github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.16] [Security Solution] [Security assistant] Fixes errors when creating conversations with special characters in the title (#197319) (#197495)

Browse source 
# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] [Security assistant] Fixes errors when creating
conversations with special characters in the title
(#197319)](https://github.com/elastic/kibana/pull/197319)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Andrew
Macri","email":"andrew.macri@elastic.co"},"sourceCommit":{"committedDate":"2024-10-23T16:13:19Z","message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](https://github.com/elastic/security-team/issues/10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","v8.16.0","backport:version"],"title":"[Security Solution] [Security
assistant] Fixes errors when creating conversations with special
characters in the
title","number":197319,"url":"https://github.com/elastic/kibana/pull/197319","mergeCommit":{"message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](https://github.com/elastic/security-team/issues/10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197319","number":197319,"mergeCommit":{"message":"[Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title (#197319)\n\n### [Security
Solution] [Security assistant] Fixes errors when creating conversations
with special characters in the title\r\n\r\nThis PR fixes an
[issue](https://github.com/elastic/security-team/issues/10284) in the
security assistant where attempting to create conversations with special
characters in the title, i.e. a `:`, resulted in an `Error creating
conversation with title...` toaster.\r\n\r\n### Desk testing\r\n\r\nTo
reproduce, simulate generation of a title with special
characters:\r\n\r\n1) Edit
`x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts`\r\n\r\nchange
the following line:\r\n\r\nfrom\r\n\r\n```ts\r\nconst lastFive =
attackDiscovery.id ? ` - ${attackDiscovery.id.slice(-5)}` :
'';\r\n```\r\n\r\nto\r\n\r\n```ts\r\nconst lastFive = attackDiscovery.id
? ` - test: \"${attackDiscovery.id.slice(-5)}\"` : '';\r\n```\r\n\r\n2)
Navigate to Security > Attack discovery\r\n\r\n3) Click the `View in AI
Assistant` link for any attack discovery\r\n\r\n**Expected
result**\r\n\r\n- The assistant flyout opens without
errors\r\n\r\n**Actual result**\r\n\r\n- The assistant flyout opens with
a toaster error like the following example:\r\n\r\n```\r\nError creating
conversation with title Sophisticated Multi-Stage Attack Detected -
test:
\"7a882\"\r\n```","sha":"a2a43e7a3a964cdcc9ca38cf90ea429e2a98edd8"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Andrew Macri <andrew.macri@elastic.co>
This commit is contained in:
Kibana Machine 2024-10-24 05:42:56 +11:00 committed by GitHub
parent 3d98f6c3f7
commit 8df3967145
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 52 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

46
x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts
View file

@ -100,6 +100,52 @@ describe('Create conversation route', () => {
expect(result.badRequest).toHaveBeenCalled();
});
test('escapes colons when querying for existing titles', async () => {
const request = requestMock.create({
method: 'post',
path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL,
body: {
...getCreateConversationSchemaMock(),
title: 'test: Malware infection: with credential theft attempt - 2875e', // <-- contains colons
},
});
await server.inject(request, requestContextMock.convertContext(context));
expect(
clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments
).toHaveBeenCalledWith({
fields: ['title'],
filter:
'users:{ name: "my_username" } AND title:test\\: Malware infection\\: with credential theft attempt - 2875e',
page: 1,
perPage: 100,
});
});
test('escapes quotes when querying for existing titles', async () => {
const request = requestMock.create({
method: 'post',
path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL,
body: {
...getCreateConversationSchemaMock(),
title: '"Malware infection with credential theft attempt - 2875e"', // <-- contains quotes
},
});
await server.inject(request, requestContextMock.convertContext(context));
expect(
clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments
).toHaveBeenCalledWith({
fields: ['title'],
filter:
'users:{ name: "my_username" } AND title:\\"Malware infection with credential theft attempt - 2875e\\"',
page: 1,
perPage: 100,
});
});
});
describe('conversation containing messages', () => {
const getMessage = (role: string = 'user') => ({

7
x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts
View file

@ -14,6 +14,8 @@ import {
API_VERSIONS,
} from '@kbn/elastic-assistant-common';
import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
import { escapeKuery } from '@kbn/es-query';
import { ElasticAssistantPluginRouter } from '../../types';
import { buildResponse } from '../utils';
import { performChecks } from '../helpers';
@ -58,10 +60,13 @@ export const createConversationRoute = (router: ElasticAssistantPluginRouter): v
const userFilter = currentUser?.username
? `name: "${currentUser?.username}"`
: `id: "${currentUser?.profile_uid}"`;
const escapedTitle = escapeKuery(request.body.title);
const result = await dataClient?.findDocuments({
perPage: 100,
page: 1,
filter: `users:{ ${userFilter} } AND title:${request.body.title}`,
filter: `users:{ ${userFilter} } AND title:${escapedTitle}`,
fields: ['title'],
});
if (result?.data != null && result.total > 0) {