[SIEM] Fixes a bug where invalid regular expressions within the index…

… patterns can cause UI toaster errors (elastic#73754) ## Summary elastic#49753 When you have no data you get a toaster error when we don't want a toaster error. Before with the toaster error: ![error](https://user-images.githubusercontent.com/1151048/88860918-0e2a5900-d1ba-11ea-95e7-5ed7324fc831.png) After: You don't get an error toaster because I catch any regular expression errors and do not report them up to the UI. ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad · Jul 31, 2020 · 8f9a02e · 8f9a02e
1 parent f257c88
commit 8f9a02e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts b/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
@@ -401,10 +401,17 @@ describe('Schema Beat', () => {
       const result = getIndexAlias([leadingWildcardIndex], leadingWildcardIndex);
       expect(result).toBe(leadingWildcardIndex);
     });
+
     test('getIndexAlias no match returns "unknown" string', () => {
       const index = 'auditbeat-*';
       const result = getIndexAlias([index], 'hello');
       expect(result).toBe('unknown');
     });
+
+    test('empty index should not cause an error to return although it will cause an invalid regular expression to occur', () => {
+      const index = '';
+      const result = getIndexAlias([index], 'hello');
+      expect(result).toBe('unknown');
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts b/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts
@@ -77,10 +77,16 @@ const convertFieldsToAssociativeArray = (
     : {};
 
 export const getIndexAlias = (defaultIndex: string[], indexName: string): string => {
-  const found = defaultIndex.find((index) => `\\${indexName}`.match(`\\${index}`) != null);
-  if (found != null) {
-    return found;
-  } else {
+  try {
+    const found = defaultIndex.find((index) => `\\${indexName}`.match(`\\${index}`) != null);
+    if (found != null) {
+      return found;
+    } else {
+      return 'unknown';
+    }
+  } catch (error) {
+    // if we encounter an error because the index contains invalid regular expressions then we should return an unknown
+    // rather than blow up with a toaster error upstream
     return 'unknown';
   }
 };