Skip to content

[8.17] [Security Solution] Adds normalization for query fields before diff algorithm comparison (#203482)#204160

Merged
dplumlee merged 3 commits intoelastic:8.17from
dplumlee:backport/8.17/pr-203482
Dec 13, 2024
Merged

[8.17] [Security Solution] Adds normalization for query fields before diff algorithm comparison (#203482)#204160
dplumlee merged 3 commits intoelastic:8.17from
dplumlee:backport/8.17/pr-203482

Conversation

@dplumlee
Copy link
Copy Markdown
Contributor

@dplumlee dplumlee commented Dec 13, 2024

Backport

This will backport the following commits from main to 8.17:

Questions ?

Please refer to the Backport tool documentation

@dplumlee
[Security Solution] Adds normalization for query fields before diff…
43ca62c 
… algorithm comparison (elastic#203482)

## Summary

Fixes elastic#203151

Adds a normalization for the `kql_query`, `eql_query`, and `esql_query`
fields that trims the whitespace from the beginning and end of query
strings for a more robust comparison in the diff algorithms. Since
whitespace before or after the query string is purely a formatting
choice and doesn't impact the query itself, we discard the excess
whitespace characters before the direct string comparison.

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit 0294838)

# Conflicts:
#	x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/extract_rule_data_query.ts
@dplumlee dplumlee added the backport This PR is a backport of another PR label Dec 13, 2024
@dplumlee dplumlee enabled auto-merge (squash) December 13, 2024 04:36
@dplumlee dplumlee mentioned this pull request Dec 13, 2024
Merged
2 tasks
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Dec 13, 2024

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.3MB 13.3MB +72.0B

History

@dplumlee dplumlee merged commit 9e0c420 into elastic:8.17 Dec 13, 2024
@dplumlee dplumlee deleted the backport/8.17/pr-203482 branch December 13, 2024 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marshallmain marshallmain marshallmain approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dplumlee @elasticmachine @marshallmain