github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/test
History
Kevin Logan 88bd71c077
[Security Solution] File paths for Blocklist Windows and Mac should be case insensitive (#164200) 
## Summary

This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.

Bug ticket: https://github.com/elastic/kibana/issues/158581

Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">

Here are the breakdown of the artifacts after the fix:

Linux:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
          Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
          Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_cased_any",
          "value": [
            "/opt/bin/bin.exe"
          ]
        }
      ]
    }
  ]
}
```

Mac:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
          Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
          Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_caseless_any",
          "value": [
            "/opt/exe.exe"
          ]
        }
      ]
    }
```

Windows:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
          Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
          Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_caseless_any",
          "value": [
            "C:\\path\\path.exe"
          ]
        }
      ]
    }
  ]
}
```

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2023-08-21 10:00:53 -04:00
..
accessibility [Search] Enable content app without Enterprise Search present (#163738) 2023-08-15 05:53:28 -07:00
alerting_api_integration Enable requeue_invalid_tasks config for functional tests (#163768) 2023-08-17 13:53:02 +03:00
api_integration [APM] Fix 401 issue with Serverless tests for APM (#164162) 2023-08-17 16:47:27 +02:00
api_integration_basic [ML] AIOps: Rename Explain Log Rate Spikes to Log Rate Analysis. (#161764) 2023-07-19 16:46:31 +02:00
apm_api_integration [APM] Fix 401 issue with Serverless tests for APM (#164162) 2023-08-17 16:47:27 +02:00
banners_functional [Archive Migration] x-pack-banners/multispace (#135783) 2022-09-27 12:03:01 +01:00
cases_api_integration [Cases] Handle lens actions in Serverless (#163581) 2023-08-14 13:35:56 +02:00
cloud_integration [Drift] Revert adding Chat to Management (#159896) 2023-06-19 06:39:16 -07:00
cloud_security_posture_api [Telemetry] Use header-based versioned APIs instead of path-based (#159839) 2023-08-12 14:20:06 -07:00
cloud_security_posture_functional skip failing test suite (#163950) 2023-08-15 14:47:12 -04:00
common [bfetch] Use versioned router (#161317) 2023-07-07 16:48:02 -07:00
custom_branding [Custom Branding] Add custom branding settings to Global settings (#150080) 2023-02-16 08:13:42 +01:00
defend_workflows_cypress [Security Solution][Serverless][Endpoint] Defines set of available kibana privileges for Endpoint Essentials/Complete add-on (#162281) 2023-08-01 10:20:46 -07:00
detection_engine_api_integration [Detection Engine][Rules] - Adds custom highlighted fields option (#163235) 2023-08-16 03:14:50 -07:00
encrypted_saved_objects_api_integration [FTR - esArchiver] Update encrypted_saved_objects_api_integration test archives to reduce flakiness (#162321) 2023-07-24 12:33:42 -04:00
examples Unskip report tests (#157885) 2023-05-16 10:41:45 -06:00
fleet_api_integration [Fleet][API] Add ability to set a proxy for agent download source (#164078) 2023-08-17 16:38:55 +01:00
fleet_cypress [Fleet][Agent Tamper Protection] Uninstall token table (#161760) 2023-07-17 04:03:22 -07:00
fleet_functional Unskipping fleet_functional/apps/home/welcome·ts test (#160078) 2023-06-21 09:52:46 -04:00
fleet_packages [Fleet] improvements to install packages script run by daily job (#148517) 2023-01-09 16:00:26 +01:00
ftr_apis [FTR] KbnClientSavedObjects improvements (#149582) 2023-01-30 09:05:53 -07:00
functional [Lens] Reduce the impact of TSDB downsample bug (#164183) 2023-08-21 15:01:01 +02:00
functional_basic [ML] Add functional tests for reauthorizing transforms (#156699) 2023-05-18 13:24:00 -05:00
functional_cloud [ColorScheme] Update from avatar menu (#161214) 2023-07-12 15:46:41 +01:00
functional_cors [packages] migrate all plugins to packages (#148130) 2023-02-08 21:06:50 -06:00
functional_embedded [packages] migrate all plugins to packages (#148130) 2023-02-08 21:06:50 -06:00
functional_enterprise_search [Enterprise Search] Enterprise Search Cypress configuration (#155398) 2023-04-21 17:06:41 +02:00
functional_execution_context [Telemetry] Use header-based versioned APIs instead of path-based (#159839) 2023-08-12 14:20:06 -07:00
functional_with_es_ssl [Cases] Fix description component flaky tests (#164063) 2023-08-16 16:40:33 +02:00
kubernetes_security k8s dashboard routes now versioned. types consolidated as v1. (#159359) 2023-06-13 09:27:39 -07:00
licensing_plugin unskip license type functional test (#163199) 2023-08-10 07:43:05 -07:00
lists_api_integration [Detection Engine][Exceptions] - Fix exception item update route (#159223) 2023-06-09 12:31:03 -07:00
load Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
localization [Lens] Fix issues with field name that contains : char in it (#163626) 2023-08-14 15:46:46 +02:00
monitoring_api_integration [Stack Monitoring] fix beat api tests (#153466) 2023-03-23 12:26:12 +01:00
observability_ai_assistant_api_integration [Observability AI Assistant] Lens function (#163872) 2023-08-17 09:45:51 +02:00
observability_api_integration feat(composite-slo): add feature flag (#159427) 2023-06-13 13:13:51 -04:00
observability_functional Fix rules functional test by replacing uptime rule with metric threshold (#163712) 2023-08-14 14:52:09 +02:00
observability_onboarding_api_integration [Logs onboarding] Generate elastic-agent.yml file for system logs (#162972) 2023-08-04 13:13:05 +02:00
osquery_cypress [osquery] Update E2E to not install Osquery integration on the Fleet server (#164225) 2023-08-18 21:01:59 +02:00
plugin_api_integration [Observability AI Assistant] Lens function (#163872) 2023-08-17 09:45:51 +02:00
plugin_api_perf [Versioned HTTP] Add response runtime and type-level validation (#153011) 2023-03-13 10:54:42 -03:00
plugin_functional [Logs+] Add Log Explorer profile deep link (#161939) 2023-07-24 21:23:58 +02:00
profiling_api_integration [Profiling] creating API tests (#159984) 2023-06-24 09:47:28 +01:00
reporting_api_integration [Reporting] Remove PNG V1 (#162517) 2023-08-02 14:30:41 -06:00
reporting_functional [Reporting] Remove PNG V1 (#162517) 2023-08-02 14:30:41 -06:00
rule_registry Add getPersistentAlerts to AlertsClient and remove getSummarizedAlerts from ruleTypes (#161061) 2023-08-01 16:50:30 +03:00
saved_object_api_integration [FTR - esArchiver] Update saved_object_api_integration archive to NOT delete SO indices (#161852) 2023-07-17 11:27:48 +02:00
saved_object_tagging skip flaky suite (#90578) 2023-08-07 17:50:55 +01:00
saved_objects_field_count [ftr] automatically determine config run order (#130983) 2022-05-04 17:05:58 -05:00
scalability [Telemetry] Use header-based versioned APIs instead of path-based (#159839) 2023-08-12 14:20:06 -07:00
screenshot_creation [Cases] Version cases and comment domain and apis (#161954) 2023-07-26 06:09:10 -07:00
search_sessions_integration [Textbased] Depict histogram for timebased adhoc dataviews (#161524) 2023-07-11 14:32:33 +03:00
security_api_integration Refresh .security-tokens index in tests before simulating "missing refresh token" scenario. (#163466) 2023-08-09 13:05:54 +02:00
security_functional [packages] migrate all plugins to packages (#148130) 2023-02-08 21:06:50 -06:00
security_solution_cypress [Controls] Migrate range slider to EuiDualRange and make styling consistent across all controls (#162651) 2023-08-16 11:27:14 -06:00
security_solution_endpoint [Security Solution] File paths for Blocklist Windows and Mac should be case insensitive (#164200) 2023-08-21 10:00:53 -04:00
security_solution_endpoint_api_int [Security Solution] Unskip tests after package fix (#163962) 2023-08-16 11:29:26 -04:00
security_solution_ftr [Security Solution] Fix Accessibility Tests (#162143) 2023-07-27 20:41:16 +02:00
session_view Revert "skip failing test suite (#159303)" 2023-06-08 09:46:42 -05:00
spaces_api_integration Unskips tests related to no_shard_available failures (#161109) 2023-07-07 11:34:47 -04:00
stack_functional_integration [QA] Dismiss telemetry banner in ccs console test (#164178) 2023-08-17 07:57:13 -07:00
threat_intelligence_cypress [Threat Intelligence] Switch to parallel cypress (#158801) 2023-06-07 15:58:26 +02:00
timeline [data.search] Use versioned router (#158520) 2023-06-07 10:33:39 +02:00
ui_capabilities [Observability AI Assistant] Lens function (#163872) 2023-08-17 09:45:51 +02:00
upgrade Migrate reporting FTRs from the Stats Usage API (#151808) 2023-02-23 03:53:27 -07:00
upgrade_assistant_integration [ftr] automatically determine config run order (#130983) 2022-05-04 17:05:58 -05:00
usage_collection [packages] migrate all plugins to packages (#148130) 2023-02-08 21:06:50 -06:00
tsconfig.json [Security Solution][Serverless] Reusing Cypress tests for Serverless infrastructure (#162698) 2023-08-15 19:50:54 +02:00