From 3d6b3e892060b5c72f610d2247335a842bc74333 Mon Sep 17 00:00:00 2001
From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Date: Wed, 7 Oct 2020 15:15:20 -0400
Subject: [PATCH] [SECURITY_SOLUTION][ENDPOINT] Trusted Apps - fix error for
 duplicate fields to correctly mention the field at fault (#79853) (#79885)

* Fix error for duplicate fields to correctly mention the field at fault
* Add new tests to duplicate field validation
---
 .../endpoint/schema/trusted_apps.test.ts      | 21 +++++++++++++++++--
 .../common/endpoint/schema/trusted_apps.ts    |  9 +++++++-
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
index ab3549c11bef..f83496737bcc 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
@@ -293,11 +293,28 @@ describe('When invoking Trusted Apps Schema', () => {
       });
 
       it('should validate that `entry.field` is used only once', () => {
-        const bodyMsg = {
+        let bodyMsg = {
           ...getCreateTrustedAppItem(),
           entries: [getTrustedAppItemEntryItem(), getTrustedAppItemEntryItem()],
         };
-        expect(() => body.validate(bodyMsg)).toThrow();
+        expect(() => body.validate(bodyMsg)).toThrow('[Path] field can only be used once');
+
+        bodyMsg = {
+          ...getCreateTrustedAppItem(),
+          entries: [
+            {
+              ...getTrustedAppItemEntryItem(),
+              field: 'process.hash.*',
+              value: VALID_HASH_MD5,
+            },
+            {
+              ...getTrustedAppItemEntryItem(),
+              field: 'process.hash.*',
+              value: VALID_HASH_MD5,
+            },
+          ],
+        };
+        expect(() => body.validate(bodyMsg)).toThrow('[Hash] field can only be used once');
       });
 
       it('should validate Hash field valid value', () => {
diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
index 29957682f72f..60672cce972a 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
@@ -5,6 +5,7 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import { TrustedApp } from '../types';
 
 const hashLengths: readonly number[] = [
   32, // MD5
@@ -13,6 +14,12 @@ const hashLengths: readonly number[] = [
 ];
 const hasInvalidCharacters = /[^0-9a-f]/i;
 
+const entryFieldLabels: { [k in TrustedApp['entries'][0]['field']]: string } = {
+  'process.hash.*': 'Hash',
+  'process.executable.caseless': 'Path',
+  'process.code_signature': 'Signer',
+};
+
 export const DeleteTrustedAppsRequestSchema = {
   params: schema.object({
     id: schema.string(),
@@ -47,7 +54,7 @@ export const PostTrustedAppCreateRequestSchema = {
           const usedFields: string[] = [];
           for (const { field, value } of entries) {
             if (usedFields.includes(field)) {
-              return `[Hash] field can only be used once`;
+              return `[${entryFieldLabels[field]}] field can only be used once`;
             }
 
             usedFields.push(field);