[Defend workflows] Stop spreading whole request to ES dsl (elastic#16…

…2116)
e40pud · Jul 19, 2023 · 9c7dda0 · 9c7dda0
1 parent c472fb0
commit 9c7dda0
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/index.ts
@@ -39,7 +39,20 @@ export const osquerySearchStrategyProvider = <T extends FactoryQueryTypes>(
         })
       ).pipe(
         mergeMap((exists) => {
-          const dsl = queryFactory.buildDsl({ ...request, componentTemplateExists: exists });
+          const strictRequest = {
+            factoryQueryType: request.factoryQueryType,
+            filterQuery: request.filterQuery,
+            ...('aggregations' in request ? { aggregations: request.aggregations } : {}),
+            ...('pagination' in request ? { pagination: request.pagination } : {}),
+            ...('sort' in request ? { sort: request.sort } : {}),
+            ...('actionId' in request ? { actionId: request.actionId } : {}),
+            ...('agentId' in request ? { agentId: request.agentId } : {}),
+          };
+
+          const dsl = queryFactory.buildDsl({
+            ...strictRequest,
+            componentTemplateExists: exists,
+          } as StrategyRequestType<T>);
           // use internal user for searching .fleet* indices
           es =
             dsl.index?.includes('fleet') || dsl.index?.includes('logs-osquery_manager.action')
@@ -48,7 +61,7 @@ export const osquerySearchStrategyProvider = <T extends FactoryQueryTypes>(
 
           return es.search(
             {
-              ...request,
+              ...strictRequest,
               params: dsl,
             },
             options,