From d2f38d84b902a4120dcbf418aeeda6de7798fd12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20S=C3=A1nchez?= <davidsansol92@gmail.com>
Date: Tue, 22 Jun 2021 17:25:41 +0200
Subject: [PATCH] Wraps query in parentheses to avoid quering exception lists
 (#102612)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../public/management/common/utils.test.ts                | 8 ++++----
 .../security_solution/public/management/common/utils.ts   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/management/common/utils.test.ts b/x-pack/plugins/security_solution/public/management/common/utils.test.ts
index 59455ccd6bb042..30354c141f8335 100644
--- a/x-pack/plugins/security_solution/public/management/common/utils.test.ts
+++ b/x-pack/plugins/security_solution/public/management/common/utils.test.ts
@@ -15,17 +15,17 @@ describe('utils', () => {
     });
     it('should parse simple query with term', () => {
       expect(parseQueryFilterToKQL('simpleQuery', searchableFields)).toBe(
-        'exception-list-agnostic.attributes.name:(*simpleQuery*) OR exception-list-agnostic.attributes.description:(*simpleQuery*) OR exception-list-agnostic.attributes.entries.value:(*simpleQuery*) OR exception-list-agnostic.attributes.entries.entries.value:(*simpleQuery*)'
+        '(exception-list-agnostic.attributes.name:(*simpleQuery*) OR exception-list-agnostic.attributes.description:(*simpleQuery*) OR exception-list-agnostic.attributes.entries.value:(*simpleQuery*) OR exception-list-agnostic.attributes.entries.entries.value:(*simpleQuery*))'
       );
     });
     it('should parse complex query with term', () => {
       expect(parseQueryFilterToKQL('complex query', searchableFields)).toBe(
-        'exception-list-agnostic.attributes.name:(*complex*query*) OR exception-list-agnostic.attributes.description:(*complex*query*) OR exception-list-agnostic.attributes.entries.value:(*complex*query*) OR exception-list-agnostic.attributes.entries.entries.value:(*complex*query*)'
+        '(exception-list-agnostic.attributes.name:(*complex*query*) OR exception-list-agnostic.attributes.description:(*complex*query*) OR exception-list-agnostic.attributes.entries.value:(*complex*query*) OR exception-list-agnostic.attributes.entries.entries.value:(*complex*query*))'
       );
     });
     it('should parse complex query with colon and backslash chars term', () => {
       expect(parseQueryFilterToKQL('C:\\tmpes', searchableFields)).toBe(
-        'exception-list-agnostic.attributes.name:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.description:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.entries.value:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.entries.entries.value:(*C\\:\\\\tmpes*)'
+        '(exception-list-agnostic.attributes.name:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.description:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.entries.value:(*C\\:\\\\tmpes*) OR exception-list-agnostic.attributes.entries.entries.value:(*C\\:\\\\tmpes*))'
       );
     });
     it('should parse complex query with special chars term', () => {
@@ -35,7 +35,7 @@ describe('utils', () => {
           searchableFields
         )
       ).toBe(
-        "exception-list-agnostic.attributes.name:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.description:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.entries.value:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.entries.entries.value:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*)"
+        "(exception-list-agnostic.attributes.name:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.description:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.entries.value:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*) OR exception-list-agnostic.attributes.entries.entries.value:(*this'is%&query\\{\\}[]!¿?with.,-+`´special\\<\\>ºª@#|·chars*))"
       );
     });
   });
diff --git a/x-pack/plugins/security_solution/public/management/common/utils.ts b/x-pack/plugins/security_solution/public/management/common/utils.ts
index c8cf761ccaf864..616e395c8ad479 100644
--- a/x-pack/plugins/security_solution/public/management/common/utils.ts
+++ b/x-pack/plugins/security_solution/public/management/common/utils.ts
@@ -17,5 +17,5 @@ export const parseQueryFilterToKQL = (filter: string, fields: Readonly<string[]>
     )
     .join(' OR ');
 
-  return kuery;
+  return `(${kuery})`;
 };