From 8fe48914d103727e85ef7bb77ca56cf114d49230 Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Tue, 28 Jul 2020 14:53:08 -0600
Subject: [PATCH 1/3] Fixes the build by fixing data json to remove a version
 in alerting saved objects for cypress hill

---
 .../es_archives/export_rule/data.json.gz      | Bin 1931 -> 1924 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/x-pack/test/security_solution_cypress/es_archives/export_rule/data.json.gz b/x-pack/test/security_solution_cypress/es_archives/export_rule/data.json.gz
index 373251d9e4f93d8097029345aa45aba959dd7a08..aad07a0bf6d53d4f427665ac312f45a0ef13b028 100644
GIT binary patch
literal 1924
zcmV-~2YdJ*iwFq$hag`717u-zVJ>QOZ*Bn9SxIx-IugG7S8#NCODK`zuBmtM7TeE@
z?8uHCPfe*n5|m(pO9;T0oyvco21UuFHY-XplTq0Rp&O0vuNQPfUv?Cw!JjkS=qQaa
z4I1y{!Xu(Wu6%(n@Rfv;iYU%`2bqr34iQq3fg{y4k)gVpVW~FqL*0+su4kY^h}@Ti
zcr3RzN5n@7>g!VqOGO^Mo}iS{D+_Wd;3Q2LEdFb@`0sZWy4-RNx}OyKF@obJBZCA{
z)~K>&<P<+kj-!-(xQ}k5PalS38XUi*f9|GXZ+~!clidZ;;ls0j9F48pk?w~VCu00^
zd3^X1K0e&J?L*DV$-QkoA)-;1oPGKzLiagoeR404cJKYm3*GoL`lylN->2h;7P$*=
z*xk`>?_%uTc1JuGXWfxy>giE;uXjL=55w+-mpn$=-kmUT(6aZg4y-Hk@R^FxFz#EK
znXr$R*&AFv^p08&SI4HHM_0CXdin57Ki@Dby1Bd={PowOmEETV=h9S65#uDNas+^-
zh$m!;RgIQo#BsPQJ<w=tZB5l2RkyBntz%jp-D-N4dB0@C-t&sXaDse_rC)e1aD@;H
zj&~^qLIi%Ar-Ua7<0uKhrK|m(ptuOv!*Q18T*(E+)uS_%qnOn~N#Y~;FwJW+Yf^#5
z7lei+8SK$C7+p_tA`z6<m_p2goMbXGSL+}F7zeoEVrPW$wdWQ<T&9e0@`%}bRzf+>
z-{8s9SgMw!PpV;StgaV{0cYu(MGsUmwko{{u2}s;<vB{&Bq{%>2`%6a3HKo;)CCew
z!U1?}kpRZv<y&YvV2i663PyOvAx|WMO(kt5G!!KRfd)nNj0Db~>)22d;Di;_Iw3~m
zURhW=imqvOBIal=+A3bq<9SufS}0SnkFu;Ua+wW{A?I1A)q>bVbeJ;UvFx_i0)`gD
zfyfDeZiSfRvL;qUeywSfq<m@Irh;dJpUf(<JYFrUr5fT03Cin6e=Y!$nt?V=nRFec
zj(a1=5zaBB>-vby2^;l-G?$85+H%r4SPHqfUJhj0q}J=c<{~X<t8UvgRMR%F>b2pk
zZ`vku1J4OUv$3%E0&M6$;yfqeQj8dSgbEZcC1KbHK9Gmg^r^9wxQPvXC@bfB77}Ah
z61-fKDfOCgy3`8E07W#;)|txFvP9G^nRWu77n1{ou}RU>XUmn)Yp`I5LqYLeDnLnr
ziUkdY6l=wewR^*B#6}Yjo0jQ%0oK&Oc3oB1F?1Z3*H$$HMJR|ITi2p$)#qq1AB2s5
zzc?I1yf59~Ct>H?1E(TnRy#XI<$SfJdOLxGQ@+eK4UvV5cjnF<8q0HPcEHR-lYVKo
zT*~gF6*suubRD?C3-+%&^8f43&X>)bzu9%BQn=1kG)PjZeg}$smI6S1xx7u^w?c5e
z6YMW|w~Bb#i>$QWY`V6+tb6JEtJ;_OTYkc!9G2E9hf}SUvsb%|ozjYaiP;itUU{at
z&l6|e&E{vWMTZmI_rcx~&P%;?Jq&%v4%9aCeAV<_P4(^2P(w#Ikb^92_-0Lfsp-_7
z#$rs*A-Qc(uL_2Z!yH`gXx|a$&?84=(6O6ZQ&SPmhDhHgs3&6TF<f+)7eY1#u4y~f
zU;~rhr+JKchrh@ZZm#ziA&ki&M-rQlvqD^vK0C4DG`*&_wFgQ$TLZ|TNyD9bKk-e_
ztv9m}FD2PcdkZV4+ba_1GW~i;m;!%%h?UX`rP%e4T6rL>7;oM~84)>tdsI0n0a;LZ
zit0qO?O~VQ+^juRaWa4oL6w)DT29fB9@uic_9hqVH#zJr$lug#o1uT@9V-RzN|s3%
z@eQvPv+Wh(&>;0uz2jcuy0<OdxPCd`c}<t~%a!%(CloGE(;VIN+Lq~<n&;^YnEY3Z
z)Mls}04y{B--D_kDhzo!v^x_7Rl(pgg*h_eo%8gCP>NbsQ&WCBM*-ZADI5M%If15;
zDzKn*d&(UQjeXth+rKNjSw`_K_D>0KS%%XzY~{Dp<LmRYcM2sVtQ_HBl>V;lLlDNe
z<r?5gQ`d~9uG>lvGBqdVwx5uzQ#5AwRv?}&&3RNLyfPAe-OMLurws+%w7$b9FlxcL
zUc_2oFz`jc@;rfPr|tUKh>Raz?%p_eu9#(6`8HXO@V%4@$=Iok^3^9Wk_e7jH|ar#
zie>gd9vhxzS3cFwArY~U^KP^cDvhL1E5r5c9Jt&8Zqu`k`|anCH*nZE5UP6olt6H-
zz&Gq)BoKy>)o*!R_iVH3arXy#yqa?VOOH!E?4Rjz&q5l~{*OGa>Gs^`2f5s9dan5k
zxV);z5AJWldM=>7wLQz!f2H<zqS#ziY~Pytf{yl!cZ+NA`GJ`9S*si60m>HJV>zF{
zM})%AQvBAlntYBKo4k}S;W<mw(H;s$2WZJ-bHULQ0YJu9{Gim<nx5&@o@6SUUXN}t
zxq?F+R#_QFc`)3KIL=o?0ergFbhYJ=bTi+qIH4ey)~!~5n~|VAdDDqN9%bqE%=r(-
Kc@#Ue9RL9QR>bxI

literal 1931
zcmV;62Xy!!iwFpN;}Kr~17u-zVJ>QOZ*Bn9Sy@x#Iu?HCS9tPtmv&;ud#3IKTLYIR
z&<PFA)Kp5g<wQiW-IfG_uKw?H<T%03MhM+AJt=sI&Z2X^v*<|qwxcLD{*>ZcOR0rP
zQ2QVk9uO6B<r{o~uOyUIL~+Jj$aI`$h>(g59I2*>4As>POSO?7>VDL8Jp<)Rq+A^0
zu@tQjiH~B`)29@ch%9*7K`FGC7UWXENfI+y{MT&p-yceJDbfYoPjdSh!J|4O{TNYJ
zE3>8K6hBFhqlA3Ai*BMXp9W(Z96u+2?j~VpzkhL^-UiX({gZwijjfxZ?uQpAV*Gr0
zeE1wb+~2y*L(R&_ooziLqEQx~efcax_bG0CaW9W{@BGUP-S{*5tdYUrr{ntuxec$`
z?a@u=V(i_thkPW?+C$6KlcV-t=YSfY2JH(keu%WaTVdd!VeefXSXbo!D;1$(+%-}&
zW}hvy)4#g!95wE*j!i+2u59h}^8Sf_y=GQ)eR<vg>#s#G+mA8Mq^p=B#z|1-2mnhl
znvf+{6<UT7$KkGwK&`1YHC1y|-RkOE%d}d$Rrf6OZi&F&(~8Y-jC_h^TzDpMi7*lz
z?@|hc2;wwP2~T3iQ5-->SI0d@qdZ*?$7zyrB@+~vw@y)pMy!%b5+A__NmkKW(F!cS
zAT%U#e~%`?usf-VSWsGF3NZ^ZlFH0nZG!}09N?Uboe{>@?wbQ~nJ~i117_=43FSC@
zg(pi!(zG~vR1I5WRlCRtaF(%Ij6kVk%i8ng8mWJ%JVP;?6y+Zkr8&GI;XdSqx<JBl
z*oTNM62KX}T!bclwz!(2V2D?2@<?J3DrhUAp(ySP)X%eLC~)>v#fFjq$1JB-2_rP_
z6pf{&=$cj~VvgprtrP`)G;eCr3uOuRP@48cCaa+~;5=<L8jyR44id&&mfh4Ez|deg
z5E<c5jSzEO^u&_N?-gs}gfGq8MDSGblUYZW+p9&lR6`sgL3!2buQ@={GO(sDi>{?q
zaj#`K!Wo8gU7wK|VZ%<4WYRE8TTVI$PoehK>wzkp^m^UbT%-j})oq%FYT5=?y(WD1
zP1{6n;5k8P))r(hz=!q&&N31%#fYH?=s@985(YVlf!v%XkF}-5O?==3**Vv<kP)UN
z#>*|4QoDrHrCvw|XriNZovS=4T13^8=_K%Vu{b~(n>0Orwp>cR8Vd$E6co>u0<;w9
zSTImXwbrP%RyOP+Hk?G*v`p6vu%-sK>#DkrVdAj7rm7hzLP6x%x)znYK1coeB&_v%
z`R0(~JsJKU30rSZoRX4R?`-9r^Tn6)=>!2z__EN{L>exhnLBf6)JCMAAz9>~XMmSy
zqGC*{Id!kDElMw~$eDSw_)gT!mJ7>zXvO(&*IftB|D65%j{N_=v-559(Q$SdsuT`G
z74_ppI^Tk$Ax!|@o?PB$YFweXidk<VH_GuUCYhDKn|0T=m(4ysf7S3aKO;;yl*7VX
z<#1}Xa`xhPE-Ag}6__o-=7nd9`#f<r8*RSlT68$UJs<oX;;gVs*Tc|v>_BZI&sR;~
z)l}aO4K;Lh13AdThHqBX7nV-_sV!E-9Fp56^{QmpIL#r{j`of;hY33({gz$V>Y9pZ
zIzak1Nj*_h&Eb4Dy%2Jwa827OCmXo*G08@VxA?Q%;kvv3)~+(!@ttj@(6cpw3`RWM
zs!k(sf^NN=xq7L|uG?F9ITbHyoU8QifG`FA_y8+~7fLSmk4k$WEWaFmgf=2F{Q5=b
zpa5jS;3=vT%eIGI&VsYyQpIr}<_lFGnQCzdhw{Ld<25%qj^7lp*C2n@vTdFWR-VvO
z@vdZ<%ph-g>zIj`l*4${L)CeGN$6hpaO3{vyz`hY`j;#F*H36%o~Ajv=QS<UF*VQA
z7clv+HmS`}H2_!`0N#VDASzrDGZ=R!2&#g?VG6g<n77W8XF@4zSanVL?HmPgJ|=AN
zPvrzgPO89y((Wj?aOLdjX3zdz*-cZ5Z?Jz#c*8QBx?wB7ogR13&ps%W46$;AgJJT!
zvJXi(!VTAeNSeB4)OFofI#8(@Da3w4txnOH`CEc`wlo(}5%bc8;`?SXF<VV&;HLGC
zn7~C1F8g_|^#p@h^h%E#h_;%pkB!Lq;qC5~edn54niemc#REVmp+YjYN)G|$2Q(53
zj#)eIz=Vor^*|jPo@JLl<;fuyBOhn&Xdg@(%9xg}<}bI%<pFT(o^9N1fB$#|hm8}V
zY{ySY1jh<|!~R7QVE|SATEunFHp>xre^A8BCHKFKxU|FmnGyFaq#^D9DB_xK&wYMS
z$i2Gfn!iBE%Xa+W`4+tA0>)e0vrPS08gD0t&1J>*qp2_Ga6f;y=t9g7#AMD|Jt+54
zx;P%o`}s#iC|p|dUy4?f&oN_@clISbXGt>LL&5L>EqSWWIXWT$$k>XXqncXXGo8wl
zOiAcv>l%|QIK*L@m0^?xgWZVZY&8_Xr)zarTmHm1i_MB1a&qC_YV)_b5)?acdLxiq
RS$ef{{sZ~)cm47m007H2!|VV6


From bb9eb479516d447ec912d8b02dd94892de9fa5aa Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Wed, 29 Jul 2020 16:36:25 -0600
Subject: [PATCH 2/3] Fixes bug where invalid regular expression can bubble up
 to the UI from the indexes

---
 .../server/utils/beat_schema/index.test.ts         |  6 ++++++
 .../server/utils/beat_schema/index.ts              | 14 ++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts b/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
index 56ceca2b70e9ce..9c2ff25437caff 100644
--- a/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
+++ b/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
@@ -406,5 +406,11 @@ describe('Schema Beat', () => {
       const result = getIndexAlias([index], 'hello');
       expect(result).toBe('unknown');
     });
+
+    test('empty index should not cause an error to return although it will cause an invalid regular expression to occur', () => {
+      const index = '';
+      const result = getIndexAlias([index], 'hello');
+      expect(result).toBe('unknown');
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts b/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts
index ff7331cf39bc7c..6ec15d328714d3 100644
--- a/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts
+++ b/x-pack/plugins/security_solution/server/utils/beat_schema/index.ts
@@ -77,10 +77,16 @@ const convertFieldsToAssociativeArray = (
     : {};
 
 export const getIndexAlias = (defaultIndex: string[], indexName: string): string => {
-  const found = defaultIndex.find((index) => `\\${indexName}`.match(`\\${index}`) != null);
-  if (found != null) {
-    return found;
-  } else {
+  try {
+    const found = defaultIndex.find((index) => `\\${indexName}`.match(`\\${index}`) != null);
+    if (found != null) {
+      return found;
+    } else {
+      return 'unknown';
+    }
+  } catch (error) {
+    // if we encounter an error because the index contains invalid regular expressions then we should return an unknown
+    // rather than blow up with a toaster error upstream
     return 'unknown';
   }
 };

From b29e572e3345738c19ee0e4f4687afc233d9e570 Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Wed, 29 Jul 2020 16:37:26 -0600
Subject: [PATCH 3/3] Add spacing

---
 .../security_solution/server/utils/beat_schema/index.test.ts     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts b/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
index 9c2ff25437caff..5f002aa7fad7b7 100644
--- a/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
+++ b/x-pack/plugins/security_solution/server/utils/beat_schema/index.test.ts
@@ -401,6 +401,7 @@ describe('Schema Beat', () => {
       const result = getIndexAlias([leadingWildcardIndex], leadingWildcardIndex);
       expect(result).toBe(leadingWildcardIndex);
     });
+
     test('getIndexAlias no match returns "unknown" string', () => {
       const index = 'auditbeat-*';
       const result = getIndexAlias([index], 'hello');