Merge branch 'main' of https://github.com/elastic/kibana into dashboard-api/update-search-schema

Author: cqliu1

src/platform/packages/shared/controls/controls-schemas/src/controls_group_schema.ts

@@ -48,7 +48,7 @@ export const pinnedControlSchema = schema.object({
   }),
 });
 
-export const getControlsGroupSchema = () => {
+export const getControlsGroupSchema = (isInternalReadRequest: boolean = false) => {
   const pinnedControl = pinnedControlSchema.getPropSchemas();
   return schema.arrayOf(
     /**
@@ -119,7 +119,7 @@ export const getControlsGroupSchema = () => {
     ]),
     {
       defaultValue: [],
-      maxSize: 100,
+      maxSize: isInternalReadRequest ? Number.MAX_SAFE_INTEGER : 100,
       meta: { description: 'An array of control panels and their state in the control group.' },
     }
   );

src/platform/packages/shared/kbn-monaco/src/languages/console/console_errors_provider.ts

@@ -32,13 +32,15 @@ export const setupConsoleErrorsProvider = (workerProxyService: ConsoleWorkerProx
     monaco.editor.setModelMarkers(
       model,
       CONSOLE_LANG_ID,
-      errors.map(({ offset, text }) => {
+      errors.map(({ offset, endOffset, text }) => {
         const { column, lineNumber } = model.getPositionAt(offset);
+        const endPosition =
+          endOffset !== undefined ? model.getPositionAt(endOffset) : { column, lineNumber };
         return {
           startLineNumber: lineNumber,
           startColumn: column,
-          endLineNumber: lineNumber,
-          endColumn: column,
+          endLineNumber: endPosition.lineNumber,
+          endColumn: endPosition.column,
           message: text,
           severity: monaco.MarkerSeverity.Error,
         };

src/platform/packages/shared/kbn-monaco/src/languages/console/parser.test.ts

@@ -186,6 +186,99 @@ describe('console parser', () => {
     ]);
   });
 
+  describe('request-line method boundary', () => {
+    // The first token of a request line must have one canonical method
+    // interpretation. A valid method prefix followed by non-whitespace
+    // characters (e.g. `GETT`, `POSTS`, `PUThjjkjoj`) must not be silently
+    // accepted as the matching method with a malformed url tail.
+    const methodBoundaryError = 'Expected one of GET/POST/PUT/DELETE/HEAD/PATCH';
+
+    it('rejects a valid method prefix followed by extra letters (`GETT _search`)', () => {
+      const { errors } = parser('GETT _search')!;
+      expect(errors.length).toBeGreaterThanOrEqual(1);
+      expect(errors[0].text).toBe(methodBoundaryError);
+    });
+
+    it('rejects a valid method prefix followed by an `S` suffix (`POSTS _search`)', () => {
+      const { errors } = parser('POSTS _search')!;
+      expect(errors.length).toBeGreaterThanOrEqual(1);
+      expect(errors[0].text).toBe(methodBoundaryError);
+    });
+
+    it('rejects a method with arbitrary trailing characters (`PUThjjkjoj /my-index`)', () => {
+      const { errors } = parser('PUThjjkjoj /my-index')!;
+      expect(errors.length).toBeGreaterThanOrEqual(1);
+      expect(errors[0].text).toBe(methodBoundaryError);
+    });
+
+    it('recovers and continues parsing the next request after an invalid method line', () => {
+      const input = 'GETT _search\nPOST _bulk';
+      const { requests, errors } = parser(input)!;
+      // First request is invalid: errors are recorded
+      expect(errors.length).toBeGreaterThanOrEqual(1);
+      expect(errors[0].text).toBe(methodBoundaryError);
+      // Second request is parsed correctly
+      const validRequest = requests.find(
+        (r) => r.endOffset !== undefined && r.endOffset >= 'GETT _search\n'.length
+      );
+      expect(validRequest).toBeDefined();
+    });
+
+    it('marks every consecutive invalid-method-prefix line, not only the first', () => {
+      const input = 'PUThjjkjoj /my-index\nGETT _search\nPOSTS _bulk\nGET _ok';
+      const { requests, errors } = parser(input)!;
+      // Each of the three invalid-prefix lines must produce its own marker
+      // so users see them all, not only the first one.
+      const boundaryErrors = errors.filter((e) => e.text === methodBoundaryError);
+      expect(boundaryErrors.length).toBe(3);
+      // The final valid request must also be captured despite the preceding
+      // boundary errors.
+      const validRequest = requests.find(
+        (r) =>
+          r.startOffset === 'PUThjjkjoj /my-index\nGETT _search\nPOSTS _bulk\n'.length &&
+          r.endOffset !== undefined
+      );
+      expect(validRequest).toBeDefined();
+    });
+
+    // The boundary is "next character separates the method from the URL/body".
+    // These tables lock in which inputs are accepted vs rejected.
+    it.each([
+      ['GET_index', 'underscore'],
+      ['GET2 _x', 'digit'],
+      ['GETSomething', 'letter'],
+      ['HEADX _x', 'letter'],
+      ['DELETEX _x', 'letter'],
+      ['PATCHX _x', 'letter'],
+      ['GET/_search', 'slash'],
+      ['GET?q=1', 'question mark'],
+      ['GET-foo', 'dash'],
+      ['GET*', 'star'],
+    ])('rejects invalid method boundary: %s (%s)', (input) => {
+      const { errors } = parser(input)!;
+      expect(errors.length).toBe(1);
+      expect(errors[0].text).toBe(methodBoundaryError);
+      expect(errors[0].offset).toBe(0);
+      expect(errors[0].endOffset).toBe(input.split(/[ \t\r\n]/)[0].length);
+    });
+
+    it.each([
+      ['GET _search', 'space'],
+      ['GET\t_search', 'tab'],
+      ['GET', 'end-of-input'],
+    ])('accepts request-line separator after method: %s (%s)', (input) => {
+      const { errors, requests } = parser(input)!;
+      expect(errors.filter((e) => e.text === methodBoundaryError)).toEqual([]);
+      expect(requests.length).toBe(1);
+    });
+
+    it('does not falsely flag a method whose url contains identifier chars (`GET _index_internal`)', () => {
+      const { errors, requests } = parser('GET _index_internal')!;
+      expect(errors).toEqual([]);
+      expect(requests.length).toBe(1);
+    });
+  });
+
   it('handles # and // comment lines between requests', () => {
     const input = '# c\nGET _search\n// c2\nPOST _test';
     const { requests, errors } = parser(input)!;

src/platform/packages/shared/kbn-monaco/src/languages/console/parser.ts

@@ -32,8 +32,20 @@ export const createParser = (): ConsoleParser => {
   };
   let text = '';
   let errors: ErrorAnnotation[] = [];
-  const addError = function (errorText: string) {
-    errors.push({ text: errorText, offset: at });
+  const addError = function (errorText: string, offset = at, endOffset?: number) {
+    const errorAnnotation: ErrorAnnotation = { text: errorText, offset };
+    if (endOffset !== undefined) {
+      errorAnnotation.endOffset = endOffset;
+    }
+    errors.push(errorAnnotation);
+  };
+  const hasErrorCoveringOffset = function (offset: number) {
+    return errors.some(
+      (errorAnnotation) =>
+        errorAnnotation.endOffset !== undefined &&
+        errorAnnotation.offset <= offset &&
+        offset <= errorAnnotation.endOffset
+    );
   };
   let requests: ParsedRequest[] = [];
   let requestStartOffset: number | undefined;
@@ -57,8 +69,8 @@ export const createParser = (): ConsoleParser => {
     lastRequest.endOffset = requestEndOffset;
     requests.push(lastRequest);
   };
-  const error = function (m: string): never {
-    throw Object.assign(new SyntaxError(m), { at, text });
+  const error = function (m: string, errorAt = at, errorEndAt?: number): never {
+    throw Object.assign(new SyntaxError(m), { at: errorAt, endAt: errorEndAt, text });
   };
   const reset = function (newAt: number) {
     ch = text.charAt(newAt);
@@ -95,6 +107,16 @@ export const createParser = (): ConsoleParser => {
   const peek = function (offset: number) {
     return text.charAt(at + offset);
   };
+  const isRequestLineSeparator = function (character: string) {
+    return character === ' ' || character === '\t' || character === '\n' || character === '\r';
+  };
+  const readCurrentLineTokenEndOffset = function (startOffset: number) {
+    let tokenEndOffset = startOffset;
+    while (tokenEndOffset < text.length && !isRequestLineSeparator(text[tokenEndOffset])) {
+      tokenEndOffset++;
+    }
+    return tokenEndOffset;
+  };
   const number = function () {
     let numString = '';
 
@@ -234,6 +256,18 @@ export const createParser = (): ConsoleParser => {
     }
     return error("Unexpected '" + ch + "'");
   };
+  // After consuming method letters, the next character must separate the
+  // method from the URL/body: horizontal whitespace, a line break, or
+  // end-of-input. Anything else is part of an invalid method token.
+  const methodBoundary = function () {
+    if (ch && !isRequestLineSeparator(ch)) {
+      error(
+        'Expected one of GET/POST/PUT/DELETE/HEAD/PATCH',
+        requestStartOffset ?? at,
+        readCurrentLineTokenEndOffset(at)
+      );
+    }
+  };
   // parses and returns the method
   const method = function () {
     const upperCaseChar = ch.toUpperCase();
@@ -242,12 +276,14 @@ export const createParser = (): ConsoleParser => {
         nextOneOf(['G', 'g']);
         nextOneOf(['E', 'e']);
         nextOneOf(['T', 't']);
+        methodBoundary();
         return 'GET';
       case 'H':
         nextOneOf(['H', 'h']);
         nextOneOf(['E', 'e']);
         nextOneOf(['A', 'a']);
         nextOneOf(['D', 'd']);
+        methodBoundary();
         return 'HEAD';
       case 'D':
         nextOneOf(['D', 'd']);
@@ -256,6 +292,7 @@ export const createParser = (): ConsoleParser => {
         nextOneOf(['E', 'e']);
         nextOneOf(['T', 't']);
         nextOneOf(['E', 'e']);
+        methodBoundary();
         return 'DELETE';
       case 'P':
         nextOneOf(['P', 'p']);
@@ -266,15 +303,18 @@ export const createParser = (): ConsoleParser => {
             nextOneOf(['T', 't']);
             nextOneOf(['C', 'c']);
             nextOneOf(['H', 'h']);
+            methodBoundary();
             return 'PATCH';
           case 'U':
             nextOneOf(['U', 'u']);
             nextOneOf(['T', 't']);
+            methodBoundary();
             return 'PUT';
           case 'O':
             nextOneOf(['O', 'o']);
             nextOneOf(['S', 's']);
             nextOneOf(['T', 't']);
+            methodBoundary();
             return 'POST';
           default:
             error("Unexpected '" + ch + "'");
@@ -417,10 +457,16 @@ export const createParser = (): ConsoleParser => {
         request();
         white();
       } catch (e: unknown) {
-        addError(getErrorMessage(e));
+        const syntaxError = e as { at?: number; endAt?: number };
+        addError(getErrorMessage(e), syntaxError.at, syntaxError.endAt);
         // snap
         const remainingText = text.substr(at);
-        const nextMethodIndex = remainingText.search(/^\s*(POST|HEAD|GET|PUT|DELETE|PATCH)\b/im);
+        // Match the verb without a trailing `\b` so that lines starting with
+        // a valid method prefix but continuing with identifier characters
+        // (`GETT`, `POSTS`, `PUThjjkjoj`) are picked up as recovery anchors;
+        // `method()` then re-throws at the boundary and an error annotation
+        // is recorded for each such line.
+        const nextMethodIndex = remainingText.search(/^\s*(POST|HEAD|GET|PUT|DELETE|PATCH)/im);
         const nextCommentLine = remainingText.search(/^\s*(#|\/\*|\/\/).*$/m);
         if (nextMethodIndex === -1 && nextCommentLine === -1) {
           // If there are no comments or other requests after the error, there is no point in parsing more so we stop here
@@ -444,7 +490,9 @@ export const createParser = (): ConsoleParser => {
     multiRequest();
     white();
     if (ch) {
-      addError('Syntax error');
+      if (!hasErrorCoveringOffset(at)) {
+        addError('Syntax error');
+      }
     }
 
     const result = { errors, requests };

src/platform/packages/shared/kbn-monaco/src/languages/console/types.ts

@@ -9,6 +9,7 @@
 
 export interface ErrorAnnotation {
   offset: number;
+  endOffset?: number;
   text: string;
 }
 

src/platform/plugins/shared/dashboard/server/api/dashboard_state_schemas.ts

@@ -121,7 +121,7 @@ const sectionGridSchema = schema.object({
   y: schema.number({ meta: { description: 'The y coordinate of the section in grid units.' } }),
 });
 
-export function getSectionSchema(isDashboardAppRequest: boolean) {
+export function getSectionSchema(isDashboardAppRequest: boolean, isReadRequest: boolean = false) {
   return schema.object(
     {
       title: schema.string({
@@ -138,7 +138,7 @@ export function getSectionSchema(isDashboardAppRequest: boolean) {
       panels: schema.arrayOf(getPanelSchema(isDashboardAppRequest), {
         meta: { description: 'The panels that belong to the section.' },
         defaultValue: [],
-        maxSize: MAX_PANELS,
+        maxSize: isDashboardAppRequest && isReadRequest ? Number.MAX_SAFE_INTEGER : MAX_PANELS,
       }),
       id: schema.maybe(
         schema.string({
@@ -230,16 +230,19 @@ export const accessControlSchema = schema.maybe(
   )
 );
 
-export function getDashboardStateSchema(isDashboardAppRequest: boolean) {
+export function getDashboardStateSchema(
+  isDashboardAppRequest: boolean,
+  isReadRequest: boolean = false
+) {
   return schema.object(
     {
-      pinned_panels: getPinnedPanelsSchema(),
+      pinned_panels: getPinnedPanelsSchema(isDashboardAppRequest && isReadRequest),
       description: schema.maybe(
         schema.string({ meta: { description: 'A short description of the dashboard.' } })
       ),
       filters: schema.maybe(
         schema.arrayOf(asCodeFilterSchema, {
-          maxSize: 500,
+          maxSize: isDashboardAppRequest && isReadRequest ? Number.MAX_SAFE_INTEGER : 500,
           meta: {
             description: 'Filters applied across all panels, including pinned panels.',
           },
@@ -249,11 +252,11 @@ export function getDashboardStateSchema(isDashboardAppRequest: boolean) {
       panels: schema.arrayOf(
         schema.oneOf([
           getPanelSchema(isDashboardAppRequest),
-          getSectionSchema(isDashboardAppRequest),
+          getSectionSchema(isDashboardAppRequest, isReadRequest),
         ]),
         {
           defaultValue: [],
-          maxSize: MAX_PANELS,
+          maxSize: isDashboardAppRequest && isReadRequest ? Number.MAX_SAFE_INTEGER : MAX_PANELS,
           meta: {
             description:
               'Panels and sections in the dashboard. Each entry is either a panel (with a `type` and `config`) or a collapsible section (with a `title`, `collapsed` state, and nested `panels`).',
@@ -272,7 +275,7 @@ export function getDashboardStateSchema(isDashboardAppRequest: boolean) {
       refresh_interval: schema.maybe(refreshIntervalSchema),
       tags: schema.maybe(
         schema.arrayOf(schema.string(), {
-          maxSize: 100,
+          maxSize: isDashboardAppRequest && isReadRequest ? Number.MAX_SAFE_INTEGER : 100,
           meta: { description: 'Tag IDs to associate with this dashboard.' },
         })
       ),

src/platform/plugins/shared/dashboard/server/api/read/register_read_route.ts

@@ -37,7 +37,7 @@ export function registerReadRoute(
   // Route is registered during setup and before all plugins have registered embeddable schemas.
   // Instead, use once to only call getDashboardStateSchema the first time a route handler is executed.
   const getCachedDashboardStateSchema = once(() => {
-    return getDashboardStateSchema(isDashboardAppRequest);
+    return getDashboardStateSchema(isDashboardAppRequest, true);
   });
 
   readRoute.addVersion(

src/platform/plugins/shared/dashboard/server/api/read/schemas.ts

@@ -20,7 +20,7 @@ export function getReadResponseBodySchema(isDashboardAppRequest: boolean) {
           'The unique ID of the dashboard, as returned by the create or search endpoints.',
       },
     }),
-    data: getDashboardStateSchema(isDashboardAppRequest),
+    data: getDashboardStateSchema(isDashboardAppRequest, true),
     meta: asCodeMetaSchema,
     warnings: schema.maybe(warningsSchema),
   });

x-pack/platform/packages/shared/response-ops/alerting-v2-constants/src/artifacts.ts

@@ -8,6 +8,9 @@
 /** Artifact type identifier for runbooks */
 export const RUNBOOK_ARTIFACT_TYPE = 'runbook';
 
+/** Artifact type identifier for linked dashboards */
+export const DASHBOARD_ARTIFACT_TYPE = 'dashboard';
+
 /** Default maximum character length for artifact values (applies when no type-specific override exists) */
 export const DEFAULT_ARTIFACT_VALUE_LIMIT = 1024;
 

x-pack/platform/packages/shared/response-ops/alerting-v2-rule-form/flyout/__stories__/rule_form_flyout.stories.tsx

@@ -59,6 +59,11 @@ const mockServices = {
     EmbeddableComponent: () => null,
     stateHelperApi: () => ({}),
   } as any,
+  uiActions: {
+    getAction: async () => ({
+      execute: ({ onResults }: { onResults: (results: unknown[]) => void }) => onResults([]),
+    }),
+  } as any,
 };
 
 const mockFormServices: RuleFormServices = {
@@ -68,6 +73,7 @@ const mockFormServices: RuleFormServices = {
   application: mockServices.application,
   notifications: mockServices.notifications,
   lens: mockServices.lens,
+  uiActions: mockServices.uiActions,
 };
 
 // =============================================================================