From 531704a99e2629cd48b019eb9605eb78c63d9aed Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Sat, 29 Jan 2022 11:51:46 -0500 Subject: [PATCH 1/5] Add additional validator methods to the `EventFilterValidator` --- .../validators/event_filter_validator.ts | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/event_filter_validator.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/event_filter_validator.ts index 0738e12f0eaaa..55eb3a9a2a63b 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/event_filter_validator.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/event_filter_validator.ts @@ -101,4 +101,34 @@ export class EventFilterValidator extends BaseValidator { throw new EndpointArtifactExceptionValidationError(error.message); } } + + async validatePreGetOneItem(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreSummary(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreDeleteItem(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreExport(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreSingleListFind(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreMultiListFind(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreImport(): Promise { + throw new EndpointArtifactExceptionValidationError( + 'Import is not supported for Endpoint artifact exceptions' + ); + } } From 280ccf8354888728c867ef4ab7bfebc8e598f0ef Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Sat, 29 Jan 2022 12:01:40 -0500 Subject: [PATCH 2/5] Event Filters validations for Delete, export, get one, multi/single list find and summary apis --- .../exceptions_pre_delete_item_handler.ts | 31 ++++++++++++++--- .../handlers/exceptions_pre_export_handler.ts | 26 +++++++++++--- .../exceptions_pre_get_one_handler.ts | 34 ++++++++++++++++--- .../exceptions_pre_multi_list_find_handler.ts | 17 +++++++--- ...exceptions_pre_single_list_find_handler.ts | 19 ++++++++--- .../exceptions_pre_summary_handler.ts | 28 ++++++++++++--- 6 files changed, 129 insertions(+), 26 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts index 17502d5d2af74..e84187febd4d3 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts @@ -5,14 +5,37 @@ * 2.0. */ +import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreDeleteItemServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreDeleteItemHandler = ( endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreDeleteItem' })['callback'] => { - return async function ({ data }) { - // Individual validators here +): ExceptionsListPreDeleteItemServerExtension['callback'] => { + return async function ({ data, context: { request, exceptionListClient } }) { + if (data.namespaceType !== 'agnostic') { + return data; + } + + const exceptionItem: ExceptionListItemSchema | null = + await exceptionListClient.getExceptionListItem({ + id: data.id, + itemId: data.itemId, + namespaceType: data.namespaceType, + }); + + if (!exceptionItem) { + return data; + } + + const { list_id: listId } = exceptionItem; + + // Event Filter validation + if (EventFilterValidator.isEventFilter({ listId })) { + await new EventFilterValidator(endpointAppContext, request).validatePreDeleteItem(); + return data; + } return data; }; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts index 32e9c51d4241b..d77bfd4b320a7 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts @@ -6,13 +6,29 @@ */ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreExportServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreExportHandler = ( - endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreExport' })['callback'] => { - return async function ({ data }) { - // Individual validators here + endpointAppContextService: EndpointAppContextService +): ExceptionsListPreExportServerExtension['callback'] => { + return async function ({ data, context: { request, exceptionListClient } }) { + const { listId: maybeListId, id } = data; + let listId: string | null | undefined = maybeListId; + + if (!listId && id) { + listId = (await exceptionListClient.getExceptionList(data))?.list_id ?? null; + } + + if (!listId) { + return data; + } + + // Event Filter validations + if (EventFilterValidator.isEventFilter({ listId })) { + await new EventFilterValidator(endpointAppContextService, request).validatePreExport(); + return data; + } return data; }; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts index 0a74aeceb734c..de32956bc79ff 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts @@ -5,14 +5,38 @@ * 2.0. */ +import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreGetOneItemServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreGetOneHandler = ( - endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreGetOneItem' })['callback'] => { - return async function ({ data }) { - // Individual validators here + endpointAppContextService: EndpointAppContextService +): ExceptionsListPreGetOneItemServerExtension['callback'] => { + return async function ({ data, context: { request, exceptionListClient } }) { + if (data.namespaceType !== 'agnostic') { + return data; + } + + const exceptionItem: ExceptionListItemSchema | null = + await exceptionListClient.getExceptionListItem({ + id: data.id, + itemId: data.itemId, + namespaceType: data.namespaceType, + }); + + if (!exceptionItem) { + return data; + } + + const listId = exceptionItem.list_id; + + // Event Filters Exception + if (EventFilterValidator.isEventFilter({ listId })) { + await new EventFilterValidator(endpointAppContextService, request).validatePreGetOneItem(); + + return data; + } return data; }; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts index e167b6df72e8a..5cc72338176b6 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts @@ -6,13 +6,22 @@ */ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreMultiListFindServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreMultiListFindHandler = ( endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreMultiListFind' })['callback'] => { - return async function ({ data }) { - // Individual validators here +): ExceptionsListPreMultiListFindServerExtension['callback'] => { + return async function ({ data, context: { request } }) { + if (!data.namespaceType.includes('agnostic')) { + return data; + } + + // Event Filters Exceptions + if (data.listId.some((listId) => EventFilterValidator.isEventFilter({ listId }))) { + await new EventFilterValidator(endpointAppContext, request).validatePreMultiListFind(); + return data; + } return data; }; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts index 5fd3fa08ec321..7336285a58bae 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts @@ -6,13 +6,24 @@ */ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreSingleListFindServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreSingleListFindHandler = ( endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreSingleListFind' })['callback'] => { - return async function ({ data }) { - // Individual validators here +): ExceptionsListPreSingleListFindServerExtension['callback'] => { + return async function ({ data, context: { request } }) { + if (data.namespaceType !== 'agnostic') { + return data; + } + + const { listId } = data; + + // Event Filters Exceptions + if (EventFilterValidator.isEventFilter({ listId })) { + await new EventFilterValidator(endpointAppContext, request).validatePreSingleListFind(); + return data; + } return data; }; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts index d98fbff5471d3..a070840e5def2 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts @@ -6,13 +6,33 @@ */ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; -import { ExtensionPoint } from '../../../../../lists/server'; +import { ExceptionsListPreSummaryServerExtension } from '../../../../../lists/server'; +import { EventFilterValidator } from '../validators'; export const getExceptionsPreSummaryHandler = ( endpointAppContext: EndpointAppContextService -): (ExtensionPoint & { type: 'exceptionsListPreSummary' })['callback'] => { - return async function ({ data }) { - // Individual validators here +): ExceptionsListPreSummaryServerExtension['callback'] => { + return async function ({ data, context: { request, exceptionListClient } }) { + if (data.namespaceType !== 'agnostic') { + return data; + } + + const { listId: maybeListId, id } = data; + let listId: string | null | undefined = maybeListId; + + if (!listId && id) { + listId = (await exceptionListClient.getExceptionList(data))?.list_id ?? null; + } + + if (!listId) { + return data; + } + + // Event Filter Exceptions + if (EventFilterValidator.isEventFilter({ listId })) { + await new EventFilterValidator(endpointAppContext, request).validatePreSummary(); + return data; + } return data; }; From 281bb2fd074a4f24bb90b4c1744283a255ae0efc Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Sat, 29 Jan 2022 12:17:34 -0500 Subject: [PATCH 3/5] FTR tests for Event filters get, delete, import, export, summary and find --- .../apis/endpoint_artifacts/event_filter.ts | 107 +++++++++++++++--- 1 file changed, 91 insertions(+), 16 deletions(-) diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts index 712421ea5e320..fdf0e0c76fd80 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { EXCEPTION_LIST_ITEM_URL } from '@kbn/securitysolution-list-constants'; +import { EXCEPTION_LIST_ITEM_URL, EXCEPTION_LIST_URL } from '@kbn/securitysolution-list-constants'; import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import expect from '@kbn/expect'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -18,6 +18,10 @@ import { deleteUserAndRole, ROLES, } from '../../../common/services/security_solution'; +import { + getImportExceptionsListSchemaMock, + toNdJsonString, +} from '../../../../plugins/lists/common/schemas/request/import_exceptions_schema.mock'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -26,6 +30,7 @@ export default function ({ getService }: FtrProviderContext) { const endpointArtifactTestResources = getService('endpointArtifactTestResources'); describe('Endpoint artifacts (via lists plugin) event filter', () => { + const USER = ROLES.detections_admin; let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { @@ -33,7 +38,7 @@ export default function ({ getService }: FtrProviderContext) { fleetEndpointPolicy = await endpointPolicyTestResources.createPolicy(); // create role/user - await createUserAndRole(getService, ROLES.detections_admin); + await createUserAndRole(getService, USER); }); after(async () => { @@ -42,7 +47,7 @@ export default function ({ getService }: FtrProviderContext) { } // delete role/user - await deleteUserAndRole(getService, ROLES.detections_admin); + await deleteUserAndRole(getService, USER); }); const anEndpointArtifactError = (res: { body: { message: string } }) => { @@ -63,21 +68,25 @@ export default function ({ getService }: FtrProviderContext) { const exceptionsGenerator = new ExceptionsListItemGenerator(); let eventFilterData: ArtifactTestData; - type EventFilterApiCallsInterface = Array<{ - method: keyof Pick; + type UnknownBodyGetter = () => unknown; + type PutPostBodyGetter = ( + overrides?: Partial + ) => Pick; + + type EventFilterApiCallsInterface = Array<{ + method: keyof Pick; + info?: string; path: string; // The body just needs to have the properties we care about in the tests. This should cover most // mocks used for testing that support different interfaces - getBody: ( - overrides: Partial - ) => Pick; + getBody: BodyGetter; }>; - const eventFilterCalls: EventFilterApiCallsInterface = [ + const eventFilterCalls: EventFilterApiCallsInterface = [ { method: 'post', path: EXCEPTION_LIST_ITEM_URL, - getBody: (overrides) => + getBody: (overrides = {}) => exceptionsGenerator.generateEventFilterForCreate({ tags: eventFilterData.artifact.tags, ...overrides, @@ -86,7 +95,7 @@ export default function ({ getService }: FtrProviderContext) { { method: 'put', path: EXCEPTION_LIST_ITEM_URL, - getBody: (overrides) => + getBody: (overrides = {}) => exceptionsGenerator.generateEventFilterForUpdate({ id: eventFilterData.artifact.id, item_id: eventFilterData.artifact.item_id, @@ -109,6 +118,24 @@ export default function ({ getService }: FtrProviderContext) { } }); + it('should return 400 for import of endpoint exceptions', async () => { + await supertest + .post(`${EXCEPTION_LIST_URL}/_import?overwrite=false`) + .set('kbn-xsrf', 'true') + .attach( + 'file', + Buffer.from( + toNdJsonString([getImportExceptionsListSchemaMock(eventFilterData.artifact.list_id)]) + ), + 'exceptions.ndjson' + ) + .expect(400, { + status_code: 400, + message: + 'EndpointArtifactError: Import is not supported for Endpoint artifact exceptions', + }); + }); + describe('and has authorization to manage endpoint security', () => { for (const eventFilterCall of eventFilterCalls) { it(`should error on [${eventFilterCall.method} if invalid field`, async () => { @@ -159,13 +186,61 @@ export default function ({ getService }: FtrProviderContext) { } }); - describe('and user DOES NOT have authorization to manage endpoint security', () => { - for (const eventFilterCall of eventFilterCalls) { - it(`should 403 on [${eventFilterCall.method}]`, async () => { - await supertestWithoutAuth[eventFilterCall.method](eventFilterCall.path) + describe(`and user (${USER}) DOES NOT have authorization to manage endpoint security`, () => { + // Define a new array that includes the prior set from above, plus additional API calls that + // only have Authz validations setup + const allApiCalls: EventFilterApiCallsInterface = [ + ...eventFilterCalls, + { + method: 'get', + info: 'single item', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}?item_id=${eventFilterData.artifact.item_id}&namespace_type=${eventFilterData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'get', + info: 'list summary', + get path() { + return `${EXCEPTION_LIST_URL}/summary?list_id=${eventFilterData.artifact.list_id}&namespace_type=${eventFilterData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'delete', + info: 'single item', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}?item_id=${eventFilterData.artifact.item_id}&namespace_type=${eventFilterData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'post', + info: 'list export', + get path() { + return `${EXCEPTION_LIST_URL}/_export?list_id=${eventFilterData.artifact.list_id}&namespace_type=${eventFilterData.artifact.namespace_type}&id=1`; + }, + getBody: () => undefined, + }, + { + method: 'get', + info: 'find items', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}/_find?list_id=${eventFilterData.artifact.list_id}&namespace_type=${eventFilterData.artifact.namespace_type}&page=1&per_page=1&sort_field=name&sort_order=asc`; + }, + getBody: () => undefined, + }, + ]; + + for (const apiCall of allApiCalls) { + it(`should error on [${apiCall.method}]${ + apiCall.info ? ` ${apiCall.info}` : '' + }`, async () => { + await supertestWithoutAuth[apiCall.method](apiCall.path) .auth(ROLES.detections_admin, 'changeme') .set('kbn-xsrf', 'true') - .send(eventFilterCall.getBody({})) + .send(apiCall.getBody()) .expect(403, { status_code: 403, message: 'EndpointArtifactError: Endpoint authorization failure', From 73f11f8d56291741a902baf6a045ca5c87e4b4bf Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Mon, 31 Jan 2022 09:44:57 -0500 Subject: [PATCH 4/5] Add nameSpace checks --- .../endpoint/handlers/exceptions_pre_create_handler.ts | 4 ++++ .../endpoint/handlers/exceptions_pre_export_handler.ts | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts index 6010a339b0001..97bdca879b69d 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts @@ -16,6 +16,10 @@ export const getExceptionsPreCreateItemHandler = ( endpointAppContext: EndpointAppContextService ): ExceptionsListPreCreateItemServerExtension['callback'] => { return async function ({ data, context: { request } }): Promise { + if (data.namespaceType !== 'agnostic') { + return data; + } + // Validate trusted apps if (TrustedAppValidator.isTrustedApp(data)) { return new TrustedAppValidator(endpointAppContext, request).validatePreCreateItem(data); diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts index 63e92f777cf9a..266f655b8322a 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts @@ -14,6 +14,10 @@ export const getExceptionsPreExportHandler = ( endpointAppContextService: EndpointAppContextService ): ExceptionsListPreExportServerExtension['callback'] => { return async function ({ data, context: { request, exceptionListClient } }) { + if (data.namespaceType !== 'agnostic') { + return data; + } + const { listId: maybeListId, id } = data; let listId: string | null | undefined = maybeListId; From 0829554d4337b9a22ae8117d253813bee244c507 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Mon, 31 Jan 2022 17:02:11 -0500 Subject: [PATCH 5/5] Fix variable names --- .../handlers/exceptions_pre_delete_item_handler.ts | 2 +- .../handlers/exceptions_pre_multi_list_find_handler.ts | 2 +- .../handlers/exceptions_pre_single_list_find_handler.ts | 7 ++++++- .../endpoint/handlers/exceptions_pre_summary_handler.ts | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts index 4f1220c945e82..07edbd5ad273a 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts @@ -51,7 +51,7 @@ export const getExceptionsPreDeleteItemHandler = ( // Event Filter validation if (EventFilterValidator.isEventFilter({ listId })) { - await new EventFilterValidator(endpointAppContext, request).validatePreDeleteItem(); + await new EventFilterValidator(endpointAppContextService, request).validatePreDeleteItem(); return data; } diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts index 6695a93b8f65f..cd757aac3f318 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts @@ -36,7 +36,7 @@ export const getExceptionsPreMultiListFindHandler = ( // Event Filters Exceptions if (data.listId.some((listId) => EventFilterValidator.isEventFilter({ listId }))) { - await new EventFilterValidator(endpointAppContext, request).validatePreMultiListFind(); + await new EventFilterValidator(endpointAppContextService, request).validatePreMultiListFind(); return data; } diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts index 8350d304fb7c8..eadff6db1ff9b 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts @@ -27,6 +27,8 @@ export const getExceptionsPreSingleListFindHandler = ( await new TrustedAppValidator(endpointAppContextService, request).validatePreSingleListFind(); return data; } + + // Host Isolation Exceptions if (HostIsolationExceptionsValidator.isHostIsolationException(listId)) { await new HostIsolationExceptionsValidator( endpointAppContextService, @@ -37,7 +39,10 @@ export const getExceptionsPreSingleListFindHandler = ( // Event Filters Exceptions if (EventFilterValidator.isEventFilter({ listId })) { - await new EventFilterValidator(endpointAppContext, request).validatePreSingleListFind(); + await new EventFilterValidator( + endpointAppContextService, + request + ).validatePreSingleListFind(); return data; } diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts index 229665510b264..c73ccf43368ee 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts @@ -46,7 +46,7 @@ export const getExceptionsPreSummaryHandler = ( // Event Filter Exceptions if (EventFilterValidator.isEventFilter({ listId })) { - await new EventFilterValidator(endpointAppContext, request).validatePreSummary(); + await new EventFilterValidator(endpointAppContextService, request).validatePreSummary(); return data; }