From ff7830f53cb9b68e01f43c403e4054bbccc07caa Mon Sep 17 00:00:00 2001 From: Kevin Qualters <56408403+kqualters-elastic@users.noreply.github.com> Date: Fri, 22 Nov 2024 19:11:12 -0500 Subject: [PATCH] [Security Solution] Fix an error with nested fields being treated as keyword (#201473) ## Summary When formatting elasticsearch responses for the frontend, the timelines search strategies will treat unmapped fields as type: keyword. If the underlying field is actually an object, but is seen as a string in the code, this for (key in source) loop will fail, as it's trying to loop over a string. Fix below should have minimal effect as the data is accessible at the further nested keys. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit c6cb05996188ec7613d38f10de57dade356d12f7) --- .../timeline/factory/helpers/format_timeline_data.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts index 485ec64badd5c..481b74a802fec 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts @@ -34,7 +34,7 @@ const createBaseTimelineEdges = (): TimelineEdges => ({ function deepMerge(target: EventSource, source: EventSource) { for (const key in source) { - if (source[key] instanceof Object && key in target) { + if (source && source[key] instanceof Object && target && target[key] instanceof Object) { deepMerge(target[key], source[key]); } else { target[key] = source[key];