[Security Solution] Add unit tests for Network search strategy (#77416) (#77442)

* init tests

* add unit tests for network

* add more tests

* remove reponse from inspect for hostDetails

Author: angorayc

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts

@@ -29,10 +29,8 @@ export const hostDetails: SecuritySolutionFactory<HostsQueries.details> = {
     const aggregations: HostAggEsItem = get('aggregations', response.rawResponse) || {};
     const inspect = {
       dsl: [inspectStringifyObject(buildHostDetailsQuery(options))],
-      response: [inspectStringifyObject(response)],
     };
     const formattedHostItem = formatHostItem(aggregations);
-
     return { ...response, inspect, hostDetails: formattedHostItem };
   },
 };

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts

@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { buildHostDetailsQuery as buildQuery } from './query.host_details.dsl';
+import { buildHostDetailsQuery } from './query.host_details.dsl';
 import { mockOptions, expectedDsl } from './__mocks__/';
 
-describe('buildQuery', () => {
+describe('buildHostDetailsQuery', () => {
   test('build query from options correctly', () => {
-    expect(buildQuery(mockOptions)).toEqual(expectedDsl);
+    expect(buildHostDetailsQuery(mockOptions)).toEqual(expectedDsl);
   });
 });

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.test.ts

@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import * as buildQuery from './query.details_network.dsl';
+import { networkDetails } from '.';
+import {
+  mockOptions,
+  mockSearchStrategyResponse,
+  formattedSearchStrategyResponse,
+} from './__mocks__';
+
+describe('networkDetails search strategy', () => {
+  const buildNetworkDetailsQuery = jest.spyOn(buildQuery, 'buildNetworkDetailsQuery');
+
+  afterEach(() => {
+    buildNetworkDetailsQuery.mockClear();
+  });
+
+  describe('buildDsl', () => {
+    test('should build dsl query', () => {
+      networkDetails.buildDsl(mockOptions);
+      expect(buildNetworkDetailsQuery).toHaveBeenCalledWith(mockOptions);
+    });
+  });
+
+  describe('parse', () => {
+    test('should parse data correctly', async () => {
+      const result = await networkDetails.parse(mockOptions, mockSearchStrategyResponse);
+      expect(result).toMatchObject(formattedSearchStrategyResponse);
+    });
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildNetworkDetailsQuery } from './query.details_network.dsl';
+import { mockOptions, expectedDsl } from './__mocks__';
+
+describe('buildNetworkDetailsQuery', () => {
+  test('build query from options correctly', () => {
+    expect(buildNetworkDetailsQuery(mockOptions)).toEqual(expectedDsl);
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/index.test.ts

@@ -0,0 +1,185 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { IEsSearchResponse } from '../../../../../../../../../../src/plugins/data/common';
+
+import {
+  Direction,
+  NetworkDnsFields,
+  NetworkDnsRequestOptions,
+  NetworkQueries,
+} from '../../../../../../../common/search_strategy';
+
+export const mockOptions: NetworkDnsRequestOptions = {
+  defaultIndex: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  factoryQueryType: NetworkQueries.dns,
+  filterQuery: '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
+  isPtrIncluded: false,
+  pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 50, querySize: 10 },
+  sort: { field: NetworkDnsFields.uniqueDomains, direction: Direction.desc },
+  timerange: { interval: '12h', from: '2020-09-13T09:00:43.249Z', to: '2020-09-14T09:00:43.249Z' },
+};
+
+export const mockSearchStrategyResponse: IEsSearchResponse<unknown> = {
+  isPartial: false,
+  isRunning: false,
+  rawResponse: {
+    took: 28,
+    timed_out: false,
+    _shards: { total: 21, successful: 21, skipped: 0, failed: 0 },
+    hits: { max_score: 0, hits: [], total: 0 },
+    aggregations: {
+      dns_count: { value: 2 },
+      dns_name_query_count: {
+        doc_count_error_upper_bound: 0,
+        sum_other_doc_count: 0,
+        buckets: [
+          {
+            key: 'google.com',
+            doc_count: 1,
+            unique_domains: { value: 1 },
+            dns_bytes_in: { value: 0 },
+            dns_bytes_out: { value: 0 },
+          },
+          {
+            key: 'google.internal',
+            doc_count: 1,
+            unique_domains: { value: 1 },
+            dns_bytes_in: { value: 0 },
+            dns_bytes_out: { value: 0 },
+          },
+        ],
+      },
+    },
+  },
+  total: 21,
+  loaded: 21,
+};
+
+export const formattedSearchStrategyResponse = {
+  isPartial: false,
+  isRunning: false,
+  rawResponse: {
+    took: 28,
+    timed_out: false,
+    _shards: { total: 21, successful: 21, skipped: 0, failed: 0 },
+    hits: { max_score: 0, hits: [] },
+    aggregations: {
+      dns_count: { value: 2 },
+      dns_name_query_count: {
+        doc_count_error_upper_bound: 0,
+        sum_other_doc_count: 0,
+        buckets: [
+          {
+            key: 'google.com',
+            doc_count: 1,
+            unique_domains: { value: 1 },
+            dns_bytes_in: { value: 0 },
+            dns_bytes_out: { value: 0 },
+          },
+          {
+            key: 'google.internal',
+            doc_count: 1,
+            unique_domains: { value: 1 },
+            dns_bytes_in: { value: 0 },
+            dns_bytes_out: { value: 0 },
+          },
+        ],
+      },
+    },
+  },
+  total: 21,
+  loaded: 21,
+  edges: [
+    {
+      node: {
+        _id: 'google.com',
+        dnsBytesIn: 0,
+        dnsBytesOut: 0,
+        dnsName: 'google.com',
+        queryCount: 1,
+        uniqueDomains: 1,
+      },
+      cursor: { value: 'google.com', tiebreaker: null },
+    },
+    {
+      node: {
+        _id: 'google.internal',
+        dnsBytesIn: 0,
+        dnsBytesOut: 0,
+        dnsName: 'google.internal',
+        queryCount: 1,
+        uniqueDomains: 1,
+      },
+      cursor: { value: 'google.internal', tiebreaker: null },
+    },
+  ],
+  inspect: {
+    dsl: [
+      '{\n  "allowNoIndices": true,\n  "index": [\n    "apm-*-transaction*",\n    "auditbeat-*",\n    "endgame-*",\n    "filebeat-*",\n    "logs-*",\n    "packetbeat-*",\n    "winlogbeat-*"\n  ],\n  "ignoreUnavailable": true,\n  "body": {\n    "aggregations": {\n      "dns_count": {\n        "cardinality": {\n          "field": "dns.question.registered_domain"\n        }\n      },\n      "dns_name_query_count": {\n        "terms": {\n          "field": "dns.question.registered_domain",\n          "size": 10,\n          "order": {\n            "unique_domains": "desc"\n          }\n        },\n        "aggs": {\n          "unique_domains": {\n            "cardinality": {\n              "field": "dns.question.name"\n            }\n          },\n          "dns_bytes_in": {\n            "sum": {\n              "field": "source.bytes"\n            }\n          },\n          "dns_bytes_out": {\n            "sum": {\n              "field": "destination.bytes"\n            }\n          }\n        }\n      }\n    },\n    "query": {\n      "bool": {\n        "filter": [\n          "{\\"bool\\":{\\"must\\":[],\\"filter\\":[{\\"match_all\\":{}}],\\"should\\":[],\\"must_not\\":[]}}",\n          {\n            "range": {\n              "@timestamp": {\n                "gte": "2020-09-13T09:00:43.249Z",\n                "lte": "2020-09-14T09:00:43.249Z",\n                "format": "strict_date_optional_time"\n              }\n            }\n          }\n        ],\n        "must_not": [\n          {\n            "term": {\n              "dns.question.type": {\n                "value": "PTR"\n              }\n            }\n          }\n        ]\n      }\n    }\n  },\n  "size": 0,\n  "track_total_hits": false\n}',
+    ],
+  },
+  pageInfo: { activePage: 0, fakeTotalCount: 2, showMorePagesIndicator: false },
+  totalCount: 2,
+};
+
+export const expectedDsl = {
+  allowNoIndices: true,
+  index: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  ignoreUnavailable: true,
+  body: {
+    aggregations: {
+      dns_count: { cardinality: { field: 'dns.question.registered_domain' } },
+      dns_name_query_count: {
+        terms: {
+          field: 'dns.question.registered_domain',
+          size: 10,
+          order: { unique_domains: 'desc' },
+        },
+        aggs: {
+          unique_domains: { cardinality: { field: 'dns.question.name' } },
+          dns_bytes_in: { sum: { field: 'source.bytes' } },
+          dns_bytes_out: { sum: { field: 'destination.bytes' } },
+        },
+      },
+    },
+    query: {
+      bool: {
+        filter: [
+          '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
+          {
+            range: {
+              '@timestamp': {
+                gte: '2020-09-13T09:00:43.249Z',
+                lte: '2020-09-14T09:00:43.249Z',
+                format: 'strict_date_optional_time',
+              },
+            },
+          },
+        ],
+        must_not: [{ term: { 'dns.question.type': { value: 'PTR' } } }],
+      },
+    },
+  },
+  size: 0,
+  track_total_hits: false,
+};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.test.ts

@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import * as buildQuery from './query.dns_network.dsl';
+import { networkDns } from '.';
+import {
+  mockOptions,
+  mockSearchStrategyResponse,
+  formattedSearchStrategyResponse,
+} from './__mocks__';
+
+describe('networkDns search strategy', () => {
+  const mockBuildDnsQuery = jest.spyOn(buildQuery, 'buildDnsQuery');
+
+  afterEach(() => {
+    mockBuildDnsQuery.mockClear();
+  });
+
+  describe('buildDsl', () => {
+    test('should build dsl query', () => {
+      networkDns.buildDsl(mockOptions);
+      expect(mockBuildDnsQuery).toHaveBeenCalledWith(mockOptions);
+    });
+  });
+
+  describe('parse', () => {
+    test('should parse data correctly', async () => {
+      const result = await networkDns.parse(mockOptions, mockSearchStrategyResponse);
+      expect(result).toMatchObject(formattedSearchStrategyResponse);
+    });
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/__mocks__/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildDnsQuery } from './query.dns_network.dsl';
+import { mockOptions, expectedDsl } from './__mocks__';
+
+describe('buildDnsQuery', () => {
+  test('build query from options correctly', () => {
+    expect(buildDnsQuery(mockOptions)).toEqual(expectedDsl);
+  });
+});