[Security Solution] blocklist create/edit form

packages/kbn-securitysolution-utils/src/path_validations/index.ts

@@ -28,7 +28,9 @@ export const enum OperatingSystem {
   WINDOWS = 'windows',
 }
 
-export type TrustedAppEntryTypes = 'match' | 'wildcard';
+export type EntryTypes = 'match' | 'wildcard' | 'match_any';
+export type TrustedAppEntryTypes = Extract<EntryTypes, 'match' | 'wildcard'>;
+
 /*
  * regex to match executable names
  * starts matching from the eol of the path
@@ -82,7 +84,7 @@ export const hasSimpleExecutableName = ({
   value,
 }: {
   os: OperatingSystem;
-  type: TrustedAppEntryTypes;
+  type: EntryTypes;
   value: string;
 }): boolean => {
   if (type === 'wildcard') {
@@ -99,7 +101,7 @@ export const isPathValid = ({
 }: {
   os: OperatingSystem;
   field: ConditionEntryField | 'file.path.text';
-  type: TrustedAppEntryTypes;
+  type: EntryTypes;
   value: string;
 }): boolean => {
   if (field === ConditionEntryField.PATH || field === 'file.path.text') {

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts

@@ -12,7 +12,7 @@ import {
   PutTrustedAppUpdateRequestSchema,
 } from './trusted_apps';
 import { ConditionEntryField, OperatingSystem } from '@kbn/securitysolution-utils';
-import { ConditionEntry, NewTrustedApp, PutTrustedAppsRequestParams } from '../types';
+import { TrustedAppConditionEntry, NewTrustedApp, PutTrustedAppsRequestParams } from '../types';
 
 describe('When invoking Trusted Apps Schema', () => {
   describe('for GET List', () => {
@@ -94,7 +94,7 @@ describe('When invoking Trusted Apps Schema', () => {
   });
 
   describe('for POST Create', () => {
-    const createConditionEntry = <T>(data?: T): ConditionEntry => ({
+    const createConditionEntry = <T>(data?: T): TrustedAppConditionEntry => ({
       field: ConditionEntryField.PATH,
       type: 'match',
       operator: 'included',
@@ -378,7 +378,7 @@ describe('When invoking Trusted Apps Schema', () => {
   });
 
   describe('for PUT Update', () => {
-    const createConditionEntry = <T>(data?: T): ConditionEntry => ({
+    const createConditionEntry = <T>(data?: T): TrustedAppConditionEntry => ({
       field: ConditionEntryField.PATH,
       type: 'match',
       operator: 'included',

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts

@@ -7,7 +7,7 @@
 
 import { schema } from '@kbn/config-schema';
 import { ConditionEntryField, OperatingSystem } from '@kbn/securitysolution-utils';
-import { ConditionEntry } from '../types';
+import { TrustedAppConditionEntry } from '../types';
 import { getDuplicateFields, isValidHash } from '../service/trusted_apps/validations';
 
 export const DeleteTrustedAppsRequestSchema = {
@@ -96,7 +96,7 @@ const MacEntrySchema = schema.object({
 
 const entriesSchemaOptions = {
   minSize: 1,
-  validate(entries: ConditionEntry[]) {
+  validate(entries: TrustedAppConditionEntry[]) {
     return (
       getDuplicateFields(entries)
         .map((field) => `duplicatedEntry.${field}`)

x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/validations.ts

@@ -6,7 +6,7 @@
  */
 
 import { ConditionEntryField } from '@kbn/securitysolution-utils';
-import { ConditionEntry } from '../../types';
+import { TrustedAppConditionEntry } from '../../types';
 
 const HASH_LENGTHS: readonly number[] = [
   32, // MD5
@@ -18,8 +18,8 @@ const INVALID_CHARACTERS_PATTERN = /[^0-9a-f]/i;
 export const isValidHash = (value: string) =>
   HASH_LENGTHS.includes(value.length) && !INVALID_CHARACTERS_PATTERN.test(value);
 
-export const getDuplicateFields = (entries: ConditionEntry[]) => {
-  const groupedFields = new Map<ConditionEntryField, ConditionEntry[]>();
+export const getDuplicateFields = (entries: TrustedAppConditionEntry[]) => {
+  const groupedFields = new Map<ConditionEntryField, TrustedAppConditionEntry[]>();
 
   entries.forEach((entry) => {
     // With the move to the Exception Lists api, the server side now validates individual

x-pack/plugins/security_solution/common/endpoint/types/exception_list_items.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ConditionEntryField, EntryTypes } from '@kbn/securitysolution-utils';
+
+export type ConditionEntriesMap<T> = {
+  [K in ConditionEntryField]?: T;
+};
+
+export interface ConditionEntry<
+  F extends ConditionEntryField = ConditionEntryField,
+  T extends EntryTypes = EntryTypes
+> {
+  field: F;
+  type: T;
+  operator: 'included';
+  value: string | string[];
+}

x-pack/plugins/security_solution/common/endpoint/types/index.ts

@@ -12,6 +12,7 @@ import { ManifestSchema } from '../schema/manifest';
 export * from './actions';
 export * from './os';
 export * from './trusted_apps';
+export type { ConditionEntriesMap, ConditionEntry } from './exception_list_items';
 
 /**
  * Supported React-Router state for the Policy Details page

x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts

@@ -19,6 +19,7 @@ import {
   PutTrustedAppUpdateRequestSchema,
   GetTrustedAppsSummaryRequestSchema,
 } from '../schema/trusted_apps';
+import { ConditionEntry } from './exception_list_items';
 
 /** API request params for deleting Trusted App entry */
 export type DeleteTrustedAppsRequestParams = TypeOf<typeof DeleteTrustedAppsRequestSchema.params>;
@@ -75,17 +76,18 @@ export enum OperatorFieldIds {
   matches = 'matches',
 }
 
-export interface ConditionEntry<T extends ConditionEntryField = ConditionEntryField> {
+export interface TrustedAppConditionEntry<T extends ConditionEntryField = ConditionEntryField>
+  extends ConditionEntry {
   field: T;
   type: TrustedAppEntryTypes;
   operator: 'included';
   value: string;
 }
 
-export type MacosLinuxConditionEntry = ConditionEntry<
+export type MacosLinuxConditionEntry = TrustedAppConditionEntry<
   ConditionEntryField.HASH | ConditionEntryField.PATH
 >;
-export type WindowsConditionEntry = ConditionEntry<
+export type WindowsConditionEntry = TrustedAppConditionEntry<
   ConditionEntryField.HASH | ConditionEntryField.PATH | ConditionEntryField.SIGNER
 >;
 

x-pack/plugins/security_solution/common/utils/path_placeholder.ts

@@ -4,11 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import {
-  ConditionEntryField,
-  OperatingSystem,
-  TrustedAppEntryTypes,
-} from '@kbn/securitysolution-utils';
+import { ConditionEntryField, OperatingSystem, EntryTypes } from '@kbn/securitysolution-utils';
 
 export const getPlaceholderText = () => ({
   windows: {
@@ -28,7 +24,7 @@ export const getPlaceholderTextByOSType = ({
 }: {
   os: OperatingSystem;
   field: ConditionEntryField;
-  type: TrustedAppEntryTypes;
+  type: EntryTypes;
 }): string | undefined => {
   if (field === ConditionEntryField.PATH) {
     if (os === OperatingSystem.WINDOWS) {

x-pack/plugins/security_solution/public/common/utils/exception_list_items/index.ts

@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export {
+  conditionEntriesToEntries,
+  entriesToConditionEntriesMap,
+  entriesToConditionEntries,
+} from './mappers';