-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SECURITY_SOLUTION][ENDPOINT] Create Trusted Apps API changes to process user input #78079
[SECURITY_SOLUTION][ENDPOINT] Create Trusted Apps API changes to process user input #78079
Conversation
…ted-apps-data-conversion-for-artifact
Pinging @elastic/endpoint-management (Team:Endpoint Management) |
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
return { | ||
_tags: tagsListFromOs(os), | ||
comments: [], | ||
description, | ||
entries, | ||
// @ts-ignore |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the error here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kevinlog ,
It has to do with the fact that entries
in Trusted Apps is an Array of different types base on the outer value for os
and in order to get around it, we would have to do (needless) runtime castings using type guards. In this instance, i think it's ok to ignore it, but open to suggestions.
@@ -138,24 +232,26 @@ describe('when invoking endpoint trusted apps route handlers', () => { | |||
|
|||
describe('when creating a trusted app', () => { | |||
let routeHandler: RequestHandler<undefined, PostTrustedAppCreateRequest>; | |||
const createNewTrustedAppBody = (): PostTrustedAppCreateRequest => ({ | |||
const createNewTrustedAppBody = (): { | |||
-readonly [k in keyof PostTrustedAppCreateRequest]: PostTrustedAppCreateRequest[k]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does this syntax mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes the object "own keys" mutable (you can mutate them). Its short of writing a Mutable<>
generic interface (to undo what our Immutable<>
generic does :)
…ess user input (elastic#78079) * Convert new trusted app data to expected format for artifact * Renamed condition field `process.path` to `process.path.text` * determine hash type based on length of hash value * Convert `process.hash.[sha1|md5|sha256]` to `process.hash.*` for return on list api * Add test for conversion of ExceptionItem to TrustedApp Item
…ess user input (#78079) (#78211) * Convert new trusted app data to expected format for artifact * Renamed condition field `process.path` to `process.path.text` * determine hash type based on length of hash value * Convert `process.hash.[sha1|md5|sha256]` to `process.hash.*` for return on list api * Add test for conversion of ExceptionItem to TrustedApp Item
Summary
When creating a new trusted app entry, the API will now process the user input data and perform the following:
md5
,sha1
orsha256
) is used based on the value enteredAs a result of the above changes, the
GET
Trusted Apps List API was also updated to ensure that entries forhash
have their field name adjusted back toprocess.hash.*
A change was also made to the
process.path
condition field to useprocess.path.text
as the name, which will cause the Endpoint artifact to be generated with"type:: "exact_caseless"
Example of a generated Window Artifact:
Checklist