From d8a2be16cca5cf0bb081a4f964e868f860d4644b Mon Sep 17 00:00:00 2001 From: parkiino Date: Fri, 3 Nov 2023 03:34:12 -0400 Subject: [PATCH 01/18] update event filters to include more match options --- .../exceptions/components/builder/entry_renderer.tsx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx index 268c3bc373e70..321d9f4d5bcdd 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx @@ -30,6 +30,7 @@ import { EXCEPTION_OPERATORS_ONLY_LISTS, FormattedBuilderEntry, OperatorOption, + fieldSupportsMatches, getEntryOnFieldChange, getEntryOnListChange, getEntryOnMatchAnyChange, @@ -310,11 +311,11 @@ export const BuilderEntryItem: React.FC = ({ const renderOperatorInput = (isFirst: boolean): JSX.Element => { // for event filters forms - // show extra operators for wildcards when field is `file.path.text` - const isFilePathTextField = entry.field !== undefined && entry.field.name === 'file.path.text'; + // show extra operators for wildcards when field supports matches + const doesFieldSupportMatches = entry.field !== undefined && fieldSupportsMatches(entry.field); const isEventFilterList = listType === 'endpoint_events'; const augmentedOperatorsList = - operatorsList && isFilePathTextField && isEventFilterList + operatorsList && doesFieldSupportMatches && isEventFilterList ? operatorsList : operatorsList?.filter((operator) => operator.type !== OperatorTypeEnum.WILDCARD); From ca3dea7cad845a658cecfc96bb00f656a1106eef Mon Sep 17 00:00:00 2001 From: parkiino Date: Fri, 3 Nov 2023 04:51:46 -0400 Subject: [PATCH 02/18] make file path warning specific to file path --- .../public/exceptions/components/builder/entry_renderer.tsx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx index 321d9f4d5bcdd..d37e9a9ca3afa 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx @@ -431,7 +431,10 @@ export const BuilderEntryItem: React.FC = ({ if (osTypes) { [os] = osTypes as OperatingSystem[]; } - const warning = validateFilePathInput({ os, value: wildcardValue }); + const warning = + entry.field?.name === 'file.path.text' + ? validateFilePathInput({ os, value: wildcardValue }) + : undefined; actualWarning = warning === FILENAME_WILDCARD_WARNING ? warning && getWildcardWarning(warning) From cdf7daed7c69a9d0764aaa39899b7ff9c3865688 Mon Sep 17 00:00:00 2001 From: parkiino Date: Mon, 6 Nov 2023 17:48:55 -0500 Subject: [PATCH 03/18] fix test --- src/plugins/data_views/common/fields/fields.mocks.ts | 11 +++++++++++ .../components/builder/entry_renderer.test.tsx | 5 +++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/plugins/data_views/common/fields/fields.mocks.ts b/src/plugins/data_views/common/fields/fields.mocks.ts index bee37c3eb9761..87a5a7576475e 100644 --- a/src/plugins/data_views/common/fields/fields.mocks.ts +++ b/src/plugins/data_views/common/fields/fields.mocks.ts @@ -284,6 +284,17 @@ export const fields: FieldSpec[] = [ aggregatable: true, readFromDocValues: false, }, + { + name: 'file.path.text', + type: 'string', + esTypes: ['text'], + count: 0, + scripted: false, + searchable: true, + aggregatable: false, + readFromDocValues: false, + subType: { nested: { path: 'file.path.text' } }, + }, { name: 'nestedField.child', type: 'string', diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index b73379acd1518..2bffe35b37dae 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -1048,6 +1048,7 @@ describe('BuilderEntryItem', () => { }); test('it invokes "setWarningsExist" when invalid value in field value input', async () => { + console.log('the field name: ', getField('file.path.text')); const mockSetWarningsExists = jest.fn(); (validateFilePathInput as jest.Mock).mockReturnValue('some warning message'); @@ -1057,7 +1058,7 @@ describe('BuilderEntryItem', () => { entry={{ correspondingKeywordField: undefined, entryIndex: 0, - field: getField('nestedField.nestedChild.doublyNestedChild'), + field: getField('file.path.text'), id: '123', nested: undefined, operator: matchesOperator, @@ -1106,7 +1107,7 @@ describe('BuilderEntryItem', () => { entry={{ correspondingKeywordField: undefined, entryIndex: 0, - field: getField('nestedField.nestedChild.doublyNestedChild'), + field: getField('file.path.text'), id: '123', nested: undefined, operator: matchesOperator, From 0fc54961a402f41db2b488714d9bb488dab77219 Mon Sep 17 00:00:00 2001 From: parkiino Date: Mon, 6 Nov 2023 17:52:12 -0500 Subject: [PATCH 04/18] remove console.log --- .../public/exceptions/components/builder/entry_renderer.test.tsx | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 2bffe35b37dae..69b57dee09f70 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -1048,7 +1048,6 @@ describe('BuilderEntryItem', () => { }); test('it invokes "setWarningsExist" when invalid value in field value input', async () => { - console.log('the field name: ', getField('file.path.text')); const mockSetWarningsExists = jest.fn(); (validateFilePathInput as jest.Mock).mockReturnValue('some warning message'); From ed5ab97bab86b005c87c38c6f980d8dd3c825218 Mon Sep 17 00:00:00 2001 From: parkiino Date: Tue, 7 Nov 2023 22:47:11 -0500 Subject: [PATCH 05/18] fix test --- .../public/exceptions/components/builder/helpers.test.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts index 3cc350629ff96..5c926e586810c 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts +++ b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts @@ -203,6 +203,7 @@ describe('Exception builder helpers', () => { const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); const expected: DataViewBase = { fields: [ + { ...getField('file.path.text') }, { ...getField('nestedField.child') }, { ...getField('nestedField.nestedChild.doublyNestedChild') }, ], @@ -212,7 +213,7 @@ describe('Exception builder helpers', () => { expect(output).toEqual(expected); }); - test('it returns all fields unfiletered if "item.nested" is not "child" or "parent"', () => { + test('it returns all fields unfiltered if "item.nested" is not "child" or "parent"', () => { const payloadIndexPattern = getMockIndexPattern(); const payloadItem: FormattedBuilderEntry = getMockBuilderEntry(); const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); @@ -306,6 +307,7 @@ describe('Exception builder helpers', () => { const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); const expected: DataViewBase = { fields: [ + { ...getField('file.path.text') }, { ...getField('nestedField.child') }, { ...getField('nestedField.nestedChild.doublyNestedChild') }, getEndpointField('file.Ext.code_signature.status'), From e1a5144b1efd440c8a4010ba2c36b774c9379b2a Mon Sep 17 00:00:00 2001 From: parkiino Date: Thu, 9 Nov 2023 15:40:39 -0500 Subject: [PATCH 06/18] generalize wildcard warning --- .../src/path_validations/index.test.ts | 60 +++++++++++-------- .../src/path_validations/index.ts | 30 ++++++---- .../builder/entry_renderer.test.tsx | 6 +- .../components/builder/entry_renderer.tsx | 17 +++--- 4 files changed, 64 insertions(+), 49 deletions(-) diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts index 5bb84816b1602..3f26469859d9e 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts @@ -11,8 +11,8 @@ import { hasSimpleExecutableName, OperatingSystem, ConditionEntryField, - validateFilePathInput, - FILENAME_WILDCARD_WARNING, + validatePotentialWildcardInput, + WILDCARD_WARNING, FILEPATH_WARNING, } from '.'; @@ -22,13 +22,13 @@ describe('validateFilePathInput', () => { it('does not warn on valid filenames', () => { expect( - validateFilePathInput({ + validatePotentialWildcardInput({ os, value: 'C:\\Windows\\*\\FILENAME.EXE-1231205124.gz', }) ).not.toBeDefined(); expect( - validateFilePathInput({ + validatePotentialWildcardInput({ os, value: "C:\\Windows\\*\\test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) @@ -36,26 +36,30 @@ describe('validateFilePathInput', () => { }); it('warns on wildcard in file name at the end of the path', () => { - expect(validateFilePathInput({ os, value: 'c:\\path*.exe' })).toEqual( - FILENAME_WILDCARD_WARNING + expect(validatePotentialWildcardInput({ os, value: 'c:\\path*.exe' })).toEqual( + WILDCARD_WARNING ); expect( - validateFilePathInput({ + validatePotentialWildcardInput({ os, value: 'C:\\Windows\\*\\FILENAME.EXE-*.gz', }) - ).toEqual(FILENAME_WILDCARD_WARNING); + ).toEqual(WILDCARD_WARNING); }); it('warns on unix paths or non-windows paths', () => { - expect(validateFilePathInput({ os, value: '/opt/bin' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: '/opt/bin' })).toEqual(FILEPATH_WARNING); }); it('warns on malformed paths', () => { - expect(validateFilePathInput({ os, value: 'c:\\path/opt' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: 'c:\\folder\\' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'c:\\path/opt' })).toEqual( + FILEPATH_WARNING + ); + expect(validatePotentialWildcardInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'c:\\folder\\' })).toEqual( + FILEPATH_WARNING + ); }); }); describe('unix paths', () => { @@ -65,32 +69,36 @@ describe('validateFilePathInput', () => { : OperatingSystem.LINUX; it('does not warn on valid filenames', () => { - expect(validateFilePathInput({ os, value: '/opt/*/FILENAME.EXE-1231205124.gz' })).not.toEqual( - FILENAME_WILDCARD_WARNING - ); expect( - validateFilePathInput({ + validatePotentialWildcardInput({ os, value: '/opt/*/FILENAME.EXE-1231205124.gz' }) + ).not.toEqual(WILDCARD_WARNING); + expect( + validatePotentialWildcardInput({ os, value: "/opt/*/test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) - ).not.toEqual(FILENAME_WILDCARD_WARNING); + ).not.toEqual(WILDCARD_WARNING); }); it('warns on wildcard in file name at the end of the path', () => { - expect(validateFilePathInput({ os, value: '/opt/bin*' })).toEqual(FILENAME_WILDCARD_WARNING); - expect(validateFilePathInput({ os, value: '/opt/FILENAME.EXE-*.gz' })).toEqual( - FILENAME_WILDCARD_WARNING + expect(validatePotentialWildcardInput({ os, value: '/opt/bin*' })).toEqual(WILDCARD_WARNING); + expect(validatePotentialWildcardInput({ os, value: '/opt/FILENAME.EXE-*.gz' })).toEqual( + WILDCARD_WARNING ); }); it('warns on windows paths', () => { - expect(validateFilePathInput({ os, value: 'd:\\path\\file.exe' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'd:\\path\\file.exe' })).toEqual( + FILEPATH_WARNING + ); }); it('warns on malformed paths', () => { - expect(validateFilePathInput({ os, value: 'opt/bin\\file.exe' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); - expect(validateFilePathInput({ os, value: '/folder/' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'opt/bin\\file.exe' })).toEqual( + FILEPATH_WARNING + ); + expect(validatePotentialWildcardInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); + expect(validatePotentialWildcardInput({ os, value: '/folder/' })).toEqual(FILEPATH_WARNING); }); }); }); diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts index ac7c17426e723..a362335d4c13c 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts @@ -8,8 +8,8 @@ import { i18n } from '@kbn/i18n'; -export const FILENAME_WILDCARD_WARNING = i18n.translate('utils.filename.wildcardWarning', { - defaultMessage: `Using wildcards in file paths can impact Endpoint performance`, +export const WILDCARD_WARNING = i18n.translate('utils.wildcardWarning', { + defaultMessage: `Using wildcards can impact Endpoint performance`, }); export const FILEPATH_WARNING = i18n.translate('utils.filename.pathWarning', { @@ -52,20 +52,25 @@ export enum OperatingSystem { export type EntryTypes = 'match' | 'wildcard' | 'match_any'; export type TrustedAppEntryTypes = Extract; -export const validateFilePathInput = ({ +export const validatePotentialWildcardInput = ({ + fieldName = 'file.path.text', os, value = '', }: { + fieldName?: string; os: OperatingSystem; value?: string; }): string | undefined => { const textInput = value.trim(); - const isValidFilePath = isPathValid({ - os, - field: 'file.path.text', - type: 'wildcard', - value: textInput, - }); + const isFieldFilePath = fieldName === 'file.path.text'; + const isValidFilePath = + isFieldFilePath && + isPathValid({ + os, + field: 'file.path.text', + type: 'wildcard', + value: textInput, + }); const hasSimpleFileName = hasSimpleExecutableName({ os, type: 'wildcard', @@ -76,9 +81,12 @@ export const validateFilePathInput = ({ return FILEPATH_WARNING; } - if (isValidFilePath) { + if ( + (isFieldFilePath && isValidFilePath) || + (!isFieldFilePath && hasSimpleFileName !== undefined) + ) { if (hasSimpleFileName !== undefined && !hasSimpleFileName) { - return FILENAME_WILDCARD_WARNING; + return WILDCARD_WARNING; } } else { return FILEPATH_WARNING; diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index f3a58bb43b177..fad88def2003d 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validateFilePathInput } from '@kbn/securitysolution-utils'; +import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateFilePathInput as jest.Mock).mockReturnValue('some warning message'); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateFilePathInput as jest.Mock).mockReturnValue(undefined); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( = ({ if (osTypes) { [os] = osTypes as OperatingSystem[]; } - const warning = - entry.field?.name === 'file.path.text' - ? validateFilePathInput({ os, value: wildcardValue }) - : undefined; + const warning = validatePotentialWildcardInput({ + fieldName: entry.field?.name ?? '', + os, + value: wildcardValue, + }); actualWarning = - warning === FILENAME_WILDCARD_WARNING - ? warning && getWildcardWarning(warning) - : warning; + warning === WILDCARD_WARNING ? warning && getWildcardWarning(warning) : warning; } return ( From dea8dc1359f176bc232cc3fdbcb3a696b2050bac Mon Sep 17 00:00:00 2001 From: parkiino Date: Thu, 9 Nov 2023 15:54:40 -0500 Subject: [PATCH 07/18] adjust text, add simple unit tests --- .../src/path_validations/index.test.ts | 14 +++++++++++++- .../components/builder/entry_renderer.tsx | 6 +++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts index 3f26469859d9e..f344fd83b0599 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts @@ -16,7 +16,7 @@ import { FILEPATH_WARNING, } from '.'; -describe('validateFilePathInput', () => { +describe('validatePotentialWildcardInput', () => { describe('windows', () => { const os = OperatingSystem.WINDOWS; @@ -47,6 +47,12 @@ describe('validateFilePathInput', () => { ).toEqual(WILDCARD_WARNING); }); + it('warns on wildcard on fields that are not file paths', () => { + expect( + validatePotentialWildcardInput({ fieldName: 'event.category', os, value: '*' }) + ).toEqual(WILDCARD_WARNING); + }); + it('warns on unix paths or non-windows paths', () => { expect(validatePotentialWildcardInput({ os, value: '/opt/bin' })).toEqual(FILEPATH_WARNING); }); @@ -86,6 +92,12 @@ describe('validateFilePathInput', () => { ); }); + it('warns on wildcard on fields that are not file paths', () => { + expect( + validatePotentialWildcardInput({ fieldName: 'event.category', os, value: '*' }) + ).toEqual(WILDCARD_WARNING); + }); + it('warns on windows paths', () => { expect(validatePotentialWildcardInput({ os, value: 'd:\\path\\file.exe' })).toEqual( FILEPATH_WARNING diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx index 360c8eaffe00c..37bfb29aefdf9 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx @@ -360,7 +360,7 @@ export const BuilderEntryItem: React.FC = ({ }; // show this when wildcard filename with matches operator - const getWildcardWarning = (precedingWarning: string): React.ReactNode => { + const getWildcardWarningInfo = (precedingWarning: string): React.ReactNode => { return (

{precedingWarning}{' '} @@ -369,7 +369,7 @@ export const BuilderEntryItem: React.FC = ({ content={ } size="m" @@ -437,7 +437,7 @@ export const BuilderEntryItem: React.FC = ({ value: wildcardValue, }); actualWarning = - warning === WILDCARD_WARNING ? warning && getWildcardWarning(warning) : warning; + warning === WILDCARD_WARNING ? warning && getWildcardWarningInfo(warning) : warning; } return ( From 18d3e332d9c4131924052018ba9bdec25b36fa0a Mon Sep 17 00:00:00 2001 From: parkiino Date: Fri, 10 Nov 2023 10:28:12 -0500 Subject: [PATCH 08/18] fix improt --- .../src/field_value_wildcard/index.test.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx index f0b5931e54436..9eab42f5cec73 100644 --- a/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/field_value_wildcard/index.test.tsx @@ -14,7 +14,7 @@ import { AutocompleteFieldWildcardComponent } from '.'; import { useFieldValueAutocomplete } from '../hooks/use_field_value_autocomplete'; import { fields, getField } from '../fields/index.mock'; import { autocompleteStartMock } from '../autocomplete/index.mock'; -import { FILENAME_WILDCARD_WARNING, FILEPATH_WARNING } from '@kbn/securitysolution-utils'; +import { WILDCARD_WARNING, FILEPATH_WARNING } from '@kbn/securitysolution-utils'; jest.mock('../hooks/use_field_value_autocomplete'); jest.mock('../translations', () => ({ @@ -368,7 +368,7 @@ describe('AutocompleteFieldWildcardComponent', () => { placeholder="Placeholder text" selectedField={getField('file.path.text')} selectedValue="invalid path" - warning={FILENAME_WILDCARD_WARNING} + warning={WILDCARD_WARNING} /> ); @@ -384,7 +384,7 @@ describe('AutocompleteFieldWildcardComponent', () => { const helpText = wrapper .find('[data-test-subj="valuesAutocompleteWildcardLabel"] div.euiFormHelpText') .at(0); - expect(helpText.text()).toEqual(FILENAME_WILDCARD_WARNING); + expect(helpText.text()).toEqual(WILDCARD_WARNING); expect(helpText.find('.euiToolTipAnchor')).toBeTruthy(); }); test('should show the warning helper text if the new value contains spaces when change', async () => { @@ -412,7 +412,7 @@ describe('AutocompleteFieldWildcardComponent', () => { placeholder="Placeholder text" selectedField={getField('file.path.text')} selectedValue="invalid path" - warning={FILENAME_WILDCARD_WARNING} + warning={WILDCARD_WARNING} /> ); From 7cece8850995cca098e2c51074f63f26bdd4b259 Mon Sep 17 00:00:00 2001 From: parkiino Date: Fri, 10 Nov 2023 16:20:18 -0500 Subject: [PATCH 09/18] remove unnecessary tests and translations --- src/plugins/data_views/common/fields/fields.mocks.ts | 11 ----------- .../components/builder/entry_renderer.test.tsx | 4 ++-- .../exceptions/components/builder/helpers.test.ts | 2 -- x-pack/plugins/translations/translations/fr-FR.json | 1 - x-pack/plugins/translations/translations/ja-JP.json | 1 - x-pack/plugins/translations/translations/zh-CN.json | 1 - 6 files changed, 2 insertions(+), 18 deletions(-) diff --git a/src/plugins/data_views/common/fields/fields.mocks.ts b/src/plugins/data_views/common/fields/fields.mocks.ts index 87a5a7576475e..bee37c3eb9761 100644 --- a/src/plugins/data_views/common/fields/fields.mocks.ts +++ b/src/plugins/data_views/common/fields/fields.mocks.ts @@ -284,17 +284,6 @@ export const fields: FieldSpec[] = [ aggregatable: true, readFromDocValues: false, }, - { - name: 'file.path.text', - type: 'string', - esTypes: ['text'], - count: 0, - scripted: false, - searchable: true, - aggregatable: false, - readFromDocValues: false, - subType: { nested: { path: 'file.path.text' } }, - }, { name: 'nestedField.child', type: 'string', diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index fad88def2003d..5c2bfb9045688 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -1057,7 +1057,7 @@ describe('BuilderEntryItem', () => { entry={{ correspondingKeywordField: undefined, entryIndex: 0, - field: getField('file.path.text'), + field: getField('nestedField.nestedChild.doublyNestedChild'), id: '123', nested: undefined, operator: matchesOperator, @@ -1106,7 +1106,7 @@ describe('BuilderEntryItem', () => { entry={{ correspondingKeywordField: undefined, entryIndex: 0, - field: getField('file.path.text'), + field: getField('nestedField.nestedChild.doublyNestedChild'), id: '123', nested: undefined, operator: matchesOperator, diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts index 5c926e586810c..ef3982166e19b 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts +++ b/x-pack/plugins/lists/public/exceptions/components/builder/helpers.test.ts @@ -203,7 +203,6 @@ describe('Exception builder helpers', () => { const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); const expected: DataViewBase = { fields: [ - { ...getField('file.path.text') }, { ...getField('nestedField.child') }, { ...getField('nestedField.nestedChild.doublyNestedChild') }, ], @@ -307,7 +306,6 @@ describe('Exception builder helpers', () => { const output = getFilteredIndexPatterns(payloadIndexPattern, payloadItem); const expected: DataViewBase = { fields: [ - { ...getField('file.path.text') }, { ...getField('nestedField.child') }, { ...getField('nestedField.nestedChild.doublyNestedChild') }, getEndpointField('file.Ext.code_signature.status'), diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 6c64ec463940e..db06c9f6aa684 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -43534,7 +43534,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.", "unifiedDocViewer.sourceViewer.refresh": "Actualiser", "utils.filename.pathWarning": "Le chemin est peut-être incorrectement formé ; vérifiez la valeur", - "utils.filename.wildcardWarning": "l'utilisation de caractères génériques dans les chemins de fichier peut affecter les performances du point de terminaison", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "Active la bibliothèque de graphiques héritée pour les graphiques de jauge dans Visualize.", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "Bibliothèque de graphiques héritée pour les jauges", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "Alignement", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index a24d4d8cc7c10..675bb6278a69a 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -43524,7 +43524,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました", "unifiedDocViewer.sourceViewer.refresh": "更新", "utils.filename.pathWarning": "パスの形式が正しくない可能性があります。値を検証してください", - "utils.filename.wildcardWarning": "ファイルパスでワイルドカードを使用すると、エンドポイントのパフォーマンスに影響する可能性があります", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "Visualizeでゲージグラフのレガシーグラフライブラリを有効にします。", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "ゲージグラフのレガシーグラフライブラリ", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "アラインメント", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index d9aaa9c724465..a9b3a7b36b8e5 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -43518,7 +43518,6 @@ "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误", "unifiedDocViewer.sourceViewer.refresh": "刷新", "utils.filename.pathWarning": "路径的格式可能不正确;请验证值", - "utils.filename.wildcardWarning": "在文件路径中使用通配符可能会影响终端性能", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.description": "在 Visualize 中启用仪表盘图表的旧版图表库。", "visTypeGauge.advancedSettings.visualization.legacyGaugeChartsLibrary.name": "仪表盘旧版图表库", "visTypeGauge.controls.gaugeOptions.alignmentLabel": "对齐方式", From 65c75fbd7dc7ccee4d318413286b03ed315a0138 Mon Sep 17 00:00:00 2001 From: parkiino Date: Tue, 14 Nov 2023 00:47:34 -0500 Subject: [PATCH 10/18] add ashs suggestion --- .../src/path_validations/index.test.ts | 82 ++++++++++++------- .../src/path_validations/index.ts | 49 +++++++---- .../builder/entry_renderer.test.tsx | 6 +- .../components/builder/entry_renderer.tsx | 8 +- 4 files changed, 90 insertions(+), 55 deletions(-) diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts index f344fd83b0599..2a3980378f7f0 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts @@ -11,24 +11,26 @@ import { hasSimpleExecutableName, OperatingSystem, ConditionEntryField, - validatePotentialWildcardInput, + validateWildcardInput, WILDCARD_WARNING, FILEPATH_WARNING, } from '.'; -describe('validatePotentialWildcardInput', () => { +describe('validateWildcardInput', () => { describe('windows', () => { const os = OperatingSystem.WINDOWS; it('does not warn on valid filenames', () => { expect( - validatePotentialWildcardInput({ + validateWildcardInput({ + field: 'file.path.text', os, value: 'C:\\Windows\\*\\FILENAME.EXE-1231205124.gz', }) ).not.toBeDefined(); expect( - validatePotentialWildcardInput({ + validateWildcardInput({ + field: 'file.path.text', os, value: "C:\\Windows\\*\\test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) @@ -36,11 +38,12 @@ describe('validatePotentialWildcardInput', () => { }); it('warns on wildcard in file name at the end of the path', () => { - expect(validatePotentialWildcardInput({ os, value: 'c:\\path*.exe' })).toEqual( - WILDCARD_WARNING - ); expect( - validatePotentialWildcardInput({ + validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\path*.exe' }) + ).toEqual(WILDCARD_WARNING); + expect( + validateWildcardInput({ + field: 'file.path.text', os, value: 'C:\\Windows\\*\\FILENAME.EXE-*.gz', }) @@ -48,22 +51,28 @@ describe('validatePotentialWildcardInput', () => { }); it('warns on wildcard on fields that are not file paths', () => { - expect( - validatePotentialWildcardInput({ fieldName: 'event.category', os, value: '*' }) - ).toEqual(WILDCARD_WARNING); + expect(validateWildcardInput({ field: 'event.category', os, value: '*' })).toEqual( + WILDCARD_WARNING + ); }); it('warns on unix paths or non-windows paths', () => { - expect(validatePotentialWildcardInput({ os, value: '/opt/bin' })).toEqual(FILEPATH_WARNING); + expect(validateWildcardInput({ field: 'file.path.text', os, value: '/opt/bin' })).toEqual( + FILEPATH_WARNING + ); }); it('warns on malformed paths', () => { - expect(validatePotentialWildcardInput({ os, value: 'c:\\path/opt' })).toEqual( + expect(validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\path/opt' })).toEqual( + FILEPATH_WARNING + ); + expect(validateWildcardInput({ field: 'file.path.text', os, value: '1242' })).toEqual( FILEPATH_WARNING ); - expect(validatePotentialWildcardInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); - expect(validatePotentialWildcardInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); - expect(validatePotentialWildcardInput({ os, value: 'c:\\folder\\' })).toEqual( + expect(validateWildcardInput({ field: 'file.path.text', os, value: 'w12efdfa' })).toEqual( + FILEPATH_WARNING + ); + expect(validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\folder\\' })).toEqual( FILEPATH_WARNING ); }); @@ -76,41 +85,54 @@ describe('validatePotentialWildcardInput', () => { it('does not warn on valid filenames', () => { expect( - validatePotentialWildcardInput({ os, value: '/opt/*/FILENAME.EXE-1231205124.gz' }) + validateWildcardInput({ + field: 'file.path.text', + os, + value: '/opt/*/FILENAME.EXE-1231205124.gz', + }) ).not.toEqual(WILDCARD_WARNING); expect( - validatePotentialWildcardInput({ + validateWildcardInput({ + field: 'file.path.text', os, value: "/opt/*/test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) ).not.toEqual(WILDCARD_WARNING); }); it('warns on wildcard in file name at the end of the path', () => { - expect(validatePotentialWildcardInput({ os, value: '/opt/bin*' })).toEqual(WILDCARD_WARNING); - expect(validatePotentialWildcardInput({ os, value: '/opt/FILENAME.EXE-*.gz' })).toEqual( + expect(validateWildcardInput({ field: 'file.path.text', os, value: '/opt/bin*' })).toEqual( WILDCARD_WARNING ); + expect( + validateWildcardInput({ field: 'file.path.text', os, value: '/opt/FILENAME.EXE-*.gz' }) + ).toEqual(WILDCARD_WARNING); }); it('warns on wildcard on fields that are not file paths', () => { - expect( - validatePotentialWildcardInput({ fieldName: 'event.category', os, value: '*' }) - ).toEqual(WILDCARD_WARNING); + expect(validateWildcardInput({ field: 'event.category', os, value: '*' })).toEqual( + WILDCARD_WARNING + ); }); it('warns on windows paths', () => { - expect(validatePotentialWildcardInput({ os, value: 'd:\\path\\file.exe' })).toEqual( - FILEPATH_WARNING - ); + expect( + validateWildcardInput({ field: 'file.path.text', os, value: 'd:\\path\\file.exe' }) + ).toEqual(FILEPATH_WARNING); }); it('warns on malformed paths', () => { - expect(validatePotentialWildcardInput({ os, value: 'opt/bin\\file.exe' })).toEqual( + expect( + validateWildcardInput({ field: 'file.path.text', os, value: 'opt/bin\\file.exe' }) + ).toEqual(FILEPATH_WARNING); + expect(validateWildcardInput({ field: 'file.path.text', os, value: '1242' })).toEqual( + FILEPATH_WARNING + ); + expect(validateWildcardInput({ field: 'file.path.text', os, value: 'w12efdfa' })).toEqual( + FILEPATH_WARNING + ); + expect(validateWildcardInput({ field: 'file.path.text', os, value: '/folder/' })).toEqual( FILEPATH_WARNING ); - expect(validatePotentialWildcardInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); - expect(validatePotentialWildcardInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); - expect(validatePotentialWildcardInput({ os, value: '/folder/' })).toEqual(FILEPATH_WARNING); }); }); }); diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts index a362335d4c13c..38a0e7df750c1 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts @@ -52,39 +52,46 @@ export enum OperatingSystem { export type EntryTypes = 'match' | 'wildcard' | 'match_any'; export type TrustedAppEntryTypes = Extract; -export const validatePotentialWildcardInput = ({ - fieldName = 'file.path.text', +export const validateWildcardInput = ({ + field = '', os, value = '', }: { - fieldName?: string; + field?: string; os: OperatingSystem; value?: string; }): string | undefined => { const textInput = value.trim(); - const isFieldFilePath = fieldName === 'file.path.text'; - const isValidFilePath = - isFieldFilePath && - isPathValid({ - os, - field: 'file.path.text', - type: 'wildcard', - value: textInput, - }); + if (field === 'file.path.text') { + return validateFilePathInput({ os, value: textInput }); + } + return validatePotentialWildcardInput(textInput); +}; + +const validateFilePathInput = ({ + os, + value, +}: { + os: OperatingSystem; + value: string; +}): string | undefined => { + const isValidFilePath = isPathValid({ + os, + field: 'file.path.text', + type: 'wildcard', + value, + }); const hasSimpleFileName = hasSimpleExecutableName({ os, type: 'wildcard', - value: textInput, + value, }); - if (!textInput.length) { + if (!value.length) { return FILEPATH_WARNING; } - if ( - (isFieldFilePath && isValidFilePath) || - (!isFieldFilePath && hasSimpleFileName !== undefined) - ) { + if (isValidFilePath) { if (hasSimpleFileName !== undefined && !hasSimpleFileName) { return WILDCARD_WARNING; } @@ -93,6 +100,12 @@ export const validatePotentialWildcardInput = ({ } }; +const validatePotentialWildcardInput = (value?: string): string | undefined => { + if (/\*|\?/.test(value ?? '')) { + return WILDCARD_WARNING; + } +}; + export const hasSimpleExecutableName = ({ os, type, diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 5c2bfb9045688..324ffcf8660a0 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; +import { validateWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); + (validateWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); + (validateWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( = ({ } }; - // show this when wildcard filename with matches operator + // show this when wildcard with matches operator const getWildcardWarningInfo = (precedingWarning: string): React.ReactNode => { return (

@@ -431,8 +431,8 @@ export const BuilderEntryItem: React.FC = ({ if (osTypes) { [os] = osTypes as OperatingSystem[]; } - const warning = validatePotentialWildcardInput({ - fieldName: entry.field?.name ?? '', + const warning = validateWildcardInput({ + field: entry.field?.name, os, value: wildcardValue, }); From 787c4413df0ad51cd83cd79ac8f5456bcb6d5161 Mon Sep 17 00:00:00 2001 From: parkiino Date: Tue, 14 Nov 2023 11:40:21 -0500 Subject: [PATCH 11/18] rename functions, add more unit tests' --- .../src/path_validations/index.test.ts | 109 ++++++++---------- .../src/path_validations/index.ts | 8 +- 2 files changed, 54 insertions(+), 63 deletions(-) diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts index 2a3980378f7f0..f877683caec10 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.test.ts @@ -11,26 +11,56 @@ import { hasSimpleExecutableName, OperatingSystem, ConditionEntryField, + validatePotentialWildcardInput, + validateFilePathInput, validateWildcardInput, WILDCARD_WARNING, FILEPATH_WARNING, } from '.'; +describe('validatePotentialWildcardInput', () => { + it('warns on wildcard when field is file.path.text', () => { + expect( + validatePotentialWildcardInput({ + field: 'file.path.text', + os: OperatingSystem.WINDOWS, + value: 'c:\\path*.exe', + }) + ).toEqual(WILDCARD_WARNING); + }); + it('warns on wildcard when field is not file.path.text', () => { + expect( + validatePotentialWildcardInput({ + field: 'event.category', + os: OperatingSystem.WINDOWS, + value: 'some*value', + }) + ).toEqual(WILDCARD_WARNING); + }); +}); + describe('validateWildcardInput', () => { + it('warns on wildcard for fields that are not file paths', () => { + expect(validateWildcardInput('*')).toEqual(WILDCARD_WARNING); + }); + it('does not warn if no wildcard', () => { + expect(validateWildcardInput('non-wildcard')).toEqual(undefined); + }); +}); + +describe('validateFilePathInput', () => { describe('windows', () => { const os = OperatingSystem.WINDOWS; it('does not warn on valid filenames', () => { expect( - validateWildcardInput({ - field: 'file.path.text', + validateFilePathInput({ os, value: 'C:\\Windows\\*\\FILENAME.EXE-1231205124.gz', }) ).not.toBeDefined(); expect( - validateWildcardInput({ - field: 'file.path.text', + validateFilePathInput({ os, value: "C:\\Windows\\*\\test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) @@ -38,43 +68,24 @@ describe('validateWildcardInput', () => { }); it('warns on wildcard in file name at the end of the path', () => { + expect(validateFilePathInput({ os, value: 'c:\\path*.exe' })).toEqual(WILDCARD_WARNING); expect( - validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\path*.exe' }) - ).toEqual(WILDCARD_WARNING); - expect( - validateWildcardInput({ - field: 'file.path.text', + validateFilePathInput({ os, value: 'C:\\Windows\\*\\FILENAME.EXE-*.gz', }) ).toEqual(WILDCARD_WARNING); }); - it('warns on wildcard on fields that are not file paths', () => { - expect(validateWildcardInput({ field: 'event.category', os, value: '*' })).toEqual( - WILDCARD_WARNING - ); - }); - it('warns on unix paths or non-windows paths', () => { - expect(validateWildcardInput({ field: 'file.path.text', os, value: '/opt/bin' })).toEqual( - FILEPATH_WARNING - ); + expect(validateFilePathInput({ os, value: '/opt/bin' })).toEqual(FILEPATH_WARNING); }); it('warns on malformed paths', () => { - expect(validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\path/opt' })).toEqual( - FILEPATH_WARNING - ); - expect(validateWildcardInput({ field: 'file.path.text', os, value: '1242' })).toEqual( - FILEPATH_WARNING - ); - expect(validateWildcardInput({ field: 'file.path.text', os, value: 'w12efdfa' })).toEqual( - FILEPATH_WARNING - ); - expect(validateWildcardInput({ field: 'file.path.text', os, value: 'c:\\folder\\' })).toEqual( - FILEPATH_WARNING - ); + expect(validateFilePathInput({ os, value: 'c:\\path/opt' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: 'c:\\folder\\' })).toEqual(FILEPATH_WARNING); }); }); describe('unix paths', () => { @@ -85,54 +96,34 @@ describe('validateWildcardInput', () => { it('does not warn on valid filenames', () => { expect( - validateWildcardInput({ - field: 'file.path.text', + validateFilePathInput({ os, value: '/opt/*/FILENAME.EXE-1231205124.gz', }) ).not.toEqual(WILDCARD_WARNING); expect( - validateWildcardInput({ - field: 'file.path.text', + validateFilePathInput({ os, value: "/opt/*/test$ as2@13---12!@#A,DS.#$^&$!#~ 'as'd.华语.txt", }) ).not.toEqual(WILDCARD_WARNING); }); it('warns on wildcard in file name at the end of the path', () => { - expect(validateWildcardInput({ field: 'file.path.text', os, value: '/opt/bin*' })).toEqual( - WILDCARD_WARNING - ); - expect( - validateWildcardInput({ field: 'file.path.text', os, value: '/opt/FILENAME.EXE-*.gz' }) - ).toEqual(WILDCARD_WARNING); - }); - - it('warns on wildcard on fields that are not file paths', () => { - expect(validateWildcardInput({ field: 'event.category', os, value: '*' })).toEqual( + expect(validateFilePathInput({ os, value: '/opt/bin*' })).toEqual(WILDCARD_WARNING); + expect(validateFilePathInput({ os, value: '/opt/FILENAME.EXE-*.gz' })).toEqual( WILDCARD_WARNING ); }); it('warns on windows paths', () => { - expect( - validateWildcardInput({ field: 'file.path.text', os, value: 'd:\\path\\file.exe' }) - ).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: 'd:\\path\\file.exe' })).toEqual(FILEPATH_WARNING); }); it('warns on malformed paths', () => { - expect( - validateWildcardInput({ field: 'file.path.text', os, value: 'opt/bin\\file.exe' }) - ).toEqual(FILEPATH_WARNING); - expect(validateWildcardInput({ field: 'file.path.text', os, value: '1242' })).toEqual( - FILEPATH_WARNING - ); - expect(validateWildcardInput({ field: 'file.path.text', os, value: 'w12efdfa' })).toEqual( - FILEPATH_WARNING - ); - expect(validateWildcardInput({ field: 'file.path.text', os, value: '/folder/' })).toEqual( - FILEPATH_WARNING - ); + expect(validateFilePathInput({ os, value: 'opt/bin\\file.exe' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: '1242' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: 'w12efdfa' })).toEqual(FILEPATH_WARNING); + expect(validateFilePathInput({ os, value: '/folder/' })).toEqual(FILEPATH_WARNING); }); }); }); diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts index 38a0e7df750c1..e63ecd34654bf 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts @@ -52,7 +52,7 @@ export enum OperatingSystem { export type EntryTypes = 'match' | 'wildcard' | 'match_any'; export type TrustedAppEntryTypes = Extract; -export const validateWildcardInput = ({ +export const validatePotentialWildcardInput = ({ field = '', os, value = '', @@ -65,10 +65,10 @@ export const validateWildcardInput = ({ if (field === 'file.path.text') { return validateFilePathInput({ os, value: textInput }); } - return validatePotentialWildcardInput(textInput); + return validateWildcardInput(textInput); }; -const validateFilePathInput = ({ +export const validateFilePathInput = ({ os, value, }: { @@ -100,7 +100,7 @@ const validateFilePathInput = ({ } }; -const validatePotentialWildcardInput = (value?: string): string | undefined => { +export const validateWildcardInput = (value?: string): string | undefined => { if (/\*|\?/.test(value ?? '')) { return WILDCARD_WARNING; } From 99d6a87616fa3ba48070867440a272a1b3febb8e Mon Sep 17 00:00:00 2001 From: parkiino Date: Tue, 14 Nov 2023 14:11:03 -0500 Subject: [PATCH 12/18] update regex --- .../kbn-securitysolution-utils/src/path_validations/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts index e63ecd34654bf..b2ae2d9fbceb7 100644 --- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts +++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts @@ -101,7 +101,7 @@ export const validateFilePathInput = ({ }; export const validateWildcardInput = (value?: string): string | undefined => { - if (/\*|\?/.test(value ?? '')) { + if (/[*?]/.test(value ?? '')) { return WILDCARD_WARNING; } }; From 0d642c0bf0041cd33c8005184f73f74826641ab4 Mon Sep 17 00:00:00 2001 From: parkiino Date: Thu, 16 Nov 2023 00:32:14 -0500 Subject: [PATCH 13/18] add does not match wildcard --- .../src/autocomplete_operators/index.ts | 1 + .../artifact_entry_card/components/criteria_conditions.tsx | 2 ++ .../artifact_entry_card/components/translations.ts | 7 +++++++ 3 files changed, 10 insertions(+) diff --git a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts index f9caa6387e359..c236cacad6a2c 100644 --- a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts +++ b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts @@ -109,6 +109,7 @@ export const EVENT_FILTERS_OPERATORS: OperatorOption[] = [ isOneOfOperator, isNotOneOfOperator, matchesOperator, + doesNotMatchOperator, ]; /* diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx index ac7422619ee07..d872eee2d2cee 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx @@ -17,6 +17,7 @@ import { OS_WINDOWS, CONDITION_AND, CONDITION_OPERATOR_TYPE_WILDCARD_MATCHES, + CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH, CONDITION_OPERATOR_TYPE_NESTED, CONDITION_OPERATOR_TYPE_MATCH, CONDITION_OPERATOR_TYPE_MATCH_ANY, @@ -47,6 +48,7 @@ const OPERATOR_TYPE_LABELS_INCLUDED = Object.freeze({ const OPERATOR_TYPE_LABELS_EXCLUDED = Object.freeze({ [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_NOT_MATCH, + [ListOperatorTypeEnum.WILDCARD]: CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH, }); const EuiFlexGroupNested = styled(EuiFlexGroup)` diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts index 273cda46aa721..2024541091d57 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts @@ -68,6 +68,13 @@ export const CONDITION_OPERATOR_TYPE_WILDCARD_MATCHES = i18n.translate( } ); +export const CONDITION_OPERATOR_TYPE_DOES_NOT_MATCH = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.wildcardDoesNotMatchOperator', + { + defaultMessage: 'DOES NOT MATCH', + } +); + export const CONDITION_OPERATOR_TYPE_NESTED = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.nestedOperator', { From 173de02764dd7534f22421448430445eed648dee Mon Sep 17 00:00:00 2001 From: parkiino Date: Thu, 16 Nov 2023 00:45:14 -0500 Subject: [PATCH 14/18] fix function import --- .../public/exceptions/components/builder/entry_renderer.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx index 90c7837f139ec..abf379f6e8976 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx @@ -53,7 +53,7 @@ import { import { OperatingSystem, WILDCARD_WARNING, - validateWildcardInput, + validatePotentialWildcardInput, } from '@kbn/securitysolution-utils'; import { DataViewBase, DataViewFieldBase } from '@kbn/es-query'; import type { AutocompleteStart } from '@kbn/unified-search-plugin/public'; @@ -431,7 +431,7 @@ export const BuilderEntryItem: React.FC = ({ if (osTypes) { [os] = osTypes as OperatingSystem[]; } - const warning = validateWildcardInput({ + const warning = validatePotentialWildcardInput({ field: entry.field?.name, os, value: wildcardValue, From c5a1cedd8768c91e37d67906fab5d8e7e22fcc05 Mon Sep 17 00:00:00 2001 From: parkiino Date: Thu, 16 Nov 2023 10:24:38 -0500 Subject: [PATCH 15/18] fix broken tests --- .../src/operator/index.test.tsx | 1 + .../exceptions/components/builder/entry_renderer.test.tsx | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx index 3595b96d7e426..954b14a8ea244 100644 --- a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx @@ -223,6 +223,7 @@ describe('operator', () => { { label: 'is one of' }, { label: 'is not one of' }, { label: 'matches' }, + { label: 'does not match' }, ]); }); diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 324ffcf8660a0..5c2bfb9045688 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validateWildcardInput } from '@kbn/securitysolution-utils'; +import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateWildcardInput as jest.Mock).mockReturnValue('some warning message'); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateWildcardInput as jest.Mock).mockReturnValue(undefined); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( Date: Thu, 16 Nov 2023 15:51:35 -0500 Subject: [PATCH 16/18] remove does not match for now --- .../src/operator/index.test.tsx | 1 - .../src/autocomplete_operators/index.ts | 1 - .../exceptions/components/builder/entry_renderer.test.tsx | 6 +++--- .../artifact_entry_card/components/criteria_conditions.tsx | 2 -- .../artifact_entry_card/components/translations.ts | 7 ------- 5 files changed, 3 insertions(+), 14 deletions(-) diff --git a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx index 954b14a8ea244..3595b96d7e426 100644 --- a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx @@ -223,7 +223,6 @@ describe('operator', () => { { label: 'is one of' }, { label: 'is not one of' }, { label: 'matches' }, - { label: 'does not match' }, ]); }); diff --git a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts index c236cacad6a2c..f9caa6387e359 100644 --- a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts +++ b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts @@ -109,7 +109,6 @@ export const EVENT_FILTERS_OPERATORS: OperatorOption[] = [ isOneOfOperator, isNotOneOfOperator, matchesOperator, - doesNotMatchOperator, ]; /* diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 5c2bfb9045688..324ffcf8660a0 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; +import { validateWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); + (validateWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); + (validateWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( Date: Mon, 20 Nov 2023 16:02:47 -0500 Subject: [PATCH 17/18] Revert "remove does not match for now" This reverts commit 75f1a7d84125bac77c6983da9b7b4040184d83a8. --- .../src/operator/index.test.tsx | 1 + .../src/autocomplete_operators/index.ts | 1 + .../exceptions/components/builder/entry_renderer.test.tsx | 6 +++--- .../artifact_entry_card/components/criteria_conditions.tsx | 2 ++ .../artifact_entry_card/components/translations.ts | 7 +++++++ 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx index 3595b96d7e426..954b14a8ea244 100644 --- a/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx +++ b/packages/kbn-securitysolution-autocomplete/src/operator/index.test.tsx @@ -223,6 +223,7 @@ describe('operator', () => { { label: 'is one of' }, { label: 'is not one of' }, { label: 'matches' }, + { label: 'does not match' }, ]); }); diff --git a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts index f9caa6387e359..c236cacad6a2c 100644 --- a/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts +++ b/packages/kbn-securitysolution-list-utils/src/autocomplete_operators/index.ts @@ -109,6 +109,7 @@ export const EVENT_FILTERS_OPERATORS: OperatorOption[] = [ isOneOfOperator, isNotOneOfOperator, matchesOperator, + doesNotMatchOperator, ]; /* diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx index 324ffcf8660a0..5c2bfb9045688 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.test.tsx @@ -20,7 +20,7 @@ import { isOperator, matchesOperator, } from '@kbn/securitysolution-list-utils'; -import { validateWildcardInput } from '@kbn/securitysolution-utils'; +import { validatePotentialWildcardInput } from '@kbn/securitysolution-utils'; import { useFindListsBySize } from '@kbn/securitysolution-list-hooks'; import type { FieldSpec } from '@kbn/data-plugin/common'; import { fields, getField } from '@kbn/data-plugin/common/mocks'; @@ -1050,7 +1050,7 @@ describe('BuilderEntryItem', () => { test('it invokes "setWarningsExist" when invalid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateWildcardInput as jest.Mock).mockReturnValue('some warning message'); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue('some warning message'); wrapper = mount( { test('it does not invoke "setWarningsExist" when valid value in field value input', async () => { const mockSetWarningsExists = jest.fn(); - (validateWildcardInput as jest.Mock).mockReturnValue(undefined); + (validatePotentialWildcardInput as jest.Mock).mockReturnValue(undefined); wrapper = mount( Date: Wed, 22 Nov 2023 08:13:20 -0500 Subject: [PATCH 18/18] update warning messaging --- .../public/exceptions/components/builder/entry_renderer.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx index abf379f6e8976..5d067c7683a58 100644 --- a/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx +++ b/x-pack/plugins/lists/public/exceptions/components/builder/entry_renderer.tsx @@ -369,7 +369,7 @@ export const BuilderEntryItem: React.FC = ({ content={ } size="m"