Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Fix showing integration status for single integration per package #187200

Merged
merged 2 commits into from
Jul 15, 2024
Merged

[Security Solution] Fix showing integration status for single integration per package #187200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
478ae12
fix single integration omitting edge case
maximpn Jun 29, 2024
779caf7
fix a misprint
maximpn Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 92 additions & 5 deletions ...detection_engine/fleet_integrations/api/get_all_integrations/extract_integrations.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,47 @@ describe('extractIntegrations', () => {
});

describe('for packages with only one policy template', () => {
it('extracts package title', () => {
it('extracts two integrations when package and integration names DO NOT match', () => {
const packages = [
{
name: 'package-a',
title: 'Package A',
version: '1.1.1',
policy_templates: [
{
name: 'integration-a',
title: 'Integration A',
},
],
},
] as PackageList;

const result = extractIntegrations(packages, []);

expect(result.length).toBe(2);
});

it('extracts one integration when package and integration names match', () => {
const packages = [
{
name: 'package-a',
title: 'Package A',
version: '1.1.1',
policy_templates: [
{
name: 'package-a',
title: 'Package A',
},
],
},
] as PackageList;

const result = extractIntegrations(packages, []);

expect(result.length).toBe(1);
});

it('extracts package title for both integrations', () => {
const packages = [
{
name: 'package-a',
Expand All @@ -325,6 +365,10 @@ describe('extractIntegrations', () => {
package_name: 'package-a',
package_title: 'Package A',
}),
expect.objectContaining({
package_name: 'package-a',
package_title: 'Package A',
}),
]);
});

Expand All @@ -345,15 +389,40 @@ describe('extractIntegrations', () => {

const result = extractIntegrations(packages, []);

expect(result).toEqual([
expect(result).toContainEqual(
expect.objectContaining({
integration_name: 'integration-a',
integration_title: 'Package A Integration a',
}),
]);
})
);
});

it('DOES NOT extract integration title for an extra integration', () => {
const packages = [
{
name: 'package-a',
title: 'Package A',
version: '1.1.1',
policy_templates: [
{
name: 'integration-a',
title: 'Integration A',
},
],
},
] as PackageList;

const result = extractIntegrations(packages, []);

expect(result).toEqual(
expect.not.objectContaining({
integration_name: expect.anything(),
integration_title: expect.anything(),
})
);
});

it('omits integration_name and integration_title are omitted when package and integration names match', () => {
it('omits integration_name and integration_title when package and integration names match', () => {
const packages = [
{
name: 'integration-a',
Expand Down Expand Up @@ -399,6 +468,9 @@ describe('extractIntegrations', () => {
expect.objectContaining({
latest_package_version: '1.1.1',
}),
expect.objectContaining({
latest_package_version: '1.1.1',
}),
]);
});

Expand All @@ -424,6 +496,10 @@ describe('extractIntegrations', () => {
is_installed: false,
is_enabled: false,
}),
expect.objectContaining({
is_installed: false,
is_enabled: false,
}),
]);
});

Expand Down Expand Up @@ -455,6 +531,10 @@ describe('extractIntegrations', () => {
is_installed: true,
is_enabled: false,
}),
expect.objectContaining({
is_installed: true,
is_enabled: false,
}),
]);
});

Expand Down Expand Up @@ -499,6 +579,10 @@ describe('extractIntegrations', () => {
is_installed: true,
is_enabled: true,
}),
expect.objectContaining({
is_installed: true,
is_enabled: true,
}),
]);
});

Expand Down Expand Up @@ -542,6 +626,9 @@ describe('extractIntegrations', () => {
expect.objectContaining({
installed_package_version: '1.0.0',
}),
expect.objectContaining({
installed_package_version: '1.0.0',
}),
]);
});
});
Expand Down
43 changes: 25 additions & 18 deletions .../lib/detection_engine/fleet_integrations/api/get_all_integrations/extract_integrations.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,29 +26,36 @@ export function extractIntegrations(
const packagePolicyTemplates = fleetPackage.policy_templates ?? [];

for (const policyTemplate of packagePolicyTemplates) {
const integrationId = getIntegrationId(packageName, policyTemplate.name);
const integrationName = policyTemplate.name;
const integrationTitle =
packagePolicyTemplates.length === 1 && policyTemplate.name === fleetPackage.name
? packageTitle
: `${packageTitle} ${capitalize(policyTemplate.title)}`;

const integration: Integration = {
package_name: packageName,
package_title: packageTitle,
latest_package_version: fleetPackage.version,
installed_package_version: installedPackageVersion,
integration_name: packageName !== integrationName ? integrationName : undefined,
integration_title: packageName !== integrationName ? integrationTitle : undefined,
is_installed: isPackageInstalled, // All integrations installed as a part of the package
is_enabled: enabledIntegrationsSet.has(integrationId),
};
if (integrationName !== packageName) {
const integrationId = getIntegrationId(packageName, integrationName);
const integrationTitle = `${packageTitle} ${capitalize(policyTemplate.title)}`;
const integration: Integration = {
package_name: packageName,
package_title: packageTitle,
latest_package_version: fleetPackage.version,
installed_package_version: installedPackageVersion,
integration_name: integrationName,
integration_title: integrationTitle,
is_installed: isPackageInstalled, // All integrations installed as a part of the package
is_enabled: enabledIntegrationsSet.has(integrationId),
};

result.push(integration);
result.push(integration);
}
}

// some packages don't have policy templates at al, e.g. Lateral Movement Detection
if (packagePolicyTemplates.length === 0) {
// There are two edge cases here
//
// - (1) Some prebuilt rules don't use integration name when there is just
// one integration per package, e.g. "Web Application Suspicious Activity:
// Unauthorized Method" refers "apm" package name while apm package has
// "apmserver" integration
//
// - (2) Some packages don't have policy templates at all,
// e.g. "Lateral Movement Detection"
if (packagePolicyTemplates.length <= 1) {
result.push({
package_name: packageName,
package_title: packageTitle,
Expand Down