Skip to content

Commit

Permalink
[8.9] [Security Solution] File paths for Blocklist Windows and Mac sh…
Browse files Browse the repository at this point in the history 
…ould be case insensitive (elastic#164200) (elastic#164319)

# Backport

This will backport the following commits from `main` to `8.9`:
- [[Security Solution] File paths for Blocklist Windows and Mac should
be case insensitive
(elastic#164200)](elastic#164200)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Logan","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-21T14:00:53Z","message":"[Security
Solution] File paths for Blocklist Windows and Mac should be case
insensitive (elastic#164200)\n\n## Summary\r\n\r\nThis fixes a bug where
Windows and Mac Blocklist file path entries\r\nshould be passed as case
insensitive. This is because Mac and Windows\r\nare caseless for most
use cases.\r\n\r\nBug ticket:
https://github.com/elastic/kibana/issues/158581\r\n\r\nHere is how it
will be displayed in the UI:\r\n<img width=\"1728\"
alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/56395104/a3006397-f49e-4de0-818d-94e2de20dba3\">\r\n\r\nHere
are the breakdown of the artifacts after the
fix:\r\n\r\nLinux:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-linux-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n
Encoded SHA256:
a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0\r\n
Decoded SHA256:
f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_cased_any\",\r\n \"value\": [\r\n
\"/opt/bin/bin.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\nMac:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-macos-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n
Encoded SHA256:
4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9\r\n
Decoded SHA256:
b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"/opt/exe.exe\"\r\n ]\r\n }\r\n ]\r\n
}\r\n```\r\n\r\nWindows:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-windows-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n
Encoded SHA256:
c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288\r\n
Decoded SHA256:
2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"C:\\\\path\\\\path.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"88bd71c0773d158ed1e6312075633ed85abc575e","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Defend
Workflows","v8.10.0","v8.11.0","v8.9.2"],"number":164200,"url":"https://github.com/elastic/kibana/pull/164200","mergeCommit":{"message":"[Security
Solution] File paths for Blocklist Windows and Mac should be case
insensitive (elastic#164200)\n\n## Summary\r\n\r\nThis fixes a bug where
Windows and Mac Blocklist file path entries\r\nshould be passed as case
insensitive. This is because Mac and Windows\r\nare caseless for most
use cases.\r\n\r\nBug ticket:
https://github.com/elastic/kibana/issues/158581\r\n\r\nHere is how it
will be displayed in the UI:\r\n<img width=\"1728\"
alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/56395104/a3006397-f49e-4de0-818d-94e2de20dba3\">\r\n\r\nHere
are the breakdown of the artifacts after the
fix:\r\n\r\nLinux:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-linux-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n
Encoded SHA256:
a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0\r\n
Decoded SHA256:
f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_cased_any\",\r\n \"value\": [\r\n
\"/opt/bin/bin.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\nMac:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-macos-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n
Encoded SHA256:
4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9\r\n
Decoded SHA256:
b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"/opt/exe.exe\"\r\n ]\r\n }\r\n ]\r\n
}\r\n```\r\n\r\nWindows:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-windows-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n
Encoded SHA256:
c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288\r\n
Decoded SHA256:
2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"C:\\\\path\\\\path.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"88bd71c0773d158ed1e6312075633ed85abc575e"}},"sourceBranch":"main","suggestedTargetBranches":["8.11","8.9"],"targetPullRequestStates":[{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164200","number":164200,"mergeCommit":{"message":"[Security
Solution] File paths for Blocklist Windows and Mac should be case
insensitive (elastic#164200)\n\n## Summary\r\n\r\nThis fixes a bug where
Windows and Mac Blocklist file path entries\r\nshould be passed as case
insensitive. This is because Mac and Windows\r\nare caseless for most
use cases.\r\n\r\nBug ticket:
https://github.com/elastic/kibana/issues/158581\r\n\r\nHere is how it
will be displayed in the UI:\r\n<img width=\"1728\"
alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/56395104/a3006397-f49e-4de0-818d-94e2de20dba3\">\r\n\r\nHere
are the breakdown of the artifacts after the
fix:\r\n\r\nLinux:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-linux-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n
Encoded SHA256:
a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0\r\n
Decoded SHA256:
f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_cased_any\",\r\n \"value\": [\r\n
\"/opt/bin/bin.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\nMac:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-macos-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n
Encoded SHA256:
4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9\r\n
Decoded SHA256:
b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"/opt/exe.exe\"\r\n ]\r\n }\r\n ]\r\n
}\r\n```\r\n\r\nWindows:\r\n```\r\n-------------------------------------------------------------------\r\nPolicy:
Protect\r\nManifest: 1.0.6 | v1\r\nArtifact:
endpoint-blocklist-windows-v1\r\n Relative URL:
/api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n
Encoded SHA256:
c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288\r\n
Decoded SHA256:
2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac\r\n-------------------------------------------------------------------\r\n\r\n{\r\n
\"entries\": [\r\n {\r\n \"type\": \"simple\",\r\n \"entries\": [\r\n
{\r\n \"field\": \"file.path\",\r\n \"operator\": \"included\",\r\n
\"type\": \"exact_caseless_any\",\r\n \"value\": [\r\n
\"C:\\\\path\\\\path.exe\"\r\n ]\r\n }\r\n ]\r\n }\r\n
]\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"88bd71c0773d158ed1e6312075633ed85abc575e"}},{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.9","label":"v8.9.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Kevin Logan <[email protected]>
Co-authored-by: Kevin Logan <[email protected]>
  • Loading branch information
@kibanamachine @kevinlog
3 people authored Aug 22, 2023
1 parent fd35b9a commit 2ac7591
Show file tree
Hide file tree
Showing 7 changed files with 91 additions and 22 deletions.
6 changes: 5 additions & 1 deletion packages/kbn-securitysolution-utils/src/path_validations/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@ export type TrustedAppConditionEntryField =
| 'process.hash.*'
| 'process.executable.caseless'
| 'process.Ext.code_signature';
export type BlocklistConditionEntryField = 'file.hash.*' | 'file.path' | 'file.Ext.code_signature';
export type BlocklistConditionEntryField =
| 'file.hash.*'
| 'file.path'
| 'file.Ext.code_signature'
| 'file.path.caseless';
export type AllConditionEntryFields =
| TrustedAppConditionEntryField
| BlocklistConditionEntryField
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/security_solution/public/management/cypress/fixtures/artifacts_page.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ export const getArtifactsListTestsData = (): ArtifactsFixtureType[] => [
},
{
type: 'click',
selector: 'blocklist-form-file.path',
selector: 'blocklist-form-file.path.caseless',
},
{
type: 'click',
Expand All @@ -382,7 +382,7 @@ export const getArtifactsListTestsData = (): ArtifactsFixtureType[] => [
{
selector: 'blocklistPage-card-criteriaConditions',
value:
'OSIS WindowsAND file.pathis one of\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
'OSIS WindowsAND file.path.caselessis one of\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
},
{
selector: 'blocklistPage-card-header-title',
Expand Down
12 changes: 12 additions & 0 deletions x-pack/plugins/security_solution/public/management/pages/blocklist/translations.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,12 @@ export const CONDITION_FIELD_TITLE: { [K in BlocklistConditionEntryField]: strin
'file.path': i18n.translate('xpack.securitySolution.blocklist.entry.field.path', {
defaultMessage: 'Path',
}),
'file.path.caseless': i18n.translate(
'xpack.securitySolution.blocklist.entry.field.path.caseless',
{
defaultMessage: 'Path',
}
),
'file.Ext.code_signature': i18n.translate(
'xpack.securitySolution.blocklist.entry.field.signature',
{ defaultMessage: 'Signature' }
Expand All @@ -89,6 +95,12 @@ export const CONDITION_FIELD_DESCRIPTION: { [K in BlocklistConditionEntryField]:
'file.path': i18n.translate('xpack.securitySolution.blocklist.entry.field.description.path', {
defaultMessage: 'The full path of the application',
}),
'file.path.caseless': i18n.translate(
'xpack.securitySolution.blocklist.entry.field.description.path.caseless',
{
defaultMessage: 'The full path of the application (case insenstive)',
}
),
'file.Ext.code_signature': i18n.translate(
'xpack.securitySolution.blocklist.entry.field.description.signature',
{ defaultMessage: 'The signer of the application' }
Expand Down
32 changes: 32 additions & 0 deletions ...curity_solution/public/management/pages/blocklist/view/components/blocklist_form.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,38 @@ describe('blocklist form', () => {
userEvent.click(screen.getByRole('option', { name: /path/i }));
const expected = createOnChangeArgs({
item: createItem({
entries: [createEntry('file.path.caseless', [])],
}),
});
expect(onChangeSpy).toHaveBeenCalledWith(expected);
});

it('should correctly create `file.path.caseless` when Mac OS is selected', async () => {
render(createProps({ item: createItem({ os_types: [OperatingSystem.MAC] }) }));
expect(screen.getByTestId('blocklist-form-os-select').textContent).toEqual('Mac');

userEvent.click(screen.getByTestId('blocklist-form-field-select'));
await waitForEuiPopoverOpen();
userEvent.click(screen.getByRole('option', { name: /path/i }));
const expected = createOnChangeArgs({
item: createItem({
os_types: [OperatingSystem.MAC],
entries: [createEntry('file.path.caseless', [])],
}),
});
expect(onChangeSpy).toHaveBeenCalledWith(expected);
});

it('should correctly create `file.path` when Linux is selected', async () => {
render(createProps({ item: createItem({ os_types: [OperatingSystem.LINUX] }) }));
expect(screen.getByTestId('blocklist-form-os-select').textContent).toEqual('Linux');

userEvent.click(screen.getByTestId('blocklist-form-field-select'));
await waitForEuiPopoverOpen();
userEvent.click(screen.getByRole('option', { name: /path/i }));
const expected = createOnChangeArgs({
item: createItem({
os_types: [OperatingSystem.LINUX],
entries: [createEntry('file.path', [])],
}),
});
Expand Down
33 changes: 25 additions & 8 deletions ...ns/security_solution/public/management/pages/blocklist/view/components/blocklist_form.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,14 +177,31 @@ export const BlockListForm = memo<ArtifactFormComponentProps>(
);

const fieldOptions: Array<EuiSuperSelectOption<BlocklistConditionEntryField>> = useMemo(() => {
const selectableFields: Array<EuiSuperSelectOption<BlocklistConditionEntryField>> = (
['file.hash.*', 'file.path'] as BlocklistConditionEntryField[]
).map((field) => ({
value: field,
inputDisplay: CONDITION_FIELD_TITLE[field],
dropdownDisplay: getDropdownDisplay(field),
'data-test-subj': getTestId(field),
}));
const selectableFields: Array<EuiSuperSelectOption<BlocklistConditionEntryField>> = [];

selectableFields.push({
value: 'file.hash.*',
inputDisplay: CONDITION_FIELD_TITLE['file.hash.*'],
dropdownDisplay: getDropdownDisplay('file.hash.*'),
'data-test-subj': getTestId('file.hash.*'),
});

if (selectedOs === OperatingSystem.LINUX) {
selectableFields.push({
value: 'file.path',
inputDisplay: CONDITION_FIELD_TITLE['file.path'],
dropdownDisplay: getDropdownDisplay('file.path'),
'data-test-subj': getTestId('file.path'),
});
} else {
selectableFields.push({
value: 'file.path.caseless',
inputDisplay: CONDITION_FIELD_TITLE['file.path.caseless'],
dropdownDisplay: getDropdownDisplay('file.path.caseless'),
'data-test-subj': getTestId('file.path.caseless'),
});
}

if (selectedOs === OperatingSystem.WINDOWS) {
selectableFields.push({
value: 'file.Ext.code_signature',
Expand Down
6 changes: 5 additions & 1 deletion ...ins/security_solution/server/lists_integration/endpoint/validators/blocklist_validator.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,16 @@ import { isValidHash } from '../../../../common/endpoint/service/artifacts/valid
import { EndpointArtifactExceptionValidationError } from './errors';

const allowedHashes: Readonly<string[]> = ['file.hash.md5', 'file.hash.sha1', 'file.hash.sha256'];
const allowedFilePaths: Readonly<string[]> = ['file.path', 'file.path.caseless'];

const FileHashField = schema.oneOf(
allowedHashes.map((hash) => schema.literal(hash)) as [Type<string>]
);

const FilePath = schema.literal('file.path');
const FilePath = schema.oneOf(
allowedFilePaths.map((path) => schema.literal(path)) as [Type<string>]
);

const FileCodeSigner = schema.literal('file.Ext.code_signature');

const ConditionEntryTypeSchema = schema.literal('match_any');
Expand Down
20 changes: 10 additions & 10 deletions x-pack/test/security_solution_endpoint/apps/integrations/mocks.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ export const getArtifactsListTestsData = () => [
},
{
type: 'click',
selector: 'blocklist-form-file.path',
selector: 'blocklist-form-file.path.caseless',
},
{
type: 'clear',
Expand All @@ -422,7 +422,7 @@ export const getArtifactsListTestsData = () => [
{
selector: 'blocklistPage-card-criteriaConditions',
value:
'OSIS Windows\nAND file.pathIS ONE OF\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
'OSIS Windows\nAND file.path.caselessIS ONE OF\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
},
{
selector: 'blocklistPage-card-header-title',
Expand All @@ -434,7 +434,7 @@ export const getArtifactsListTestsData = () => [
},
],
waitForValue:
'OSIS Windows\nAND file.pathIS ONE OF\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
'OSIS Windows\nAND file.path.caselessIS ONE OF\nc:\\randomFolder\\randomFile.exe\nc:\\randomFolder\\randomFile2.exe',
},
delete: {
confirmSelector: 'blocklistDeletionConfirm',
Expand Down Expand Up @@ -479,14 +479,14 @@ export const getArtifactsListTestsData = () => [
type: 'blocklist',
identifier: 'endpoint-blocklist-windows-v1',
relative_url:
'/api/fleet/artifacts/endpoint-blocklist-windows-v1/2df413b3c01b54be7e9106e92c39297ca72d32bcd626c3f7eb7d395db8e905fe',
body: 'eJx9jcEKwjAQRH9F9iwePOYD/IlWypKdYmCbhCSVltJ/dysieJE5zbxhZiPEVgIquW6jtmaQoxqmrKDzDxsDVAyOQXHJ3B7GU0bhlorFIXqdBWLpZwUL+zZ4rpCB42rgyTob6ci7vi8cJU23pILydcc2luP69K9zfZfu+6EXorpEbA==',
'/api/fleet/artifacts/endpoint-blocklist-windows-v1/3ead6ce4e34cb4411083a44bfe813d9442d296981ee8d56e727e6cff14dea0f0',
body: 'eJx9jUEKwzAQA79S9lx66NEP6CeSEhZboYaNbWynJIT8vetSArkUnaQR0kYINXsUMt1GdU0gQ8VPSUDXExs9xCkcveCWuL6Ux4TMNWaNfbAyOzhNfytY2NbBcoGglIHDquzNMivsyJq+zxxcnB5RHPLh2jyW9n7517l/S8+96QOI6kW/',
encryption_algorithm: 'none',
package_name: 'endpoint',
encoded_size: 130,
encoded_sha256: '3fb42b56c16ef38f8ecb62c082a7f3dddf4a52998a83c97d16688e854e15a502',
decoded_size: 194,
decoded_sha256: '2df413b3c01b54be7e9106e92c39297ca72d32bcd626c3f7eb7d395db8e905fe',
encoded_size: 132,
encoded_sha256: '9f81934389ff29599c0b0f16aa91b9f5cebd95d51271a47ea469662a61a29884',
decoded_size: 197,
decoded_sha256: '3ead6ce4e34cb4411083a44bfe813d9442d296981ee8d56e727e6cff14dea0f0',
compression_algorithm: 'zlib',
created: '2000-01-01T00:00:00.000Z',
}),
Expand All @@ -498,7 +498,7 @@ export const getArtifactsListTestsData = () => [
{
field: 'file.path',
operator: 'included',
type: 'exact_cased_any',
type: 'exact_caseless_any',
value: ['c:\\randomFolder\\randomFile.exe', ' c:\\randomFolder\\randomFile2.exe'],
},
],
Expand Down

0 comments on commit 2ac7591

Please sign in to comment.