diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts index 6010a339b000..e3af5d989542 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_create_handler.ts @@ -12,9 +12,10 @@ import { import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { EventFilterValidator, TrustedAppValidator } from '../validators'; +type ValidatorCallback = ExceptionsListPreCreateItemServerExtension['callback']; export const getExceptionsPreCreateItemHandler = ( endpointAppContext: EndpointAppContextService -): ExceptionsListPreCreateItemServerExtension['callback'] => { +): ValidatorCallback => { return async function ({ data, context: { request } }): Promise { // Validate trusted apps if (TrustedAppValidator.isTrustedApp(data)) { diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts index d328219eed4e..dd04e386c19c 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_delete_item_handler.ts @@ -8,11 +8,13 @@ import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreDeleteItemServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators/trusted_app_validator'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreDeleteItemServerExtension['callback']; export const getExceptionsPreDeleteItemHandler = ( - endpointAppContext: EndpointAppContextService -): ExceptionsListPreDeleteItemServerExtension['callback'] => { + endpointAppContextService: EndpointAppContextService +): ValidatorCallback => { return async function ({ data, context: { request, exceptionListClient } }) { if (data.namespaceType !== 'agnostic') { return data; @@ -29,12 +31,18 @@ export const getExceptionsPreDeleteItemHandler = ( return data; } + // Validate Trusted Applications + if (TrustedAppValidator.isTrustedApp({ listId: exceptionItem.list_id })) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreDeleteItem(); + return data; + } // Host Isolation Exception if (HostIsolationExceptionsValidator.isHostIsolationException(exceptionItem.list_id)) { await new HostIsolationExceptionsValidator( - endpointAppContext, + endpointAppContextService, request ).validatePreDeleteItem(); + return data; } return data; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts index 6904e7942ac2..8ba4f0071e45 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_export_handler.ts @@ -7,11 +7,13 @@ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreExportServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators/trusted_app_validator'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreExportServerExtension['callback']; export const getExceptionsPreExportHandler = ( endpointAppContextService: EndpointAppContextService -): ExceptionsListPreExportServerExtension['callback'] => { +): ValidatorCallback => { return async function ({ data, context: { request, exceptionListClient } }) { const { listId: maybeListId, id } = data; let listId: string | null | undefined = maybeListId; @@ -24,12 +26,18 @@ export const getExceptionsPreExportHandler = ( return data; } + // Validate Trusted Applications + if (TrustedAppValidator.isTrustedApp({ listId })) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreExport(); + return data; + } // Host Isolation Exceptions validations if (HostIsolationExceptionsValidator.isHostIsolationException(listId)) { await new HostIsolationExceptionsValidator( endpointAppContextService, request ).validatePreExport(); + return data; } return data; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts index 9c72e6b5f44c..a8ea7e72c651 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_get_one_handler.ts @@ -8,11 +8,13 @@ import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreGetOneItemServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators/trusted_app_validator'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreGetOneItemServerExtension['callback']; export const getExceptionsPreGetOneHandler = ( endpointAppContextService: EndpointAppContextService -): ExceptionsListPreGetOneItemServerExtension['callback'] => { +): ValidatorCallback => { return async function ({ data, context: { request, exceptionListClient } }) { if (data.namespaceType !== 'agnostic') { return data; @@ -29,13 +31,17 @@ export const getExceptionsPreGetOneHandler = ( return data; } + // Validate Trusted Applications + if (TrustedAppValidator.isTrustedApp({ listId: exceptionItem.list_id })) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreGetOneItem(); + return data; + } // validate Host Isolation Exception if (HostIsolationExceptionsValidator.isHostIsolationException(exceptionItem.list_id)) { await new HostIsolationExceptionsValidator( endpointAppContextService, request ).validatePreGetOneItem(); - return data; } diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts index c1fe425abef8..96262e5e4459 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts @@ -9,23 +9,23 @@ import { ExceptionsListPreImportServerExtension } from '../../../../../lists/ser import { EndpointArtifactExceptionValidationError } from '../validators/errors'; import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../../common/endpoint/service/artifacts/constants'; -export const getExceptionsPreImportHandler = - (): ExceptionsListPreImportServerExtension['callback'] => { - return async ({ data }) => { - const hasEndpointArtifactListOrListItems = [...data.lists, ...data.items].some((item) => { - if ('list_id' in item) { - return ALL_ENDPOINT_ARTIFACT_LIST_IDS.includes(item.list_id); - } - - return false; - }); - - if (hasEndpointArtifactListOrListItems) { - throw new EndpointArtifactExceptionValidationError( - 'Import is not supported for Endpoint artifact exceptions' - ); +type ValidatorCallback = ExceptionsListPreImportServerExtension['callback']; +export const getExceptionsPreImportHandler = (): ValidatorCallback => { + return async ({ data }) => { + const hasEndpointArtifactListOrListItems = [...data.lists, ...data.items].some((item) => { + if ('list_id' in item) { + return ALL_ENDPOINT_ARTIFACT_LIST_IDS.includes(item.list_id); } - return data; - }; + return false; + }); + + if (hasEndpointArtifactListOrListItems) { + throw new EndpointArtifactExceptionValidationError( + 'Import is not supported for Endpoint artifact exceptions' + ); + } + + return data; }; +}; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts index 6ce8f5b3ecc2..6c3e8b1c8c70 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_multi_list_find_handler.ts @@ -7,22 +7,30 @@ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreMultiListFindServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators/trusted_app_validator'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreMultiListFindServerExtension['callback']; export const getExceptionsPreMultiListFindHandler = ( - endpointAppContext: EndpointAppContextService -): ExceptionsListPreMultiListFindServerExtension['callback'] => { + endpointAppContextService: EndpointAppContextService +): ValidatorCallback => { return async function ({ data, context: { request } }) { if (!data.namespaceType.includes('agnostic')) { return data; } + // validate Trusted application + if (data.listId.some((id) => TrustedAppValidator.isTrustedApp({ listId: id }))) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreMultiListFind(); + return data; + } // Validate Host Isolation Exceptions if (data.listId.some(HostIsolationExceptionsValidator.isHostIsolationException)) { await new HostIsolationExceptionsValidator( - endpointAppContext, + endpointAppContextService, request ).validatePreMultiListFind(); + return data; } return data; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts index 3f4ca0c99642..e1bf31f9a739 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_single_list_find_handler.ts @@ -7,22 +7,29 @@ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreSingleListFindServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators/trusted_app_validator'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreSingleListFindServerExtension['callback']; export const getExceptionsPreSingleListFindHandler = ( - endpointAppContext: EndpointAppContextService -): ExceptionsListPreSingleListFindServerExtension['callback'] => { + endpointAppContextService: EndpointAppContextService +): ValidatorCallback => { return async function ({ data, context: { request } }) { if (data.namespaceType !== 'agnostic') { return data; } // Validate Host Isolation Exceptions + if (TrustedAppValidator.isTrustedApp({ listId: data.listId })) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreSingleListFind(); + return data; + } if (HostIsolationExceptionsValidator.isHostIsolationException(data.listId)) { await new HostIsolationExceptionsValidator( - endpointAppContext, + endpointAppContextService, request ).validatePreSingleListFind(); + return data; } return data; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts index a7e495469c62..5ab4a273b3a6 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_summary_handler.ts @@ -7,11 +7,13 @@ import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { ExceptionsListPreSummaryServerExtension } from '../../../../../lists/server'; +import { TrustedAppValidator } from '../validators'; import { HostIsolationExceptionsValidator } from '../validators/host_isolation_exceptions_validator'; +type ValidatorCallback = ExceptionsListPreSummaryServerExtension['callback']; export const getExceptionsPreSummaryHandler = ( - endpointAppContext: EndpointAppContextService -): ExceptionsListPreSummaryServerExtension['callback'] => { + endpointAppContextService: EndpointAppContextService +): ValidatorCallback => { return async function ({ data, context: { request, exceptionListClient } }) { const { listId: maybeListId, id } = data; let listId: string | null | undefined = maybeListId; @@ -24,9 +26,18 @@ export const getExceptionsPreSummaryHandler = ( return data; } + // Validate Trusted Applications + if (TrustedAppValidator.isTrustedApp({ listId })) { + await new TrustedAppValidator(endpointAppContextService, request).validatePreGetListSummary(); + return data; + } // Host Isolation Exceptions if (HostIsolationExceptionsValidator.isHostIsolationException(listId)) { - await new HostIsolationExceptionsValidator(endpointAppContext, request).validatePreSummary(); + await new HostIsolationExceptionsValidator( + endpointAppContextService, + request + ).validatePreSummary(); + return data; } return data; diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_update_handler.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_update_handler.ts index 4e3de46fdbf9..e7065277147d 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_update_handler.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_update_handler.ts @@ -12,9 +12,10 @@ import { import { EndpointAppContextService } from '../../../endpoint/endpoint_app_context_services'; import { EventFilterValidator, TrustedAppValidator } from '../validators'; +type ValidatorCallback = ExceptionsListPreUpdateItemServerExtension['callback']; export const getExceptionsPreUpdateItemHandler = ( endpointAppContextService: EndpointAppContextService -): ExceptionsListPreUpdateItemServerExtension['callback'] => { +): ValidatorCallback => { return async function ({ data, context: { request, exceptionListClient }, @@ -37,7 +38,7 @@ export const getExceptionsPreUpdateItemHandler = ( const listId = currentSavedItem.list_id; - // Validate trusted apps + // Validate Trusted Applications if (TrustedAppValidator.isTrustedApp({ listId })) { return new TrustedAppValidator(endpointAppContextService, request).validatePreUpdateItem( data, @@ -45,7 +46,7 @@ export const getExceptionsPreUpdateItemHandler = ( ); } - // Validate event filter + // Validate Event Filters if (EventFilterValidator.isEventFilter({ listId })) { return new EventFilterValidator(endpointAppContextService, request).validatePreUpdateItem( data, diff --git a/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts b/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts index 26208661b4b6..d7ca2c0f0567 100644 --- a/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts +++ b/x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts @@ -187,6 +187,30 @@ export class TrustedAppValidator extends BaseValidator { return item; } + async validatePreDeleteItem(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreGetOneItem(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreMultiListFind(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreExport(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreSingleListFind(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + + async validatePreGetListSummary(): Promise { + await this.validateCanManageEndpointArtifacts(); + } + async validatePreUpdateItem( _updatedItem: UpdateExceptionListItemOptions, currentItem: ExceptionListItemSchema diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts similarity index 98% rename from x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts rename to x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts index 712421ea5e32..fec86fc4c65d 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filter.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts @@ -25,7 +25,7 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint artifacts (via lists plugin) event filter', () => { + describe('Endpoint artifacts (via lists plugin): Event Filters', () => { let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_host_isolation_exceptions_artifacts.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts similarity index 90% rename from x-pack/test/security_solution_endpoint_api_int/apis/endpoint_host_isolation_exceptions_artifacts.ts rename to x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts index 9ec40ccdaf06..44cee7034cab 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_host_isolation_exceptions_artifacts.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts @@ -6,19 +6,19 @@ */ import { EXCEPTION_LIST_ITEM_URL, EXCEPTION_LIST_URL } from '@kbn/securitysolution-list-constants'; -import { FtrProviderContext } from '../ftr_provider_context'; -import { PolicyTestResourceInfo } from '../../security_solution_endpoint/services/endpoint_policy'; -import { ArtifactTestData } from '../../security_solution_endpoint/services/endpoint_artifacts'; -import { BY_POLICY_ARTIFACT_TAG_PREFIX } from '../../../plugins/security_solution/common/endpoint/service/artifacts'; +import { FtrProviderContext } from '../../ftr_provider_context'; +import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; +import { ArtifactTestData } from '../../../security_solution_endpoint/services/endpoint_artifacts'; +import { BY_POLICY_ARTIFACT_TAG_PREFIX } from '../../../../plugins/security_solution/common/endpoint/service/artifacts'; import { createUserAndRole, deleteUserAndRole, ROLES, -} from '../../common/services/security_solution'; +} from '../../../common/services/security_solution'; import { getImportExceptionsListSchemaMock, toNdJsonString, -} from '../../../plugins/lists/common/schemas/request/import_exceptions_schema.mock'; +} from '../../../../plugins/lists/common/schemas/request/import_exceptions_schema.mock'; export default function ({ getService }: FtrProviderContext) { const USER = ROLES.detections_admin; diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts similarity index 75% rename from x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts.ts rename to x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts index 1e9fb0c20d0b..7caf4f085694 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts @@ -5,19 +5,19 @@ * 2.0. */ -import { EXCEPTION_LIST_ITEM_URL } from '@kbn/securitysolution-list-constants'; +import { EXCEPTION_LIST_ITEM_URL, EXCEPTION_LIST_URL } from '@kbn/securitysolution-list-constants'; import { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import expect from '@kbn/expect'; -import { FtrProviderContext } from '../ftr_provider_context'; -import { PolicyTestResourceInfo } from '../../security_solution_endpoint/services/endpoint_policy'; -import { ArtifactTestData } from '../../security_solution_endpoint/services/endpoint_artifacts'; -import { BY_POLICY_ARTIFACT_TAG_PREFIX } from '../../../plugins/security_solution/common/endpoint/service/artifacts'; -import { ExceptionsListItemGenerator } from '../../../plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator'; +import { FtrProviderContext } from '../../ftr_provider_context'; +import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; +import { ArtifactTestData } from '../../../security_solution_endpoint/services//endpoint_artifacts'; +import { BY_POLICY_ARTIFACT_TAG_PREFIX } from '../../../../plugins/security_solution/common/endpoint/service/artifacts'; +import { ExceptionsListItemGenerator } from '../../../../plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator'; import { createUserAndRole, deleteUserAndRole, ROLES, -} from '../../common/services/security_solution'; +} from '../../../common/services/security_solution'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -25,7 +25,7 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint artifacts (via lists plugin)', () => { + describe('Endpoint artifacts (via lists plugin): Trusted Applications', () => { let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { @@ -66,6 +66,7 @@ export default function ({ getService }: FtrProviderContext) { type TrustedAppApiCallsInterface = Array<{ method: keyof Pick; + info?: string; path: string; // The body just needs to have the properties we care about in the tests. This should cover most // mocks used for testing that support different interfaces @@ -213,7 +214,51 @@ export default function ({ getService }: FtrProviderContext) { }); describe('and user DOES NOT have authorization to manage endpoint security', () => { - for (const trustedAppApiCall of trustedAppApiCalls) { + const allTrustedAppApiCalls: TrustedAppApiCallsInterface = [ + ...trustedAppApiCalls, + { + method: 'get', + info: 'single item', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}?item_id=${trustedAppData.artifact.item_id}&namespace_type=${trustedAppData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'get', + info: 'list summary', + get path() { + return `${EXCEPTION_LIST_URL}/summary?list_id=${trustedAppData.artifact.list_id}&namespace_type=${trustedAppData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'delete', + info: 'single item', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}?item_id=${trustedAppData.artifact.item_id}&namespace_type=${trustedAppData.artifact.namespace_type}`; + }, + getBody: () => undefined, + }, + { + method: 'post', + info: 'list export', + get path() { + return `${EXCEPTION_LIST_URL}/_export?list_id=${trustedAppData.artifact.list_id}&namespace_type=${trustedAppData.artifact.namespace_type}&id=1`; + }, + getBody: () => undefined, + }, + { + method: 'get', + info: 'single items', + get path() { + return `${EXCEPTION_LIST_ITEM_URL}/_find?list_id=${trustedAppData.artifact.list_id}&namespace_type=${trustedAppData.artifact.namespace_type}&page=1&per_page=1&sort_field=name&sort_order=asc`; + }, + getBody: () => undefined, + }, + ]; + + for (const trustedAppApiCall of allTrustedAppApiCalls) { it(`should error on [${trustedAppApiCall.method}]`, async () => { await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) .auth(ROLES.detections_admin, 'changeme') diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts index 9b982351c6c5..5acb9d2e4261 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts @@ -32,8 +32,8 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider loadTestFile(require.resolve('./policy')); loadTestFile(require.resolve('./package')); loadTestFile(require.resolve('./endpoint_authz')); - loadTestFile(require.resolve('./endpoint_artifacts')); - loadTestFile(require.resolve('./endpoint_artifacts/event_filter')); - loadTestFile(require.resolve('./endpoint_host_isolation_exceptions_artifacts')); + loadTestFile(require.resolve('./endpoint_artifacts/trusted_apps')); + loadTestFile(require.resolve('./endpoint_artifacts/event_filters')); + loadTestFile(require.resolve('./endpoint_artifacts/host_isolation_exceptions')); }); }