-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint] Allow wildcard in trusted app paths #97623
[Security Solution][Endpoint] Allow wildcard in trusted app paths #97623
Conversation
x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
Few comments added but it looks awesome! 🔥 🔥 |
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
Outdated
Show resolved
Hide resolved
checked it out and it looks great so far! A couple things to call out:
Similarly if I go to edit the entry, the operator is set to Let me know if you have any questions. The requirements in the original ticket may not have been clear enough on item 2, happy to adjust! |
@elasticmachine merge upstream |
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comments. Looking good :)
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
Changes to the shared exception list types look great! Thanks for all the hard work on this 😄 @ashokaditya, @yctercero, and I met today to discuss how the detection engine exception UI should handle the addition of The alternative option was decoupling the exceptions UI from the list of all entry types by adding a new union that contains only the subset of entry types supported by detection exceptions. However, that refactoring effort was deemed to be too significant to include in this PR. Long term, if we need entry types that are specific to trusted apps (i.e. detections will never support them) we should consider decoupling the exceptions UI to make it easier to add new entry types. |
x-pack/plugins/lists/public/exceptions/components/builder/helpers.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
Outdated
Show resolved
Hide resolved
...olution/public/management/pages/trusted_apps/view/components/condition_entry_input/index.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Just had some small comments about removing some type casts. I don't know the ins and outs of the trusted apps logic, so focused mainly on the exception type changes and testing basic functionality.
Not sure if a ticket already exists, but would be great to have a ticket to reference for the work needed detections side to hide this operator for now in UI and add a check API side to throw if a wildcard entry is trying to be added to a detection type exception list.
Just to note: I think @marshallmain point of decoupling types and creating unions could be a really good idea. I know we discussed it over zoom and it's definitely something to keep in mind for the larger discussions around exceptions refactoring, but I think it would add a whole lot of changes were we to jump to that right now.
review changes
CI check suggestion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔥 🔥
Left just a minor comment, but it should not hold merging this in.
Awesome job on this
|
||
import { ConditionEntryField, OperatingSystem, TrustedAppEntryTypes } from '../endpoint/types'; | ||
|
||
export const placeholderText = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest that this be a function instead of object definition in order to ensure they are not mutated.
Also - are these for testing? if so, I would also suggest moving them to a file (or directory) whose name as "test" in it. like test_utils.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I see your point with the mutation. I would change this to a function. Although, I'm just reusing the same text values within the getPlaceholderText
function and also within the unit tests and thus I believe it is not necessary to move this to a test_utils.ts
kind of file.
@elasticmachine merge upstream |
review suggestion /pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e
x-pack/plugins/security_solution/common/utils/path_placeholder.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/common/utils/path_placeholder.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!!🔥 🔥
Just a function naming comment but not needs to be changed now.
💚 Build SucceededMetrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
💔 Backport failed
To backport manually run: |
…7623) (#98749) * show operator dropdown for path field refs elastic/security-team/issues/543 * update translation to use consistent values refs elastic/security-team/issues/543 * update schema to validate path values refs elastic/security-team/issues/543 * add tests for field and operator values refs elastic/security-team/issues/543 * review changes refs elastic/security-team/issues/543 * update schema to enforce dropdown validation for PATH field refs elastic/security-team/issues/543 * add tests for schema updates refs 1deab39 refs elastic/security-team/issues/543 * optimise dropdown list for re-renders refs elastic/security-team/issues/543 * align input fields and keep alignments when resized refs elastic/security-team/issues/543 * correctly enter operator data on trusted app CRUD refs elastic/security-team/issues/543 * update tests refs 2ac56ee refs elastic/security-team/issues/543 * remove redundant code review changes * better type assertion review changes * move operator options out of component - these do not depend on component props and thus no need to have it within a useMemo callback. - review changes * derive keys from operator entry field review changes * update type * use custom styles for aligning input fields review changes * add a custom type for trusted_apps operator undo changes from list plugin and server/lib/detection_engine refs 2ac56ee refs elastic/security-team/issues/543 * add wildcard entry type refs elastic/security-team/issues/543 refs #97623 (review) * use the new entry type refs elastic/security-team/issues/543 refs #97623 (review) * update tests refs elastic/security-team/issues/543 refs #97623 (review) * update name for wildcard type so that it can be used also for cased inputs refs elastic/security-team/issues/543 refs f9cb7ed * update artifacts to support wildcard entries refs elastic/security-team/issues/543 * add tests for list schemas refs f9cb7ed refs elastic/security-team/issues/543 * add placeholders for path values review changes /pull/97623#discussion_r620617999 * ignore type check for now * add type assertion refs 284352e * remove unnecessary test refs 2ac56ee * fix types refs f9cb7ed refs b3f5dc4 * add a note to entries review changes refs dbd3532 * remove redundant type assertions review changes refs bcf615a refs b3f5dc4 * move placeholder text logic to utils review changes /pull/97623#discussion_r621673881 refs 6f2d0d7 * pass the style as prop review changes * update api doc CI check suggestion * make placeholderText a function expression review suggestion /pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e * use semantic names for functions refs 330731e Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # api_docs/security_solution.json
Summary
Adds a dropdown for the path field to enable adding wildcards as well as adding specific paths for creating trusted apps.
See elastic/security-team/issues/543 for more details.
Checklist
Delete any items that are not applicable to this PR.