[Security Solution] Put Artifacts by Policy feature behind a feature flag

x-pack/plugins/lists/server/index.ts

@@ -12,7 +12,10 @@ import { ListPlugin } from './plugin';
 
 // exporting these since its required at top level in siem plugin
 export { ListClient } from './services/lists/list_client';
-export { CreateExceptionListItemOptions } from './services/exception_lists/exception_list_client_types';
+export {
+  CreateExceptionListItemOptions,
+  UpdateExceptionListItemOptions,
+} from './services/exception_lists/exception_list_client_types';
 export { ExceptionListClient } from './services/exception_lists/exception_list_client';
 export type { ListPluginSetup, ListsApiRequestHandlerContext } from './types';
 

x-pack/plugins/security_solution/common/endpoint/constants.ts

@@ -15,8 +15,10 @@ export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';
 export const LIMITED_CONCURRENCY_ENDPOINT_ROUTE_TAG = 'endpoint:limited-concurrency';
 export const LIMITED_CONCURRENCY_ENDPOINT_COUNT = 100;
 
+export const TRUSTED_APPS_GET_API = '/api/endpoint/trusted_apps/{id}';
 export const TRUSTED_APPS_LIST_API = '/api/endpoint/trusted_apps';
 export const TRUSTED_APPS_CREATE_API = '/api/endpoint/trusted_apps';
+export const TRUSTED_APPS_UPDATE_API = '/api/endpoint/trusted_apps/{id}';
 export const TRUSTED_APPS_DELETE_API = '/api/endpoint/trusted_apps/{id}';
 export const TRUSTED_APPS_SUMMARY_API = '/api/endpoint/trusted_apps/summary';
 

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts

@@ -5,8 +5,18 @@
  * 2.0.
  */
 
-import { GetTrustedAppsRequestSchema, PostTrustedAppCreateRequestSchema } from './trusted_apps';
-import { ConditionEntryField, OperatingSystem } from '../types';
+import {
+  GetTrustedAppsRequestSchema,
+  PostTrustedAppCreateRequestSchema,
+  PutTrustedAppUpdateRequestSchema,
+} from './trusted_apps';
+import {
+  ConditionEntry,
+  ConditionEntryField,
+  NewTrustedApp,
+  OperatingSystem,
+  PutTrustedAppsRequestParams,
+} from '../types';
 
 describe('When invoking Trusted Apps Schema', () => {
   describe('for GET List', () => {
@@ -72,17 +82,18 @@ describe('When invoking Trusted Apps Schema', () => {
   });
 
   describe('for POST Create', () => {
-    const createConditionEntry = <T>(data?: T) => ({
+    const createConditionEntry = <T>(data?: T): ConditionEntry => ({
       field: ConditionEntryField.PATH,
       type: 'match',
       operator: 'included',
       value: 'c:/programs files/Anti-Virus',
       ...(data || {}),
     });
-    const createNewTrustedApp = <T>(data?: T) => ({
+    const createNewTrustedApp = <T>(data?: T): NewTrustedApp => ({
       name: 'Some Anti-Virus App',
       description: 'this one is ok',
-      os: 'windows',
+      os: OperatingSystem.WINDOWS,
+      effectScope: { type: 'global' },
       entries: [createConditionEntry()],
       ...(data || {}),
     });
@@ -329,4 +340,55 @@ describe('When invoking Trusted Apps Schema', () => {
       });
     });
   });
+
+  describe('for PUT Update', () => {
+    const createConditionEntry = <T>(data?: T): ConditionEntry => ({
+      field: ConditionEntryField.PATH,
+      type: 'match',
+      operator: 'included',
+      value: 'c:/programs files/Anti-Virus',
+      ...(data || {}),
+    });
+    const createNewTrustedApp = <T>(data?: T): NewTrustedApp => ({
+      name: 'Some Anti-Virus App',
+      description: 'this one is ok',
+      os: OperatingSystem.WINDOWS,
+      effectScope: { type: 'global' },
+      entries: [createConditionEntry()],
+      ...(data || {}),
+    });
+
+    const updateParams = <T>(data?: T): PutTrustedAppsRequestParams => ({
+      id: 'validId',
+      ...(data || {}),
+    });
+
+    const body = PutTrustedAppUpdateRequestSchema.body;
+    const params = PutTrustedAppUpdateRequestSchema.params;
+
+    it('should not error on a valid message', () => {
+      const bodyMsg = createNewTrustedApp();
+      const paramsMsg = updateParams();
+      expect(body.validate(bodyMsg)).toStrictEqual(bodyMsg);
+      expect(params.validate(paramsMsg)).toStrictEqual(paramsMsg);
+    });
+
+    it('should validate `id` params is required', () => {
+      expect(() => params.validate(updateParams({ id: undefined }))).toThrow();
+    });
+
+    it('should validate `id` params to be string', () => {
+      expect(() => params.validate(updateParams({ id: 1 }))).toThrow();
+    });
+
+    it('should validate `version`', () => {
+      const bodyMsg = createNewTrustedApp({ version: 'v1' });
+      expect(body.validate(bodyMsg)).toStrictEqual(bodyMsg);
+    });
+
+    it('should validate `version` must be string', () => {
+      const bodyMsg = createNewTrustedApp({ version: 1 });
+      expect(() => body.validate(bodyMsg)).toThrow();
+    });
+  });
 });

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts

@@ -6,19 +6,26 @@
  */
 
 import { schema } from '@kbn/config-schema';
-import { ConditionEntryField, OperatingSystem } from '../types';
-import { getDuplicateFields, isValidHash } from '../validation/trusted_apps';
+import { ConditionEntry, ConditionEntryField, OperatingSystem } from '../types';
+import { getDuplicateFields, isValidHash } from '../service/trusted_apps/validations';
 
 export const DeleteTrustedAppsRequestSchema = {
   params: schema.object({
     id: schema.string(),
   }),
 };
 
+export const GetOneTrustedAppRequestSchema = {
+  params: schema.object({
+    id: schema.string(),
+  }),
+};
+
 export const GetTrustedAppsRequestSchema = {
   query: schema.object({
     page: schema.maybe(schema.number({ defaultValue: 1, min: 1 })),
     per_page: schema.maybe(schema.number({ defaultValue: 20, min: 1 })),
+    kuery: schema.maybe(schema.string()),
   }),
 };
 
@@ -40,18 +47,18 @@ const CommonEntrySchema = {
     schema.siblingRef('field'),
     ConditionEntryField.HASH,
     schema.string({
-      validate: (hash) =>
+      validate: (hash: string) =>
         isValidHash(hash) ? undefined : `invalidField.${ConditionEntryField.HASH}`,
     }),
     schema.conditional(
       schema.siblingRef('field'),
       ConditionEntryField.PATH,
       schema.string({
-        validate: (field) =>
+        validate: (field: string) =>
           field.length > 0 ? undefined : `invalidField.${ConditionEntryField.PATH}`,
       }),
       schema.string({
-        validate: (field) =>
+        validate: (field: string) =>
           field.length > 0 ? undefined : `invalidField.${ConditionEntryField.SIGNER}`,
       })
     )
@@ -99,7 +106,7 @@ const EntrySchemaDependingOnOS = schema.conditional(
  */
 const EntriesSchema = schema.arrayOf(EntrySchemaDependingOnOS, {
   minSize: 1,
-  validate(entries) {
+  validate(entries: ConditionEntry[]) {
     return (
       getDuplicateFields(entries)
         .map((field) => `duplicatedEntry.${field}`)
@@ -108,15 +115,35 @@ const EntriesSchema = schema.arrayOf(EntrySchemaDependingOnOS, {
   },
 });
 
-export const PostTrustedAppCreateRequestSchema = {
-  body: schema.object({
+const getTrustedAppForOsScheme = (forUpdateFlow: boolean = false) =>
+  schema.object({
     name: schema.string({ minLength: 1, maxLength: 256 }),
     description: schema.maybe(schema.string({ minLength: 0, maxLength: 256, defaultValue: '' })),
     os: schema.oneOf([
       schema.literal(OperatingSystem.WINDOWS),
       schema.literal(OperatingSystem.LINUX),
       schema.literal(OperatingSystem.MAC),
     ]),
+    effectScope: schema.oneOf([
+      schema.object({
+        type: schema.literal('global'),
+      }),
+      schema.object({
+        type: schema.literal('policy'),
+        policies: schema.arrayOf(schema.string({ minLength: 1 })),
+      }),
+    ]),
     entries: EntriesSchema,
+    ...(forUpdateFlow ? { version: schema.maybe(schema.string()) } : {}),
+  });
+
+export const PostTrustedAppCreateRequestSchema = {
+  body: getTrustedAppForOsScheme(),
+};
+
+export const PutTrustedAppUpdateRequestSchema = {
+  params: schema.object({
+    id: schema.string(),
   }),
+  body: getTrustedAppForOsScheme(true),
 };

x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/to_update_trusted_app.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { MaybeImmutable, NewTrustedApp, UpdateTrustedApp } from '../../types';
+
+const NEW_TRUSTED_APP_KEYS: Array<keyof UpdateTrustedApp> = [
+  'name',
+  'effectScope',
+  'entries',
+  'description',
+  'os',
+  'version',
+];
+
+export const toUpdateTrustedApp = <T extends NewTrustedApp>(
+  trustedApp: MaybeImmutable<T>
+): UpdateTrustedApp => {
+  const trustedAppForUpdate: UpdateTrustedApp = {} as UpdateTrustedApp;
+
+  for (const key of NEW_TRUSTED_APP_KEYS) {
+    // This should be safe. Its needed due to the inter-dependency on property values (`os` <=> `entries`)
+    // @ts-expect-error
+    trustedAppForUpdate[key] = trustedApp[key];
+  }
+  return trustedAppForUpdate;
+};

x-pack/plugins/security_solution/common/endpoint/validation/trusted_apps.ts → x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/validations.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ConditionEntry, ConditionEntryField } from '../types';
+import { ConditionEntry, ConditionEntryField } from '../../types';
 
 const HASH_LENGTHS: readonly number[] = [
   32, // MD5

x-pack/plugins/security_solution/common/endpoint/types/index.ts

@@ -62,6 +62,11 @@ type ImmutableMap<K, V> = ReadonlyMap<Immutable<K>, Immutable<V>>;
 type ImmutableSet<T> = ReadonlySet<Immutable<T>>;
 type ImmutableObject<T> = { readonly [K in keyof T]: Immutable<T[K]> };
 
+/**
+ * Utility type that will return back a union of the given [T]ype and an Immutable version of it
+ */
+export type MaybeImmutable<T> = T | Immutable<T>;
+
 /**
  * Stats for related events for a particular node in a resolver graph.
  */

x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts

@@ -9,14 +9,22 @@ import { TypeOf } from '@kbn/config-schema';
 import { ApplicationStart } from 'kibana/public';
 import {
   DeleteTrustedAppsRequestSchema,
+  GetOneTrustedAppRequestSchema,
   GetTrustedAppsRequestSchema,
   PostTrustedAppCreateRequestSchema,
+  PutTrustedAppUpdateRequestSchema,
 } from '../schema/trusted_apps';
 import { OperatingSystem } from './os';
 
 /** API request params for deleting Trusted App entry */
 export type DeleteTrustedAppsRequestParams = TypeOf<typeof DeleteTrustedAppsRequestSchema.params>;
 
+export type GetOneTrustedAppRequestParams = TypeOf<typeof GetOneTrustedAppRequestSchema.params>;
+
+export interface GetOneTrustedAppResponse {
+  data: TrustedApp;
+}
+
 /** API request params for retrieving a list of Trusted Apps */
 export type GetTrustedAppsListRequest = TypeOf<typeof GetTrustedAppsRequestSchema.query>;
 
@@ -39,6 +47,15 @@ export interface PostTrustedAppCreateResponse {
   data: TrustedApp;
 }
 
+/** API request params for updating a Trusted App */
+export type PutTrustedAppsRequestParams = TypeOf<typeof PutTrustedAppUpdateRequestSchema.params>;
+
+/** API Request body for Updating a new Trusted App entry */
+export type PutTrustedAppUpdateRequest = TypeOf<typeof PutTrustedAppUpdateRequestSchema.body> &
+  (MacosLinuxConditionEntries | WindowsConditionEntries);
+
+export type PutTrustedAppUpdateResponse = PostTrustedAppCreateResponse;
+
 export interface GetTrustedAppsSummaryResponse {
   total: number;
   windows: number;
@@ -76,17 +93,38 @@ export interface WindowsConditionEntries {
   entries: WindowsConditionEntry[];
 }
 
+export interface GlobalEffectScope {
+  type: 'global';
+}
+
+export interface PolicyEffectScope {
+  type: 'policy';
+  /** An array of Endpoint Integration Policy UUIDs */
+  policies: string[];
+}
+
+export type EffectScope = GlobalEffectScope | PolicyEffectScope;
+
 /** Type for a new Trusted App Entry */
 export type NewTrustedApp = {
   name: string;
   description?: string;
+  effectScope: EffectScope;
 } & (MacosLinuxConditionEntries | WindowsConditionEntries);
 
+/** An Update to a Trusted App Entry */
+export type UpdateTrustedApp = NewTrustedApp & {
+  version?: string;
+};
+
 /** A trusted app entry */
 export type TrustedApp = NewTrustedApp & {
+  version: string;
   id: string;
   created_at: string;
   created_by: string;
+  updated_at: string;
+  updated_by: string;
 };
 
 /**

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -13,6 +13,7 @@ export type ExperimentalFeatures = typeof allowedExperimentalValues;
  */
 const allowedExperimentalValues = Object.freeze({
   fleetServerEnabled: false,
+  trustedAppsByPolicyEnabled: false,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;