From 3094a7e8b75c7e7ad74bd7c05c4601b7d687f097 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 27 Sep 2024 04:37:56 +1000 Subject: [PATCH] [8.x] [Security Solution] [Attack discovery] Use common replacements function (#193645) (#194198) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] [Attack discovery] Use common replacements function (#193645)](https://github.com/elastic/kibana/pull/193645) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Andrew Macri --- .../data_anonymization/helpers/index.test.ts | 45 ++++++++++++++++++- .../impl/data_anonymization/helpers/index.ts | 11 +++-- .../tabs/attack_discovery_tab/index.tsx | 19 ++++---- 3 files changed, 58 insertions(+), 17 deletions(-) diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.test.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.test.ts index 58f08d8e50f89..02294bdd870f5 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.test.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.test.ts @@ -5,7 +5,13 @@ * 2.0. */ -import { isAllowed, isAnonymized, isDenied, getIsDataAnonymizable } from '.'; +import { + isAllowed, + isAnonymized, + isDenied, + getIsDataAnonymizable, + replaceAnonymizedValuesWithOriginalValues, +} from '.'; const anonymizationFields = [ { id: 'fieldName1', field: 'fieldName1', allowed: true, anonymized: false }, @@ -91,4 +97,41 @@ describe('helpers', () => { expect(isAnonymized({ anonymizationFields: [], field: 'user.name' })).toBe(false); }); }); + + describe('replaceAnonymizedValuesWithOriginalValues', () => { + const replacements = { + '3541b730-1dce-4937-b63f-0d618ea1cc5f': 'not-an-administrator', + 'b222e892-431e-4e4f-9295-2ba92ef9d12d': 'domain-controller', + }; + + it('replaces anonymized values with original values', () => { + const messageContent = + 'User {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} added a member to the Administrators group on host {{ host.name b222e892-431e-4e4f-9295-2ba92ef9d12d }}'; + + const result = replaceAnonymizedValuesWithOriginalValues({ messageContent, replacements }); + + expect(result).toEqual( + 'User {{ user.name not-an-administrator }} added a member to the Administrators group on host {{ host.name domain-controller }}' + ); + }); + + it('returns the original messageContent if no replacements are found', () => { + const messageContent = 'There are no replacements applicable to this message'; + + const result = replaceAnonymizedValuesWithOriginalValues({ messageContent, replacements }); + + expect(result).toEqual(messageContent); + }); + + it('replaces multiple occurrences of the same replacement key', () => { + const messageContent = + 'User {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} added a member to the Administrators group on host {{ host.name b222e892-431e-4e4f-9295-2ba92ef9d12d }}, which is unusual because {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} is not a member of the Administrators group.'; + + const result = replaceAnonymizedValuesWithOriginalValues({ messageContent, replacements }); + + expect(result).toEqual( + 'User {{ user.name not-an-administrator }} added a member to the Administrators group on host {{ host.name domain-controller }}, which is unusual because {{ user.name not-an-administrator }} is not a member of the Administrators group.' + ); + }); + }); }); diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.ts index b6bdb50093645..62f190f3d37e4 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.ts @@ -42,12 +42,11 @@ export const replaceAnonymizedValuesWithOriginalValues = ({ messageContent: string; replacements: Replacements; }): string => - replacements != null - ? Object.keys(replacements).reduce((acc, key) => { - const value = replacements[key]; - return acc.replaceAll(key, value); - }, messageContent) - : messageContent; + Object.keys(replacements).reduce((acc, key) => { + const value = replacements[key]; + + return acc.replaceAll(key, value); + }, messageContent); export const replaceOriginalValuesWithUuidValues = ({ messageContent, diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx index 5958e4a3c4446..0b1c28d43eed8 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import { replaceAnonymizedValuesWithOriginalValues } from '@kbn/elastic-assistant-common'; import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; @@ -34,21 +35,19 @@ const AttackDiscoveryTabComponent: React.FC = ({ const summaryMarkdownWithReplacements = useMemo( () => - Object.entries(replacements ?? {}).reduce((acc, [key, value]) => { - const regex = new RegExp(key, 'g'); - - return acc.replace(regex, value); - }, summaryMarkdown), + replaceAnonymizedValuesWithOriginalValues({ + messageContent: summaryMarkdown, + replacements: replacements ?? {}, + }), [replacements, summaryMarkdown] ); const detailsMarkdownWithReplacements = useMemo( () => - Object.entries(replacements ?? {}).reduce((acc, [key, value]) => { - const regex = new RegExp(key, 'g'); - - return acc.replace(regex, value); - }, detailsMarkdown), + replaceAnonymizedValuesWithOriginalValues({ + messageContent: detailsMarkdown, + replacements: replacements ?? {}, + }), [detailsMarkdown, replacements] );