[Security Solution] [Cases] Bugfix, properly encode externalId json (#142624) (#142641)

(cherry picked from commit df9d1e866d) Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
2025-04-24 09:48:58 -04:00 · 2022-10-04 11:58:34 -06:00 · 2022-10-04 11:58:34 -06:00 · 7efab0a703
commit 7efab0a703
parent 042caf313d
2 changed files with 85 additions and 2 deletions
--- a/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.test.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.test.ts
@ -474,6 +474,77 @@ describe('Cases webhook service', () => {
      expect(requestMock).not.toHaveBeenCalled();
      expect(res).toBeUndefined();
    });
+
+    test('properly encodes external system id as string in request body', async () => {
+      requestMock.mockImplementation(() =>
+        createAxiosResponse({
+          data: {
+            id: '1',
+            key: 'CK-1',
+          },
+        })
+      );
+      service = createExternalService(
+        actionId,
+        {
+          config: {
+            ...config,
+            createCommentJson: '{"body":{{{case.comment}}},"id":{{{external.system.id}}}}',
+          },
+          secrets,
+        },
+        logger,
+        configurationUtilities
+      );
+      await service.createComment(commentReq);
+      expect(requestMock).toHaveBeenCalledWith({
+        axios,
+        logger,
+        method: CasesWebhookMethods.POST,
+        configurationUtilities,
+        url: 'https://coolsite.net/issue/1/comment',
+        data: `{"body":"comment","id":"1"}`,
+      });
+    });
+
+    test('properly encodes external system id as number in request body', async () => {
+      const commentReq2 = {
+        incidentId: 1 as unknown as string,
+        comment: {
+          comment: 'comment',
+          commentId: 'comment-1',
+        },
+      };
+      requestMock.mockImplementation(() =>
+        createAxiosResponse({
+          data: {
+            id: '1',
+            key: 'CK-1',
+          },
+        })
+      );
+      service = createExternalService(
+        actionId,
+        {
+          config: {
+            ...config,
+            createCommentJson: '{"body":{{{case.comment}}},"id":{{{external.system.id}}}}',
+          },
+          secrets,
+        },
+        logger,
+        configurationUtilities
+      );
+      await service.createComment(commentReq2);
+      expect(requestMock).toHaveBeenCalledWith({
+        axios,
+        logger,
+        method: CasesWebhookMethods.POST,
+        configurationUtilities,
+        url: 'https://coolsite.net/issue/1/comment',
+        data: `{"body":"comment","id":1}`,
+      });
+    });
  });

  describe('bad urls', () => {
--- a/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/cases/cases_webhook/service.ts
@ -190,6 +190,7 @@ export const createExternalService = (
          },
        },
      });
+
      const normalizedUrl = validateAndNormalizeUrl(
        `${updateUrl}`,
        configurationUtilities,
@ -197,6 +198,7 @@ export const createExternalService = (
      );

      const { tags, title, description } = incident;
+
      const json = renderMustacheStringNoEscape(updateIncidentJson, {
        ...stringifyObjValues({
          title,
@ -205,12 +207,13 @@ export const createExternalService = (
        }),
        external: {
          system: {
-            id: incidentId,
+            id: JSON.stringify(incidentId),
          },
        },
      });

      validateJson(json, 'Update case JSON body');
+
      const res = await request({
        axios: axiosInstance,
        method: updateIncidentMethod,
@ -223,7 +226,9 @@ export const createExternalService = (
      throwDescriptiveErrorIfResponseIsNotValid({
        res,
      });
+
      const updatedIncident = await getIncident(incidentId as string);
+
      const viewUrl = renderMustacheStringNoEscape(viewIncidentUrl, {
        external: {
          system: {
@ -232,11 +237,13 @@ export const createExternalService = (
          },
        },
      });
+
      const normalizedViewUrl = validateAndNormalizeUrl(
        `${viewUrl}`,
        configurationUtilities,
        'View case URL'
      );
+
      return {
        id: incidentId,
        title: updatedIncident.title,
@ -253,6 +260,7 @@ export const createExternalService = (
      if (!createCommentUrl || !createCommentJson || !createCommentMethod) {
        return;
      }
+
      const commentUrl = renderMustacheStringNoEscape(createCommentUrl, {
        external: {
          system: {
@ -260,20 +268,24 @@ export const createExternalService = (
          },
        },
      });
+
      const normalizedUrl = validateAndNormalizeUrl(
        `${commentUrl}`,
        configurationUtilities,
        'Create comment URL'
      );
+
      const json = renderMustacheStringNoEscape(createCommentJson, {
        ...stringifyObjValues({ comment: comment.comment }),
        external: {
          system: {
-            id: incidentId,
+            id: JSON.stringify(incidentId),
          },
        },
      });
+
      validateJson(json, 'Create comment JSON body');
+
      const res = await request({
        axios: axiosInstance,
        method: createCommentMethod,