[Security Solutions][Detection Engine] Fixes "undefined" crash for au…

…thor field by adding a migration for it (#107230) (#108218) ## Summary Fixes #106233 During an earlier upgrade/fix to our system to add defaults to our types, we overlooked the "author" field which wasn't part of the original rules. Users upgrading might get errors such as: ``` params invalid: Invalid value "undefined" supplied to "author" ``` This fixes that issue by adding a migration for the `author` field for `7.14.1`. See #106233 for test instructions or manually remove your author field before upgrading your release and then upgrade and this should be fixed on upgrade. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
elastic · Aug 11, 2021 · 13c9c59 · 13c9c59
1 parent 3091443
commit 13c9c59
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 0 deletions.
diff --git a/x-pack/plugins/alerting/server/saved_objects/migrations.test.ts b/x-pack/plugins/alerting/server/saved_objects/migrations.test.ts
@@ -970,6 +970,48 @@ describe('successful migrations', () => {
       });
     });
   });
+
+  describe('7.14.1', () => {
+    test('security solution author field is migrated to array if it is undefined', () => {
+      const migration7141 = getMigrations(encryptedSavedObjectsSetup)['7.14.1'];
+      const alert = getMockData({
+        alertTypeId: 'siem.signals',
+        params: {},
+      });
+
+      expect(migration7141(alert, migrationContext)).toEqual({
+        ...alert,
+        attributes: {
+          ...alert.attributes,
+          params: {
+            author: [],
+          },
+        },
+      });
+    });
+
+    test('security solution author field does not override existing values if they exist', () => {
+      const migration7141 = getMigrations(encryptedSavedObjectsSetup)['7.14.1'];
+      const alert = getMockData({
+        alertTypeId: 'siem.signals',
+        params: {
+          note: 'some note',
+          author: ['author 1'],
+        },
+      });
+
+      expect(migration7141(alert, migrationContext)).toEqual({
+        ...alert,
+        attributes: {
+          ...alert.attributes,
+          params: {
+            note: 'some note',
+            author: ['author 1'],
+          },
+        },
+      });
+    });
+  });
 });
 
 describe('handles errors during migrations', () => {

diff --git a/x-pack/plugins/alerting/server/saved_objects/migrations.ts b/x-pack/plugins/alerting/server/saved_objects/migrations.ts
@@ -85,11 +85,18 @@ export function getMigrations(
     pipeMigrations(removeNullsFromSecurityRules)
   );
 
+  const migrationSecurityRules714 = createEsoMigration(
+    encryptedSavedObjects,
+    (doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isSecuritySolutionRule(doc),
+    pipeMigrations(removeNullAuthorFromSecurityRules)
+  );
+
   return {
     '7.10.0': executeMigrationWithErrorHandling(migrationWhenRBACWasIntroduced, '7.10.0'),
     '7.11.0': executeMigrationWithErrorHandling(migrationAlertUpdatedAtAndNotifyWhen, '7.11.0'),
     '7.11.2': executeMigrationWithErrorHandling(migrationActions7112, '7.11.2'),
     '7.13.0': executeMigrationWithErrorHandling(migrationSecurityRules713, '7.13.0'),
+    '7.14.1': executeMigrationWithErrorHandling(migrationSecurityRules714, '7.14.1'),
   };
 }
 
@@ -432,6 +439,34 @@ function removeNullsFromSecurityRules(
   };
 }
 
+/**
+ * The author field was introduced later and was not part of the original rules. We overlooked
+ * the filling in the author field as an empty array in an earlier upgrade routine from
+ * 'removeNullsFromSecurityRules' during the 7.13.0 upgrade. Since we don't change earlier migrations,
+ * but rather only move forward with the "arrow of time" we are going to upgrade and fix
+ * it if it is missing for anyone in 7.14.0 and above release. Earlier releases if we want to fix them,
+ * would have to be modified as a "7.13.1", etc... if we want to fix it there.
+ * @param doc The document that is not migrated and contains a "null" or "undefined" author field
+ * @returns The document with the author field fleshed in.
+ */
+function removeNullAuthorFromSecurityRules(
+  doc: SavedObjectUnsanitizedDoc<RawAlert>
+): SavedObjectUnsanitizedDoc<RawAlert> {
+  const {
+    attributes: { params },
+  } = doc;
+  return {
+    ...doc,
+    attributes: {
+      ...doc.attributes,
+      params: {
+        ...params,
+        author: params.author != null ? params.author : [],
+      },
+    },
+  };
+}
+
 function pipeMigrations(...migrations: AlertMigration[]): AlertMigration {
   return (doc: SavedObjectUnsanitizedDoc<RawAlert>) =>
     migrations.reduce((migratedDoc, nextMigration) => nextMigration(migratedDoc), doc);