[8.13] [Security Solution] Fix coverage overview console errors (#178126

) (#178441)

# Backport

This will backport the following commits from `main` to `8.13`:
- [[Security Solution] Fix coverage overview console errors
(#178126)](#178126)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-03-11T20:40:00Z","message":"[Security
Solution] Fix coverage overview console errors (#178126)\n\n**Fixes:
https://github.com/elastic/kibana/issues/164846**\r\n\r\n##
Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard
console errors when the page loads or filter is changed.\r\n\r\n##
Details\r\n\r\nAn error message `Exception list is null when it never
should be. This indicates potentially that saved object migrations did
not run correctly. Returning empty exception list` appears each time
MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed
(which lead to data reloading).\r\n\r\nIf one tried to find the source
of the console error message it lead to
[kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33).
It happens whenever there is an attempt to inject rule exceptions from
SO references. This operations happens for every rule wrapped in
`securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever
such rule if fetched via `rulesClient.find()` it invokes registered
`useSavedObjectReferences.injectReferences` finally invoking mentioned
above `inject_exceptions_list.ts`. Coverage Overview API endpoint
fetches only necessary set of rule fields (`name`, `enabled`,
`params.threat`) to reduce transferring unnecessary data. It's not hard
to guess that `params.exceptionsList` is missed and it ends up to be
`undefined` (it's always an array in a SO) when the validation happens
in `inject_exceptions_list.ts`. So it leads to the warning message
appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection
validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections
and Resp","Team: SecuritySolution","Feature:Rule
Management","Team:Detection Rule
Management","v8.13.0","v8.14.0"],"title":"[Security Solution] Fix
coverage overview console
errors","number":178126,"url":"https://github.com/elastic/kibana/pull/178126","mergeCommit":{"message":"[Security
Solution] Fix coverage overview console errors (#178126)\n\n**Fixes:
https://github.com/elastic/kibana/issues/164846**\r\n\r\n##
Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard
console errors when the page loads or filter is changed.\r\n\r\n##
Details\r\n\r\nAn error message `Exception list is null when it never
should be. This indicates potentially that saved object migrations did
not run correctly. Returning empty exception list` appears each time
MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed
(which lead to data reloading).\r\n\r\nIf one tried to find the source
of the console error message it lead to
[kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33).
It happens whenever there is an attempt to inject rule exceptions from
SO references. This operations happens for every rule wrapped in
`securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever
such rule if fetched via `rulesClient.find()` it invokes registered
`useSavedObjectReferences.injectReferences` finally invoking mentioned
above `inject_exceptions_list.ts`. Coverage Overview API endpoint
fetches only necessary set of rule fields (`name`, `enabled`,
`params.threat`) to reduce transferring unnecessary data. It's not hard
to guess that `params.exceptionsList` is missed and it ends up to be
`undefined` (it's always an array in a SO) when the validation happens
in `inject_exceptions_list.ts`. So it leads to the warning message
appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection
validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f"}},"sourceBranch":"main","suggestedTargetBranches":["8.13"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/178126","number":178126,"mergeCommit":{"message":"[Security
Solution] Fix coverage overview console errors (#178126)\n\n**Fixes:
https://github.com/elastic/kibana/issues/164846**\r\n\r\n##
Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard
console errors when the page loads or filter is changed.\r\n\r\n##
Details\r\n\r\nAn error message `Exception list is null when it never
should be. This indicates potentially that saved object migrations did
not run correctly. Returning empty exception list` appears each time
MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed
(which lead to data reloading).\r\n\r\nIf one tried to find the source
of the console error message it lead to
[kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33).
It happens whenever there is an attempt to inject rule exceptions from
SO references. This operations happens for every rule wrapped in
`securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever
such rule if fetched via `rulesClient.find()` it invokes registered
`useSavedObjectReferences.injectReferences` finally invoking mentioned
above `inject_exceptions_list.ts`. Coverage Overview API endpoint
fetches only necessary set of rule fields (`name`, `enabled`,
`params.threat`) to reduce transferring unnecessary data. It's not hard
to guess that `params.exceptionsList` is missed and it ends up to be
`undefined` (it's always an array in a SO) when the validation happens
in `inject_exceptions_list.ts`. So it leads to the warning message
appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection
validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f"}}]}]
BACKPORT-->

Co-authored-by: Maxim Palenov <[email protected]>

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.test.ts

@@ -46,15 +46,14 @@ describe('inject_exceptions_list', () => {
     ).toEqual<FuncReturn>([]);
   });
 
-  test('logs expect error message if the exceptionsList is undefined', () => {
-    injectExceptionsReferences({
-      logger,
-      exceptionsList: undefined as unknown as RuleParams['exceptionsList'],
-      savedObjectReferences: mockSavedObjectReferences(),
-    });
-    expect(logger.error).toBeCalledWith(
-      'Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list'
-    );
+  test('returns empty array given undefined', () => {
+    expect(
+      injectExceptionsReferences({
+        logger,
+        exceptionsList: undefined as unknown as RuleParams['exceptionsList'],
+        savedObjectReferences: mockSavedObjectReferences(),
+      })
+    ).toEqual([]);
   });
 
   test('returns empty array given an empty array for "exceptionsList"', () => {

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts

@@ -26,14 +26,8 @@ export const injectExceptionsReferences = ({
   logger: Logger;
   exceptionsList: RuleParams['exceptionsList'];
   savedObjectReferences: SavedObjectReference[];
-}): RuleParams['exceptionsList'] => {
-  if (exceptionsList == null) {
-    logger.error(
-      'Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list'
-    );
-    return [];
-  }
-  return exceptionsList.map((exceptionItem, index) => {
+}): RuleParams['exceptionsList'] =>
+  (exceptionsList ?? []).map((exceptionItem, index) => {
     const savedObjectReference = getSavedObjectReferenceForExceptionsList({
       logger,
       index,
@@ -54,4 +48,3 @@ export const injectExceptionsReferences = ({
       return exceptionItem;
     }
   });
-};