[Security Solution][Exceptions] Fixes OS adding method for exception enrichment (#94343)

2025-04-23 09:19:04 -04:00 · 2021-03-10 15:09:30 -05:00 · 2021-03-10 15:09:30 -05:00 · 95271bf798
commit 95271bf798
parent a632f3f59f
5 changed files with 38 additions and 15 deletions
--- a/x-pack/plugins/lists/common/shared_exports.ts
+++ b/x-pack/plugins/lists/common/shared_exports.ts
@ -44,6 +44,7 @@ export {
  namespaceType,
  ExceptionListType,
  Type,
+  osType,
  osTypeArray,
  OsTypeArray,
 } from './schemas';
--- a/x-pack/plugins/security_solution/common/shared_imports.ts
+++ b/x-pack/plugins/security_solution/common/shared_imports.ts
@ -45,6 +45,7 @@ export {
  Type,
  ENDPOINT_LIST_ID,
  ENDPOINT_TRUSTED_APPS_LIST_ID,
+  osType,
  osTypeArray,
  OsTypeArray,
  buildExceptionFilter,
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
@ -33,7 +33,6 @@ import {
 import * as i18nCommon from '../../../translations';
 import * as i18n from './translations';
 import * as sharedI18n from '../translations';
-import { osTypeArray, OsTypeArray } from '../../../../../common/shared_imports';
 import { useAppToasts } from '../../../hooks/use_app_toasts';
 import { useKibana } from '../../../lib/kibana';
 import { ExceptionBuilderComponent } from '../builder';
@ -50,6 +49,7 @@ import {
  defaultEndpointExceptionItems,
  entryHasListType,
  entryHasNonEcsType,
+  retrieveAlertOsTypes,
 } from '../helpers';
 import { ErrorInfo, ErrorCallout } from '../error_callout';
 import { AlertData, ExceptionsBuilderExceptionItem } from '../types';
@ -291,18 +291,6 @@ export const AddExceptionModal = memo(function AddExceptionModal({
    [setShouldBulkCloseAlert]
  );

-  const retrieveAlertOsTypes = useCallback((): OsTypeArray => {
-    const osDefaults: OsTypeArray = ['windows', 'macos'];
-    if (alertData != null) {
-      const osTypes = alertData.host && alertData.host.os && alertData.host.os.family;
-      if (osTypeArray.is(osTypes) && osTypes != null && osTypes.length > 0) {
-        return osTypes;
-      }
-      return osDefaults;
-    }
-    return osDefaults;
-  }, [alertData]);
-
  const enrichExceptionItems = useCallback((): Array<
    ExceptionListItemSchema | CreateExceptionListItemSchema
  > => {
@ -312,11 +300,11 @@ export const AddExceptionModal = memo(function AddExceptionModal({
        ? enrichNewExceptionItemsWithComments(exceptionItemsToAdd, [{ comment }])
        : exceptionItemsToAdd;
    if (exceptionListType === 'endpoint') {
-      const osTypes = retrieveAlertOsTypes();
+      const osTypes = retrieveAlertOsTypes(alertData);
      enriched = lowercaseHashValues(enrichExceptionItemsWithOS(enriched, osTypes));
    }
    return enriched;
-  }, [comment, exceptionItemsToAdd, exceptionListType, retrieveAlertOsTypes]);
+  }, [comment, exceptionItemsToAdd, exceptionListType, alertData]);

  const onAddExceptionConfirm = useCallback((): void => {
    if (addOrUpdateExceptionItems != null) {
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
@ -29,6 +29,7 @@ import {
  defaultEndpointExceptionItems,
  getFileCodeSignature,
  getProcessCodeSignature,
+  retrieveAlertOsTypes,
 } from './helpers';
 import { AlertData, EmptyEntry } from './types';
 import {
@ -533,6 +534,25 @@ describe('Exception helpers', () => {
    });
  });

+  describe('#retrieveAlertOsTypes', () => {
+    test('it should retrieve os type if alert data is provided', () => {
+      const alertDataMock: AlertData = {
+        '@timestamp': '1234567890',
+        _id: 'test-id',
+        host: { os: { family: 'windows' } },
+      };
+      const result = retrieveAlertOsTypes(alertDataMock);
+      const expected = ['windows'];
+      expect(result).toEqual(expected);
+    });
+
+    test('it should return default os types if alert data is not provided', () => {
+      const result = retrieveAlertOsTypes();
+      const expected = ['windows', 'macos'];
+      expect(result).toEqual(expected);
+    });
+  });
+
  describe('#entryHasListType', () => {
    test('it should return false with an empty array', () => {
      const payload: ExceptionListItemSchema[] = [];
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
@ -13,6 +13,7 @@ import uuid from 'uuid';

 import * as i18n from './translations';
 import {
+  AlertData,
  BuilderEntry,
  CreateExceptionListItemBuilderSchema,
  ExceptionsBuilderExceptionItem,
@ -39,6 +40,7 @@ import {
  EntryNested,
  OsTypeArray,
  EntriesArray,
+  osType,
 } from '../../../shared_imports';
 import { IIndexPattern } from '../../../../../../../src/plugins/data/common';
 import { validate } from '../../../../common/validate';
@ -359,6 +361,17 @@ export const enrichExceptionItemsWithOS = (
  });
 };

+export const retrieveAlertOsTypes = (alertData?: AlertData): OsTypeArray => {
+  const osDefaults: OsTypeArray = ['windows', 'macos'];
+  if (alertData != null) {
+    const os = alertData.host && alertData.host.os && alertData.host.os.family;
+    if (os != null) {
+      return osType.is(os) ? [os] : osDefaults;
+    }
+  }
+  return osDefaults;
+};
+
 /**
 * Returns given exceptionItems with all hash-related entries lowercased
 */