From 1e4c4f0835d70343f3160b19aa3a2024f5357b5f Mon Sep 17 00:00:00 2001
From: Candace Park <56409205+parkiino@users.noreply.github.com>
Date: Fri, 2 May 2025 17:44:43 -0400
Subject: [PATCH] [Security Solution][Admin][Trusted Apps] Fixes wrong warning
 bug for mac and linux in trusted apps form (#218195)

## Summary

- [x] This corrects a bug where the "wildcard warning" would be shown
instead of the "invalid path warning" if a user tried to create a
trusted app with a mac or linux OS and with the path condition field and
value of `/`.

Note: Although `/` may be a valid path as in `ls /`, the path value
expected in trusted apps and other exceptions items expect a path to an
executable as opposed to a simple directory path.

# Screenshots
<img width="807" alt="image"
src="https://github.com/user-attachments/assets/fc320a85-0bb8-4d26-97f2-f3dc9a89cc42"
/>

<img width="811" alt="image"
src="https://github.com/user-attachments/assets/f3d99754-79a8-4734-8858-521f6e0778a1"
/>

(cherry picked from commit 3e67e7a670694284345f96fbbd56da446aa07c85)
---
 .../src/path_validations/index.ts             |  6 +-
 .../view/components/form.test.tsx             | 72 ++++++++++++++-----
 .../trusted_apps/view/components/form.tsx     | 16 +++--
 3 files changed, 66 insertions(+), 28 deletions(-)

diff --git a/packages/kbn-securitysolution-utils/src/path_validations/index.ts b/packages/kbn-securitysolution-utils/src/path_validations/index.ts
index 1f1eaf0b01423..b762c1116a4c8 100644
--- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts
+++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts
@@ -201,7 +201,7 @@ const isWindowsWildcardPathValid = (path: string): boolean => {
     trimmedValue.length !== path.length ||
     firstCharacter === '^' ||
     lastCharacter === '\\' ||
-    !hasWildcard({ path, isWindowsPath: true })
+    !hasWildcardInPath({ path, isWindowsPath: true })
   ) {
     return false;
   } else {
@@ -221,7 +221,7 @@ const isLinuxMacWildcardPathValid = (path: string): boolean => {
     lastCharacter === '/' ||
     path.length > 1024 === true ||
     path.includes('//') === true ||
-    !hasWildcard({ path, isWindowsPath: false })
+    !hasWildcardInPath({ path, isWindowsPath: false })
   ) {
     return false;
   } else {
@@ -229,7 +229,7 @@ const isLinuxMacWildcardPathValid = (path: string): boolean => {
   }
 };
 
-const hasWildcard = ({
+const hasWildcardInPath = ({
   path,
   isWindowsPath,
 }: {
diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.test.tsx b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.test.tsx
index a9cd7b9b89092..b578fd15d59c4 100644
--- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.test.tsx
@@ -313,29 +313,63 @@ describe('Trusted apps form', () => {
       expect(getConditionValue(getCondition()).required).toEqual(true);
     });
 
-    it('should show path malformed warning', () => {
-      render();
-      expect(screen.queryByText(INPUT_ERRORS.pathWarning(0))).toBeNull();
+    describe('IS operator', () => {
+      it('should show path malformed warning', () => {
+        render();
+        expect(screen.queryByText(INPUT_ERRORS.pathWarning(0))).toBeNull();
+
+        const propsItem: Partial<ArtifactFormComponentProps['item']> = {
+          entries: [createEntry(ConditionEntryField.PATH, 'match', 'malformed-path')],
+        };
+        formProps.item = { ...formProps.item, ...propsItem };
+        render();
+        expect(screen.getByText(INPUT_ERRORS.pathWarning(0))).not.toBeNull();
+      });
 
-      const propsItem: Partial<ArtifactFormComponentProps['item']> = {
-        entries: [createEntry(ConditionEntryField.PATH, 'match', 'malformed-path')],
-      };
-      formProps.item = { ...formProps.item, ...propsItem };
-      render();
-      expect(screen.getByText(INPUT_ERRORS.pathWarning(0))).not.toBeNull();
+      it('should show path malformed path warning for linux/mac without an executable name', () => {
+        render();
+        expect(screen.queryByText(INPUT_ERRORS.pathWarning(0))).toBeNull();
+        expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
+
+        const propsItem: Partial<ArtifactFormComponentProps['item']> = {
+          os_types: [OperatingSystem.LINUX],
+          entries: [createEntry(ConditionEntryField.PATH, 'match', '/')],
+        };
+        formProps.item = { ...formProps.item, ...propsItem };
+        render();
+        expect(screen.getByText(INPUT_ERRORS.pathWarning(0))).not.toBeNull();
+        expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
+      });
+
+      it('should show path malformed path warning for windows with no executable name', () => {
+        render();
+        expect(screen.queryByText(INPUT_ERRORS.pathWarning(0))).toBeNull();
+        expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
+
+        const propsItem: Partial<ArtifactFormComponentProps['item']> = {
+          os_types: [OperatingSystem.WINDOWS],
+          entries: [createEntry(ConditionEntryField.PATH, 'match', 'c:\\fold\\')],
+        };
+        formProps.item = { ...formProps.item, ...propsItem };
+        render();
+        expect(screen.getByText(INPUT_ERRORS.pathWarning(0))).not.toBeNull();
+        expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
+      });
     });
 
-    it('should show wildcard in path warning', () => {
-      render();
-      expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
+    describe('MATCHES operator', () => {
+      it('should show wildcard in path warning', () => {
+        render();
+        expect(screen.queryByText(INPUT_ERRORS.wildcardPathWarning(0))).toBeNull();
 
-      const propsItem: Partial<ArtifactFormComponentProps['item']> = {
-        os_types: [OperatingSystem.LINUX],
-        entries: [createEntry(ConditionEntryField.PATH, 'wildcard', '/sys/wil*/*.app')],
-      };
-      formProps.item = { ...formProps.item, ...propsItem };
-      render();
-      expect(screen.getByText(INPUT_ERRORS.wildcardPathWarning(0))).not.toBeNull();
+        const propsItem: Partial<ArtifactFormComponentProps['item']> = {
+          os_types: [OperatingSystem.LINUX],
+          entries: [createEntry(ConditionEntryField.PATH, 'wildcard', '/sys/wil*/*.app')],
+        };
+        formProps.item = { ...formProps.item, ...propsItem };
+        render();
+        expect(screen.getByText(INPUT_ERRORS.wildcardPathWarning(0))).not.toBeNull();
+      });
     });
 
     it('should display the `AND` button', () => {
diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.tsx b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.tsx
index 8a9bd0e2dd840..8a6803e0fdb61 100644
--- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/form.tsx
@@ -200,12 +200,16 @@ const validateValues = (values: ArtifactFormComponentProps['item']): ValidationR
           type: entry.type as EntryTypes,
         })
       ) {
-        addResultToValidation(
-          validation,
-          'entries',
-          'warnings',
-          INPUT_ERRORS.wildcardPathWarning(index)
-        );
+        if (entry.type === 'wildcard') {
+          addResultToValidation(
+            validation,
+            'entries',
+            'warnings',
+            INPUT_ERRORS.wildcardPathWarning(index)
+          );
+        } else {
+          addResultToValidation(validation, 'entries', 'warnings', INPUT_ERRORS.pathWarning(index));
+        }
       }
     });
   }