[Security Solutions][Detection Engine] Fixes "undefined" crash for author field by adding a migration for it (#107230)

## Summary Fixes https://github.com/elastic/kibana/issues/106233 During an earlier upgrade/fix to our system to add defaults to our types, we overlooked the "author" field which wasn't part of the original rules. Users upgrading might get errors such as: ``` params invalid: Invalid value "undefined" supplied to "author" ``` This fixes that issue by adding a migration for the `author` field for `7.14.1`. See https://github.com/elastic/kibana/issues/106233 for test instructions or manually remove your author field before upgrading your release and then upgrade and this should be fixed on upgrade. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
2025-04-24 17:59:23 -04:00 · 2021-08-10 18:19:12 -06:00 · 2021-08-10 18:19:12 -06:00 · 978c44e381
commit 978c44e381
parent 538a6d9288
2 changed files with 77 additions and 0 deletions
--- a/x-pack/plugins/alerting/server/saved_objects/migrations.test.ts
+++ b/x-pack/plugins/alerting/server/saved_objects/migrations.test.ts
@ -970,6 +970,48 @@ describe('successful migrations', () => {
      });
    });
  });
+
+  describe('7.14.1', () => {
+    test('security solution author field is migrated to array if it is undefined', () => {
+      const migration7141 = getMigrations(encryptedSavedObjectsSetup)['7.14.1'];
+      const alert = getMockData({
+        alertTypeId: 'siem.signals',
+        params: {},
+      });
+
+      expect(migration7141(alert, migrationContext)).toEqual({
+        ...alert,
+        attributes: {
+          ...alert.attributes,
+          params: {
+            author: [],
+          },
+        },
+      });
+    });
+
+    test('security solution author field does not override existing values if they exist', () => {
+      const migration7141 = getMigrations(encryptedSavedObjectsSetup)['7.14.1'];
+      const alert = getMockData({
+        alertTypeId: 'siem.signals',
+        params: {
+          note: 'some note',
+          author: ['author 1'],
+        },
+      });
+
+      expect(migration7141(alert, migrationContext)).toEqual({
+        ...alert,
+        attributes: {
+          ...alert.attributes,
+          params: {
+            note: 'some note',
+            author: ['author 1'],
+          },
+        },
+      });
+    });
+  });
 });

 describe('handles errors during migrations', () => {
--- a/x-pack/plugins/alerting/server/saved_objects/migrations.ts
+++ b/x-pack/plugins/alerting/server/saved_objects/migrations.ts
@ -85,11 +85,18 @@ export function getMigrations(
    pipeMigrations(removeNullsFromSecurityRules)
  );

+  const migrationSecurityRules714 = createEsoMigration(
+    encryptedSavedObjects,
+    (doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isSecuritySolutionRule(doc),
+    pipeMigrations(removeNullAuthorFromSecurityRules)
+  );
+
  return {
    '7.10.0': executeMigrationWithErrorHandling(migrationWhenRBACWasIntroduced, '7.10.0'),
    '7.11.0': executeMigrationWithErrorHandling(migrationAlertUpdatedAtAndNotifyWhen, '7.11.0'),
    '7.11.2': executeMigrationWithErrorHandling(migrationActions7112, '7.11.2'),
    '7.13.0': executeMigrationWithErrorHandling(migrationSecurityRules713, '7.13.0'),
+    '7.14.1': executeMigrationWithErrorHandling(migrationSecurityRules714, '7.14.1'),
  };
 }

@ -432,6 +439,34 @@ function removeNullsFromSecurityRules(
  };
 }

+/**
+ * The author field was introduced later and was not part of the original rules. We overlooked
+ * the filling in the author field as an empty array in an earlier upgrade routine from
+ * 'removeNullsFromSecurityRules' during the 7.13.0 upgrade. Since we don't change earlier migrations,
+ * but rather only move forward with the "arrow of time" we are going to upgrade and fix
+ * it if it is missing for anyone in 7.14.0 and above release. Earlier releases if we want to fix them,
+ * would have to be modified as a "7.13.1", etc... if we want to fix it there.
+ * @param doc The document that is not migrated and contains a "null" or "undefined" author field
+ * @returns The document with the author field fleshed in.
+ */
+function removeNullAuthorFromSecurityRules(
+  doc: SavedObjectUnsanitizedDoc<RawAlert>
+): SavedObjectUnsanitizedDoc<RawAlert> {
+  const {
+    attributes: { params },
+  } = doc;
+  return {
+    ...doc,
+    attributes: {
+      ...doc.attributes,
+      params: {
+        ...params,
+        author: params.author != null ? params.author : [],
+      },
+    },
+  };
+}
+
 function pipeMigrations(...migrations: AlertMigration[]): AlertMigration {
  return (doc: SavedObjectUnsanitizedDoc<RawAlert>) =>
    migrations.reduce((migratedDoc, nextMigration) => nextMigration(migratedDoc), doc);