[SECURITY_SOLUTION][ENDPOINT] Add creation of Trusted Apps Agnostic List (#74868)

* Add method to ExceptionsListClient for creating trusted apps list
2025-04-24 01:38:56 -04:00 · 2020-08-19 14:32:43 -04:00 · 2020-08-19 14:32:43 -04:00 · d46227421e
commit d46227421e
parent 02fcbaa794
3 changed files with 99 additions and 0 deletions
--- a/x-pack/plugins/lists/common/constants.ts
+++ b/x-pack/plugins/lists/common/constants.ts
@ -50,3 +50,12 @@ export const ENDPOINT_LIST_NAME = 'Elastic Endpoint Security Exception List';
 export const ENDPOINT_LIST_DESCRIPTION = 'Elastic Endpoint Security Exception List';

 export const MAX_EXCEPTION_LIST_SIZE = 10000;
+
+/** ID of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_ID = 'endpoint_trusted_apps';
+
+/** Name of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_NAME = 'Elastic Endpoint Security Trusted Apps List';
+
+/** Description of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION = 'Elastic Endpoint Security Trusted Apps List';
--- a/x-pack/plugins/lists/server/services/exception_lists/create_endpoint_trusted_apps_list.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/create_endpoint_trusted_apps_list.ts
@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { SavedObjectsClientContract } from 'kibana/server';
+import uuid from 'uuid';
+
+import {
+  ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
+  ENDPOINT_TRUSTED_APPS_LIST_ID,
+  ENDPOINT_TRUSTED_APPS_LIST_NAME,
+} from '../../../common/constants';
+import { ExceptionListSchema, ExceptionListSoSchema, Version } from '../../../common/schemas';
+
+import { getSavedObjectType, transformSavedObjectToExceptionList } from './utils';
+
+interface CreateEndpointListOptions {
+  savedObjectsClient: SavedObjectsClientContract;
+  user: string;
+  tieBreaker?: string;
+  version: Version;
+}
+
+/**
+ * Creates the Endpoint Trusted Apps agnostic list if it does not yet exist
+ *
+ * @param savedObjectsClient
+ * @param user
+ * @param tieBreaker
+ * @param version
+ */
+export const createEndpointTrustedAppsList = async ({
+  savedObjectsClient,
+  user,
+  tieBreaker,
+  version,
+}: CreateEndpointListOptions): Promise<ExceptionListSchema | null> => {
+  const savedObjectType = getSavedObjectType({ namespaceType: 'agnostic' });
+  const dateNow = new Date().toISOString();
+  try {
+    const savedObject = await savedObjectsClient.create<ExceptionListSoSchema>(
+      savedObjectType,
+      {
+        _tags: [],
+        comments: undefined,
+        created_at: dateNow,
+        created_by: user,
+        description: ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
+        entries: undefined,
+        immutable: false,
+        item_id: undefined,
+        list_id: ENDPOINT_TRUSTED_APPS_LIST_ID,
+        list_type: 'list',
+        meta: undefined,
+        name: ENDPOINT_TRUSTED_APPS_LIST_NAME,
+        tags: [],
+        tie_breaker_id: tieBreaker ?? uuid.v4(),
+        type: 'endpoint',
+        updated_by: user,
+        version,
+      },
+      {
+        // We intentionally hard coding the id so that there can only be one Trusted apps list within the space
+        id: ENDPOINT_TRUSTED_APPS_LIST_ID,
+      }
+    );
+    return transformSavedObjectToExceptionList({ savedObject });
+  } catch (err) {
+    if (savedObjectsClient.errors.isConflictError(err)) {
+      return null;
+    } else {
+      throw err;
+    }
+  }
+};
--- a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.ts
@ -46,6 +46,7 @@ import { findExceptionListItem } from './find_exception_list_item';
 import { findExceptionList } from './find_exception_list';
 import { findExceptionListsItem } from './find_exception_list_items';
 import { createEndpointList } from './create_endpoint_list';
+import { createEndpointTrustedAppsList } from './create_endpoint_trusted_apps_list';

 export class ExceptionListClient {
  private readonly user: string;
@ -90,6 +91,18 @@ export class ExceptionListClient {
    });
  };

+  /**
+   * Create the Trusted Apps Agnostic list if it does not yet exist (`null` is returned if it does exist)
+   */
+  public createTrustedAppsList = async (): Promise<ExceptionListSchema | null> => {
+    const { savedObjectsClient, user } = this;
+    return createEndpointTrustedAppsList({
+      savedObjectsClient,
+      user,
+      version: 1,
+    });
+  };
+
  /**
   * This is the same as "createListItem" except it applies specifically to the agnostic endpoint list and will
   * auto-call the "createEndpointList" for you so that you have the best chance of the agnostic endpoint