[Security Solution] [Serverless] Search strategy endpoint fields requ…

…est schema (elastic#162249) ## Summary This PR adds validation for endpoint fields search strategy, as part of elastic/security-team#6486 This should be merged after elastic#162170 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
fkanout · Aug 1, 2023 · b1ab844 · b1ab844
1 parent a3281ad
commit b1ab844
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 5 deletions.
diff --git a/...k/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts b/...k/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export const endpointFieldsRequestSchema = z.object({
+  indices: z.array(z.string()),
+  onlyCheckIfIndicesExist: z.boolean(),
+});
+
+export type EndpointFieldsRequestSchema = z.infer<typeof endpointFieldsRequestSchema>;
diff --git a/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.test.ts
@@ -16,6 +16,7 @@ import { createMockEndpointAppContextService } from '../../endpoint/mocks';
 import { getEndpointAuthzInitialStateMock } from '../../../common/endpoint/service/authz/mocks';
 import { eventsIndexPattern, METADATA_UNITED_INDEX } from '../../../common/endpoint/constants';
 import { EndpointAuthorizationError } from '../../endpoint/errors';
+import type { IndexFieldsStrategyRequestByIndices } from '@kbn/timelines-plugin/common/search_strategy';
 
 describe('Endpoint fields', () => {
   const getFieldsForWildcardMock = jest.fn();
@@ -161,6 +162,20 @@ describe('Endpoint fields', () => {
       expect(response.indicesExist).toEqual(indices);
     });
 
+    it('should throw when request body is invalid', async () => {
+      const request = {};
+
+      await expect(async () => {
+        await requestEndpointFieldsSearch(
+          endpointAppContextService,
+          request as unknown as IndexFieldsStrategyRequestByIndices,
+          deps,
+          beatFields,
+          IndexPatterns
+        );
+      }).rejects.toThrowError(/invalid_type/);
+    });
+
     it('should throw when invalid index', async () => {
       const indices = ['invalid'];
       const request = {

diff --git a/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts b/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts
@@ -22,6 +22,7 @@ import type {
 } from '../../../common/search_strategy';
 import type { EndpointAppContextService } from '../../endpoint/endpoint_app_context_services';
 import { EndpointAuthorizationError } from '../../endpoint/errors';
+import { parseRequest } from './parse_request';
 
 /**
  * EndpointFieldProvider mimics indexField provider from timeline plugin: x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts
@@ -51,9 +52,12 @@ export const requestEndpointFieldsSearch = async (
   beatFields: BeatFields,
   indexPatterns: DataViewsServerPluginStart
 ): Promise<IndexFieldsStrategyResponse> => {
+  const parsedRequest = parseRequest(request);
+
   if (
-    request.indices.length > 1 ||
-    (request.indices[0] !== eventsIndexPattern && request.indices[0] !== METADATA_UNITED_INDEX)
+    parsedRequest.indices.length > 1 ||
+    (parsedRequest.indices[0] !== eventsIndexPattern &&
+      parsedRequest.indices[0] !== METADATA_UNITED_INDEX)
   ) {
     throw new Error(`Invalid indices request ${request.indices.join(', ')}`);
   }
@@ -63,11 +67,11 @@ export const requestEndpointFieldsSearch = async (
   );
 
   if (
-    (!canWriteEventFilters && request.indices[0] === eventsIndexPattern) ||
-    (!canReadEndpointList && request.indices[0] === METADATA_UNITED_INDEX)
+    (!canWriteEventFilters && parsedRequest.indices[0] === eventsIndexPattern) ||
+    (!canReadEndpointList && parsedRequest.indices[0] === METADATA_UNITED_INDEX)
   ) {
     throw new EndpointAuthorizationError();
   }
 
-  return requestIndexFieldSearch(request, deps, beatFields, indexPatterns, true);
+  return requestIndexFieldSearch(parsedRequest, deps, beatFields, indexPatterns, true);
 };
diff --git a/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/parse_request.ts b/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/parse_request.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { endpointFieldsRequestSchema } from '../../../common/api/search_strategy/endpoint_fields/endpoint_fields';
+
+export const parseRequest = (request: unknown) => endpointFieldsRequestSchema.parse(request);