github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Create generic get filter method to be used with an array of list id's (#127983)

Browse source 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
David Sánchez 2022-03-24 08:23:21 +01:00 committed by GitHub
parent 2d12c94c2f
commit 968f350989
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 77 additions and 750 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/kbn-securitysolution-io-ts-list-types/src/typescript_types/index.ts
View file

@ -41,9 +41,7 @@ export interface UseExceptionListsProps {
namespaceTypes: NamespaceType[];
notifications: NotificationsStart;
initialPagination?: Pagination;
showTrustedApps: boolean;
showEventFilters: boolean;
showHostIsolationExceptions: boolean;
hideLists?: readonly string[];
}
export interface UseExceptionListProps {

14
packages/kbn-securitysolution-list-hooks/src/use_exception_lists/index.ts
View file

@ -39,9 +39,7 @@ const DEFAULT_PAGINATION = {
* @param filterOptions filter by certain fields
* @param namespaceTypes spaces to be searched
* @param notifications kibana service for displaying toasters
* @param showTrustedApps boolean - include/exclude trusted app lists
* @param showEventFilters boolean - include/exclude event filters lists
* @param showHostIsolationExceptions boolean - include/exclude host isolation exceptions lists
* @param hideLists a list of listIds we don't want to query
* @param initialPagination
*
*/
@ -52,9 +50,7 @@ export const useExceptionLists = ({
filterOptions = {},
namespaceTypes,
notifications,
showTrustedApps = false,
showEventFilters = false,
showHostIsolationExceptions = false,
hideLists = [],
}: UseExceptionListsProps): ReturnExceptionLists => {
const [exceptionLists, setExceptionLists] = useState<ExceptionListSchema[]>([]);
const [pagination, setPagination] = useState<Pagination>(initialPagination);
@ -67,11 +63,9 @@ export const useExceptionLists = ({
getFilters({
filters: filterOptions,
namespaceTypes,
showTrustedApps,
showEventFilters,
showHostIsolationExceptions,
hideLists,
}),
[namespaceTypes, filterOptions, showTrustedApps, showEventFilters, showHostIsolationExceptions]
[namespaceTypes, filterOptions, hideLists]
);
const fetchData = useCallback(async (): Promise<void> => {

39
packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.test.ts
View file

@ -1,39 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { getEventFiltersFilter } from '.';
describe('getEventFiltersFilter', () => {
test('it returns filter to search for "exception-list" namespace trusted apps', () => {
const filter = getEventFiltersFilter(true, ['exception-list']);
expect(filter).toEqual('(exception-list.attributes.list_id: endpoint_event_filters*)');
});
test('it returns filter to search for "exception-list" and "agnostic" namespace trusted apps', () => {
const filter = getEventFiltersFilter(true, ['exception-list', 'exception-list-agnostic']);
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*)'
);
});
test('it returns filter to exclude "exception-list" namespace trusted apps', () => {
const filter = getEventFiltersFilter(false, ['exception-list']);
expect(filter).toEqual('(not exception-list.attributes.list_id: endpoint_event_filters*)');
});
test('it returns filter to exclude "exception-list" and "agnostic" namespace trusted apps', () => {
const filter = getEventFiltersFilter(false, ['exception-list', 'exception-list-agnostic']);
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*)'
);
});
});

27
packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.ts
View file

@ -1,27 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { ENDPOINT_EVENT_FILTERS_LIST_ID } from '@kbn/securitysolution-list-constants';
import { SavedObjectType } from '../types';
export const getEventFiltersFilter = (
showEventFilter: boolean,
namespaceTypes: SavedObjectType[]
): string => {
if (showEventFilter) {
const filters = namespaceTypes.map((namespace) => {
return `${namespace}.attributes.list_id: ${ENDPOINT_EVENT_FILTERS_LIST_ID}*`;
});
return `(${filters.join(' OR ')})`;
} else {
const filters = namespaceTypes.map((namespace) => {
return `not ${namespace}.attributes.list_id: ${ENDPOINT_EVENT_FILTERS_LIST_ID}*`;
});
return `(${filters.join(' AND ')})`;
}
};

333
packages/kbn-securitysolution-list-utils/src/get_filters/index.test.ts
View file

@ -10,423 +10,198 @@ import { getFilters } from '.';
describe('getFilters', () => {
describe('single', () => {
test('it properly formats when no filters passed "showTrustedApps", "showEventFilters", and "showHostIsolationExceptions" is false', () => {
test('it properly formats when no filters and hide lists contains few list ids', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(not exception-list.attributes.list_id: listId-1*) AND (not exception-list.attributes.list_id: listId-2*) AND (not exception-list.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed "showTrustedApps", "showEventFilters", and "showHostIsolationExceptions" is true', () => {
test('it properly formats when no filters and hide lists contains one list id', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
expect(filter).toEqual('(not exception-list.attributes.list_id: listId-1*)');
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is false', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (exception-list.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when no filters passed and "showTrustedApps" is true', () => {
test('it properly formats when no filters and no hide lists', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
expect(filter).toEqual('');
});
test('it if filters passed and "showTrustedApps" is true', () => {
test('it properly formats when filters passed and hide lists contains few list ids', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: listId-1*) AND (not exception-list.attributes.list_id: listId-2*) AND (not exception-list.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed and "showEventFilters" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it if filters passed and "showEventFilters" is true', () => {
test('it properly formats when filters passed and hide lists contains one list id', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: listId-1*)'
);
});
test('it properly formats when no filters passed and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it if filters passed and "showHostIsolationExceptions" is true', () => {
test('it properly formats when filters passed and no hide lists', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample)'
);
});
});
describe('agnostic', () => {
test('it properly formats when no filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is false', () => {
test('it properly formats when no filters and hide lists contains few list ids', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(not exception-list-agnostic.attributes.list_id: listId-1*) AND (not exception-list-agnostic.attributes.list_id: listId-2*) AND (not exception-list-agnostic.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is true', () => {
test('it properly formats when no filters and hide lists contains one list id', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['agnostic'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
expect(filter).toEqual('(not exception-list-agnostic.attributes.list_id: listId-1*)');
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is false', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['agnostic'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when no filters passed and "showTrustedApps" is true', () => {
test('it properly formats when no filters and no hide lists', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['agnostic'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
expect(filter).toEqual('');
});
test('it if filters passed and "showTrustedApps" is true', () => {
test('it properly formats when filters passed and hide lists contains few list ids', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['agnostic'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list-agnostic.attributes.list_id: listId-1*) AND (not exception-list-agnostic.attributes.list_id: listId-2*) AND (not exception-list-agnostic.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed and "showEventFilters" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it if filters passed and "showEventFilters" is true', () => {
test('it properly formats when filters passed and hide lists contains one list id', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list-agnostic.attributes.list_id: listId-1*)'
);
});
test('it properly formats when no filters passed and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it if filters passed and "showHostIsolationExceptions" is true', () => {
test('it properly formats when filters passed and no hide lists', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list-agnostic.attributes.created_by:moi) AND (exception-list-agnostic.attributes.name.text:Sample)'
);
});
});
describe('single, agnostic', () => {
test('it properly formats when no filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is false', () => {
test('it properly formats when no filters and hide lists contains few list ids', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*) AND (not exception-list.attributes.list_id: listId-2* AND not exception-list-agnostic.attributes.list_id: listId-2*) AND (not exception-list.attributes.list_id: listId-3* AND not exception-list-agnostic.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is true', () => {
test('it properly formats when no filters and hide lists contains one list id', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*)'
);
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is false', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when filters passed and "showTrustedApps", "showEventFilters" and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: true,
showEventFilters: true,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when no filters passed and "showTrustedApps" is true', () => {
test('it properly formats when no filters and no hide lists', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
expect(filter).toEqual('');
});
test('it properly formats when filters passed and "showTrustedApps" is true', () => {
test('it properly formats when filters passed and hide lists contains few list ids', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: true,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ['listId-1', 'listId-2', 'listId-3'],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*) AND (not exception-list.attributes.list_id: listId-2* AND not exception-list-agnostic.attributes.list_id: listId-2*) AND (not exception-list.attributes.list_id: listId-3* AND not exception-list-agnostic.attributes.list_id: listId-3*)'
);
});
test('it properly formats when no filters passed and "showEventFilters" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when filters passed and "showEventFilters" is true', () => {
test('it properly formats when filters passed and hide lists contains one list id', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: true,
showHostIsolationExceptions: false,
hideLists: ['listId-1'],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*)'
);
});
test('it properly formats when no filters passed and "showHostIsolationExceptions" is true', () => {
const filter = getFilters({
filters: {},
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
});
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it properly formats when filters passed and "showHostIsolationExceptions" is true', () => {
test('it properly formats when filters passed and no hide lists', () => {
const filter = getFilters({
filters: { created_by: 'moi', name: 'Sample' },
namespaceTypes: ['single', 'agnostic'],
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: true,
hideLists: [],
});
expect(filter).toEqual(
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample) AND (not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
'(exception-list.attributes.created_by:moi OR exception-list-agnostic.attributes.created_by:moi) AND (exception-list.attributes.name.text:Sample OR exception-list-agnostic.attributes.name.text:Sample)'
);
});
});

31
packages/kbn-securitysolution-list-utils/src/get_filters/index.ts
View file

@ -9,34 +9,23 @@
import { ExceptionListFilter, NamespaceType } from '@kbn/securitysolution-io-ts-list-types';
import { getGeneralFilters } from '../get_general_filters';
import { getSavedObjectTypes } from '../get_saved_object_types';
import { getTrustedAppsFilter } from '../get_trusted_apps_filter';
import { getEventFiltersFilter } from '../get_event_filters_filter';
import { getHostIsolationExceptionsFilter } from '../get_host_isolation_exceptions_filter';
export interface GetFiltersParams {
filters: ExceptionListFilter;
namespaceTypes: NamespaceType[];
showTrustedApps: boolean;
showEventFilters: boolean;
showHostIsolationExceptions: boolean;
hideLists: readonly string[];
}
export const getFilters = ({
filters,
namespaceTypes,
showTrustedApps,
showEventFilters,
showHostIsolationExceptions,
}: GetFiltersParams): string => {
export const getFilters = ({ filters, namespaceTypes, hideLists }: GetFiltersParams): string => {
const namespaces = getSavedObjectTypes({ namespaceType: namespaceTypes });
const generalFilters = getGeneralFilters(filters, namespaces);
const trustedAppsFilter = getTrustedAppsFilter(showTrustedApps, namespaces);
const eventFiltersFilter = getEventFiltersFilter(showEventFilters, namespaces);
const hostIsolationExceptionsFilter = getHostIsolationExceptionsFilter(
showHostIsolationExceptions,
namespaces
);
return [generalFilters, trustedAppsFilter, eventFiltersFilter, hostIsolationExceptionsFilter]
const hideListsFilters = hideLists.map((listId) => {
const filtersByNamespace = namespaces.map((namespace) => {
return `not ${namespace}.attributes.list_id: ${listId}*`;
});
return `(${filtersByNamespace.join(' AND ')})`;
});
return [generalFilters, ...hideListsFilters]
.filter((filter) => filter.trim() !== '')
.join(' AND ');
};

49
packages/kbn-securitysolution-list-utils/src/get_host_isolation_exceptions_filter/index.test.ts
View file

@ -1,49 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { getHostIsolationExceptionsFilter } from '.';
describe('getHostIsolationExceptionsFilter', () => {
test('it returns filter to search for "exception-list" namespace host isolation exceptions', () => {
const filter = getHostIsolationExceptionsFilter(true, ['exception-list']);
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it returns filter to search for "exception-list" and "agnostic" namespace host isolation exceptions', () => {
const filter = getHostIsolationExceptionsFilter(true, [
'exception-list',
'exception-list-agnostic',
]);
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it returns filter to exclude "exception-list" namespace host isolation exceptions', () => {
const filter = getHostIsolationExceptionsFilter(false, ['exception-list']);
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
test('it returns filter to exclude "exception-list" and "agnostic" namespace host isolation exceptions', () => {
const filter = getHostIsolationExceptionsFilter(false, [
'exception-list',
'exception-list-agnostic',
]);
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)'
);
});
});

27
packages/kbn-securitysolution-list-utils/src/get_host_isolation_exceptions_filter/index.ts
View file

@ -1,27 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID } from '@kbn/securitysolution-list-constants';
import { SavedObjectType } from '../types';
export const getHostIsolationExceptionsFilter = (
showFilter: boolean,
namespaceTypes: SavedObjectType[]
): string => {
if (showFilter) {
const filters = namespaceTypes.map((namespace) => {
return `${namespace}.attributes.list_id: ${ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID}*`;
});
return `(${filters.join(' OR ')})`;
} else {
const filters = namespaceTypes.map((namespace) => {
return `not ${namespace}.attributes.list_id: ${ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID}*`;
});
return `(${filters.join(' AND ')})`;
}
};

39
packages/kbn-securitysolution-list-utils/src/get_trusted_apps_filter/index.test.ts
View file

@ -1,39 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { getTrustedAppsFilter } from '.';
describe('getTrustedAppsFilter', () => {
test('it returns filter to search for "exception-list" namespace trusted apps', () => {
const filter = getTrustedAppsFilter(true, ['exception-list']);
expect(filter).toEqual('(exception-list.attributes.list_id: endpoint_trusted_apps*)');
});
test('it returns filter to search for "exception-list" and "agnostic" namespace trusted apps', () => {
const filter = getTrustedAppsFilter(true, ['exception-list', 'exception-list-agnostic']);
expect(filter).toEqual(
'(exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*)'
);
});
test('it returns filter to exclude "exception-list" namespace trusted apps', () => {
const filter = getTrustedAppsFilter(false, ['exception-list']);
expect(filter).toEqual('(not exception-list.attributes.list_id: endpoint_trusted_apps*)');
});
test('it returns filter to exclude "exception-list" and "agnostic" namespace trusted apps', () => {
const filter = getTrustedAppsFilter(false, ['exception-list', 'exception-list-agnostic']);
expect(filter).toEqual(
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*)'
);
});
});

27
packages/kbn-securitysolution-list-utils/src/get_trusted_apps_filter/index.ts
View file

@ -1,27 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { ENDPOINT_TRUSTED_APPS_LIST_ID } from '@kbn/securitysolution-list-constants';
import { SavedObjectType } from '../types';
export const getTrustedAppsFilter = (
showTrustedApps: boolean,
namespaceTypes: SavedObjectType[]
): string => {
if (showTrustedApps) {
const filters = namespaceTypes.map((namespace) => {
return `${namespace}.attributes.list_id: ${ENDPOINT_TRUSTED_APPS_LIST_ID}*`;
});
return `(${filters.join(' OR ')})`;
} else {
const filters = namespaceTypes.map((namespace) => {
return `not ${namespace}.attributes.list_id: ${ENDPOINT_TRUSTED_APPS_LIST_ID}*`;
});
return `(${filters.join(' AND ')})`;
}
};

1
packages/kbn-securitysolution-list-utils/src/index.ts
View file

@ -13,7 +13,6 @@ export * from './get_general_filters';
export * from './get_ids_and_namespaces';
export * from './get_saved_object_type';
export * from './get_saved_object_types';
export * from './get_trusted_apps_filter';
export * from './has_large_value_list';
export * from './helpers';
export * from './types';

231
x-pack/plugins/lists/public/exceptions/hooks/use_exception_lists.test.ts
View file

@ -48,9 +48,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
await waitForNextUpdate();
@ -86,9 +83,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
@ -112,7 +106,7 @@ describe('useExceptionLists', () => {
});
});
test('fetches trusted apps lists if "showTrustedApps" is true', async () => {
test('does not fetch specific list id if it is added to the hideLists array', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
@ -120,6 +114,7 @@ describe('useExceptionLists', () => {
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
hideLists: ['listId-1'],
http: mockKibanaHttpService,
initialPagination: {
page: 1,
@ -128,9 +123,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: true,
})
);
// NOTE: First `waitForNextUpdate` is initialization
@ -140,192 +132,7 @@ describe('useExceptionLists', () => {
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(exception-list.attributes.list_id: endpoint_trusted_apps* OR exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
signal: new AbortController().signal,
});
});
});
test('does not fetch trusted apps lists if "showTrustedApps" is false', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
const { waitForNextUpdate } = renderHook<UseExceptionListsProps, ReturnExceptionLists>(() =>
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
http: mockKibanaHttpService,
initialPagination: {
page: 1,
perPage: 20,
total: 0,
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
// Second call applies the params
await waitForNextUpdate();
await waitForNextUpdate();
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
signal: new AbortController().signal,
});
});
});
test('fetches event filters lists if "showEventFilters" is true', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
const { waitForNextUpdate } = renderHook<UseExceptionListsProps, ReturnExceptionLists>(() =>
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
http: mockKibanaHttpService,
initialPagination: {
page: 1,
perPage: 20,
total: 0,
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: true,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
// Second call applies the params
await waitForNextUpdate();
await waitForNextUpdate();
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
signal: new AbortController().signal,
});
});
});
test('does not fetch event filters lists if "showEventFilters" is false', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
const { waitForNextUpdate } = renderHook<UseExceptionListsProps, ReturnExceptionLists>(() =>
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
http: mockKibanaHttpService,
initialPagination: {
page: 1,
perPage: 20,
total: 0,
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
// Second call applies the params
await waitForNextUpdate();
await waitForNextUpdate();
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
signal: new AbortController().signal,
});
});
});
test('fetches host isolation exceptions lists if "hostIsolationExceptionsFilter" is true', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
const { waitForNextUpdate } = renderHook<UseExceptionListsProps, ReturnExceptionLists>(() =>
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
http: mockKibanaHttpService,
initialPagination: {
page: 1,
perPage: 20,
total: 0,
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: true,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
// Second call applies the params
await waitForNextUpdate();
await waitForNextUpdate();
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (exception-list.attributes.list_id: endpoint_host_isolation_exceptions* OR exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
signal: new AbortController().signal,
});
});
});
test('does not fetch host isolation exceptions lists if "showHostIsolationExceptions" is false', async () => {
const spyOnfetchExceptionLists = jest.spyOn(api, 'fetchExceptionLists');
await act(async () => {
const { waitForNextUpdate } = renderHook<UseExceptionListsProps, ReturnExceptionLists>(() =>
useExceptionLists({
errorMessage: 'Uh oh',
filterOptions: {},
http: mockKibanaHttpService,
initialPagination: {
page: 1,
perPage: 20,
total: 0,
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
// Second call applies the params
await waitForNextUpdate();
await waitForNextUpdate();
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
'(not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
@ -345,6 +152,7 @@ describe('useExceptionLists', () => {
created_by: 'Moi',
name: 'Sample Endpoint',
},
hideLists: ['listId-1'],
http: mockKibanaHttpService,
initialPagination: {
page: 1,
@ -353,9 +161,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
@ -365,7 +170,7 @@ describe('useExceptionLists', () => {
expect(spyOnfetchExceptionLists).toHaveBeenCalledWith({
filters:
'(exception-list.attributes.created_by:Moi OR exception-list-agnostic.attributes.created_by:Moi) AND (exception-list.attributes.name.text:Sample Endpoint OR exception-list-agnostic.attributes.name.text:Sample Endpoint) AND (not exception-list.attributes.list_id: endpoint_trusted_apps* AND not exception-list-agnostic.attributes.list_id: endpoint_trusted_apps*) AND (not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*) AND (not exception-list.attributes.list_id: endpoint_host_isolation_exceptions* AND not exception-list-agnostic.attributes.list_id: endpoint_host_isolation_exceptions*)',
'(exception-list.attributes.created_by:Moi OR exception-list-agnostic.attributes.created_by:Moi) AND (exception-list.attributes.name.text:Sample Endpoint OR exception-list-agnostic.attributes.name.text:Sample Endpoint) AND (not exception-list.attributes.list_id: listId-1* AND not exception-list-agnostic.attributes.list_id: listId-1*)',
http: mockKibanaHttpService,
namespaceTypes: 'single,agnostic',
pagination: { page: 1, perPage: 20 },
@ -381,16 +186,7 @@ describe('useExceptionLists', () => {
UseExceptionListsProps,
ReturnExceptionLists
>(
({
errorMessage,
filterOptions,
http,
initialPagination,
namespaceTypes,
notifications,
showEventFilters,
showTrustedApps,
}) =>
({ errorMessage, filterOptions, http, initialPagination, namespaceTypes, notifications }) =>
useExceptionLists({
errorMessage,
filterOptions,
@ -398,9 +194,6 @@ describe('useExceptionLists', () => {
initialPagination,
namespaceTypes,
notifications,
showEventFilters,
showHostIsolationExceptions: false,
showTrustedApps,
}),
{
initialProps: {
@ -414,9 +207,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
},
}
);
@ -436,9 +226,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
});
// NOTE: Only need one call here because hook already initilaized
await waitForNextUpdate();
@ -465,9 +252,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization
@ -505,9 +289,6 @@ describe('useExceptionLists', () => {
},
namespaceTypes: ['single', 'agnostic'],
notifications: mockKibanaNotificationsService,
showEventFilters: false,
showHostIsolationExceptions: false,
showTrustedApps: false,
})
);
// NOTE: First `waitForNextUpdate` is initialization

5
x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/exceptions/exceptions_table.tsx
View file

@ -40,6 +40,7 @@ import { userHasPermissions } from '../../helpers';
import { useListsConfig } from '../../../../../containers/detection_engine/lists/use_lists_config';
import { ExceptionsTableItem } from './types';
import { MissingPrivilegesCallOut } from '../../../../../components/callouts/missing_privileges_callout';
import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../../../../../common/endpoint/service/artifacts/constants';
export type Func = () => Promise<void>;
@ -84,9 +85,7 @@ export const ExceptionListsTable = React.memo(() => {
http,
namespaceTypes: ['single', 'agnostic'],
notifications,
showTrustedApps: false,
showEventFilters: false,
showHostIsolationExceptions: false,
hideLists: ALL_ENDPOINT_ARTIFACT_LIST_IDS,
});
const [loadingTableInfo, exceptionListsWithRuleRefs, exceptionsListsRef] = useAllExceptionLists({
exceptionLists: exceptions ?? [],