## Summary
This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.
Bug ticket: https://github.com/elastic/kibana/issues/158581
Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">
Here are the breakdown of the artifacts after the fix:
Linux:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_cased_any",
"value": [
"/opt/bin/bin.exe"
]
}
]
}
]
}
```
Mac:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"/opt/exe.exe"
]
}
]
}
```
Windows:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"C:\\path\\path.exe"
]
}
]
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This is where shared utils for security solution should go that are going to be shared among plugins.
This was originally created to remove the dependencies between security_solution and other projects such as lists.
88bd71c077