From 41536f0e8a79029463d662cfde4fdc5c23528f93 Mon Sep 17 00:00:00 2001 From: Ross Wolf <31489089+rw-access@users.noreply.github.com> Date: Mon, 12 Apr 2021 14:30:47 -0600 Subject: [PATCH] Fix SO.attributes sig and use custom validation --- .../rules/get_prepackaged_rules.ts | 39 ++++++++++++++++--- .../lib/detection_engine/rules/types.ts | 2 +- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_prepackaged_rules.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_prepackaged_rules.ts index 5134f4f5623b54..b91557c6d7b1bb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_prepackaged_rules.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_prepackaged_rules.ts @@ -20,6 +20,8 @@ import { BadRequestError } from '../errors/bad_request_error'; // TODO: convert rules files to TS and add explicit type definitions import { rawRules } from './prepackaged_rules'; import { RuleAssetSavedObjectsClient } from './rule_asset_saved_objects_client'; +import { IRuleAssetSOAttributes } from './types'; +import { SavedObjectAttributes } from '../../../../../../../src/core/types'; /** * Validate the rules from the file system and throw any errors indicating to the developer @@ -53,6 +55,36 @@ export const validateAllPrepackagedRules = ( }); }; +/** + * Validate the rules from Saved Objects created by Fleet. + */ +export const validateAllRuleSavedObjects = ( + rules: Array +): AddPrepackagedRulesSchemaDecoded[] => { + return rules.map((rule) => { + const decoded = addPrepackagedRulesSchema.decode(rule); + const checked = exactCheck(rule, decoded); + + const onLeft = (errors: t.Errors): AddPrepackagedRulesSchemaDecoded => { + const ruleName = rule.name ? rule.name : '(rule name unknown)'; + const ruleId = rule.rule_id ? rule.rule_id : '(rule rule_id unknown)'; + throw new BadRequestError( + `name: "${ruleName}", rule_id: "${ruleId}" within the security-rule saved object ` + + `is not a valid detection engine rule. Expect the system ` + + `to not work with pre-packaged rules until this rule is fixed ` + + `or the file is removed. Error is: ${formatErrors( + errors + ).join()}, Full rule contents are:\n${JSON.stringify(rule, null, 2)}` + ); + }; + + const onRight = (schema: AddPrepackagedRulesSchema): AddPrepackagedRulesSchemaDecoded => { + return schema as AddPrepackagedRulesSchemaDecoded; + }; + return pipe(checked, fold(onLeft, onRight)); + }); +}; + /** * Retrieve and validate rules that were installed from Fleet as saved objects. */ @@ -60,11 +92,8 @@ export const getFleetInstalledRules = async ( client: RuleAssetSavedObjectsClient ): Promise => { const fleetResponse = await client.all(); - const fleetRules = fleetResponse.map( - // @ts-expect-error data is too loosely typed - (so) => so.attributes as AddPrepackagedRulesSchema - ); - return validateAllPrepackagedRules(fleetRules); + const fleetRules = fleetResponse.map((so) => so.attributes); + return validateAllRuleSavedObjects(fleetRules); }; export const getPrepackagedRules = ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts index 38e93b2d7812c1..a26a8d4c9cb9db 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts @@ -173,7 +173,7 @@ export interface IRuleAssetSOAttributes extends Record { export interface IRuleAssetSavedObject { type: string; id: string; - attributes: Array>; + attributes: IRuleAssetSOAttributes & SavedObjectAttributes; } export interface HapiReadableStream extends Readable {