Merge branch 'master' into improve-alpha-messaging

elastic · Apr 28, 2020 · 70019b7 · 70019b7
2 parents 771153e + 7dc3972
commit 70019b7
Show file tree

Hide file tree

Showing 239 changed files with 8,178 additions and 616 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -742,6 +742,101 @@ module.exports = {
       },
     },
 
+    /**
+     * Lists overrides
+     */
+    {
+      // typescript and javascript for front and back end
+      files: ['x-pack/plugins/lists/**/*.{js,ts,tsx}'],
+      plugins: ['eslint-plugin-node'],
+      env: {
+        mocha: true,
+        jest: true,
+      },
+      rules: {
+        'accessor-pairs': 'error',
+        'array-callback-return': 'error',
+        'no-array-constructor': 'error',
+        complexity: 'error',
+        'consistent-return': 'error',
+        'func-style': ['error', 'expression'],
+        'import/order': [
+          'error',
+          {
+            groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
+            'newlines-between': 'always',
+          },
+        ],
+        'sort-imports': [
+          'error',
+          {
+            ignoreDeclarationSort: true,
+          },
+        ],
+        'node/no-deprecated-api': 'error',
+        'no-bitwise': 'error',
+        'no-continue': 'error',
+        'no-dupe-keys': 'error',
+        'no-duplicate-case': 'error',
+        'no-duplicate-imports': 'error',
+        'no-empty-character-class': 'error',
+        'no-empty-pattern': 'error',
+        'no-ex-assign': 'error',
+        'no-extend-native': 'error',
+        'no-extra-bind': 'error',
+        'no-extra-boolean-cast': 'error',
+        'no-extra-label': 'error',
+        'no-func-assign': 'error',
+        'no-implicit-globals': 'error',
+        'no-implied-eval': 'error',
+        'no-invalid-regexp': 'error',
+        'no-inner-declarations': 'error',
+        'no-lone-blocks': 'error',
+        'no-multi-assign': 'error',
+        'no-misleading-character-class': 'error',
+        'no-new-symbol': 'error',
+        'no-obj-calls': 'error',
+        'no-param-reassign': ['error', { props: true }],
+        'no-process-exit': 'error',
+        'no-prototype-builtins': 'error',
+        'no-return-await': 'error',
+        'no-self-compare': 'error',
+        'no-shadow-restricted-names': 'error',
+        'no-sparse-arrays': 'error',
+        'no-this-before-super': 'error',
+        'no-undef': 'error',
+        'no-unreachable': 'error',
+        'no-unsafe-finally': 'error',
+        'no-useless-call': 'error',
+        'no-useless-catch': 'error',
+        'no-useless-concat': 'error',
+        'no-useless-computed-key': 'error',
+        'no-useless-escape': 'error',
+        'no-useless-rename': 'error',
+        'no-useless-return': 'error',
+        'no-void': 'error',
+        'one-var-declaration-per-line': 'error',
+        'prefer-object-spread': 'error',
+        'prefer-promise-reject-errors': 'error',
+        'prefer-rest-params': 'error',
+        'prefer-spread': 'error',
+        'prefer-template': 'error',
+        'require-atomic-updates': 'error',
+        'symbol-description': 'error',
+        'vars-on-top': 'error',
+        '@typescript-eslint/explicit-member-accessibility': 'error',
+        '@typescript-eslint/no-this-alias': 'error',
+        '@typescript-eslint/no-explicit-any': 'error',
+        '@typescript-eslint/no-useless-constructor': 'error',
+        '@typescript-eslint/unified-signatures': 'error',
+        '@typescript-eslint/explicit-function-return-type': 'error',
+        '@typescript-eslint/no-non-null-assertion': 'error',
+        '@typescript-eslint/no-unused-vars': 'error',
+        'no-template-curly-in-string': 'error',
+        'sort-keys': 'error',
+        'prefer-destructuring': 'error',
+      },
+    },
     /**
      * Alerting Services overrides
      */

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -224,7 +224,7 @@
 /x-pack/test/detection_engine_api_integration @elastic/siem
 /x-pack/test/api_integration/apis/siem @elastic/siem
 /x-pack/plugins/case @elastic/siem
+/x-pack/plugins/lists @elastic/siem
 
 # Security Intelligence And Analytics
-/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
 /x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
diff --git a/...ransactionDetails/WaterfallWithSummmary/WaterfallContainer/Waterfall/SpanFlyout/index.tsx b/...ransactionDetails/WaterfallWithSummmary/WaterfallContainer/Waterfall/SpanFlyout/index.tsx
@@ -71,10 +71,10 @@ function getSpanTypes(span: Span) {
   };
 }
 
-const SpanBadge = styled(EuiBadge)`
+const SpanBadge = (styled(EuiBadge)`
   display: inline-block;
   margin-right: ${px(units.quarter)};
-` as any;
+` as unknown) as typeof EuiBadge;
 
 const HttpInfoContainer = styled('div')`
   margin-right: ${px(units.quarter)};

diff --git a/...s/app/TransactionDetails/WaterfallWithSummmary/WaterfallContainer/Waterfall/SyncBadge.tsx b/...s/app/TransactionDetails/WaterfallWithSummmary/WaterfallContainer/Waterfall/SyncBadge.tsx
@@ -10,10 +10,10 @@ import React from 'react';
 import styled from 'styled-components';
 import { px, units } from '../../../../../../style/variables';
 
-const SpanBadge = styled(EuiBadge)`
+const SpanBadge = (styled(EuiBadge)`
   display: inline-block;
   margin-right: ${px(units.quarter)};
-` as any;
+` as unknown) as typeof EuiBadge;
 
 interface SyncBadgeProps {
   /**

diff --git a/x-pack/legacy/plugins/apm/public/components/shared/Summary/ErrorCountSummaryItemBadge.tsx b/x-pack/legacy/plugins/apm/public/components/shared/Summary/ErrorCountSummaryItemBadge.tsx
@@ -17,7 +17,7 @@ interface Props {
 
 const Badge = (styled(EuiBadge)`
   margin-top: ${px(units.eighth)};
-` as any) as any;
+` as unknown) as typeof EuiBadge;
 
 export const ErrorCountSummaryItemBadge = ({ count }: Props) => (
   <Badge color={euiThemeLight.euiColorDanger}>

diff --git a/x-pack/legacy/plugins/apm/public/components/shared/Summary/HttpInfoSummaryItem/index.tsx b/x-pack/legacy/plugins/apm/public/components/shared/Summary/HttpInfoSummaryItem/index.tsx
@@ -13,7 +13,7 @@ import { HttpStatusBadge } from '../HttpStatusBadge';
 
 const HttpInfoBadge = (styled(EuiBadge)`
   margin-right: ${px(units.quarter)};
-` as any) as any;
+` as unknown) as typeof EuiBadge;
 
 const Url = styled('span')`
   display: inline-block;

diff --git a/x-pack/legacy/plugins/maps/public/angular/map_controller.js b/x-pack/legacy/plugins/maps/public/angular/map_controller.js
@@ -336,7 +336,7 @@ app.controller(
 
     function addFilters(newFilters) {
       newFilters.forEach(filter => {
-        filter.$state = esFilters.FilterStateStore.APP_STATE;
+        filter.$state = { store: esFilters.FilterStateStore.APP_STATE };
       });
       $scope.updateFiltersAndDispatch([...$scope.filters, ...newFilters]);
     }

diff --git a/x-pack/plugins/endpoint/common/generate_data.ts b/x-pack/plugins/endpoint/common/generate_data.ts
@@ -307,7 +307,7 @@ export class EndpointDocGenerator {
       process: {
         entity_id: options.entityID ? options.entityID : this.randomString(10),
         parent: options.parentEntityID ? { entity_id: options.parentEntityID } : undefined,
-        name: options.processName ? options.processName : 'powershell.exe',
+        name: options.processName ? options.processName : randomProcessName(),
       },
     };
   }
@@ -645,3 +645,16 @@ export class EndpointDocGenerator {
     return uuid.v4({ random: [...this.randomNGenerator(255, 16)] });
   }
 }
+
+const fakeProcessNames = [
+  'lsass.exe',
+  'notepad.exe',
+  'mimikatz.exe',
+  'powershell.exe',
+  'iexlorer.exe',
+  'explorer.exe',
+];
+/** Return a random fake process name */
+function randomProcessName(): string {
+  return fakeProcessNames[Math.floor(Math.random() * fakeProcessNames.length)];
+}
diff --git a/x-pack/plugins/endpoint/common/models/event.ts b/x-pack/plugins/endpoint/common/models/event.ts
@@ -4,28 +4,45 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { EndpointEvent, LegacyEndpointEvent } from '../types';
+import { LegacyEndpointEvent, ResolverEvent } from '../types';
 
-export function isLegacyEvent(
-  event: EndpointEvent | LegacyEndpointEvent
-): event is LegacyEndpointEvent {
+export function isLegacyEvent(event: ResolverEvent): event is LegacyEndpointEvent {
   return (event as LegacyEndpointEvent).endgame !== undefined;
 }
 
-export function eventTimestamp(
-  event: EndpointEvent | LegacyEndpointEvent
-): string | undefined | number {
+export function eventTimestamp(event: ResolverEvent): string | undefined | number {
   if (isLegacyEvent(event)) {
     return event.endgame.timestamp_utc;
   } else {
     return event['@timestamp'];
   }
 }
 
-export function eventName(event: EndpointEvent | LegacyEndpointEvent): string {
+export function eventName(event: ResolverEvent): string {
   if (isLegacyEvent(event)) {
     return event.endgame.process_name ? event.endgame.process_name : '';
   } else {
     return event.process.name;
   }
 }
+
+export function eventId(event: ResolverEvent): string {
+  if (isLegacyEvent(event)) {
+    return event.endgame.serial_event_id ? String(event.endgame.serial_event_id) : '';
+  }
+  return event.event.id;
+}
+
+export function entityId(event: ResolverEvent): string {
+  if (isLegacyEvent(event)) {
+    return event.endgame.unique_pid ? String(event.endgame.unique_pid) : '';
+  }
+  return event.process.entity_id;
+}
+
+export function parentEntityId(event: ResolverEvent): string | undefined {
+  if (isLegacyEvent(event)) {
+    return event.endgame.unique_ppid ? String(event.endgame.unique_ppid) : undefined;
+  }
+  return event.process.parent?.entity_id;
+}
diff --git a/x-pack/plugins/endpoint/common/schema/resolver.ts b/x-pack/plugins/endpoint/common/schema/resolver.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+/**
+ * Used to validate GET requests for a complete resolver tree.
+ */
+export const validateTree = {
+  params: schema.object({ id: schema.string() }),
+  query: schema.object({
+    children: schema.number({ defaultValue: 10, min: 0, max: 100 }),
+    generations: schema.number({ defaultValue: 3, min: 0, max: 3 }),
+    ancestors: schema.number({ defaultValue: 3, min: 0, max: 5 }),
+    events: schema.number({ defaultValue: 100, min: 0, max: 1000 }),
+    afterEvent: schema.maybe(schema.string()),
+    afterChild: schema.maybe(schema.string()),
+    legacyEndpointID: schema.maybe(schema.string()),
+  }),
+};
+
+/**
+ * Used to validate GET requests for non process events for a specific event.
+ */
+export const validateEvents = {
+  params: schema.object({ id: schema.string() }),
+  query: schema.object({
+    events: schema.number({ defaultValue: 100, min: 1, max: 1000 }),
+    afterEvent: schema.maybe(schema.string()),
+    legacyEndpointID: schema.maybe(schema.string()),
+  }),
+};
+
+/**
+ * Used to validate GET requests for the ancestors of a process event.
+ */
+export const validateAncestry = {
+  params: schema.object({ id: schema.string() }),
+  query: schema.object({
+    ancestors: schema.number({ defaultValue: 0, min: 0, max: 10 }),
+    legacyEndpointID: schema.maybe(schema.string()),
+  }),
+};
+
+/**
+ * Used to validate GET requests for children of a specified process event.
+ */
+export const validateChildren = {
+  params: schema.object({ id: schema.string() }),
+  query: schema.object({
+    children: schema.number({ defaultValue: 10, min: 10, max: 100 }),
+    generations: schema.number({ defaultValue: 3, min: 0, max: 3 }),
+    afterChild: schema.maybe(schema.string()),
+    legacyEndpointID: schema.maybe(schema.string()),
+  }),
+};
diff --git a/x-pack/plugins/endpoint/common/types.ts b/x-pack/plugins/endpoint/common/types.ts
@@ -35,6 +35,31 @@ type ImmutableObject<T> = { readonly [K in keyof T]: Immutable<T[K]> };
  */
 export type AlertAPIOrdering = 'asc' | 'desc';
 
+export interface ResolverNodeStats {
+  totalEvents: number;
+  totalAlerts: number;
+}
+
+export interface ResolverNodePagination {
+  nextChild?: string | null;
+  nextEvent?: string | null;
+  nextAncestor?: string | null;
+  nextAlert?: string | null;
+}
+
+/**
+ * A node that contains pointers to other nodes, arrrays of resolver events, and any metadata associated with resolver specific data
+ */
+export interface ResolverNode {
+  id: string;
+  children: ResolverNode[];
+  events: ResolverEvent[];
+  lifecycle: ResolverEvent[];
+  ancestors?: ResolverNode[];
+  pagination: ResolverNodePagination;
+  stats?: ResolverNodeStats;
+}
+
 /**
  * Returned by 'api/endpoint/alerts'
  */

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/resolver.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/resolver.tsx
@@ -33,5 +33,6 @@ export const AlertDetailResolver = styled(
   width: 100%;
   display: flex;
   flex-grow: 1;
-  min-height: 500px;
+  /* gross demo hack */
+  min-height: calc(100vh - 505px);
 `;
diff --git a/x-pack/plugins/endpoint/public/embeddables/resolver/store/data/action.ts b/x-pack/plugins/endpoint/public/embeddables/resolver/store/data/action.ts
@@ -8,13 +8,11 @@ import { ResolverEvent } from '../../../../../common/types';
 
 interface ServerReturnedResolverData {
   readonly type: 'serverReturnedResolverData';
-  readonly payload: {
-    readonly data: {
-      readonly result: {
-        readonly search_results: readonly ResolverEvent[];
-      };
-    };
-  };
+  readonly payload: ResolverEvent[];
 }
 
-export type DataAction = ServerReturnedResolverData;
+interface ServerFailedToReturnResolverData {
+  readonly type: 'serverFailedToReturnResolverData';
+}
+
+export type DataAction = ServerReturnedResolverData | ServerFailedToReturnResolverData;