-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Manage…
…ment + Artifact Download and Distribution (#67707) (#70758) * stub out task for the exceptions list packager * Hits list code and pages * refactor * Begin adding saved object and type definitions * Transforms to endpoint exceptions * Get internal SO client * update messaging * cleanup * Integrating with task manager * Integrated with task manager properly * Begin adding schemas * Add multiple OS and schema version support * filter by OS * Fixing sort * Move to security_solutions * siem -> securitySolution * Progress on downloads, cleanup * Add config, update artifact creation, add TODOs * Fixing buffer serialization problem * Adding cleanup to task * Handle HEAD req * proper header * More robust task management * single -> agnostic * Fix OS filtering * Scaffolding digital signatures / tests * Adds rotue for creating endpoint user * Cleanup * persisting user * Adding route to fetch created user * Addings tests for translating exceptions * Adding test for download API * Download tweaks + artifact generation fixes * reorganize * fix imports * Fixing test * Changes id of SO * integration tests setup * Add first integration tests * Cache layer * more schema validation * Set up for manifest update * minor change * remove setup code * add manifest schema * refactoring * manifest rewrite (partial) * finish scaffolding new manifest logic * syntax errors * more refactoring * Move to endpoint directory * minor cleanup * clean up old artifacts * Use diff appropriately * Fix download * schedule task on interval * Split up into client/manager * more mocks * config interval * Fixing download tests and adding cache tests * lint * mo money, mo progress * Converting to io-ts * More tests and mocks * even more tests and mocks * Merging both refactors * Adding more tests for the convertion layer * fix conflicts * Adding lzma types * Bug fixes * lint * resolve some type errors * Adding back in cache * Fixing download test * Changing cache to be sized * Fix manifest manager initialization * Hook up datasource service * Fix download tests * Incremental progress * Adds integration with ingest manager for auth * Update test fixture * Add manifest dispatch * Refactoring to use the same SO Client from ingest * bug fixes * build renovate config * Fix endpoint_app_context_services tests * Only index the fields that are necessary for searching * Integ test progress * mock and test city * Add task tests * Tests for artifact_client and manifest_client * Add manifest_manager tests * minor refactor * Finish manifest_manager tests * Type errors * Update integ test * Type errors, final cleanup * Fix integration test and add test for invalid api key * minor fixup * Remove compression * Update task interval * Removing .text suffix from translated list * Fixes hashes for unit tests * clean up yarn.lock * Remove lzma-native from package.json * missed updating one of the tests Co-authored-by: Alex Kahan <[email protected]> Co-authored-by: Alex Kahan <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
- Loading branch information
1 parent
efef849
commit 166dc33
Showing
56 changed files
with
3,101 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
x-pack/plugins/security_solution/common/endpoint/schema/common.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import * as t from 'io-ts'; | ||
|
||
export const identifier = t.string; | ||
|
||
export const manifestVersion = t.string; | ||
|
||
export const manifestSchemaVersion = t.keyof({ | ||
'1.0.0': null, | ||
}); | ||
export type ManifestSchemaVersion = t.TypeOf<typeof manifestSchemaVersion>; | ||
|
||
export const sha256 = t.string; | ||
|
||
export const size = t.number; | ||
|
||
export const url = t.string; |
27 changes: 27 additions & 0 deletions
27
x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import * as t from 'io-ts'; | ||
import { identifier, manifestSchemaVersion, manifestVersion, sha256, size, url } from './common'; | ||
|
||
export const manifestEntrySchema = t.exact( | ||
t.type({ | ||
url, | ||
sha256, | ||
size, | ||
}) | ||
); | ||
|
||
export const manifestSchema = t.exact( | ||
t.type({ | ||
manifest_version: manifestVersion, | ||
schema_version: manifestSchemaVersion, | ||
artifacts: t.record(identifier, manifestEntrySchema), | ||
}) | ||
); | ||
|
||
export type ManifestEntrySchema = t.TypeOf<typeof manifestEntrySchema>; | ||
export type ManifestSchema = t.TypeOf<typeof manifestSchema>; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,6 +12,7 @@ | |
"features", | ||
"home", | ||
"ingestManager", | ||
"taskManager", | ||
"inspector", | ||
"licensing", | ||
"maps", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
x-pack/plugins/security_solution/server/endpoint/lib/artifacts/cache.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { ExceptionsCache } from './cache'; | ||
|
||
describe('ExceptionsCache tests', () => { | ||
let cache: ExceptionsCache; | ||
|
||
beforeEach(() => { | ||
jest.clearAllMocks(); | ||
cache = new ExceptionsCache(3); | ||
}); | ||
|
||
test('it should cache', async () => { | ||
cache.set('test', 'body'); | ||
const cacheResp = cache.get('test'); | ||
expect(cacheResp).toEqual('body'); | ||
}); | ||
|
||
test('it should handle cache miss', async () => { | ||
cache.set('test', 'body'); | ||
const cacheResp = cache.get('not test'); | ||
expect(cacheResp).toEqual(undefined); | ||
}); | ||
|
||
test('it should handle cache eviction', async () => { | ||
cache.set('1', 'a'); | ||
cache.set('2', 'b'); | ||
cache.set('3', 'c'); | ||
const cacheResp = cache.get('1'); | ||
expect(cacheResp).toEqual('a'); | ||
|
||
cache.set('4', 'd'); | ||
const secondResp = cache.get('1'); | ||
expect(secondResp).toEqual(undefined); | ||
expect(cache.get('2')).toEqual('b'); | ||
expect(cache.get('3')).toEqual('c'); | ||
expect(cache.get('4')).toEqual('d'); | ||
}); | ||
}); |
37 changes: 37 additions & 0 deletions
37
x-pack/plugins/security_solution/server/endpoint/lib/artifacts/cache.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
const DEFAULT_MAX_SIZE = 10; | ||
|
||
/** | ||
* FIFO cache implementation for artifact downloads. | ||
*/ | ||
export class ExceptionsCache { | ||
private cache: Map<string, string>; | ||
private queue: string[]; | ||
private maxSize: number; | ||
|
||
constructor(maxSize: number) { | ||
this.cache = new Map(); | ||
this.queue = []; | ||
this.maxSize = maxSize || DEFAULT_MAX_SIZE; | ||
} | ||
|
||
set(id: string, body: string) { | ||
if (this.queue.length + 1 > this.maxSize) { | ||
const entry = this.queue.shift(); | ||
if (entry !== undefined) { | ||
this.cache.delete(entry); | ||
} | ||
} | ||
this.queue.push(id); | ||
this.cache.set(id, body); | ||
} | ||
|
||
get(id: string): string | undefined { | ||
return this.cache.get(id); | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export const ArtifactConstants = { | ||
GLOBAL_ALLOWLIST_NAME: 'endpoint-exceptionlist', | ||
SAVED_OBJECT_TYPE: 'endpoint:exceptions-artifact', | ||
SUPPORTED_OPERATING_SYSTEMS: ['linux', 'macos', 'windows'], | ||
SCHEMA_VERSION: '1.0.0', | ||
}; | ||
|
||
export const ManifestConstants = { | ||
SAVED_OBJECT_TYPE: 'endpoint:exceptions-manifest', | ||
SCHEMA_VERSION: '1.0.0', | ||
}; |
Oops, something went wrong.