github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.7] [Threat Intelligence] Catch errors in runtime fields name mapping (#152937) (#153027)

Browse source 
# Backport

This will backport the following commits from `main` to `8.7`:
- [[Threat Intelligence] Catch errors in runtime fields name mapping
(#152937)](https://github.com/elastic/kibana/pull/152937)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Luke
G","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-03-09T15:35:39Z","message":"[Threat
Intelligence] Catch errors in runtime fields name mapping
(#152937)\n\n## Summary\r\n\r\nThis should solve
https://github.com/elastic/kibana/issues/152824,\r\nthe date issue is a
problem with the mapping.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a54c12c69d2b210e9cb4a5820b43dc9ea4506445","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:
Protections
Experience","v8.7.0","v8.8.0"],"number":152937,"url":"https://github.com/elastic/kibana/pull/152937","mergeCommit":{"message":"[Threat
Intelligence] Catch errors in runtime fields name mapping
(#152937)\n\n## Summary\r\n\r\nThis should solve
https://github.com/elastic/kibana/issues/152824,\r\nthe date issue is a
problem with the mapping.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a54c12c69d2b210e9cb4a5820b43dc9ea4506445"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/152937","number":152937,"mergeCommit":{"message":"[Threat
Intelligence] Catch errors in runtime fields name mapping
(#152937)\n\n## Summary\r\n\r\nThis should solve
https://github.com/elastic/kibana/issues/152824,\r\nthe date issue is a
problem with the mapping.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a54c12c69d2b210e9cb4a5820b43dc9ea4506445"}}]}]
BACKPORT-->

Co-authored-by: Luke G <11671118+lgestc@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2023-03-09 11:47:44 -05:00 committed by GitHub
parent 6041f29268
commit f484f21039
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
x-pack/plugins/threat_intelligence/server/utils/indicator_name.test.ts
View file

@ -11,7 +11,7 @@ describe('display name generation', () => {
describe('threatIndicatorNamesScript()', () => {
it('should generate a valid painless script', () => {
expect(threatIndicatorNamesScript()).toMatchInlineSnapshot(`
"if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
"try { if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit(doc['threat.indicator.ip'].value) } }
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc.containsKey('threat.indicator.file.hash.sha256') && !doc['threat.indicator.file.hash.sha256'].empty && doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit(doc['threat.indicator.file.hash.sha256'].value) }
@ -53,7 +53,7 @@ describe('display name generation', () => {
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc.containsKey('threat.indicator.mac') && !doc['threat.indicator.mac'].empty && doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit(doc['threat.indicator.mac'].value) } }
return emit('')"
return emit('') } catch (Exception e) { return emit('') }"
`);
});
});
@ -61,7 +61,7 @@ describe('display name generation', () => {
describe('threatIndicatorNamesOriginScript()', () => {
it('should generate a valid painless script', () => {
expect(threatIndicatorNamesOriginScript()).toMatchInlineSnapshot(`
"if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
"try { if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv4-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='ipv6-addr') { if (doc.containsKey('threat.indicator.ip') && !doc['threat.indicator.ip'].empty && doc['threat.indicator.ip'].size()!=0 && doc['threat.indicator.ip'].value!=null) { return emit('threat.indicator.ip') } }
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='file') { if (doc.containsKey('threat.indicator.file.hash.sha256') && !doc['threat.indicator.file.hash.sha256'].empty && doc['threat.indicator.file.hash.sha256'].size()!=0 && doc['threat.indicator.file.hash.sha256'].value!=null) { return emit('threat.indicator.file.hash.sha256') }
@ -103,7 +103,7 @@ describe('display name generation', () => {
if (doc.containsKey('threat.indicator.type') && !doc['threat.indicator.type'].empty && doc['threat.indicator.type'].size()!=0 && doc['threat.indicator.type'].value!=null && doc['threat.indicator.type'].value.toLowerCase()=='mac-addr') { if (doc.containsKey('threat.indicator.mac') && !doc['threat.indicator.mac'].empty && doc['threat.indicator.mac'].size()!=0 && doc['threat.indicator.mac'].value!=null) { return emit('threat.indicator.mac') } }
return emit('')"
return emit('') } catch (Exception e) { return emit('') }"
`);
});
});

10
x-pack/plugins/threat_intelligence/server/utils/indicator_name.ts
View file

@ -93,13 +93,19 @@ const mappingToIndicatorNameOriginScript = ([types, paths]: Mapping) => {
.join('\n')}`;
};
/**
* Wrap painless with trycatch
*/
export const tryCatch = (script: string) =>
`try { ${script} } catch (Exception e) { return emit('') }`;
/**
* Generates the runtime field script computing display name for the given indicator
*/
export const threatIndicatorNamesScript = (mappings: Mappings = mappingsArray) => {
const combined = mappings.map(mappingToIndicatorNameScript).join('\n\n');
return `${combined}\n\nreturn emit('')`;
return tryCatch(`${combined}\n\nreturn emit('')`);
};
/**
@ -108,5 +114,5 @@ export const threatIndicatorNamesScript = (mappings: Mappings = mappingsArray) =
export const threatIndicatorNamesOriginScript = (mappings: Mappings = mappingsArray) => {
const combined = mappings.map(mappingToIndicatorNameOriginScript).join('\n\n');
return `${combined}\n\nreturn emit('')`;
return tryCatch(`${combined}\n\nreturn emit('')`);
};