[8.x] [SecuritySolution] Update file validation because the file type is empty on windows (#199791) (#200189)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolution] Update file validation because the file type is
empty on windows
(#199791)](https://github.com/elastic/kibana/pull/199791)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2024-11-14T13:55:21Z","message":"[SecuritySolution]
Update file validation because the file type is empty on windows
(#199791)\n\n## Summary\r\n\r\nBug: On Windows, we can't select TSV
files or drag them to the file\r\npicker. This error happens because we
have a validation for the file\r\ntype, and for some reason, on Windows,
it is an empty string 🤡 .\r\n\r\nI updated the file validation logic to
allow empty strings for file\r\ntypes and added one extra value to the
acceptable types, `.tsv`. So,\r\nwhen the mime type checks fail, it will
accept any files with the `tsv`\r\nextension.\r\n\r\n\r\nI desk-tested
it on Windows-edge, Windows-chrome, Mac-chrome and
it\r\nworks.\r\n\r\n### How to test it?\r\n* ON A WINDOWS MACHINE\r\n*
Open the security solution app and navigate to the entity store
page\r\n* Drag a TSV file created on a Windows machine; the file should
be\r\naccepted\r\n* Click on the \"select file\" button and select a TSV
file created on a\r\nWindows machine\r\n* Both methods should allow you
to select the file, and you should be\r\nable to proceed with the bulk
upload\r\n\r\n#### Do I need to checkout your code and start
kibana?\r\nIf you are a lazy person like me, you can test the feature
using the\r\ncloud
deployment\r\n[here](https://kibana-pr-199791.kb.us-west2.gcp.elastic-cloud.com/app/security/entity_analytics_entity_store).\r\nYou
can get the login/password using Vault. The instructions are on
the\r\nlatest Cloud Deployment link, or ask me for
credentials.\r\n\r\n#### What if I don't have a Windows machine?\r\nBuy
one. I am kidding. 🤡 \r\nYou can follow
[this\r\ntutorial](https://github.com/elastic/security-team/blob/main/tools/sec-eng-prod/sep-vms/README.md#setup)\r\nto
deploy it to gcloud, and connect to it using RDP.\r\nBut If you are lazy
like me, you can ask me for my Windows 11 cloud\r\ndeployment
credentials.\r\n\r\n_Obs. You need an app to access the cloud deployment
via RDP. The\r\n\"Windows App\" can be easily downloaded from the App
Store on Mac._\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"ac32a056ef6897d0b685da8b444c399294a5e53e","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:
SecuritySolution","Theme: entity_analytics","Feature:Entity
Analytics","Team:Entity
Analytics","backport:version","v8.17.0","v8.16.1"],"title":"[SecuritySolution]
Update file validation because the file type is empty on
windows","number":199791,"url":"https://github.com/elastic/kibana/pull/199791","mergeCommit":{"message":"[SecuritySolution]
Update file validation because the file type is empty on windows
(#199791)\n\n## Summary\r\n\r\nBug: On Windows, we can't select TSV
files or drag them to the file\r\npicker. This error happens because we
have a validation for the file\r\ntype, and for some reason, on Windows,
it is an empty string 🤡 .\r\n\r\nI updated the file validation logic to
allow empty strings for file\r\ntypes and added one extra value to the
acceptable types, `.tsv`. So,\r\nwhen the mime type checks fail, it will
accept any files with the `tsv`\r\nextension.\r\n\r\n\r\nI desk-tested
it on Windows-edge, Windows-chrome, Mac-chrome and
it\r\nworks.\r\n\r\n### How to test it?\r\n* ON A WINDOWS MACHINE\r\n*
Open the security solution app and navigate to the entity store
page\r\n* Drag a TSV file created on a Windows machine; the file should
be\r\naccepted\r\n* Click on the \"select file\" button and select a TSV
file created on a\r\nWindows machine\r\n* Both methods should allow you
to select the file, and you should be\r\nable to proceed with the bulk
upload\r\n\r\n#### Do I need to checkout your code and start
kibana?\r\nIf you are a lazy person like me, you can test the feature
using the\r\ncloud
deployment\r\n[here](https://kibana-pr-199791.kb.us-west2.gcp.elastic-cloud.com/app/security/entity_analytics_entity_store).\r\nYou
can get the login/password using Vault. The instructions are on
the\r\nlatest Cloud Deployment link, or ask me for
credentials.\r\n\r\n#### What if I don't have a Windows machine?\r\nBuy
one. I am kidding. 🤡 \r\nYou can follow
[this\r\ntutorial](https://github.com/elastic/security-team/blob/main/tools/sec-eng-prod/sep-vms/README.md#setup)\r\nto
deploy it to gcloud, and connect to it using RDP.\r\nBut If you are lazy
like me, you can ask me for my Windows 11 cloud\r\ndeployment
credentials.\r\n\r\n_Obs. You need an app to access the cloud deployment
via RDP. The\r\n\"Windows App\" can be easily downloaded from the App
Store on Mac._\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"ac32a056ef6897d0b685da8b444c399294a5e53e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199791","number":199791,"mergeCommit":{"message":"[SecuritySolution]
Update file validation because the file type is empty on windows
(#199791)\n\n## Summary\r\n\r\nBug: On Windows, we can't select TSV
files or drag them to the file\r\npicker. This error happens because we
have a validation for the file\r\ntype, and for some reason, on Windows,
it is an empty string 🤡 .\r\n\r\nI updated the file validation logic to
allow empty strings for file\r\ntypes and added one extra value to the
acceptable types, `.tsv`. So,\r\nwhen the mime type checks fail, it will
accept any files with the `tsv`\r\nextension.\r\n\r\n\r\nI desk-tested
it on Windows-edge, Windows-chrome, Mac-chrome and
it\r\nworks.\r\n\r\n### How to test it?\r\n* ON A WINDOWS MACHINE\r\n*
Open the security solution app and navigate to the entity store
page\r\n* Drag a TSV file created on a Windows machine; the file should
be\r\naccepted\r\n* Click on the \"select file\" button and select a TSV
file created on a\r\nWindows machine\r\n* Both methods should allow you
to select the file, and you should be\r\nable to proceed with the bulk
upload\r\n\r\n#### Do I need to checkout your code and start
kibana?\r\nIf you are a lazy person like me, you can test the feature
using the\r\ncloud
deployment\r\n[here](https://kibana-pr-199791.kb.us-west2.gcp.elastic-cloud.com/app/security/entity_analytics_entity_store).\r\nYou
can get the login/password using Vault. The instructions are on
the\r\nlatest Cloud Deployment link, or ask me for
credentials.\r\n\r\n#### What if I don't have a Windows machine?\r\nBuy
one. I am kidding. 🤡 \r\nYou can follow
[this\r\ntutorial](https://github.com/elastic/security-team/blob/main/tools/sec-eng-prod/sep-vms/README.md#setup)\r\nto
deploy it to gcloud, and connect to it using RDP.\r\nBut If you are lazy
like me, you can ask me for my Windows 11 cloud\r\ndeployment
credentials.\r\n\r\n_Obs. You need an app to access the cloud deployment
via RDP. The\r\n\"Windows App\" can be easily downloaded from the App
Store on Mac._\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"ac32a056ef6897d0b685da8b444c399294a5e53e"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>

x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/constants.ts

@@ -5,5 +5,11 @@
  * 2.0.
  */
 
-export const SUPPORTED_FILE_TYPES = ['text/csv', 'text/plain', 'text/tab-separated-values'];
+export const SUPPORTED_FILE_TYPES = [
+  'text/csv',
+  'text/plain',
+  'text/tab-separated-values',
+  '.tsv', // Useful for Windows when it can't recognise the file extension.
+  '.csv', // Useful for Windows when it can't recognise the file extension.
+];
 export const SUPPORTED_FILE_EXTENSIONS = ['CSV', 'TXT', 'TSV'];

x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/hooks.test.ts

@@ -37,12 +37,13 @@ describe('useFileValidation', () => {
   test('should call onError when an error occurs', () => {
     const onErrorMock = jest.fn();
     const onCompleteMock = jest.fn();
+    const invalidFileType = 'invalid file type';
 
     const { result } = renderHook(
       () => useFileValidation({ onError: onErrorMock, onComplete: onCompleteMock }),
       { wrapper: TestProviders }
     );
-    result.current(new File([invalidLine], 'test.csv'));
+    result.current(new File([invalidLine], 'test.csv', { type: invalidFileType }));
 
     expect(onErrorMock).toHaveBeenCalled();
     expect(onCompleteMock).not.toHaveBeenCalled();

x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/validations.test.ts

@@ -56,6 +56,14 @@ describe('validateFile', () => {
     expect(result.valid).toBe(true);
   });
 
+  it('should return valid if the mime type is empty (Windows)', () => {
+    const file = new File(['file content'], 'test.csv', { type: '' });
+
+    const result = validateFile(file, formatBytes);
+
+    expect(result.valid).toBe(true);
+  });
+
   it('should return an error message if the file type is invalid', () => {
     const file = new File(['file content'], 'test.txt', { type: 'invalid-type' });
 

x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/validations.ts

@@ -53,7 +53,10 @@ export const validateFile = (
   file: File,
   formatBytes: (bytes: number) => string
 ): { valid: false; errorMessage: string; code: string } | { valid: true } => {
-  if (!SUPPORTED_FILE_TYPES.includes(file.type)) {
+  if (
+    file.type !== '' && // file.type might be an empty string on windows
+    !SUPPORTED_FILE_TYPES.includes(file.type)
+  ) {
     return {
       valid: false,
       code: 'unsupported_file_type',