[8.x] [Security Solution] [Security Assistant] Fixes an unable to loa…

…d page error in the Security assistant (elastic#194488) (elastic#194507)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] [Security Assistant] Fixes an unable to load page
error in the Security assistant
(elastic#194488)](elastic#194488)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Andrew
Macri","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-01T00:49:52Z","message":"[Security
Solution] [Security Assistant] Fixes an unable to load page error in the
Security assistant (elastic#194488)\n\n### [Security Solution] [Security
Assistant] Fixes an unable to load page error in the Security
assistant\r\n\r\nThis PR fixes an `Unable to load page error` in the
Security Assistant, introduced in
<elastic#193645>, where a check that
appeared to be optional was removed.\r\n\r\n- The issue occurs when the
assistant is asked a question that is likely to require anonymization,
for example: `which alerts should I look at first?`\r\n- After the error
occurs, re-opening the assistant for the same conversation may
re-trigger the error\r\n- As a workaround, clear Kibana local storage
for the current user, or via the browser's dev tools, specifically
delete the `elasticAssistantDefault.lastConversationId` setting
illustrated by the screenshot
below:\r\n\r\n![local_storage_key](https://github.com/user-attachments/assets/882f68e2-a253-49d7-84ad-fe2326bbfe20)\r\n\r\n###
Steps to reproduce\r\n\r\nTo reproduce:\r\n\r\n1) Ask the assistant a
question that is likely to cause anonymized alerts to be returned, for
example: `which alerts should I look at first?`\r\n\r\n**Expected
result**\r\n\r\n- Anonymized alerts are displayed\r\n\r\n**Actual
result**\r\n\r\n- An `Unable to load page` error is displayed, as
illustrated by the screenshot
below:\r\n\r\n![unable_to_load_page](https://github.com/user-attachments/assets/54006a07-5a79-45d6-97cb-f36e0a71361f)\r\n\r\n-
The error details include text similar to the output
below:\r\n\r\n```\r\nTypeError: Cannot convert undefined or null to
object\r\n at Function.keys (<anonymous>)\r\n at
replaceAnonymizedValuesWithOriginalValues
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:60965:14)\r\n
at transformMessageWithReplacements
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100511:158)\r\n
at transformMessage
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100612:41)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100638:32\r\n
at Array.map (<anonymous>)\r\n at getComments
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100595:45)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68997:15\r\n
at updateMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:369829:19)\r\n
at Object.useMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:370375:16)\r\n\r\n\r\nThe
above error occurred in AssistantComponent:\r\n at AssistantComponent
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68776:3)\r\n
at div\r\n at
http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:160008:73\r\n
at div\r\n at http://loc\r\n```\r\n\r\n- The following video illustrates
the
error:\r\n\r\n<https://github.com/user-attachments/assets/e96d7ac0-032d-49d6-88be-a8add6547fb1>","sha":"35233ba890558a8251b71a0fba33d8f42fae662d","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","v8.16.0","backport:version","v8.15.3"],"title":"[Security Solution]
[Security Assistant] Fixes an unable to load page error in the Security
assistant","number":194488,"url":"https://github.com/elastic/kibana/pull/194488","mergeCommit":{"message":"[Security
Solution] [Security Assistant] Fixes an unable to load page error in the
Security assistant (elastic#194488)\n\n### [Security Solution] [Security
Assistant] Fixes an unable to load page error in the Security
assistant\r\n\r\nThis PR fixes an `Unable to load page error` in the
Security Assistant, introduced in
<elastic#193645>, where a check that
appeared to be optional was removed.\r\n\r\n- The issue occurs when the
assistant is asked a question that is likely to require anonymization,
for example: `which alerts should I look at first?`\r\n- After the error
occurs, re-opening the assistant for the same conversation may
re-trigger the error\r\n- As a workaround, clear Kibana local storage
for the current user, or via the browser's dev tools, specifically
delete the `elasticAssistantDefault.lastConversationId` setting
illustrated by the screenshot
below:\r\n\r\n![local_storage_key](https://github.com/user-attachments/assets/882f68e2-a253-49d7-84ad-fe2326bbfe20)\r\n\r\n###
Steps to reproduce\r\n\r\nTo reproduce:\r\n\r\n1) Ask the assistant a
question that is likely to cause anonymized alerts to be returned, for
example: `which alerts should I look at first?`\r\n\r\n**Expected
result**\r\n\r\n- Anonymized alerts are displayed\r\n\r\n**Actual
result**\r\n\r\n- An `Unable to load page` error is displayed, as
illustrated by the screenshot
below:\r\n\r\n![unable_to_load_page](https://github.com/user-attachments/assets/54006a07-5a79-45d6-97cb-f36e0a71361f)\r\n\r\n-
The error details include text similar to the output
below:\r\n\r\n```\r\nTypeError: Cannot convert undefined or null to
object\r\n at Function.keys (<anonymous>)\r\n at
replaceAnonymizedValuesWithOriginalValues
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:60965:14)\r\n
at transformMessageWithReplacements
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100511:158)\r\n
at transformMessage
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100612:41)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100638:32\r\n
at Array.map (<anonymous>)\r\n at getComments
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100595:45)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68997:15\r\n
at updateMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:369829:19)\r\n
at Object.useMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:370375:16)\r\n\r\n\r\nThe
above error occurred in AssistantComponent:\r\n at AssistantComponent
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68776:3)\r\n
at div\r\n at
http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:160008:73\r\n
at div\r\n at http://loc\r\n```\r\n\r\n- The following video illustrates
the
error:\r\n\r\n<https://github.com/user-attachments/assets/e96d7ac0-032d-49d6-88be-a8add6547fb1>","sha":"35233ba890558a8251b71a0fba33d8f42fae662d"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.15"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194488","number":194488,"mergeCommit":{"message":"[Security
Solution] [Security Assistant] Fixes an unable to load page error in the
Security assistant (elastic#194488)\n\n### [Security Solution] [Security
Assistant] Fixes an unable to load page error in the Security
assistant\r\n\r\nThis PR fixes an `Unable to load page error` in the
Security Assistant, introduced in
<elastic#193645>, where a check that
appeared to be optional was removed.\r\n\r\n- The issue occurs when the
assistant is asked a question that is likely to require anonymization,
for example: `which alerts should I look at first?`\r\n- After the error
occurs, re-opening the assistant for the same conversation may
re-trigger the error\r\n- As a workaround, clear Kibana local storage
for the current user, or via the browser's dev tools, specifically
delete the `elasticAssistantDefault.lastConversationId` setting
illustrated by the screenshot
below:\r\n\r\n![local_storage_key](https://github.com/user-attachments/assets/882f68e2-a253-49d7-84ad-fe2326bbfe20)\r\n\r\n###
Steps to reproduce\r\n\r\nTo reproduce:\r\n\r\n1) Ask the assistant a
question that is likely to cause anonymized alerts to be returned, for
example: `which alerts should I look at first?`\r\n\r\n**Expected
result**\r\n\r\n- Anonymized alerts are displayed\r\n\r\n**Actual
result**\r\n\r\n- An `Unable to load page` error is displayed, as
illustrated by the screenshot
below:\r\n\r\n![unable_to_load_page](https://github.com/user-attachments/assets/54006a07-5a79-45d6-97cb-f36e0a71361f)\r\n\r\n-
The error details include text similar to the output
below:\r\n\r\n```\r\nTypeError: Cannot convert undefined or null to
object\r\n at Function.keys (<anonymous>)\r\n at
replaceAnonymizedValuesWithOriginalValues
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:60965:14)\r\n
at transformMessageWithReplacements
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100511:158)\r\n
at transformMessage
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100612:41)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100638:32\r\n
at Array.map (<anonymous>)\r\n at getComments
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:100595:45)\r\n
at
http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68997:15\r\n
at updateMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:369829:19)\r\n
at Object.useMemo
(http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:370375:16)\r\n\r\n\r\nThe
above error occurred in AssistantComponent:\r\n at AssistantComponent
(http://localhost:5601/XXXXXXXXXXXX/bundles/plugin/securitySolution/1.0.0/securitySolution.chunk.lazy_application_dependencies.js:68776:3)\r\n
at div\r\n at
http://localhost:5601/XXXXXXXXXXXX/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:160008:73\r\n
at div\r\n at http://loc\r\n```\r\n\r\n- The following video illustrates
the
error:\r\n\r\n<https://github.com/user-attachments/assets/e96d7ac0-032d-49d6-88be-a8add6547fb1>","sha":"35233ba890558a8251b71a0fba33d8f42fae662d"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.15","label":"v8.15.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Andrew Macri <[email protected]>

x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.test.ts

@@ -123,6 +123,30 @@ describe('helpers', () => {
       expect(result).toEqual(messageContent);
     });
 
+    it('returns the original messageContent if replacements is null', () => {
+      const messageContent =
+        'User {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} added a member to the Administrators group on host {{ host.name b222e892-431e-4e4f-9295-2ba92ef9d12d }}';
+
+      const result = replaceAnonymizedValuesWithOriginalValues({
+        messageContent,
+        replacements: null, // <-- null
+      });
+
+      expect(result).toEqual(messageContent);
+    });
+
+    it('returns the original messageContent if replacements is undefined', () => {
+      const messageContent =
+        'User {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} added a member to the Administrators group on host {{ host.name b222e892-431e-4e4f-9295-2ba92ef9d12d }}';
+
+      const result = replaceAnonymizedValuesWithOriginalValues({
+        messageContent,
+        replacements: undefined, // <-- undefined
+      });
+
+      expect(result).toEqual(messageContent);
+    });
+
     it('replaces multiple occurrences of the same replacement key', () => {
       const messageContent =
         'User {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} added a member to the Administrators group on host {{ host.name b222e892-431e-4e4f-9295-2ba92ef9d12d }}, which is unusual because {{ user.name 3541b730-1dce-4937-b63f-0d618ea1cc5f }} is not a member of the Administrators group.';

x-pack/packages/kbn-elastic-assistant-common/impl/data_anonymization/helpers/index.ts

@@ -40,13 +40,15 @@ export const replaceAnonymizedValuesWithOriginalValues = ({
   replacements,
 }: {
   messageContent: string;
-  replacements: Replacements;
+  replacements: Replacements | null | undefined;
 }): string =>
-  Object.keys(replacements).reduce((acc, key) => {
-    const value = replacements[key];
+  replacements != null
+    ? Object.keys(replacements).reduce((acc, key) => {
+        const value = replacements[key];
 
-    return acc.replaceAll(key, value);
-  }, messageContent);
+        return acc.replaceAll(key, value);
+      }, messageContent)
+    : messageContent;
 
 export const replaceOriginalValuesWithUuidValues = ({
   messageContent,