[Security Solution][Endpoint, Lists] Enable the ability for creating Exceptions Items that contain wildcard entries (#120679) (#120852)

* Fix parsing of errros in trusted apps creation dialog to support Exceptions API structure
* add Match Wildcard entry to the list of allowed entries for Endpoint exceptions
* Add additional test for wildcard entry and included it in array of entries

Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>

packages/kbn-securitysolution-io-ts-list-types/src/common/endpoint/entries/index.mock.ts

@@ -10,9 +10,11 @@ import { EndpointEntriesArray } from '.';
 import { getEndpointEntryMatchMock } from '../entry_match/index.mock';
 import { getEndpointEntryMatchAnyMock } from '../entry_match_any/index.mock';
 import { getEndpointEntryNestedMock } from '../entry_nested/index.mock';
+import { getEndpointEntryMatchWildcard } from '../entry_match_wildcard/index.mock';
 
 export const getEndpointEntriesArrayMock = (): EndpointEntriesArray => [
   getEndpointEntryMatchMock(),
   getEndpointEntryMatchAnyMock(),
   getEndpointEntryNestedMock(),
+  getEndpointEntryMatchWildcard(),
 ];

packages/kbn-securitysolution-io-ts-list-types/src/common/endpoint/entries/index.test.ts

@@ -20,6 +20,7 @@ import { getEndpointEntryNestedMock } from '../entry_nested/index.mock';
 import { getEndpointEntriesArrayMock } from './index.mock';
 import { getEntryListMock } from '../../entries_list/index.mock';
 import { getEntryExistsMock } from '../../entries_exist/index.mock';
+import { getEndpointEntryMatchWildcard } from '../entry_match_wildcard/index.mock';
 
 describe('Endpoint', () => {
   describe('entriesArray', () => {
@@ -99,6 +100,15 @@ describe('Endpoint', () => {
       expect(message.schema).toEqual(payload);
     });
 
+    test('it should validate an array with wildcard entry', () => {
+      const payload = [getEndpointEntryMatchWildcard()];
+      const decoded = endpointEntriesArray.decode(payload);
+      const message = pipe(decoded, foldLeftRight);
+
+      expect(getPaths(left(message.errors))).toEqual([]);
+      expect(message.schema).toEqual(payload);
+    });
+
     test('it should validate an array with all types of entries', () => {
       const payload = getEndpointEntriesArrayMock();
       const decoded = endpointEntriesArray.decode(payload);

packages/kbn-securitysolution-io-ts-list-types/src/common/endpoint/entries/index.ts

@@ -11,9 +11,15 @@ import { Either } from 'fp-ts/lib/Either';
 import { endpointEntryMatch } from '../entry_match';
 import { endpointEntryMatchAny } from '../entry_match_any';
 import { endpointEntryNested } from '../entry_nested';
+import { endpointEntryMatchWildcard } from '../entry_match_wildcard';
 
 export const endpointEntriesArray = t.array(
-  t.union([endpointEntryMatch, endpointEntryMatchAny, endpointEntryNested])
+  t.union([
+    endpointEntryMatch,
+    endpointEntryMatchAny,
+    endpointEntryMatchWildcard,
+    endpointEntryNested,
+  ])
 );
 export type EndpointEntriesArray = t.TypeOf<typeof endpointEntriesArray>;
 

packages/kbn-securitysolution-io-ts-list-types/src/common/endpoint/entry_match_wildcard/index.mock.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { ENTRY_VALUE, FIELD, OPERATOR, WILDCARD } from '../../../constants/index.mock';
+import { EndpointEntryMatchWildcard } from './index';
+
+export const getEndpointEntryMatchWildcard = (): EndpointEntryMatchWildcard => ({
+  field: FIELD,
+  operator: OPERATOR,
+  type: WILDCARD,
+  value: ENTRY_VALUE,
+});

x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/create_trusted_app_flyout.tsx

@@ -43,7 +43,7 @@ import {
 import { AppAction } from '../../../../../common/store/actions';
 import { useTrustedAppsSelector } from '../hooks';
 
-import { ABOUT_TRUSTED_APPS, CREATE_TRUSTED_APP_ERROR } from '../translations';
+import { ABOUT_TRUSTED_APPS } from '../translations';
 import { defaultNewTrustedApp } from '../../store/builders';
 import { getTrustedAppsListPath } from '../../../../common/routing';
 import { useKibana, useToasts } from '../../../../../common/lib/kibana';
@@ -84,35 +84,9 @@ export const CreateTrustedAppFlyout = memo<CreateTrustedAppFlyoutProps>(
       };
     }, [isLoadingPolicies, policyList]);
 
-    const creationErrorsMessage = useMemo<string | undefined>(() => {
-      let errorMessage = creationErrors
-        ? CREATE_TRUSTED_APP_ERROR[creationErrors.message.replace(/(\[(.*)\]\: )/, '')] ||
-          creationErrors.message
-        : undefined;
-
-      if (
-        creationErrors &&
-        creationErrors.attributes &&
-        creationErrors.attributes.type === 'TrustedApps/PolicyNotFound'
-      ) {
-        policies.options.forEach((policy) => {
-          errorMessage = errorMessage?.replace(policy.id, policy.name);
-        });
-      } else if (
-        creationErrors &&
-        creationErrors.attributes &&
-        creationErrors.attributes.type === 'EndpointLicenseError'
-      ) {
-        errorMessage = i18n.translate(
-          'xpack.securitySolution.trustedapps.createTrustedAppFlyout.byPolicyLicenseError',
-          {
-            defaultMessage:
-              'Your Kibana license has been downgraded. As such, individual policy configuration is no longer supported.',
-          }
-        );
-      }
-      return errorMessage;
-    }, [creationErrors, policies]);
+    const creationErrorsMessage = useMemo<CreateTrustedAppFormProps['error'] | undefined>(() => {
+      return creationErrors?.message ?? [];
+    }, [creationErrors]);
 
     const getTestId = useTestIdGenerator(dataTestSubj);
 

x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/translations.ts

@@ -88,39 +88,6 @@ export const LIST_VIEW_TOGGLE_LABEL = i18n.translate(
   }
 );
 
-export const CREATE_TRUSTED_APP_ERROR: { [K in string]: string } = {
-  [`duplicatedEntry.${ConditionEntryField.HASH}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.hash',
-    { defaultMessage: 'Hash value can only be used once. Please enter a single valid hash.' }
-  ),
-  [`duplicatedEntry.${ConditionEntryField.PATH}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.path',
-    { defaultMessage: 'Path value can only be used once. Please enter a single valid path.' }
-  ),
-  [`duplicatedEntry.${ConditionEntryField.SIGNER}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.signature',
-    {
-      defaultMessage:
-        'Signature value can only be used once. Please enter a single valid signature.',
-    }
-  ),
-  [`invalidField.${ConditionEntryField.HASH}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.hash',
-    {
-      defaultMessage:
-        'An invalid Hash was entered. Please enter in a valid Hash (md5, sha1, or sha256).',
-    }
-  ),
-  [`invalidField.${ConditionEntryField.PATH}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.path',
-    { defaultMessage: 'An invalid Path was entered. Please enter in a valid Path.' }
-  ),
-  [`invalidField.${ConditionEntryField.SIGNER}`]: i18n.translate(
-    'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.signature',
-    { defaultMessage: 'An invalid Signature was entered. Please enter in a valid Signature.' }
-  ),
-};
-
 export const SEARCH_TRUSTED_APP_PLACEHOLDER = i18n.translate(
   'xpack.securitySolution.trustedapps.list.search.placeholder',
   {

x-pack/plugins/translations/translations/ja-JP.json

@@ -23999,7 +23999,6 @@
     "xpack.securitySolution.trustedapps.create.nameRequiredMsg": "名前が必要です",
     "xpack.securitySolution.trustedapps.create.os": "オペレーティングシステムを選択",
     "xpack.securitySolution.trustedapps.create.osRequiredMsg": "オペレーティングシステムは必須です",
-    "xpack.securitySolution.trustedapps.createTrustedAppFlyout.byPolicyLicenseError": "Kibanaライセンスがダウングレードされました。このため、個別のポリシー構成はサポートされなくなります。",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.cancelButton": "キャンセル",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.createSaveButton": "信頼できるアプリケーションを追加",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.createTitle": "信頼できるアプリケーションを追加",
@@ -24033,12 +24032,6 @@
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.hash": "md5、sha1、sha256",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.path": "アプリケーションの完全パス",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.signature": "アプリケーションの署名者",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.hash": "ハッシュ値は1回だけ使用できます。有効なハッシュを1つ入力してください。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.path": "パス値は1回だけ使用できます。1つの有効なパスを入力してください。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.signature": "署名値は1回だけ使用できます。1つの有効な署名を入力してください。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.hash": "無効なハッシュが入力されました。有効なハッシュを入力してください（md5、sha1、sha256）。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.path": "無効なパスが入力されました。有効なパスを入力してください。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.signature": "無効な署名が入力されました。有効な署名を入力してください。",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.hash": "ハッシュ",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.path": "パス",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.signature": "署名",

x-pack/plugins/translations/translations/zh-CN.json

@@ -24398,7 +24398,6 @@
     "xpack.securitySolution.trustedapps.create.nameRequiredMsg": "“名称”必填",
     "xpack.securitySolution.trustedapps.create.os": "选择操作系统",
     "xpack.securitySolution.trustedapps.create.osRequiredMsg": "“操作系统”必填",
-    "xpack.securitySolution.trustedapps.createTrustedAppFlyout.byPolicyLicenseError": "您的 Kibana 许可证已降级。因此，将不再支持单个策略配置。",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.cancelButton": "取消",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.createSaveButton": "添加受信任的应用程序",
     "xpack.securitySolution.trustedapps.createTrustedAppFlyout.createTitle": "添加受信任的应用程序",
@@ -24434,12 +24433,6 @@
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.hash": "md5、sha1 或 sha256",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.path": "应用程序的完全路径",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.description.signature": "应用程序的签名者",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.hash": "哈希值只能使用一次。请输入单个有效哈希。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.path": "路径值只能使用一次。请输入单个有效路径。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.duplicated.signature": "签名值只能使用一次。请输入单个有效签名。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.hash": "输入的哈希无效。请输入有效的哈希（md5、sha1 或 sha256）。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.path": "输入的路径无效。请输入有效的路径。",
-    "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.error.invalid.signature": "输入的签名无效。请输入有效的签名。",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.hash": "哈希",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.path": "路径",
     "xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.signature": "签名",