[8.12] [EDR Workflows][Osquery] Missing timeout value when running qu…

…ery from query history (#174088) (#175217)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[EDR Workflows][Osquery] Missing timeout value when running query
from query history
(#174088)](#174088)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-22T14:17:12Z","message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Defend
Workflows","ci:all-cypress-suites","Osquery","v8.12.1","v8.13.0"],"number":174088,"url":"https://github.com/elastic/kibana/pull/174088","mergeCommit":{"message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174088","number":174088,"mergeCommit":{"message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377"}}]}]
BACKPORT-->

x-pack/plugins/osquery/cypress/e2e/all/live_query_run.cy.ts

@@ -10,11 +10,13 @@ import { navigateTo } from '../../tasks/navigation';
 import {
   checkActionItemsInResults,
   checkResults,
+  fillInQueryTimeout,
   inputQuery,
   selectAllAgents,
   submitQuery,
   typeInECSFieldInput,
   typeInOsqueryFieldInput,
+  verifyQueryTimeout,
 } from '../../tasks/live_query';
 import { LIVE_QUERY_EDITOR, RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
 import { getAdvancedButton } from '../../screens/integrations';
@@ -93,13 +95,16 @@ describe('ALL - Live Query run custom and saved', { tags: ['@ess', '@serverless'
     selectAllAgents();
     cy.getBySel(SAVED_QUERY_DROPDOWN_SELECT).type(`${savedQueryName}{downArrow}{enter}`);
     inputQuery('{selectall}{backspace}select * from users;');
+    getAdvancedButton().click();
+    fillInQueryTimeout('601');
     cy.wait(1000);
     submitQuery();
     checkResults();
     navigateTo('/app/osquery');
     cy.get('[aria-label="Run query"]').first().should('be.visible').click();
 
     cy.getBySel(LIVE_QUERY_EDITOR).contains('select * from users;');
+    verifyQueryTimeout('601');
   });
 
   it('should open query details by clicking the details icon', () => {

x-pack/plugins/osquery/cypress/tasks/live_query.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { getAdvancedButton } from '../screens/integrations';
 import { LIVE_QUERY_EDITOR, OSQUERY_FLYOUT_BODY_EDITOR } from '../screens/live_query';
 import { ServerlessRoleName } from '../support/roles';
 import { waitForAlertsToPopulate } from '../../../../test/security_solution_cypress/cypress/tasks/create_new_rule';
@@ -46,6 +47,13 @@ export const fillInQueryTimeout = (timeout: string) => {
   });
 };
 
+export const verifyQueryTimeout = (timeout: string) => {
+  getAdvancedButton().click();
+  cy.getBySel('advanced-accordion-content').within(() => {
+    cy.getBySel('timeout-input').should('have.value', timeout);
+  });
+};
+
 // sometimes the results get stuck in the tests, this is a workaround
 export const checkResults = () => {
   cy.getBySel('osqueryResultsTable').then(($table) => {

x-pack/plugins/osquery/cypress/tasks/saved_queries.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { getAdvancedButton } from '../screens/integrations';
 import { RESULTS_TABLE_BUTTON } from '../screens/live_query';
 import { closeToastIfVisible, generateRandomStringName } from './integrations';
 import {
@@ -14,11 +15,14 @@ import {
   inputQuery,
   selectAllAgents,
   submitQuery,
+  fillInQueryTimeout,
+  verifyQueryTimeout,
 } from './live_query';
 import { navigateTo } from './navigation';
 
 export const getSavedQueriesComplexTest = () =>
   describe('Saved queries Complex Test', () => {
+    const timeout = '601';
     const suffix = generateRandomStringName(1)[0];
     const savedQueryId = `Saved-Query-Id-${suffix}`;
     const savedQueryDescription = `Test saved query description ${suffix}`;
@@ -32,6 +36,8 @@ export const getSavedQueriesComplexTest = () =>
         cy.contains('New live query').click();
         selectAllAgents();
         inputQuery(BIG_QUERY);
+        getAdvancedButton().click();
+        fillInQueryTimeout(timeout);
         submitQuery();
         checkResults();
         // enter fullscreen
@@ -92,6 +98,7 @@ export const getSavedQueriesComplexTest = () =>
         cy.contains(savedQueryId);
         cy.get(`[aria-label="Run ${savedQueryId}"]`).click();
         selectAllAgents();
+        verifyQueryTimeout(timeout);
         submitQuery();
 
         // edit saved query
@@ -104,6 +111,7 @@ export const getSavedQueriesComplexTest = () =>
         // Run in test configuration
         cy.contains('Test configuration').click();
         selectAllAgents();
+        verifyQueryTimeout(timeout);
         submitQuery();
         checkResults();
 

x-pack/plugins/osquery/public/actions/actions_table.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { isArray, isEmpty, pickBy, map } from 'lodash';
+import { isArray, isEmpty, pickBy, map, isNumber } from 'lodash';
 import { i18n } from '@kbn/i18n';
 import {
   EuiBasicTable,
@@ -20,6 +20,7 @@ import {
 import React, { useState, useCallback, useMemo } from 'react';
 import { useHistory } from 'react-router-dom';
 
+import { QUERY_TIMEOUT } from '../../common/constants';
 import { removeMultilines } from '../../common/utils/build_query/remove_multilines';
 import { useAllLiveQueries } from './use_all_live_queries';
 import type { SearchHit } from '../../common/search_strategy';
@@ -136,14 +137,15 @@ const ActionsTableComponent = () => {
             query: item._source.queries[0].query,
             ecs_mapping: item._source.queries[0].ecs_mapping,
             savedQueryId: item._source.queries[0].saved_query_id,
+            timeout: item._source.queries[0].timeout ?? QUERY_TIMEOUT.DEFAULT,
             agentSelection: {
               agents: item._source.agent_ids,
               allAgentsSelected: item._source.agent_all,
               platformsSelected: item._source.agent_platforms,
               policiesSelected: item._source.agent_policy_ids,
             },
           },
-          (value) => !isEmpty(value)
+          (value) => !isEmpty(value) || isNumber(value)
         ),
       });
     },

x-pack/plugins/osquery/public/saved_queries/form/playground_flyout.tsx

@@ -10,6 +10,7 @@ import React, { useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
 import { useFormContext } from 'react-hook-form';
+import { QUERY_TIMEOUT } from '../../../common/constants';
 import { LiveQuery } from '../../live_queries';
 
 const euiFlyoutHeaderCss = {
@@ -28,7 +29,7 @@ const PlaygroundFlyoutComponent: React.FC<PlaygroundFlyoutProps> = ({ enabled, o
   // @ts-expect-error update types
   const { serializer, watch } = useFormContext();
   const watchedValues = watch();
-  const { query, ecs_mapping: ecsMapping, id } = watchedValues;
+  const { query, ecs_mapping: ecsMapping, id, timeout } = watchedValues;
   /* recalculate the form data when ecs_mapping changes */
   // eslint-disable-next-line react-hooks/exhaustive-deps
   const serializedFormData = useMemo(() => serializer(watchedValues), [ecsMapping]);
@@ -52,6 +53,7 @@ const PlaygroundFlyoutComponent: React.FC<PlaygroundFlyoutProps> = ({ enabled, o
           query={query}
           ecs_mapping={serializedFormData.ecs_mapping}
           savedQueryId={id}
+          timeout={timeout || QUERY_TIMEOUT.DEFAULT}
           queryField={false}
           ecsMappingField={false}
         />