[Security Solution][Exceptions] - Fix how entry conditions for is in list is displayed (#137236) (#137341)

## Summary Addresses issue #137156 (cherry picked from commit 4f0950fc6f) Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2022-07-27 16:32:58 -04:00 · 2022-07-27 16:32:58 -04:00 · 4a01c553f6
commit 4a01c553f6
parent b4f938d7a6
2 changed files with 48 additions and 2 deletions
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/viewer/exception_item_card/exception_item_card_conditions.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/viewer/exception_item_card/exception_item_card_conditions.test.tsx
@ -73,6 +73,21 @@ describe('ExceptionItemCardConditions', () => {
              type: 'match',
              value: 'host',
            },
+            {
+              field: 'user.name',
+              operator: 'included',
+              type: 'wildcard',
+              value: 'foo*',
+            },
+            {
+              field: 'host.name',
+              list: {
+                id: 'ips.txt',
+                type: 'keyword',
+              },
+              operator: 'included',
+              type: 'list',
+            },
            {
              field: 'threat.indicator.port',
              operator: 'included',
@ -103,9 +118,15 @@ describe('ExceptionItemCardConditions', () => {
    ).toEqual(' host.nameIS host');
    expect(
      wrapper.find('[data-test-subj="exceptionItemConditions-condition"]').at(1).text()
-    ).toEqual('AND threat.indicator.portexists ');
+    ).toEqual('AND user.nameMATCHES foo*');
    expect(
      wrapper.find('[data-test-subj="exceptionItemConditions-condition"]').at(2).text()
+    ).toEqual('AND host.nameincluded in ips.txt');
+    expect(
+      wrapper.find('[data-test-subj="exceptionItemConditions-condition"]').at(3).text()
+    ).toEqual('AND threat.indicator.portexists ');
+    expect(
+      wrapper.find('[data-test-subj="exceptionItemConditions-condition"]').at(4).text()
    ).toEqual('AND file.Ext.code_signature  validIS true');
  });
 });
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/viewer/exception_item_card/exception_item_card_conditions.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/viewer/exception_item_card/exception_item_card_conditions.tsx
@ -9,6 +9,12 @@ import React, { memo, useMemo, useCallback } from 'react';
 import { EuiExpression, EuiToken, EuiFlexGroup, EuiFlexItem, EuiBadge } from '@elastic/eui';
 import styled from 'styled-components';
 import type {
+  EntryExists,
+  EntryList,
+  EntryMatch,
+  EntryMatchAny,
+  EntryMatchWildcard,
+  EntryNested,
  ExceptionListItemSchema,
  NonEmptyNestedEntriesArray,
 } from '@kbn/securitysolution-io-ts-list-types';
@ -119,6 +125,25 @@ export const ExceptionItemCardConditions = memo<CriteriaConditionsProps>(
      [dataTestSubj]
    );

+    const getValue = useCallback(
+      (
+        entry:
+          | EntryExists
+          | EntryList
+          | EntryMatch
+          | EntryMatchAny
+          | EntryMatchWildcard
+          | EntryNested
+      ) => {
+        if (entry.type === 'list') {
+          return entry.list.id;
+        } else {
+          return 'value' in entry ? entry.value : '';
+        }
+      },
+      []
+    );
+
    return (
      <div data-test-subj={dataTestSubj}>
        {osLabel != null && (
@ -131,7 +156,7 @@ export const ExceptionItemCardConditions = memo<CriteriaConditionsProps>(
        )}
        {entries.map((entry, index) => {
          const { field, type } = entry;
-          const value = 'value' in entry ? entry.value : '';
+          const value = getValue(entry);
          const nestedEntries = 'entries' in entry ? entry.entries : [];
          const operator = 'operator' in entry ? entry.operator : '';