diff --git a/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx index f0b5931e54436..9eab42f5cec73 100644 --- a/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx @@ -14,7 +14,7 @@ import { AutocompleteFieldWildcardComponent } from '.'; import { useFieldValueAutocomplete } from '../hooks/use_field_value_autocomplete'; import { fields, getField } from '../fields/index.mock'; import { autocompleteStartMock } from '../autocomplete/index.mock'; -import { FILENAME_WILDCARD_WARNING, FILEPATH_WARNING } from '@kbn/securitysolution-utils'; +import { WILDCARD_WARNING, FILEPATH_WARNING } from '@kbn/securitysolution-utils'; jest.mock('../hooks/use_field_value_autocomplete'); jest.mock('../translations', () => ({ @@ -368,7 +368,7 @@ describe('AutocompleteFieldWildcardComponent', () => { placeholder="Placeholder text" selectedField={getField('file.path.text')} selectedValue="invalid path" - warning={FILENAME_WILDCARD_WARNING} + warning={WILDCARD_WARNING} /> ); @@ -384,7 +384,7 @@ describe('AutocompleteFieldWildcardComponent', () => { const helpText = wrapper .find('[data-test-subj="valuesAutocompleteWildcardLabel"] div.euiFormHelpText') .at(0); - expect(helpText.text()).toEqual(FILENAME_WILDCARD_WARNING); + expect(helpText.text()).toEqual(WILDCARD_WARNING); expect(helpText.find('.euiToolTipAnchor')).toBeTruthy(); }); test('should show the warning helper text if the new value contains spaces when change', async () => { @@ -412,7 +412,7 @@ describe('AutocompleteFieldWildcardComponent', () => { placeholder="Placeholder text" selectedField={getField('file.path.text')} selectedValue="invalid path" - warning={FILENAME_WILDCARD_WARNING} + warning={WILDCARD_WARNING} /> ); diff --git a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx index 3595b96d7e426..954b14a8ea244 100644 --- a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx @@ -223,6 +223,7 @@ describe('operator', () => { { label: 'is one of' }, { label: 'is not one of' }, { label: 'matches' }, + { label: 'does not match' }, ]); }); diff --git a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts index f9caa6387e359..c236cacad6a2c 100644 --- a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts +++ b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts @@ -109,6 +109,7 @@ export const EVENT_FILTERS_OPERATORS: OperatorOption[] = [ isOneOfOperator, isNotOneOfOperator, matchesOperator, + doesNotMatchOperator, ]; /* diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts index 5bb84816b1602..f877683caec10 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts @@ -11,11 +11,43 @@ import { hasSimpleExecutableName, OperatingSystem, ConditionEntryField, + validatePotentialWildcardInput, validateFilePathInput, - FILENAME_WILDCARD_WARNING, + validateWildcardInput, + WILDCARD_WARNING, FILEPATH_WARNING, } from '.'; +describe('validatePotentialWildcardInput', () => { + it('warns on wildcard when field is file.path.text', () => { + expect( + validatePotentialWildcardInput({ + field: 'file.path.text', + os: OperatingSystem.WINDOWS, + value: 'c:\\path*.exe', + }) + ).toEqual(WILDCARD_WARNING); + }); + it('warns on wildcard when field is not file.path.text', () => { + expect( + validatePotentialWildcardInput({ + field: 'event.category', + os: OperatingSystem.WINDOWS, + value: 'some*value', + }) + ).toEqual(WILDCARD_WARNING); + }); +}); + +describe('validateWildcardInput', () => { + it('warns on wildcard for fields that are not file paths', () => { + expect(validateWildcardInput('*')).toEqual(WILDCARD_WARNING); + }); + it('does not warn if no wildcard', () => { + expect(validateWildcardInput('non-wildcard')).toEqual(undefined); + }); +}); + describe('validateFilePathInput', () => { describe('windows', () => { const os = OperatingSystem.WINDOWS; @@ -36,15 +68,13 @@ describe('validateFilePathInput', () => { }); it('warns on wildcard in file name at the end of the path', () => { - expect(validateFilePathInput({ os, value: 'c:\\path*.exe' })).toEqual( - FILENAME_WILDCARD_WARNING - ); + expect(validateFilePathInput({ os, value: 'c:\\path*.exe' })).toEqual(WILDCARD_WARNING); expect( validateFilePathInput({ os, value: 'C:\\Windows\\*\\FILENAME.EXE-*.gz', }) - ).toEqual(FILENAME_WILDCARD_WARNING); + ).toEqual(WILDCARD_WARNING); }); it('warns on unix paths or non-windows paths', () => { @@ -65,20 +95,23 @@ describe('validateFilePathInput', () => { : OperatingSystem.LINUX; it('does not warn on valid filenames', () => { - expect(validateFilePathInput({ os, value: '/opt/*/FILENAME.EXE-1231205124.gz' })).not.toEqual( - FILENAME_WILDCARD_WARNING - ); + expect( + validateFilePathInput({ + os, + value: '/opt/*/FILENAME.EXE-1231205124.gz', + }) + ).not.toEqual(WILDCARD_WARNING); expect( validateFilePathInput({ os, value: "/opt/*/test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) - ).not.toEqual(FILENAME_WILDCARD_WARNING); + ).not.toEqual(WILDCARD_WARNING); }); it('warns on wildcard in file name at the end of the path', () => { - expect(validateFilePathInput({ os, value: '/opt/bin*' })).toEqual(FILENAME_WILDCARD_WARNING); + expect(validateFilePathInput({ os, value: '/opt/bin*' })).toEqual(WILDCARD_WARNING); expect(validateFilePathInput({ os, value: '/opt/FILENAME.EXE-*.gz' })).toEqual( - FILENAME_WILDCARD_WARNING + WILDCARD_WARNING ); }); diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts index ac7c17426e723..b2ae2d9fbceb7 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts @@ -8,8 +8,8 @@ import { i18n } from '@kbn/i18n'; -export const FILENAME_WILDCARD_WARNING = i18n.translate('utils.filename.wildcardWarning', { - defaultMessage: `Using wildcards in file paths can impact Endpoint performance`, +export const WILDCARD_WARNING = i18n.translate('utils.wildcardWarning', { + defaultMessage: `Using wildcards can impact Endpoint performance`, }); export const FILEPATH_WARNING = i18n.translate('utils.filename.pathWarning', { @@ -52,39 +52,60 @@ export enum OperatingSystem { export type EntryTypes = 'match' | 'wildcard' | 'match_any'; export type TrustedAppEntryTypes = Extract; -export const validateFilePathInput = ({ +export const validatePotentialWildcardInput = ({ + field = '', os, value = '', }: { + field?: string; os: OperatingSystem; value?: string; }): string | undefined => { const textInput = value.trim(); + if (field === 'file.path.text') { + return validateFilePathInput({ os, value: textInput }); + } + return validateWildcardInput(textInput); +}; + +export const validateFilePathInput = ({ + os, + value, +}: { + os: OperatingSystem; + value: string; +}): string | undefined => { const isValidFilePath = isPathValid({ os, field: 'file.path.text', type: 'wildcard', - value: textInput, + value, }); const hasSimpleFileName = hasSimpleExecutableName({ os, type: 'wildcard', - value: textInput, + value, }); - if (!textInput.length) { + if (!value.length) { return FILEPATH_WARNING; } if (isValidFilePath) { if (hasSimpleFileName !== undefined && !hasSimpleFileName) { - return FILENAME_WILDCARD_WARNING; + return WILDCARD_WARNING; } } else { return FILEPATH_WARNING; } }; +export const validateWildcardInput = (value?: string): string | undefined => { + if (/[*?]/.test(value ?? '')) { + return WILDCARD_WARNING; + } +}; + export const hasSimpleExecutableName = ({ os, type, diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 7edcf5b53f724..5c2bfb9045688 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validateFilePathInput } from '@kbn/securitysolution-utils'; +import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateFilePathInput as jest.Mock).mockReturnValue('some warning message'); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateFilePathInput as jest.Mock).mockReturnValue(undefined); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( = ({ const renderOperatorInput = (isFirst: boolean): JSX.Element => { // for event filters forms - // show extra operators for wildcards when field is `file.path.text` - const isFilePathTextField = entry.field !== undefined && entry.field.name === 'file.path.text'; + // show extra operators for wildcards when field supports matches + const doesFieldSupportMatches = entry.field !== undefined && fieldSupportsMatches(entry.field); const isEventFilterList = listType === 'endpoint_events'; const augmentedOperatorsList = - operatorsList && isFilePathTextField && isEventFilterList + operatorsList && doesFieldSupportMatches && isEventFilterList ? operatorsList : operatorsList?.filter((operator) => operator.type !== OperatorTypeEnum.WILDCARD); @@ -358,8 +359,8 @@ export const BuilderEntryItem: React.FC = ({ } }; - // show this when wildcard filename with matches operator - const getWildcardWarning = (precedingWarning: string): React.ReactNode => { + // show this when wildcard with matches operator + const getWildcardWarningInfo = (precedingWarning: string): React.ReactNode => { return (

{precedingWarning}{' '} @@ -368,7 +369,7 @@ export const BuilderEntryItem: React.FC = ({ content={ } size="m" @@ -430,11 +431,13 @@ export const BuilderEntryItem: React.FC = ({ if (osTypes) { [os] = osTypes as OperatingSystem[]; } - const warning = validateFilePathInput({ os, value: wildcardValue }); + const warning = validatePotentialWildcardInput({ + field: entry.field?.name, + os, + value: wildcardValue, + }); actualWarning = - warning === FILENAME_WILDCARD_WARNING - ? warning && getWildcardWarning(warning) - : warning; + warning === WILDCARD_WARNING ? warning && getWildcardWarningInfo(warning) : warning; } return ( diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts index 3cc350629ff96..ef3982166e19b 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts +++ b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts @@ -212,7 +212,7 @@ describe('Exception builder helpers', () => { expect(output).toEqual(expected); }); - test('it returns all fields unfiletered if "item.nested" is not "child" or "parent"', () => { + test('it returns all fields unfiltered if "item.nested" is not "child" or "parent"', () => { const payloadIndexPattern = getMockIndexPattern(); const payloadItem: FormattedBuilderEntry = getMockBuilderEntry(); const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx index ac7422619ee07..d872eee2d2cee 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx @@ -17,6 +17,7 @@ import { OS_WINDOWS, CONDITION_AND, CONDITION_OPERATOR_TYPE_WILDCARD_MATCHES, + CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH, CONDITION_OPERATOR_TYPE_NESTED, CONDITION_OPERATOR_TYPE_MATCH, CONDITION_OPERATOR_TYPE_MATCH_ANY, @@ -47,6 +48,7 @@ const OPERATOR_TYPE_LABELS_INCLUDED = Object.freeze({ const OPERATOR_TYPE_LABELS_EXCLUDED = Object.freeze({ [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_NOT_MATCH, + [ListOperatorTypeEnum.WILDCARD]: CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH, }); const EuiFlexGroupNested = styled(EuiFlexGroup)` diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts index 273cda46aa721..2024541091d57 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts @@ -68,6 +68,13 @@ export const CONDITION_OPERATOR_TYPE_WILDCARD_MATCHES = i18n.translate( } ); +export const CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.wildcardDoesNotMatchOperator', + { + defaultMessage: 'DOES NOT MATCH', + } +); + export const CONDITION_OPERATOR_TYPE_NESTED = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.nestedOperator', { diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 9c0f8b699540a..e2479f11384d7 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -43451,7 +43451,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.", "unifiedDocViewer.sourceViewer.refresh": "Actualiser", "utils.filename.pathWarning": "Le chemin est peut-être incorrectement formé ; vérifiez la valeur", - "utils.filename.wildcardWarning": "l'utilisation de caractères génériques dans les chemins de fichier peut affecter les performances du point de terminaison", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "Active la bibliothèque de graphiques héritée pour les graphiques de jauge dans Visualize.", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "Bibliothèque de graphiques héritée pour les jauges", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "Alignement", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 564e643b52a7d..460fa6b2fa01c 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -43441,7 +43441,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました", "unifiedDocViewer.sourceViewer.refresh": "更新", "utils.filename.pathWarning": "パスの形式が正しくない可能性があります。値を検証してください", - "utils.filename.wildcardWarning": "ファイルパスでワイルドカードを使用すると、エンドポイントのパフォーマンスに影響する可能性があります", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "Visualizeでゲージグラフのレガシーグラフライブラリを有効にします。", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "ゲージグラフのレガシーグラフライブラリ", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "アラインメント", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index d3e27d0fcf2c1..f88e3e80f8c05 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -43435,7 +43435,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误", "unifiedDocViewer.sourceViewer.refresh": "刷新", "utils.filename.pathWarning": "路径的格式可能不正确;请验证值", - "utils.filename.wildcardWarning": "在文件路径中使用通配符可能会影响终端性能", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "在 Visualize 中启用仪表盘图表的旧版图表库。", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "仪表盘旧版图表库", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "对齐方式",