Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 4.5.1-7.16] Fix server side query in pdf report filter #5733

Merged
merged 7 commits into from
Jul 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Fixed the rendering of tables that contains IPs and agent overview [#5471](https://github.com/wazuh/wazuh-kibana-app/pull/5471)
- Fixed the agents active coverage stat as NaN in Details panel of Agents section [#5490](https://github.com/wazuh/wazuh-kibana-app/pull/5490)
- Fixed a broken documentation link to agent labels [#5687](https://github.com/wazuh/wazuh-kibana-app/pull/5687)
- Fixed the PDF report filters applied to tables [#5714](https://github.com/wazuh/wazuh-kibana-app/pull/5714)

### Removed

Expand Down
4 changes: 3 additions & 1 deletion public/react-services/reporting.js
Original file line number Diff line number Diff line change
Expand Up @@ -89,13 +89,15 @@ export class ReportingService {
}

const appliedFilters = await this.visHandlers.getAppliedFilters(syscollectorFilters);

const dataplugin = await getDataPlugin();
const serverSideQuery = dataplugin.query.getEsQuery();
const array = await this.vis2png.checkArray(visualizationIDList);

const browserTimezone = moment.tz.guess(true);

const data = {
array,
serverSideQuery, // Used for applying the same filters on the server side requests
filters: appliedFilters.filters,
time: appliedFilters.time,
searchBar: appliedFilters.searchBar,
Expand Down
16 changes: 13 additions & 3 deletions server/controllers/wazuh-reporting.ts
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,7 @@ export class WazuhReportingCtrl {
browserTimezone,
searchBar,
filters,
serverSideQuery,
time,
tables,
section,
Expand Down Expand Up @@ -327,7 +328,7 @@ export class WazuhReportingCtrl {
apiId,
new Date(from).getTime(),
new Date(to).getTime(),
sanitizedFilters,
serverSideQuery,
agentsFilter,
indexPatternTitle,
agents
Expand Down Expand Up @@ -876,7 +877,7 @@ export class WazuhReportingCtrl {
) => {
try {
log('reporting:createReportsAgentsInventory', `Report started`, 'info');
const { searchBar, filters, time, indexPatternTitle, apiId } = request.body;
const { searchBar, filters, time, indexPatternTitle, apiId, serverSideQuery } = request.body;
const { agentID } = request.params;
const { from, to } = time || {};
// Init
Expand Down Expand Up @@ -1062,6 +1063,15 @@ export class WazuhReportingCtrl {
};

if (time) {
// Add Vulnerability Detector filter to the Server Side Query
serverSideQuery?.bool?.must?.push?.({
match_phrase: {
"rule.groups": {
query: "vulnerability-detector"
}
}
});

await extendedInformation(
context,
printer,
Expand All @@ -1070,7 +1080,7 @@ export class WazuhReportingCtrl {
apiId,
from,
to,
sanitizedFilters + ' AND rule.groups: "vulnerability-detector"',
serverSideQuery,
agentsFilter,
indexPatternTitle,
agentID
Expand Down
45 changes: 14 additions & 31 deletions server/lib/reporting/base-query.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,45 +9,28 @@
*
* Find more information about this on the LICENSE file.
*/

import { cloneDeep } from 'lodash';

export function Base(pattern: string, filters: any, gte: number, lte: number, allowedAgentsFilter: any = null) {
const clonedFilter = cloneDeep(filters);
clonedFilter?.bool?.must?.push?.({
range: {
timestamp: {
gte: gte,
lte: lte,
format: 'epoch_millis'
}
}
});
const base = {
// index: pattern,

from: 0,
size: 500,
aggs: {},
sort: [],
script_fields: {},
query: {
bool: {
must: [
{
query_string: {
query: filters,
analyze_wildcard: true,
default_field: '*'
}
},
{
range: {
timestamp: {
gte: gte,
lte: lte,
format: 'epoch_millis'
}
}
}
],
must_not: []
}
}
query: clonedFilter
};

//Add allowed agents filter
if(allowedAgentsFilter?.query?.bool){
base.query.bool.minimum_should_match = allowedAgentsFilter.query.bool.minimum_should_match;
base.query.bool.should = allowedAgentsFilter.query.bool.should;
}

return base;
}
2 changes: 1 addition & 1 deletion server/lib/reporting/extended-information.ts
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ export async function extendedInformation(
try {
log(
'reporting:extendedInformation',
`Section ${section} and tab ${tab}, API is ${apiId}. From ${from} to ${to}. Filters ${filters}. Index pattern ${pattern}`,
`Section ${section} and tab ${tab}, API is ${apiId}. From ${from} to ${to}. Filters ${JSON.stringify(filters)}. Index pattern ${pattern}`,
'info'
);
if (section === 'agents' && !agent) {
Expand Down
27 changes: 9 additions & 18 deletions server/lib/reporting/gdpr-request.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,6 @@ export const topGDPRRequirements = async (
allowedAgentsFilter,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.gdpr: exists')) {
const [head, tail] = filters.split('AND rule.gdpr: exists');
filters = head + tail;
};

try {
const base = {};
Expand All @@ -50,12 +46,6 @@ export const topGDPRRequirements = async (
}
});

base.query.bool.must.push({
exists: {
field: 'rule.gdpr'
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
body: base
Expand All @@ -77,7 +67,7 @@ export const topGDPRRequirements = async (
* @param {String} filters E.g: cluster.name: wazuh AND rule.groups: vulnerability
* @returns {Array<String>}
*/
export const getRulesByRequirement= async (
export const getRulesByRequirement = async (
context,
gte,
lte,
Expand All @@ -86,10 +76,6 @@ export const getRulesByRequirement= async (
requirement,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.gdpr: exists')) {
const [head, tail] = filters.split('AND rule.gdpr: exists');
filters = head + tail;
};

try {
const base = {};
Expand Down Expand Up @@ -119,8 +105,13 @@ export const getRulesByRequirement= async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query + ` AND rule.gdpr: "${requirement}"`;
base.query.bool.filter.push({
match_phrase: {
'rule.gdpr': {
query: requirement
}
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand All @@ -138,7 +129,7 @@ export const getRulesByRequirement= async (
) {
return accum;
};
accum.push({ruleID: bucket['3'].buckets[0].key, ruleDescription: bucket.key});
accum.push({ ruleID: bucket['3'].buckets[0].key, ruleDescription: bucket.key });
return accum;
}, []);
} catch (error) {
Expand Down
30 changes: 10 additions & 20 deletions server/lib/reporting/pci-request.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,7 @@ export const topPCIRequirements = async (
allowedAgentsFilter,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.pci_dss: exists')) {
filters = filters.replace('AND rule.pci_dss: exists', '');
};


try {
const base = {};

Expand All @@ -48,13 +45,7 @@ export const topPCIRequirements = async (
}
}
});

base.query.bool.must.push({
exists: {
field: 'rule.pci_dss'
}
});


const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
body: base
Expand Down Expand Up @@ -100,10 +91,7 @@ export const getRulesByRequirement = async (
requirement,
pattern = getSettingDefaultValue('pattern')
) => {
if (filters.includes('rule.pci_dss: exists')) {
filters = filters.replace('AND rule.pci_dss: exists', '');
};


try {
const base = {};

Expand Down Expand Up @@ -132,11 +120,13 @@ export const getRulesByRequirement = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND rule.pci_dss: "' +
requirement +
'"';
base.query.bool.filter.push({
match_phrase: {
'rule.pci_dss': {
query: requirement
}
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand Down
25 changes: 16 additions & 9 deletions server/lib/reporting/rootcheck-request.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,11 @@ export const top5RootkitsDetected = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND "rootkit" AND "detected"';
base.query?.bool?.must?.push({
query_string: {
query: '"rootkit" AND "detected"'
}
});

const response = await context.core.elasticsearch.client.asCurrentUser.search({
index: pattern,
Expand Down Expand Up @@ -97,9 +99,11 @@ export const agentsWithHiddenPids = async (
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query +
' AND "process" AND "hidden"';
base.query?.bool?.must?.push({
query_string: {
query: '"process" AND "hidden"'
}
});

// "aggregations": { "1": { "value": 1 } }
const response = await context.core.elasticsearch.client.asCurrentUser.search({
Expand All @@ -126,7 +130,7 @@ export const agentsWithHiddenPids = async (
* @param {String} filters E.g: cluster.name: wazuh AND rule.groups: vulnerability
* @returns {Array<String>}
*/
export const agentsWithHiddenPorts = async(
export const agentsWithHiddenPorts = async (
context,
gte,
lte,
Expand All @@ -147,8 +151,11 @@ export const agentsWithHiddenPorts = async(
}
});

base.query.bool.must[0].query_string.query =
base.query.bool.must[0].query_string.query + ' AND "port" AND "hidden"';
base.query?.bool?.must?.push({
query_string: {
query: '"port" AND "hidden"'
}
});

// "aggregations": { "1": { "value": 1 } }
const response = await context.core.elasticsearch.client.asCurrentUser.search({
Expand Down
Loading
Loading