'; expect(query).toEqual([{ query: expectedQuery, language: 'kuery' }]); }); diff --git a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts index fc4fbae02b8fb..ff492dcda3b66 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts @@ -126,7 +126,7 @@ export const buildNested = ({ }): string => { const { field, entries } = item; const and = getLanguageBooleanOperator({ language, value: 'and' }); - const values = entries.map((entry) => `${entry.field}:"${entry.value}"`); + const values = entries.map((entry) => evaluateValues({ item: entry, language })); return `${field}:{ ${values.join(` ${and} `)} }`; }; diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx b/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx index ed844b5130c77..fab2b1e4a7463 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import React, { useMemo, useCallback } from 'react'; +import React, { useState, useMemo, useCallback } from 'react'; import { EuiComboBoxOptionOption, EuiComboBox } from '@elastic/eui'; import { IFieldType, IIndexPattern } from '../../../../../../../src/plugins/data/common'; @@ -19,6 +19,7 @@ interface OperatorProps { isClearable: boolean; fieldTypeFilter?: string[]; fieldInputWidth?: number; + isRequired?: boolean; onChange: (a: IFieldType[]) => void; } @@ -29,10 +30,12 @@ export const FieldComponent: React.FC = ({ isLoading = false, isDisabled = false, isClearable = false, + isRequired = false, fieldTypeFilter = [], fieldInputWidth = 190, onChange, }): JSX.Element => { + const [touched, setIsTouched] = useState(false); const getLabel = useCallback((field): string => field.name, []); const optionsMemo = useMemo((): IFieldType[] => { if (indexPattern != null) { @@ -74,6 +77,8 @@ export const FieldComponent: React.FC = ({ isLoading={isLoading} isDisabled={isDisabled} isClearable={isClearable} + isInvalid={isRequired ? touched && selectedField == null : false} + onFocus={() => setIsTouched(true)} singleSelection={{ asPlainText: true }} data-test-subj="fieldAutocompleteComboBox" style={{ width: `${fieldInputWidth}px` }} diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_lists.tsx b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_lists.tsx index a9d85452651b5..cd90d6eb85623 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_lists.tsx +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_lists.tsx @@ -18,6 +18,7 @@ interface AutocompleteFieldListsProps { isLoading: boolean; isDisabled: boolean; isClearable: boolean; + isRequired?: boolean; onChange: (arg: ListSchema) => void; } @@ -28,8 +29,10 @@ export const AutocompleteFieldListsComponent: React.FC { + const [touched, setIsTouched] = useState(false); const { http } = useKibana().services; const [lists, setLists] = useState([]); const { loading, result, start } = useFindLists(); @@ -97,6 +100,8 @@ export const AutocompleteFieldListsComponent: React.FC setIsTouched(true)} singleSelection={{ asPlainText: true }} sortMatchesBy="startsWith" data-test-subj="valuesAutocompleteComboBox listsComboxBox" diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match.tsx b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match.tsx index a082811920f88..992005b3be8bc 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match.tsx +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match.tsx @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import React, { useCallback, useMemo } from 'react'; +import React, { useCallback, useMemo, useState } from 'react'; import { EuiComboBoxOptionOption, EuiComboBox } from '@elastic/eui'; import { uniq } from 'lodash'; @@ -22,6 +22,7 @@ interface AutocompleteFieldMatchProps { isLoading: boolean; isDisabled: boolean; isClearable: boolean; + isRequired?: boolean; fieldInputWidth?: number; onChange: (arg: string) => void; } @@ -34,9 +35,11 @@ export const AutocompleteFieldMatchComponent: React.FC { + const [touched, setIsTouched] = useState(false); const [isLoadingSuggestions, suggestions, updateSuggestions] = useFieldValueAutocomplete({ selectedField, operatorType: OperatorTypeEnum.MATCH, @@ -96,7 +99,8 @@ export const AutocompleteFieldMatchComponent: React.FC setIsTouched(true)} sortMatchesBy="startsWith" data-test-subj="valuesAutocompleteComboBox matchComboxBox" style={fieldInputWidth ? { width: `${fieldInputWidth}px` } : {}} diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match_any.tsx b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match_any.tsx index 461d49dddfdef..27807a752c141 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match_any.tsx +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/field_value_match_any.tsx @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import React, { useCallback, useMemo } from 'react'; +import React, { useState, useCallback, useMemo } from 'react'; import { EuiComboBoxOptionOption, EuiComboBox } from '@elastic/eui'; import { uniq } from 'lodash'; @@ -22,6 +22,7 @@ interface AutocompleteFieldMatchAnyProps { isLoading: boolean; isDisabled: boolean; isClearable: boolean; + isRequired?: boolean; onChange: (arg: string[]) => void; } @@ -33,8 +34,10 @@ export const AutocompleteFieldMatchAnyComponent: React.FC { + const [touched, setIsTouched] = useState(false); const [isLoadingSuggestions, suggestions, updateSuggestions] = useFieldValueAutocomplete({ selectedField, operatorType: OperatorTypeEnum.MATCH_ANY, @@ -92,7 +95,8 @@ export const AutocompleteFieldMatchAnyComponent: React.FC setIsTouched(true)} delimiter=", " data-test-subj="valuesAutocompleteComboBox matchAnyComboxBox" fullWidth diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.test.ts b/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.test.ts index cb07d99913107..b25bb245c6792 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.test.ts +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.test.ts @@ -54,16 +54,16 @@ describe('helpers', () => { }); describe('#validateParams', () => { - test('returns true if value is undefined', () => { + test('returns false if value is undefined', () => { const isValid = validateParams(undefined, getField('@timestamp')); - expect(isValid).toBeTruthy(); + expect(isValid).toBeFalsy(); }); - test('returns true if value is empty string', () => { + test('returns false if value is empty string', () => { const isValid = validateParams('', getField('@timestamp')); - expect(isValid).toBeTruthy(); + expect(isValid).toBeFalsy(); }); test('returns true if type is "date" and value is valid', () => { diff --git a/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.ts b/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.ts index 16659593784db..a65f1fa35d3c2 100644 --- a/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/autocomplete/helpers.ts @@ -36,7 +36,7 @@ export const validateParams = ( ): boolean => { // Box would show error state if empty otherwise if (params == null || params === '') { - return true; + return false; } const types = field != null && field.esTypes != null ? field.esTypes : []; diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/builder_exception_item.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/builder_exception_item.test.tsx index 9ca7a371ce81b..0f3b6ec2e94e4 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/builder_exception_item.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/builder_exception_item.test.tsx @@ -12,10 +12,8 @@ import euiLightVars from '@elastic/eui/dist/eui_theme_light.json'; import { ExceptionListItemComponent } from './builder_exception_item'; import { fields } from '../../../../../../../../src/plugins/data/common/index_patterns/fields/fields.mocks.ts'; import { getExceptionListItemSchemaMock } from '../../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; -import { - getEntryMatchMock, - getEntryMatchAnyMock, -} from '../../../../../../lists/common/schemas/types/entries.mock'; +import { getEntryMatchMock } from '../../../../../../lists/common/schemas/types/entry_match.mock'; +import { getEntryMatchAnyMock } from '../../../../../../lists/common/schemas/types/entry_match_any.mock'; describe('ExceptionListItemComponent', () => { describe('and badge logic', () => { diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/entry_item.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/entry_item.tsx index 0f5000c8c0abe..7bf279168a9a0 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/entry_item.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/entry_item.tsx @@ -117,6 +117,7 @@ export const EntryItemComponent: React.FC = ({ isDisabled={isLoading} onChange={handleFieldChange} data-test-subj="exceptionBuilderEntryField" + isRequired /> ); @@ -170,6 +171,7 @@ export const EntryItemComponent: React.FC = ({ isClearable={false} indexPattern={indexPattern} onChange={handleFieldMatchValueChange} + isRequired data-test-subj="exceptionBuilderEntryFieldMatch" /> ); @@ -185,6 +187,7 @@ export const EntryItemComponent: React.FC = ({ isClearable={false} indexPattern={indexPattern} onChange={handleFieldMatchAnyValueChange} + isRequired data-test-subj="exceptionBuilderEntryFieldMatchAny" /> ); @@ -199,6 +202,7 @@ export const EntryItemComponent: React.FC = ({ isDisabled={isLoading} isClearable={false} onChange={handleFieldListValueChange} + isRequired data-test-subj="exceptionBuilderEntryFieldList" /> ); diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx index 7171d3c6b815e..dace2eb5f0672 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx @@ -38,18 +38,20 @@ import { existsOperator, doesNotExistOperator, } from '../autocomplete/operators'; -import { OperatorTypeEnum, OperatorEnum } from '../../../lists_plugin_deps'; +import { OperatorTypeEnum, OperatorEnum, EntryNested } from '../../../lists_plugin_deps'; import { getExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; -import { - getEntryExistsMock, - getEntryListMock, - getEntryMatchMock, - getEntryMatchAnyMock, - getEntriesArrayMock, -} from '../../../../../lists/common/schemas/types/entries.mock'; +import { getEntryMatchMock } from '../../../../../lists/common/schemas/types/entry_match.mock'; +import { getEntryMatchAnyMock } from '../../../../../lists/common/schemas/types/entry_match_any.mock'; +import { getEntryExistsMock } from '../../../../../lists/common/schemas/types/entry_exists.mock'; +import { getEntryListMock } from '../../../../../lists/common/schemas/types/entry_list.mock'; import { getCommentsArrayMock } from '../../../../../lists/common/schemas/types/comments.mock'; +import { getEntriesArrayMock } from '../../../../../lists/common/schemas/types/entries.mock'; import { ENTRIES } from '../../../../../lists/common/constants.mock'; -import { ExceptionListItemSchema, EntriesArray } from '../../../../../lists/common/schemas'; +import { + CreateExceptionListItemSchema, + ExceptionListItemSchema, + EntriesArray, +} from '../../../../../lists/common/schemas'; import { IIndexPattern } from 'src/plugins/data/common'; describe('Exception helpers', () => { @@ -251,8 +253,8 @@ describe('Exception helpers', () => { { fieldName: 'host.name.host.name', isNested: true, - operator: 'is', - value: 'some host name', + operator: 'is one of', + value: ['some host name'], }, ]; expect(result).toEqual(expected); @@ -482,7 +484,7 @@ describe('Exception helpers', () => { }); describe('#filterExceptionItems', () => { - test('it removes empty entry items', () => { + test('it removes entry items with "value" of "undefined"', () => { const { entries, ...rest } = getExceptionListItemSchemaMock(); const mockEmptyException: EmptyEntry = { field: 'host.name', @@ -500,6 +502,85 @@ describe('Exception helpers', () => { expect(exceptions).toEqual([getExceptionListItemSchemaMock()]); }); + test('it removes "match" entry items with "value" of empty string', () => { + const { entries, ...rest } = { ...getExceptionListItemSchemaMock() }; + const mockEmptyException: EmptyEntry = { + field: 'host.name', + type: OperatorTypeEnum.MATCH, + operator: OperatorEnum.INCLUDED, + value: '', + }; + const output: Array< + ExceptionListItemSchema | CreateExceptionListItemSchema + > = filterExceptionItems([ + { + ...rest, + entries: [...entries, mockEmptyException], + }, + ]); + + expect(output).toEqual([{ ...getExceptionListItemSchemaMock() }]); + }); + + test('it removes "match" entry items with "field" of empty string', () => { + const { entries, ...rest } = { ...getExceptionListItemSchemaMock() }; + const mockEmptyException: EmptyEntry = { + field: '', + type: OperatorTypeEnum.MATCH, + operator: OperatorEnum.INCLUDED, + value: 'some value', + }; + const output: Array< + ExceptionListItemSchema | CreateExceptionListItemSchema + > = filterExceptionItems([ + { + ...rest, + entries: [...entries, mockEmptyException], + }, + ]); + + expect(output).toEqual([{ ...getExceptionListItemSchemaMock() }]); + }); + + test('it removes "match_any" entry items with "field" of empty string', () => { + const { entries, ...rest } = { ...getExceptionListItemSchemaMock() }; + const mockEmptyException: EmptyEntry = { + field: '', + type: OperatorTypeEnum.MATCH_ANY, + operator: OperatorEnum.INCLUDED, + value: ['some value'], + }; + const output: Array< + ExceptionListItemSchema | CreateExceptionListItemSchema + > = filterExceptionItems([ + { + ...rest, + entries: [...entries, mockEmptyException], + }, + ]); + + expect(output).toEqual([{ ...getExceptionListItemSchemaMock() }]); + }); + + test('it removes "nested" entry items with "field" of empty string', () => { + const { entries, ...rest } = { ...getExceptionListItemSchemaMock() }; + const mockEmptyException: EntryNested = { + field: '', + type: OperatorTypeEnum.NESTED, + entries: [{ ...getEntryMatchMock() }], + }; + const output: Array< + ExceptionListItemSchema | CreateExceptionListItemSchema + > = filterExceptionItems([ + { + ...rest, + entries: [...entries, mockEmptyException], + }, + ]); + + expect(output).toEqual([{ ...getExceptionListItemSchemaMock() }]); + }); + test('it removes `temporaryId` from items', () => { const { meta, ...rest } = getNewExceptionItem({ listType: 'detection', @@ -509,7 +590,7 @@ describe('Exception helpers', () => { }); const exceptions = filterExceptionItems([{ ...rest, meta }]); - expect(exceptions).toEqual([{ ...rest, meta: undefined }]); + expect(exceptions).toEqual([{ ...rest, entries: [], meta: undefined }]); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx index 3d028431de8ff..4d8fc5f68870b 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx @@ -39,6 +39,7 @@ import { EntryNested, } from '../../../lists_plugin_deps'; import { IFieldType, IIndexPattern } from '../../../../../../../src/plugins/data/common'; +import { validate } from '../../../../common/validate'; import { TimelineNonEcsData } from '../../../graphql/types'; import { WithCopyToClipboard } from '../../lib/clipboard/with_copy_to_clipboard'; @@ -348,11 +349,22 @@ export const filterExceptionItems = ( ): Array => { return exceptions.reduce>( (acc, exception) => { - const entries = exception.entries.filter((t) => entry.is(t) || entriesNested.is(t)); + const entries = exception.entries.filter((t) => { + const [validatedEntry] = validate(t, entry); + const [validatedNestedEntry] = validate(t, entriesNested); + + if (validatedEntry != null || validatedNestedEntry != null) { + return true; + } + + return false; + }); + const item = { ...exception, entries }; + if (exceptionListItemSchema.is(item)) { return [...acc, item]; - } else if (createExceptionListItemSchema.is(item) && item.meta != null) { + } else if (createExceptionListItemSchema.is(item)) { const { meta, ...rest } = item; const itemSansMetaId: CreateExceptionListItemSchema = { ...rest, meta: undefined }; return [...acc, itemSansMetaId]; diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts index d3d073efa73c1..bb8b4fb3d5ce7 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts @@ -8,7 +8,7 @@ import { ExceptionListClient } from '../../../../../lists/server'; import { listMock } from '../../../../../lists/server/mocks'; import { getFoundExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/found_exception_list_item_schema.mock'; import { getExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; -import { EntriesArray, EntryList } from '../../../../../lists/common/schemas/types/entries'; +import { EntriesArray, EntryList } from '../../../../../lists/common/schemas/types'; import { buildArtifact, getFullEndpointExceptionList } from './lists'; import { TranslatedEntry, TranslatedExceptionListItem } from '../../schemas/artifacts'; diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts index 68fa2a0511a48..5998a88527f2f 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts @@ -9,7 +9,7 @@ import { deflate } from 'zlib'; import { ExceptionListItemSchema } from '../../../../../lists/common/schemas'; import { validate } from '../../../../common/validate'; -import { Entry, EntryNested } from '../../../../../lists/common/schemas/types/entries'; +import { Entry, EntryNested } from '../../../../../lists/common/schemas/types'; import { FoundExceptionListItemSchema } from '../../../../../lists/common/schemas/response/found_exception_list_item_schema'; import { ExceptionListClient } from '../../../../../lists/server'; import { ENDPOINT_LIST_ID } from '../../../../common/shared_imports';