Merge pull request #888 from utmstack/bugfix/v10.5.15/False-positive-alerts-displayed-in-dashboard-overview

fix: escape ':' character in FilterType JSON conditions to prevent query parsing issues

Author: mjabascal10

CHANGELOG.md

@@ -1,3 +1,4 @@
 # UTMStack 10.5.16 Release Notes
 ## Bugfix
-- False positive alerts displayed in Dashboard Overview
+- False positive alerts displayed in Dashboard Overview
+- Correct query parsing for filterType conditions with special characters

backend/src/main/java/com/park/utmstack/service/elasticsearch/SearchUtil.java

@@ -127,8 +127,9 @@ private static void buildContainOperator(BoolQuery.Builder bool, FilterType filt
         final String ctx = CLASSNAME + ".buildContainOperator";
         try {
             filter.validate();
+            String value = CustomStringEscapeUtil.openSearchQueryStringEscap(String.valueOf(filter.getValue()));
             bool.filter(f -> f.queryString(s -> s.fields(filter.getField())
-                .query("*" + filter.getValue() + "*")
+                .query("*" + value + "*")
                 .defaultOperator(Operator.And)
                 .lenient(true)
                 .type(TextQueryType.BestFields)));
@@ -141,8 +142,9 @@ private static void buildDoesNotContainOperator(BoolQuery.Builder bool, FilterTy
         final String ctx = CLASSNAME + ".buildDoesNotContainOperator";
         try {
             filter.validate();
+            String value = CustomStringEscapeUtil.openSearchQueryStringEscap(String.valueOf(filter.getValue()));
             bool.mustNot(n -> n.queryString(s -> s.fields(filter.getField())
-                .query("*" + filter.getValue() + "*")
+                .query("*" + value + "*")
                 .defaultOperator(Operator.And)
                 .lenient(true)
                 .type(TextQueryType.BestFields)));

backend/src/main/java/com/park/utmstack/util/AlertUtil.java

@@ -33,7 +33,7 @@ public Long countAlertsByStatus(int status) {
 
             List<FilterType> filters = new ArrayList<>();
             filters.add(new FilterType(Constants.alertStatus, OperatorType.IS, status));
-            filters.add(new FilterType(Constants.alertTags, OperatorType.IS_NOT, Constants.FALSE_POSITIVE_TAG));
+            filters.add(new FilterType(Constants.alertTags, OperatorType.DOES_NOT_CONTAIN, Constants.FALSE_POSITIVE_TAG));
 
             SearchRequest.Builder srb = new SearchRequest.Builder();
             srb.query(SearchUtil.toQuery(filters))

frontend/src/app/data-management/alert-management/alert-view/alert-view.component.ts

@@ -148,7 +148,6 @@ export class AlertViewComponent implements OnInit, OnDestroy {
                 this.changeParamsByDataType(type).then(() => this.setDefaultParams());
               });
             }
-            this.setDefaultParams();
           });
         });
       } else {
@@ -428,14 +427,14 @@ export class AlertViewComponent implements OnInit, OnDestroy {
       this.filters = filters;
       this.page = 1;
       this.getAlert('on generic filter change');
-      this.updateStatusServiceBehavior.$updateStatus.next(true);
+      // this.updateStatusServiceBehavior.$updateStatus.next(true);
       this.alertFiltersBehavior.$filters.next(this.filters);
     });
   }
 
   processFilters(filter: ElasticFilterType): Promise<ElasticFilterType[]> {
     return new Promise<ElasticFilterType[]>(resolve => {
-      const indexFilters = this.filters.findIndex(value => filter.field.includes(value.field));
+      const indexFilters = this.filters.findIndex(value => filter.field === value.field && value.value !== FALSE_POSITIVE_OBJECT.tagName);
       if (indexFilters === -1) {
         this.filters.push(filter);
       } else {

frontend/src/app/data-management/alert-management/shared/components/filters/alert-generic-filter/alert-generic-filter.component.ts

@@ -1,4 +1,6 @@
-import {Component, EventEmitter, Input, OnInit, Output} from '@angular/core';
+import {Component, EventEmitter, Input, OnDestroy, OnInit, Output} from '@angular/core';
+import {Subject} from 'rxjs';
+import {takeUntil} from 'rxjs/operators';
 import {ALERT_TAGS_FIELD} from '../../../../../../shared/constants/alert/alert-field.constant';
 import {ALERT_INDEX_PATTERN} from '../../../../../../shared/constants/main-index-pattern.constant';
 import {ElasticDataTypesEnum} from '../../../../../../shared/enums/elastic-data-types.enum';
@@ -14,7 +16,7 @@ import {AlertUpdateTagBehavior} from '../../../behavior/alert-update-tag.behavio
   templateUrl: './alert-generic-filter.component.html',
   styleUrls: ['./alert-generic-filter.component.scss']
 })
-export class AlertGenericFilterComponent implements OnInit {
+export class AlertGenericFilterComponent implements OnInit, OnDestroy {
   @Output() filterGenericChange = new EventEmitter<ElasticFilterType>();
   @Input() fieldFilter: UtmFieldType;
   activeFilters: ElasticFilterType[] = [];
@@ -27,6 +29,7 @@ export class AlertGenericFilterComponent implements OnInit {
   top = 6;
   filter: ElasticFilterType;
   sort: { orderByCount: boolean, sortAsc: boolean } = {orderByCount: true, sortAsc: false};
+  destroy$: Subject<void> = new Subject<void>();
 
   constructor(private elasticSearchIndexService: ElasticSearchIndexService,
               private alertFiltersBehavior: AlertFiltersBehavior,
@@ -39,7 +42,9 @@ export class AlertGenericFilterComponent implements OnInit {
      * If filter is tags subscribe to changes to reload data on add new tag on alert
      */
     if (this.fieldFilter.field === ALERT_TAGS_FIELD) {
-      this.alertUpdateTagBehavior.$tagRefresh.subscribe(tagUpdate => {
+      this.alertUpdateTagBehavior.$tagRefresh
+        .pipe(takeUntil(this.destroy$))
+        .subscribe(tagUpdate => {
         if (tagUpdate) {
           this.getFieldValues();
         }
@@ -48,12 +53,16 @@ export class AlertGenericFilterComponent implements OnInit {
     /**
      * Reset all values of selected filter
      */
-    this.alertFiltersBehavior.$resetFilter.subscribe(reset => {
+    this.alertFiltersBehavior.$resetFilter
+      .pipe(takeUntil(this.destroy$))
+      .subscribe(reset => {
       if (reset) {
         this.selected = [];
       }
     });
-    this.alertFiltersBehavior.$deleteFilterValue.subscribe(deleteFilter => {
+    this.alertFiltersBehavior.$deleteFilterValue
+      .pipe(takeUntil(this.destroy$))
+      .subscribe(deleteFilter => {
       if (deleteFilter) {
         const deleteField = deleteFilter.field.replace('.keyword', '');
         if (this.fieldFilter.field === deleteField) {
@@ -64,7 +73,9 @@ export class AlertGenericFilterComponent implements OnInit {
         }
       }
     });
-    this.alertFiltersBehavior.$filters.subscribe((filters: ElasticFilterType[]) => {
+    this.alertFiltersBehavior.$filters
+      .pipe(takeUntil(this.destroy$))
+      .subscribe((filters: ElasticFilterType[]) => {
       if (filters) {
         this.activeFilters = filters;
         this.getFieldValues();
@@ -160,4 +171,9 @@ export class AlertGenericFilterComponent implements OnInit {
     this.sort = $event;
     this.getFieldValues();
   }
+
+  ngOnDestroy() {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
 }

frontend/src/app/data-management/alert-management/shared/components/filters/status-filter/status-filter.component.ts

@@ -1,4 +1,6 @@
-import {Component, EventEmitter, Input, OnInit, Output} from '@angular/core';
+import {Component, EventEmitter, Input, OnDestroy, OnInit, Output} from '@angular/core';
+import {merge, Subject} from 'rxjs';
+import {filter, map, takeUntil} from "rxjs/operators";
 import {ALERT_STATUS_FIELD} from '../../../../../../shared/constants/alert/alert-field.constant';
 import {ALL_STATUS, AUTOMATIC_REVIEW, CLOSED, IGNORED, OPEN, REVIEW} from '../../../../../../shared/constants/alert/alert-status.constant';
 import {ALERT_INDEX_PATTERN} from '../../../../../../shared/constants/main-index-pattern.constant';
@@ -16,7 +18,7 @@ import {getCurrentAlertStatus} from '../../../util/alert-util-function';
   templateUrl: './status-filter.component.html',
   styleUrls: ['./status-filter.component.scss']
 })
-export class StatusFilterComponent implements OnInit {
+export class StatusFilterComponent implements OnInit, OnDestroy {
   @Input() dataNature: DataNatureTypeEnum;
   @Input() filters: ElasticFilterType[];
   @Input() dataType: EventDataTypeEnum;
@@ -35,6 +37,7 @@ export class StatusFilterComponent implements OnInit {
   ];
   allStatusValue = ALL_STATUS;
   autoReview = AUTOMATIC_REVIEW;
+  destroy$: Subject<void> = new Subject();
 
   constructor(private elasticSearchIndexService: ElasticSearchIndexService,
               private alertFiltersBehavior: AlertFiltersBehavior,
@@ -45,25 +48,26 @@ export class StatusFilterComponent implements OnInit {
     if (typeof this.statusFilter === 'string') {
       this.statusFilter = Number(this.statusFilter);
     }
-    this.getValuesOfStatus();
-    /**
-     * Update amount on alert status change
-     */
-    this.updateStatusServiceBehavior.$updateStatus.subscribe((update) => {
-      if (update) {
-        this.getValuesOfStatus();
-      }
-    });
-    /**
-     * Update amount on filter change
-     */
-    this.alertFiltersBehavior.$filters.subscribe(value => {
-      if (value) {
-        this.filters = value;
-        this.statusFilter = getCurrentAlertStatus(this.filters);
+
+    merge(
+      this.updateStatusServiceBehavior.$updateStatus.pipe(
+        filter(value => !!value),
+        map(() => ({source: 'updateStatus', filters: null}))
+      ),
+      this.alertFiltersBehavior.$filters.pipe(
+        filter(value => !!value),
+        map((filters) => ({source: 'filters', filters}))
+      )
+    )
+      .pipe(takeUntil(this.destroy$))
+      .subscribe((event) => {
+        if (event.source === 'filters') {
+          this.filters = event.filters;
+          this.statusFilter = getCurrentAlertStatus(this.filters);
+        }
         this.getValuesOfStatus();
-      }
-    });
+      });
+
   }
 
   getValuesOfStatus() {
@@ -137,4 +141,9 @@ export class StatusFilterComponent implements OnInit {
       return true;
     }
   }
+
+  ngOnDestroy() {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
 }