[backend] Added bulk create expectation traces endpoint (#2873)

Author: impolitepanda

openbas-api/src/main/java/io/openbas/migration/V3_82__Add_Unique_constraint_injects_expectations_traces.java

@@ -0,0 +1,29 @@
+package io.openbas.migration;
+
+import java.sql.Connection;
+import java.sql.Statement;
+import org.flywaydb.core.api.migration.BaseJavaMigration;
+import org.flywaydb.core.api.migration.Context;
+import org.springframework.stereotype.Component;
+
+@Component
+public class V3_82__Add_Unique_constraint_injects_expectations_traces extends BaseJavaMigration {
+
+  @Override
+  public void migrate(Context context) throws Exception {
+    Connection connection = context.getConnection();
+    Statement select = connection.createStatement();
+
+    select.execute(
+        " DELETE FROM injects_expectations_traces iet WHERE exists ("
+            + "  SELECT 1 from injects_expectations_traces iet1"
+            + "  WHERE iet.inject_expectation_trace_expectation = iet1.inject_expectation_trace_expectation"
+            + "  AND iet.inject_expectation_trace_source_id = iet1.inject_expectation_trace_source_id"
+            + "  AND iet.inject_expectation_trace_alert_link = iet1.inject_expectation_trace_alert_link"
+            + "  AND iet.inject_expectation_trace_alert_name = iet1.inject_expectation_trace_alert_name"
+            + ");");
+
+    select.execute(
+        "ALTER TABLE injects_expectations_traces ADD CONSTRAINT unique_injects_expectations_traces_constraint UNIQUE (inject_expectation_trace_expectation, inject_expectation_trace_source_id, inject_expectation_trace_alert_link, inject_expectation_trace_alert_name);");
+  }
+}

openbas-api/src/main/java/io/openbas/rest/expectation/ExpectationApi.java

@@ -3,6 +3,7 @@
 import io.openbas.database.model.InjectExpectation;
 import io.openbas.rest.exercise.form.ExpectationUpdateInput;
 import io.openbas.rest.helper.RestBehavior;
+import io.openbas.rest.inject.form.InjectExpectationBulkUpdateInput;
 import io.openbas.rest.inject.form.InjectExpectationUpdateInput;
 import io.openbas.service.InjectExpectationService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -139,4 +140,14 @@ public InjectExpectation updateInjectExpectation(
       @Valid @RequestBody @NotNull InjectExpectationUpdateInput input) {
     return injectExpectationService.updateInjectExpectation(expectationId, input);
   }
+
+  @Operation(
+      summary = "Bulk Update Inject Expectation",
+      description = "Bulk Update Inject expectation from an external source, e.g., EDR collector.")
+  @PutMapping(INJECTS_EXPECTATIONS_URI + "/bulk")
+  @Transactional(rollbackOn = Exception.class)
+  public void updateInjectExpectation(
+      @Valid @RequestBody @NotNull InjectExpectationBulkUpdateInput inputs) {
+    injectExpectationService.bulkUpdateInjectExpectation(inputs.getInputs());
+  }
 }

openbas-api/src/main/java/io/openbas/rest/inject/form/InjectExpectationBulkUpdateInput.java

@@ -0,0 +1,21 @@
+package io.openbas.rest.inject.form;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import jakarta.validation.constraints.NotNull;
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
+@Data
+public class InjectExpectationBulkUpdateInput {
+
+  /** Map of expectation IDs to their corresponding update inputs. */
+  @NotNull
+  @JsonProperty("inputs")
+  private Map<String, InjectExpectationUpdateInput> inputs;
+}

openbas-api/src/main/java/io/openbas/rest/inject_expectation_trace/InjectExpectationTraceApi.java

@@ -1,48 +1,87 @@
 package io.openbas.rest.inject_expectation_trace;
 
+import io.openbas.aop.LogExecutionTime;
 import io.openbas.database.model.Collector;
 import io.openbas.database.model.InjectExpectationTrace;
 import io.openbas.database.repository.CollectorRepository;
-import io.openbas.database.repository.InjectExpectationRepository;
+import io.openbas.database.repository.InjectExpectationTraceRepository;
 import io.openbas.rest.exception.ElementNotFoundException;
 import io.openbas.rest.helper.RestBehavior;
+import io.openbas.rest.inject_expectation_trace.form.InjectExpectationTraceBulkInsertInput;
 import io.openbas.rest.inject_expectation_trace.form.InjectExpectationTraceInput;
 import io.openbas.service.InjectExpectationTraceService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotNull;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.java.Log;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RequiredArgsConstructor
 @RestController
-@RequestMapping("/api/inject-expectations-traces")
+@RequestMapping(InjectExpectationTraceApi.INJECT_EXPECTATION_TRACES_URI)
 @PreAuthorize("isAdmin()")
+@Log
 public class InjectExpectationTraceApi extends RestBehavior {
 
   public static final String INJECT_EXPECTATION_TRACES_URI = "/api/inject-expectations-traces";
 
   private final InjectExpectationTraceService injectExpectationTraceService;
-  private final InjectExpectationRepository injectExpectationRepository;
+  private final InjectExpectationTraceRepository injectExpectationTraceRepository;
   private final CollectorRepository collectorRepository;
 
+  /**
+   * @deprecated since 1.16.0, forRemoval = true
+   * @see #bulkInsertInjectExpectationTraceForCollector(InjectExpectationTraceBulkInsertInput)
+   */
+  @Deprecated(since = "1.16.0", forRemoval = true)
+  @Operation(
+      summary =
+          "Create inject expectation trace for collector. Deprecated since 1.16.0. Replaced by "
+              + INJECT_EXPECTATION_TRACES_URI
+              + "/bulk")
   @PostMapping()
   public InjectExpectationTrace createInjectExpectationTraceForCollector(
       @Valid @RequestBody InjectExpectationTraceInput input) {
-    InjectExpectationTrace injectExpectationTrace = new InjectExpectationTrace();
-    injectExpectationTrace.setUpdateAttributes(input);
-    injectExpectationTrace.setInjectExpectation(
-        injectExpectationRepository
-            .findById(input.getInjectExpectationId())
-            .orElseThrow(() -> new ElementNotFoundException("Inject expectation not found")));
-    Collector collector =
-        collectorRepository
-            .findById(input.getSourceId())
-            .orElseThrow(() -> new ElementNotFoundException("Collector not found"));
-    injectExpectationTrace.setSecurityPlatform(collector.getSecurityPlatform());
-    return this.injectExpectationTraceService.createInjectExpectationTrace(injectExpectationTrace);
+
+    InjectExpectationTraceBulkInsertInput bulkInput = new InjectExpectationTraceBulkInsertInput();
+    bulkInput.setExpectationTraces(List.of(input));
+
+    this.bulkInsertInjectExpectationTraceForCollector(bulkInput);
+    // fetch the inserted data from the DB
+    return this.injectExpectationTraceRepository
+        .findByAlertLink(input.getAlertLink())
+        .orElseThrow(ElementNotFoundException::new);
+  }
+
+  /**
+   * Bulk insert inject expectation traces for a collector.
+   *
+   * @param inputs the list of inject expectation trace inputs to be inserted
+   */
+  @Operation(summary = "Bulk insert inject expectation traces")
+  @ApiResponses(
+      value = {
+        @ApiResponse(
+            responseCode = "200",
+            description = "Inject expectation traces inserted successfully")
+      })
+  @LogExecutionTime
+  @PostMapping("/bulk")
+  public void bulkInsertInjectExpectationTraceForCollector(
+      @Valid @RequestBody @NotNull InjectExpectationTraceBulkInsertInput inputs) {
+    if (inputs.getExpectationTraces().isEmpty()) {
+      return;
+    }
+    this.injectExpectationTraceService.bulkInsertInjectExpectationTraces(
+        inputs.getExpectationTraces());
   }
 
+  @Operation(summary = "Get inject expectation traces from collector")
   @GetMapping()
   public List<InjectExpectationTrace> getInjectExpectationTracesFromCollector(
       @RequestParam String injectExpectationId, @RequestParam String sourceId) {
@@ -54,6 +93,7 @@ public List<InjectExpectationTrace> getInjectExpectationTracesFromCollector(
         injectExpectationId, collector.getSecurityPlatform().getId());
   }
 
+  @Operation(summary = "Get inject expectation traces' count")
   @GetMapping("/count")
   public long getAlertLinksNumber(
       @RequestParam String injectExpectationId,

openbas-api/src/main/java/io/openbas/rest/inject_expectation_trace/form/InjectExpectationTraceBulkInsertInput.java

@@ -0,0 +1,15 @@
+package io.openbas.rest.inject_expectation_trace.form;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import io.openbas.config.AppConfig;
+import jakarta.validation.constraints.NotNull;
+import java.util.List;
+import lombok.Data;
+
+@Data
+public class InjectExpectationTraceBulkInsertInput {
+
+  @JsonProperty("expectation_traces")
+  @NotNull(message = AppConfig.MANDATORY_MESSAGE)
+  private List<InjectExpectationTraceInput> expectationTraces;
+}

openbas-api/src/main/java/io/openbas/service/InjectExpectationService.java

@@ -29,10 +29,12 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.java.Log;
 import org.springframework.data.jpa.domain.Specification;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+@Log
 @RequiredArgsConstructor
 @Service
 public class InjectExpectationService {
@@ -418,6 +420,56 @@ public InjectExpectation updateInjectExpectation(
     return injectExpectation;
   }
 
+  public void bulkUpdateInjectExpectation(
+      @Valid @NotNull Map<String, InjectExpectationUpdateInput> inputs) {
+    if (inputs.isEmpty()) {
+      return;
+    }
+
+    List<InjectExpectation> injectExpectations =
+        fromIterable(this.injectExpectationRepository.findAllById(inputs.keySet()));
+    Map<String, InjectExpectation> expectationsToUpdate =
+        injectExpectations.stream().collect(Collectors.toMap(InjectExpectation::getId, e -> e));
+
+    Collector collector =
+        this.collectorRepository
+            .findById(
+                inputs.values().stream()
+                    .findFirst()
+                    .orElseThrow(ElementNotFoundException::new)
+                    .getCollectorId())
+            .orElseThrow(ElementNotFoundException::new);
+
+    // Update inject expectation at agent level
+    for (Map.Entry<String, InjectExpectationUpdateInput> entry : inputs.entrySet()) {
+      String injectExpectationId = entry.getKey();
+      InjectExpectationUpdateInput input = entry.getValue();
+
+      InjectExpectation injectExpectation = expectationsToUpdate.get(injectExpectationId);
+      if (injectExpectation == null) {
+        log.severe("Inject expectation not found for ID: " + injectExpectationId);
+        continue;
+      }
+
+      injectExpectation =
+          this.computeExpectation(
+              injectExpectation,
+              collector.getId(),
+              COLLECTOR,
+              collector.getName(),
+              input.getResult(),
+              input.getIsSuccess(),
+              input.getMetadata());
+
+      Inject inject = injectExpectation.getInject();
+      // Compute potential expectations for asset
+      propagateUpdateToAssets(injectExpectation, inject, collector);
+      // Compute potential expectations for asset groups
+      propagateUpdateToAssetGroups(inject, collector);
+      // end of computing
+    }
+  }
+
   private void propagateUpdateToAssets(
       InjectExpectation injectExpectation, Inject inject, Collector collector) {
     InjectExpectation finalInjectExpectation = injectExpectation;

openbas-api/src/main/java/io/openbas/service/InjectExpectationTraceService.java

@@ -1,16 +1,21 @@
 package io.openbas.service;
 
+import io.openbas.database.model.Collector;
+import io.openbas.database.model.InjectExpectation;
 import io.openbas.database.model.InjectExpectationTrace;
 import io.openbas.database.model.SecurityPlatform;
+import io.openbas.database.raw.impl.SimpleRawExpectationTrace;
+import io.openbas.database.repository.CollectorRepository;
 import io.openbas.database.repository.InjectExpectationTraceRepository;
 import io.openbas.database.repository.SecurityPlatformRepository;
 import io.openbas.rest.exception.ElementNotFoundException;
+import io.openbas.rest.inject_expectation_trace.form.InjectExpectationTraceInput;
 import jakarta.validation.constraints.NotNull;
-import java.util.List;
-import java.util.Optional;
+import java.util.*;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.java.Log;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 @Service
 @Log
@@ -19,24 +24,9 @@ public class InjectExpectationTraceService {
 
   private final InjectExpectationTraceRepository injectExpectationTraceRepository;
   private final SecurityPlatformRepository securityPlatformRepository;
-  private static final String COLLECTOR_TYPE = "collector";
+  private final CollectorRepository collectorRepository;
 
-  public InjectExpectationTrace createInjectExpectationTrace(
-      @NotNull InjectExpectationTrace injectExpectationTrace) {
-    Optional<InjectExpectationTrace> existingTrace =
-        this.injectExpectationTraceRepository
-            .findByAlertLinkAndAlertNameAndSecurityPlatformAndInjectExpectation(
-                injectExpectationTrace.getAlertLink(),
-                injectExpectationTrace.getAlertName(),
-                injectExpectationTrace.getSecurityPlatform(),
-                injectExpectationTrace.getInjectExpectation());
-    if (existingTrace.isPresent()) {
-      log.info("Existing trace present, no creation");
-      return existingTrace.get();
-    } else {
-      return this.injectExpectationTraceRepository.save(injectExpectationTrace);
-    }
-  }
+  private static final String COLLECTOR_TYPE = "collector";
 
   public List<InjectExpectationTrace> getInjectExpectationTracesFromCollector(
       @NotNull String injectExpectationId, @NotNull String sourceId) {
@@ -59,4 +49,48 @@ public long getAlertLinksNumber(
       return this.injectExpectationTraceRepository.countAlerts(injectExpectationId, sourceId);
     }
   }
+
+  @Transactional(rollbackFor = Exception.class)
+  public void bulkInsertInjectExpectationTraces(
+      @NotNull List<InjectExpectationTraceInput> injectExpectationTraces) {
+    if (injectExpectationTraces.isEmpty()) {
+      return;
+    }
+    // We start by deduplicating the data, to avoid duplicates in the database
+    // Convert the input list to InjectExpectationTrace objects and extract oldest trace's date
+    // Start by getting the collector. We can take the first one since they are all the same
+    Collector collector =
+        collectorRepository
+            .findById(injectExpectationTraces.getFirst().getSourceId())
+            .orElseThrow(() -> new ElementNotFoundException("Collector not found"));
+    Map<SimpleRawExpectationTrace, InjectExpectationTrace> traces = new HashMap<>();
+    injectExpectationTraces.forEach(
+        input -> {
+          // Convert input to InjectExpectationTrace
+          InjectExpectationTrace trace = new InjectExpectationTrace();
+          trace.setUpdateAttributes(input);
+          trace.setSecurityPlatform(collector.getSecurityPlatform());
+          // We don't need to fetch the actual expectation here, we can just set the id as there is
+          // no cascade
+          trace.setInjectExpectation(new InjectExpectation());
+          trace.getInjectExpectation().setId(input.getInjectExpectationId());
+
+          SimpleRawExpectationTrace simpleTrace = SimpleRawExpectationTrace.of(trace);
+
+          traces.computeIfAbsent(simpleTrace, k -> trace);
+        });
+
+    // Save the remaining traces
+    for (InjectExpectationTrace trace : traces.values()) {
+      this.injectExpectationTraceRepository.insertIfNotExists(
+          UUID.randomUUID().toString(),
+          trace.getInjectExpectation().getId(),
+          trace.getSecurityPlatform().getId(),
+          trace.getAlertLink(),
+          trace.getAlertName(),
+          trace.getAlertDate(),
+          trace.getCreatedAt(),
+          trace.getUpdatedAt());
+    }
+  }
 }