[Security Solution] fix blocklist path validation (#129124) (#129141)

(cherry picked from commit 1803cf448a) Co-authored-by: Joey F. Poon <joey.poon@elastic.co>
2025-04-24 01:38:56 -04:00 · 2022-03-31 17:48:34 -04:00 · 2022-03-31 17:48:34 -04:00 · 611c5238d9
commit 611c5238d9
parent 35db4e188d
1 changed files with 11 additions and 3 deletions
--- a/packages/kbn-securitysolution-utils/src/path_validations/index.ts
+++ b/packages/kbn-securitysolution-utils/src/path_validations/index.ts
@ -34,7 +34,10 @@ export type TrustedAppConditionEntryField =
  | 'process.executable.caseless'
  | 'process.Ext.code_signature';
 export type BlocklistConditionEntryField = 'file.hash.*' | 'file.path' | 'file.Ext.code_signature';
-export type AllConditionEntryFields = TrustedAppConditionEntryField | BlocklistConditionEntryField;
+export type AllConditionEntryFields =
+  | TrustedAppConditionEntryField
+  | BlocklistConditionEntryField
+  | 'file.path.text';

 export const enum OperatingSystem {
  LINUX = 'linux',
@ -105,11 +108,16 @@ export const isPathValid = ({
  value,
 }: {
  os: OperatingSystem;
-  field: AllConditionEntryFields | 'file.path.text';
+  field: AllConditionEntryFields;
  type: EntryTypes;
  value: string;
 }): boolean => {
-  if (field === ConditionEntryField.PATH || field === 'file.path.text') {
+  const pathFields: AllConditionEntryFields[] = [
+    'process.executable.caseless',
+    'file.path',
+    'file.path.text',
+  ];
+  if (pathFields.includes(field)) {
    if (type === 'wildcard') {
      return os === OperatingSystem.WINDOWS
        ? isWindowsWildcardPathValid(value)