maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Security Solution][Detections] Await promises to ensure promise rejection does not crash kibana (#88564)

Browse source 
* Await promises to ensure promise rejection does not crash kibana

* Fix test

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Marshall Main 2021-01-19 16:11:25 -05:00 committed by GitHub
parent 6e3ac2a954
commit 90f2abd361
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
View file

@ -225,7 +225,7 @@ describe('searchAfterAndBulkCreate', () => {
buildRuleMessage,
});
expect(success).toEqual(true);
expect(mockService.callCluster).toHaveBeenCalledTimes(8);
expect(mockService.callCluster).toHaveBeenCalledTimes(7);
expect(createdSignalsCount).toEqual(3);
expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000'));
});

40
x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
View file

@ -87,25 +87,14 @@ export const searchAfterAndBulkCreate = async ({
let mergedSearchResults = createSearchResultReturnType();
logger.debug(buildRuleMessage(`sortIds: ${sortId}`));
// perform search_after with optionally undefined sortId
const singleSearchAfterPromise = singleSearchAfter({
buildRuleMessage,
searchAfterSortId: sortId,
index: inputIndexPattern,
from: tuple.from.toISOString(),
to: tuple.to.toISOString(),
services,
logger,
filter,
pageSize: tuple.maxSignals < pageSize ? Math.ceil(tuple.maxSignals) : pageSize, // maximum number of docs to receive per search result.
timestampOverride: ruleParams.timestampOverride,
excludeDocsWithTimestampOverride: false,
});
// if there is a timestampOverride param we always want to do a secondary search against @timestamp
if (ruleParams.timestampOverride != null && hasBackupSortId) {
// only execute search if we have something to sort on or if it is the first search
const singleSearchAfterDefaultTimestamp = singleSearchAfter({
const {
searchResult: searchResultB,
searchDuration: searchDurationB,
searchErrors: searchErrorsB,
} = await singleSearchAfter({
buildRuleMessage,
searchAfterSortId: backupSortId,
index: inputIndexPattern,
@ -118,11 +107,6 @@ export const searchAfterAndBulkCreate = async ({
timestampOverride: ruleParams.timestampOverride,
excludeDocsWithTimestampOverride: true,
});
const {
searchResult: searchResultB,
searchDuration: searchDurationB,
searchErrors: searchErrorsB,
} = await singleSearchAfterDefaultTimestamp;
// call this function setSortIdOrExit()
const lastSortId = searchResultB?.hits?.hits[searchResultB.hits.hits.length - 1]?.sort;
@ -153,7 +137,19 @@ export const searchAfterAndBulkCreate = async ({
if (hasSortId) {
// only execute search if we have something to sort on or if it is the first search
const { searchResult, searchDuration, searchErrors } = await singleSearchAfterPromise;
const { searchResult, searchDuration, searchErrors } = await singleSearchAfter({
buildRuleMessage,
searchAfterSortId: sortId,
index: inputIndexPattern,
from: tuple.from.toISOString(),
to: tuple.to.toISOString(),
services,
logger,
filter,
pageSize: tuple.maxSignals < pageSize ? Math.ceil(tuple.maxSignals) : pageSize, // maximum number of docs to receive per search result.
timestampOverride: ruleParams.timestampOverride,
excludeDocsWithTimestampOverride: false,
});
mergedSearchResults = mergeSearchResults([mergedSearchResults, searchResult]);
toReturn = mergeReturns([
toReturn,