Encode the index of the alert in the id response

Author: jonathan-buttner

x-pack/plugins/endpoint/common/alert_constants.ts

@@ -13,10 +13,6 @@ export class AlertConstants {
    * The path for the Alert's Index Pattern API.
    */
   static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
-  /**
-   * Alert's Index pattern
-   */
-  static ALERT_INDEX_NAME = 'events-endpoint-1';
   /**
    * A paramter passed to Alert's Index Pattern.
    */

x-pack/plugins/endpoint/server/routes/alerts/details/handlers.ts

@@ -6,11 +6,11 @@
 import { GetResponse } from 'elasticsearch';
 import { KibanaRequest, RequestHandler } from 'kibana/server';
 import { AlertEvent } from '../../../../common/types';
-import { AlertConstants } from '../../../../common/alert_constants';
 import { EndpointAppContext } from '../../../types';
 import { AlertDetailsRequestParams } from '../types';
 import { AlertDetailsPagination } from './lib';
 import { getHostData } from '../../metadata';
+import { AlertId } from '../lib';
 
 export const alertDetailsHandlerWrapper = function(
   endpointAppContext: EndpointAppContext
@@ -21,10 +21,10 @@ export const alertDetailsHandlerWrapper = function(
     res
   ) => {
     try {
-      const alertId = req.params.id;
+      const alertId = AlertId.fromEncoded(req.params.id);
       const response = (await ctx.core.elasticsearch.dataClient.callAsCurrentUser('get', {
-        index: AlertConstants.ALERT_INDEX_NAME,
-        id: alertId,
+        index: alertId.index,
+        id: alertId.id,
       })) as GetResponse<AlertEvent>;
 
       const indexPattern = await endpointAppContext.service
@@ -50,7 +50,7 @@ export const alertDetailsHandlerWrapper = function(
 
       return res.ok({
         body: {
-          id: response._id,
+          id: alertId.toString(),
           ...response._source,
           state: {
             host_metadata: currentHostInfo?.metadata,
@@ -60,6 +60,9 @@ export const alertDetailsHandlerWrapper = function(
         },
       });
     } catch (err) {
+      const logger = endpointAppContext.logFactory.get('alerts');
+      logger.warn(err);
+
       if (err.status === 404) {
         return res.notFound({ body: err });
       }

x-pack/plugins/endpoint/server/routes/alerts/lib/index.ts

@@ -158,3 +158,41 @@ export const searchESForAlerts = async (
 
   return response;
 };
+
+/**
+ * Abstraction over alert IDs.
+ */
+export class AlertId {
+  protected readonly _index: string;
+  protected readonly _id: string;
+
+  constructor(index: string, id: string) {
+    this._index = index;
+    this._id = id;
+  }
+
+  public get index() {
+    return this._index;
+  }
+
+  public get id() {
+    return this._id;
+  }
+
+  static fromEncoded(encoded: string): AlertId {
+    const value = encoded.replace(/\-/g, '+').replace(/_/g, '/');
+    const data = Buffer.from(value, 'base64').toString('utf8');
+    const { index, id } = JSON.parse(data);
+    return new AlertId(index, id);
+  }
+
+  toString(): string {
+    const value = JSON.stringify({ index: this.index, id: this.id });
+    // replace invalid URL characters with valid ones
+    return Buffer.from(value, 'utf8')
+      .toString('base64')
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/g, '');
+  }
+}

x-pack/plugins/endpoint/server/routes/alerts/list/lib/index.ts

@@ -20,6 +20,7 @@ import { AlertConstants } from '../../../../../common/alert_constants';
 import { EndpointAppContext } from '../../../../types';
 import { AlertSearchQuery } from '../../types';
 import { AlertListPagination } from './pagination';
+import { AlertId } from '../../lib';
 
 export const getRequestData = async (
   request: KibanaRequest<unknown, AlertingIndexGetQueryResult, unknown>,
@@ -105,8 +106,9 @@ export async function mapToAlertResultList(
   const pagination: AlertListPagination = new AlertListPagination(config, reqCtx, reqData, hits);
 
   function mapHit(entry: AlertHits[0]): AlertData {
+    const alertId = new AlertId(entry._index, entry._id);
     return {
-      id: entry._id,
+      id: alertId.toString(),
       ...entry._source,
       prev: null,
       next: null,