Merge branch 'main' into max-signals-warning

elastic · Apr 26, 2023 · 72674ba · 72674ba
2 parents 282094f + ead18ac
commit 72674ba
Show file tree

Hide file tree

Showing 46 changed files with 1,034 additions and 3,984 deletions.
diff --git a/.buildkite/scripts/steps/artifacts/docker_image.sh b/.buildkite/scripts/steps/artifacts/docker_image.sh
@@ -7,13 +7,14 @@ set -euo pipefail
 source .buildkite/scripts/steps/artifacts/env.sh
 
 GIT_ABBREV_COMMIT=${BUILDKITE_COMMIT:0:12}
-KIBANA_IMAGE="docker.elastic.co/kibana-ci/kibana:git-$GIT_ABBREV_COMMIT"
+KIBANA_IMAGE_INPUT="docker.elastic.co/kibana-ci/kibana-serverless:git-$GIT_ABBREV_COMMIT"
+KIBANA_IMAGE_OUTPUT="docker.elastic.co/kibana-ci/kibana:git-$GIT_ABBREV_COMMIT"
 
 echo "--- Verify manifest does not already exist"
 echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co
 trap 'docker logout docker.elastic.co' EXIT
 
-if docker manifest inspect $KIBANA_IMAGE &> /dev/null; then
+if docker manifest inspect $KIBANA_IMAGE_OUTPUT &> /dev/null; then
   echo "Manifest already exists, exiting"
   exit 1
 fi
@@ -32,37 +33,36 @@ node scripts/build \
   --skip-docker-contexts
 
 echo "--- Tag images"
-docker rmi "$KIBANA_IMAGE"
+docker rmi "$KIBANA_IMAGE_INPUT"
 docker load < "target/kibana-serverless-$BASE_VERSION-docker-image.tar.gz"
-docker tag "$KIBANA_IMAGE" "$KIBANA_IMAGE-amd64"
+docker tag "$KIBANA_IMAGE_INPUT" "$KIBANA_IMAGE_OUTPUT-amd64"
 
-docker rmi "$KIBANA_IMAGE"
+docker rmi "$KIBANA_IMAGE_INPUT"
 docker load < "target/kibana-serverless-$BASE_VERSION-docker-image-aarch64.tar.gz"
-docker tag "$KIBANA_IMAGE" "$KIBANA_IMAGE-arm64"
+docker tag "$KIBANA_IMAGE_INPUT" "$KIBANA_IMAGE_OUTPUT-arm64"
 
 echo "--- Push images"
-docker image push "$KIBANA_IMAGE-arm64"
-docker image push "$KIBANA_IMAGE-amd64"
+docker image push "$KIBANA_IMAGE_OUTPUT-arm64"
+docker image push "$KIBANA_IMAGE_OUTPUT-amd64"
 
 echo "--- Create manifest"
-docker rmi "$KIBANA_IMAGE"
 docker manifest create \
-  "$KIBANA_IMAGE" \
-  --amend "$KIBANA_IMAGE-arm64" \
-  --amend "$KIBANA_IMAGE-amd64"
+  "$KIBANA_IMAGE_OUTPUT" \
+  --amend "$KIBANA_IMAGE_OUTPUT-arm64" \
+  --amend "$KIBANA_IMAGE_OUTPUT-amd64"
 
 echo "--- Push manifest"
-docker manifest push "$KIBANA_IMAGE"
+docker manifest push "$KIBANA_IMAGE_OUTPUT"
 docker logout docker.elastic.co
 
 cat << EOF | buildkite-agent annotate --style "info" --context image
   ### Container Images
 
-  Manifest: \`$KIBANA_IMAGE\`
+  Manifest: \`$KIBANA_IMAGE_OUTPUT\`
 
-  AMD64: \`$KIBANA_IMAGE-amd64\`
+  AMD64: \`$KIBANA_IMAGE_OUTPUT-amd64\`
 
-  ARM64: \`$KIBANA_IMAGE-arm64\`
+  ARM64: \`$KIBANA_IMAGE_OUTPUT-arm64\`
 EOF
 
 echo "--- Build dependencies report"

diff --git a/fleet_packages.json b/fleet_packages.json
@@ -34,7 +34,7 @@
   },
   {
     "name": "endpoint",
-    "version": "8.7.1"
+    "version": "8.8.0"
   },
   {
     "name": "fleet_server",

diff --git a/src/dev/build/tasks/os_packages/create_os_package_tasks.ts b/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
@@ -81,7 +81,7 @@ export const CreateDockerUbuntu: Task = {
 };
 
 export const CreateDockerServerless: Task = {
-  description: 'Creating Docker Ubuntu image',
+  description: 'Creating Docker Serverless image',
 
   async run(config, log, build) {
     await runDockerGenerator(config, log, build, {

diff --git a/x-pack/plugins/cloud_defend/public/components/control_yaml_view/hooks/policy_schema.json b/x-pack/plugins/cloud_defend/public/components/control_yaml_view/hooks/policy_schema.json
@@ -66,10 +66,10 @@
           "required": ["containerImageName"]
         },
         {
-          "required": ["containerImageFullName"]
+          "required": ["containerImageTag"]
         },
         {
-          "required": ["containerImageTag"]
+          "required": ["containerImageFullName"]
         },
         {
           "required": ["kubernetesClusterId"]
@@ -100,6 +100,19 @@
         "name": {
           "type": "string"
         },
+        "operation": {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "enum": [
+              "createExecutable",
+              "modifyExecutable",
+              "createFile",
+              "modifyFile",
+              "deleteFile"
+            ]
+          }
+        },
         "containerImageName": {
           "type": "array",
           "minItems": 1,
@@ -159,19 +172,6 @@
             "type": "string"
           }
         },
-        "operation": {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "enum": [
-              "createExecutable",
-              "modifyExecutable",
-              "createFile",
-              "modifyFile",
-              "deleteFile"
-            ]
-          }
-        },
         "targetFilePath": {
           "type": "array",
           "minItems": 1,
@@ -214,10 +214,10 @@
           "required": ["containerImageName"]
         },
         {
-          "required": ["containerImageFullName"]
+          "required": ["containerImageTag"]
         },
         {
-          "required": ["containerImageTag"]
+          "required": ["containerImageFullName"]
         },
         {
           "required": ["kubernetesClusterId"]
@@ -248,6 +248,13 @@
         "name": {
           "type": "string"
         },
+        "operation": {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "enum": ["fork", "exec"]
+          }
+        },
         "containerImageName": {
           "type": "array",
           "minItems": 1,
@@ -307,13 +314,6 @@
             "type": "string"
           }
         },
-        "operation": {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "enum": ["fork", "exec"]
-          }
-        },
         "processExecutable": {
           "type": "array",
           "minItems": 1,

diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_cvsscore_color.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_cvsscore_color.test.ts
diff --git a/...public/common/utils/get_cvsscore_color.ts → .../common/utils/get_vulnerability_colors.ts b/...public/common/utils/get_cvsscore_color.ts → .../common/utils/get_vulnerability_colors.ts
@@ -8,15 +8,28 @@
 import { euiThemeVars } from '@kbn/ui-theme';
 
 export const getCvsScoreColor = (score: number): string | undefined => {
-  if (score >= 0.1 && score <= 3.9) {
+  if (score <= 4) {
     return euiThemeVars.euiColorVis0; // low severity
-  } else if (score >= 4.0 && score <= 6.9) {
+  } else if (score >= 4 && score <= 7) {
     return euiThemeVars.euiColorVis7; // medium severity
-  } else if (score >= 7.0 && score <= 8.9) {
+  } else if (score >= 7 && score <= 9) {
     return euiThemeVars.euiColorVis9; // high severity
-  } else if (score >= 9.0 && score <= 10.0) {
+  } else if (score >= 9) {
     return euiThemeVars.euiColorDanger; // critical severity
-  } else {
-    return undefined; // if the score is not within the valid range
+  }
+};
+
+export const getSeverityStatusColor = (severity: string): string | undefined => {
+  switch (severity) {
+    case 'LOW':
+      return euiThemeVars.euiColorVis0;
+    case 'MEDIUM':
+      return euiThemeVars.euiColorVis7;
+    case 'HIGH':
+      return euiThemeVars.euiColorVis9;
+    case 'CRITICAL':
+      return euiThemeVars.euiColorDanger;
+    default:
+      return '#aaa';
   }
 };
diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { euiThemeVars } from '@kbn/ui-theme';
+import { getCvsScoreColor, getSeverityStatusColor } from './get_vulnerability_colors';
+
+describe('getCvsScoreColor', () => {
+  it('returns correct color for low severity score', () => {
+    expect(getCvsScoreColor(1.5)).toBe(euiThemeVars.euiColorVis0);
+  });
+
+  it('returns correct color for medium severity score', () => {
+    expect(getCvsScoreColor(5.5)).toBe(euiThemeVars.euiColorVis7);
+  });
+
+  it('returns correct color for high severity score', () => {
+    expect(getCvsScoreColor(7.9)).toBe(euiThemeVars.euiColorVis9);
+  });
+
+  it('returns correct color for critical severity score', () => {
+    expect(getCvsScoreColor(10.0)).toBe(euiThemeVars.euiColorDanger);
+  });
+
+  it('returns correct color for low severity score for undefined value', () => {
+    expect(getCvsScoreColor(-0.2)).toBe(euiThemeVars.euiColorVis0);
+  });
+});
+
+describe('getSeverityStatusColor', () => {
+  it('should return the correct color for LOW severity', () => {
+    expect(getSeverityStatusColor('LOW')).toBe(euiThemeVars.euiColorVis0);
+  });
+
+  it('should return the correct color for MEDIUM severity', () => {
+    expect(getSeverityStatusColor('MEDIUM')).toBe(euiThemeVars.euiColorVis7);
+  });
+
+  it('should return the correct color for HIGH severity', () => {
+    expect(getSeverityStatusColor('HIGH')).toBe(euiThemeVars.euiColorVis9);
+  });
+
+  it('should return the correct color for CRITICAL severity', () => {
+    expect(getSeverityStatusColor('CRITICAL')).toBe(euiThemeVars.euiColorDanger);
+  });
+
+  it('should return #aaa for an unknown severity', () => {
+    expect(getSeverityStatusColor('UNKNOWN')).toBe('#aaa');
+  });
+});
diff --git a/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx b/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx
@@ -9,7 +9,7 @@ import { EuiBadge, EuiIcon, EuiTextColor } from '@elastic/eui';
 import React from 'react';
 import { css } from '@emotion/react';
 import { float } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import { getCvsScoreColor } from '../common/utils/get_cvsscore_color';
+import { getCvsScoreColor, getSeverityStatusColor } from '../common/utils/get_vulnerability_colors';
 
 interface CVSScoreBadgeProps {
   score: float;
@@ -18,7 +18,6 @@ interface CVSScoreBadgeProps {
 
 interface SeverityStatusBadgeProps {
   status: string;
-  score?: float;
 }
 
 export const CVSScoreBadge = ({ score, version }: CVSScoreBadgeProps) => {
@@ -54,8 +53,8 @@ export const CVSScoreBadge = ({ score, version }: CVSScoreBadgeProps) => {
   );
 };
 
-export const SeverityStatusBadge = ({ score, status }: SeverityStatusBadgeProps) => {
-  const color = score ? getCvsScoreColor(score) : undefined;
+export const SeverityStatusBadge = ({ status }: SeverityStatusBadgeProps) => {
+  const color = getSeverityStatusColor(status);
 
   return (
     <div
@@ -69,7 +68,7 @@ export const SeverityStatusBadge = ({ score, status }: SeverityStatusBadgeProps)
         type="dot"
         color={color}
         css={css`
-          opacity: ${score ? 1 : 0};
+          opacity: ${status ? 1 : 0};
         `}
       />
       {status}

diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities.tsx
@@ -53,7 +53,7 @@ export const Vulnerabilities = () => {
   const { data, isLoading, error } = useFilteredDataView(LATEST_VULNERABILITIES_INDEX_PATTERN);
   const getSetupStatus = useCspSetupStatusApi();
 
-  if (getSetupStatus?.data?.vuln_mgmt.status !== 'indexed') return <NoVulnerabilitiesStates />;
+  if (getSetupStatus?.data?.vuln_mgmt?.status !== 'indexed') return <NoVulnerabilitiesStates />;
 
   if (error) {
     return <ErrorCallout error={error as Error} />;
@@ -247,12 +247,7 @@ const VulnerabilitiesContent = ({ dataView }: { dataView: DataView }) => {
         if (!vulnerabilityRow.vulnerability.severity) {
           return null;
         }
-        return (
-          <SeverityStatusBadge
-            score={vulnerabilityRow.vulnerability.score?.base}
-            status={vulnerabilityRow.vulnerability.severity}
-          />
-        );
+        return <SeverityStatusBadge status={vulnerabilityRow.vulnerability.severity} />;
       }
       if (columnId === vulnerabilitiesColumns.package_version) {
         return (

diff --git a/...lic/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx b/...lic/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx
@@ -27,10 +27,7 @@ import { VulnerabilityOverviewTab } from './vulnerability_overview_tab';
 import { VulnerabilityJsonTab } from './vulnerability_json_tab';
 import { SeverityStatusBadge } from '../../../components/vulnerability_badges';
 import { VulnerabilityRecord } from '../types';
-import {
-  SEVERITY_STATUS_VULNERABILITY_FLYOUT,
-  TAB_ID_VULNERABILITY_FLYOUT,
-} from '../test_subjects';
+import { TAB_ID_VULNERABILITY_FLYOUT } from '../test_subjects';
 
 const overviewTabId = 'overview';
 const jsonTabId = 'json';
@@ -110,11 +107,8 @@ export const VulnerabilityFindingFlyout = ({
             gap: ${euiThemeVars.euiSizeS};
           `}
         >
-          <EuiFlexItem data-test-subj={SEVERITY_STATUS_VULNERABILITY_FLYOUT}>
-            <SeverityStatusBadge
-              score={vulnerability?.score?.base}
-              status={vulnerability?.severity}
-            />
+          <EuiFlexItem>
+            <SeverityStatusBadge status={vulnerability?.severity} />
           </EuiFlexItem>
           <EuiFlexItem>
             <EuiFlexGroup

diff --git a/x-pack/plugins/security/public/index.ts b/x-pack/plugins/security/public/index.ts
@@ -28,6 +28,8 @@ export type {
 
 export type { AuthenticationServiceStart, AuthenticationServiceSetup } from './authentication';
 
+export { ALL_SPACES_ID } from '../common/constants';
+
 export const plugin: PluginInitializer<
   SecurityPluginSetup,
   SecurityPluginStart,