From c319ada003a1c781edaa9907e21d447dd48e567e Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Mon, 5 Oct 2020 19:58:52 -0400 Subject: [PATCH] Trim Hash value before validating it (#79545) --- .../common/endpoint/schema/trusted_apps.test.ts | 15 +++++++++++++++ .../common/endpoint/schema/trusted_apps.ts | 14 +++++++++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts index 352c628f9fa23..ab3549c11bef4 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts @@ -348,6 +348,21 @@ describe('When invoking Trusted Apps Schema', () => { }); }).toThrow(); }); + + it('should trim hash value before validation', () => { + expect(() => { + body.validate({ + ...getCreateTrustedAppItem(), + entries: [ + { + ...getTrustedAppItemEntryItem(), + field: 'process.hash.*', + value: ` ${VALID_HASH_MD5} \r\n`, + }, + ], + }); + }).not.toThrow(); + }); }); }); }); diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts index b4e837c472915..1707fe915ea4f 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts @@ -52,11 +52,15 @@ export const PostTrustedAppCreateRequestSchema = { usedFields.push(field); - if ( - field === 'process.hash.*' && - (!hashLengths.includes(value.length) || hasInvalidCharacters.test(value)) - ) { - return `Invalid hash value [${value}]`; + if (field === 'process.hash.*') { + const trimmedValue = value.trim(); + + if ( + !hashLengths.includes(trimmedValue.length) || + hasInvalidCharacters.test(trimmedValue) + ) { + return `Invalid hash value [${value}]`; + } } } },