Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 4.5.1-7.10] Fix server side query in pdf report filter #5732

Merged
merged 6 commits into from
Jul 27, 2023
Merged

[Backport 4.5.1-7.10] Fix server side query in pdf report filter #5732

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c26b0a2
Backport 5417
asteriscos Jul 24, 2023
7726faa
Add comments
asteriscos Jul 25, 2023
9b0fd71
Add changelog
asteriscos Jul 25, 2023
2f53bdb
Fix deep clone filters
asteriscos Jul 26, 2023
fdf73ff
Fix server side requirement query
asteriscos Jul 26, 2023
04c8748
Fix rootkit filter
asteriscos Jul 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Fixed the rendering of tables that contains IPs and agent overview [#5471](https://github.com/wazuh/wazuh-kibana-app/pull/5471)
- Fixed the agents active coverage stat as NaN in Details panel of Agents section [#5490](https://github.com/wazuh/wazuh-kibana-app/pull/5490)
- Fixed a broken documentation link to agent labels [#5687](https://github.com/wazuh/wazuh-kibana-app/pull/5687)
- Fixed the PDF report filters applied to tables [#5714](https://github.com/wazuh/wazuh-kibana-app/pull/5714)

### Removed

Expand Down
4 changes: 3 additions & 1 deletion public/react-services/reporting.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,13 +89,15 @@ export class ReportingService {
}

const appliedFilters = await this.visHandlers.getAppliedFilters(syscollectorFilters);

const dataplugin = await getDataPlugin();
const serverSideQuery = dataplugin.query.getEsQuery();
const array = await this.vis2png.checkArray(visualizationIDList);

const browserTimezone = moment.tz.guess(true);

const data = {
array,
serverSideQuery, // Used for applying the same filters on the server side requests
filters: appliedFilters.filters,
time: appliedFilters.time,
searchBar: appliedFilters.searchBar,
Expand Down
16 changes: 13 additions & 3 deletions server/controllers/wazuh-reporting.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,7 @@ export class WazuhReportingCtrl {
browserTimezone,
searchBar,
filters,
serverSideQuery,
time,
tables,
section,
Expand Down Expand Up @@ -327,7 +328,7 @@ export class WazuhReportingCtrl {
apiId,
new Date(from).getTime(),
new Date(to).getTime(),
sanitizedFilters,
serverSideQuery,
agentsFilter,
indexPatternTitle,
agents
Expand Down Expand Up @@ -876,7 +877,7 @@ export class WazuhReportingCtrl {
) => {
try {
log('reporting:createReportsAgentsInventory', `Report started`, 'info');
const { searchBar, filters, time, indexPatternTitle, apiId } = request.body;
const { searchBar, filters, time, indexPatternTitle, apiId, serverSideQuery } = request.body;
const { agentID } = request.params;
const { from, to } = time || {};
// Init
Expand Down Expand Up @@ -1062,6 +1063,15 @@ export class WazuhReportingCtrl {
};

if (time) {
// Add Vulnerability Detector filter to the Server Side Query
serverSideQuery?.bool?.must?.push?.({
match_phrase: {
"rule.groups": {
query: "vulnerability-detector"
}
}
});

await extendedInformation(
context,
printer,
Expand All @@ -1070,7 +1080,7 @@ export class WazuhReportingCtrl {
apiId,
from,
to,
sanitizedFilters + ' AND rule.groups: "vulnerability-detector"',
serverSideQuery,
agentsFilter,
indexPatternTitle,
agentID
Expand Down
45 changes: 14 additions & 31 deletions server/lib/reporting/base-query.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,45 +9,28 @@
*
* Find more information about this on the LICENSE file.
*/

import { cloneDeep } from 'lodash';

export function Base(pattern: string, filters: any, gte: number, lte: number, allowedAgentsFilter: any = null) {
const clonedFilter = cloneDeep(filters);
clonedFilter?.bool?.must?.push?.({
range: {
timestamp: {
gte: gte,
lte: lte,
format: 'epoch_millis'
}
}
});
const base = {
// index: pattern,

from: 0,
size: 500,
aggs: {},
sort: [],
script_fields: {},
query: {
bool: {
must: [
{
query_string: {
query: filters,
analyze_wildcard: true,
default_field: '*'
}
},
{
range: {
timestamp: {
gte: gte,
lte: lte,
format: 'epoch_millis'
}
}
}
],
must_not: []
}
}
query: clonedFilter
};

//Add allowed agents filter
if(allowedAgentsFilter?.query?.bool){
base.query.bool.minimum_should_match = allowedAgentsFilter.query.bool.minimum_should_match;
base.query.bool.should = allowedAgentsFilter.query.bool.should;
}

return base;
}
2 changes: 1 addition & 1 deletion server/lib/reporting/extended-information.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ export async function extendedInformation(
try {
log(
'reporting:extendedInformation',
`Section ${section} and tab ${tab}, API is ${apiId}. From ${from} to ${to}. Filters ${filters}. Index pattern ${pattern}`,
`Section ${section} and tab ${tab}, API is ${apiId}. From ${from} to ${to}. Filters ${JSON.stringify(filters)}. Index pattern ${pattern}`,
'info'
);
if (section === 'agents' && !agent) {
Expand Down
27 changes: 9 additions & 18 deletions server/lib/reporting/gdpr-request.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,6 @@ export const topGDPRRequirements = async (
allowedAgentsFilter,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.gdpr: exists')) {
const [head, tail] = filters.split('AND rule.gdpr: exists');
filters = head + tail;
};

try {
const base = {};
Expand All @@ -50,12 +46,6 @@ export const topGDPRRequirements = async (
}
});

base.query.bool.must.push({
exists: {
field: 'rule.gdpr'
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
body: base
Expand All @@ -77,7 +67,7 @@ export const topGDPRRequirements = async (
* @param {String} filters E.g: cluster.name: wazuh AND rule.groups: vulnerability
* @returns {Array<String>}
*/
export const getRulesByRequirement= async (
export const getRulesByRequirement = async (
context,
gte,
lte,
Expand All @@ -86,10 +76,6 @@ export const getRulesByRequirement= async (
requirement,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.gdpr: exists')) {
const [head, tail] = filters.split('AND rule.gdpr: exists');
filters = head + tail;
};

try {
const base = {};
Expand Down Expand Up @@ -119,8 +105,13 @@ export const getRulesByRequirement= async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query + ` AND rule.gdpr: "${requirement}"`;
base.query.bool.filter.push({
match_phrase: {
'rule.gdpr': {
query: requirement
}
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand All @@ -138,7 +129,7 @@ export const getRulesByRequirement= async (
) {
return accum;
};
accum.push({ruleID: bucket['3'].buckets[0].key, ruleDescription: bucket.key});
accum.push({ ruleID: bucket['3'].buckets[0].key, ruleDescription: bucket.key });
return accum;
}, []);
} catch (error) {
Expand Down
30 changes: 10 additions & 20 deletions server/lib/reporting/pci-request.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,7 @@ export const topPCIRequirements = async (
allowedAgentsFilter,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.pci_dss: exists')) {
filters = filters.replace('AND rule.pci_dss: exists', '');
};


try {
const base = {};

Expand All @@ -48,13 +45,7 @@ export const topPCIRequirements = async (
}
}
});

base.query.bool.must.push({
exists: {
field: 'rule.pci_dss'
}
});


const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
body: base
Expand Down Expand Up @@ -100,10 +91,7 @@ export const getRulesByRequirement = async (
requirement,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.pci_dss: exists')) {
filters = filters.replace('AND rule.pci_dss: exists', '');
};


try {
const base = {};

Expand Down Expand Up @@ -132,11 +120,13 @@ export const getRulesByRequirement = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND rule.pci_dss: "' +
requirement +
'"';
base.query.bool.filter.push({
match_phrase: {
'rule.pci_dss': {
query: requirement
}
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand Down
25 changes: 16 additions & 9 deletions server/lib/reporting/rootcheck-request.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,11 @@ export const top5RootkitsDetected = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND "rootkit" AND "detected"';
base.query?.bool?.must?.push({
query_string: {
query: '"rootkit" AND "detected"'
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand Down Expand Up @@ -97,9 +99,11 @@ export const agentsWithHiddenPids = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND "process" AND "hidden"';
base.query?.bool?.must?.push({
query_string: {
query: '"process" AND "hidden"'
}
});

// "aggregations": { "1": { "value": 1 } }
const response = await context.core.elasticsearch.client.asCurrentUser.search({
Expand All @@ -126,7 +130,7 @@ export const agentsWithHiddenPids = async (
* @param {String} filters E.g: cluster.name: wazuh AND rule.groups: vulnerability
* @returns {Array<String>}
*/
export const agentsWithHiddenPorts = async(
export const agentsWithHiddenPorts = async (
context,
gte,
lte,
Expand All @@ -147,8 +151,11 @@ export const agentsWithHiddenPorts = async(
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query + ' AND "port" AND "hidden"';
base.query?.bool?.must?.push({
query_string: {
query: '"port" AND "hidden"'
}
});

// "aggregations": { "1": { "value": 1 } }
const response = await context.core.elasticsearch.client.asCurrentUser.search({
Expand Down
Loading
Loading