From 7bc369cb98af7f99e45d8532b714d26804454634 Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Wed, 7 Oct 2020 13:35:47 -0400 Subject: [PATCH] [SECURITY_SOLUTION][ENDPOINT] Trusted Apps - fix error for duplicate fields to correctly mention the field at fault (#79853) * Fix error for duplicate fields to correctly mention the field at fault * Add new tests to duplicate field validation --- .../endpoint/schema/trusted_apps.test.ts | 21 +++++++++++++++++-- .../common/endpoint/schema/trusted_apps.ts | 9 +++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts index ab3549c11bef4..f83496737bcc6 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts @@ -293,11 +293,28 @@ describe('When invoking Trusted Apps Schema', () => { }); it('should validate that `entry.field` is used only once', () => { - const bodyMsg = { + let bodyMsg = { ...getCreateTrustedAppItem(), entries: [getTrustedAppItemEntryItem(), getTrustedAppItemEntryItem()], }; - expect(() => body.validate(bodyMsg)).toThrow(); + expect(() => body.validate(bodyMsg)).toThrow('[Path] field can only be used once'); + + bodyMsg = { + ...getCreateTrustedAppItem(), + entries: [ + { + ...getTrustedAppItemEntryItem(), + field: 'process.hash.*', + value: VALID_HASH_MD5, + }, + { + ...getTrustedAppItemEntryItem(), + field: 'process.hash.*', + value: VALID_HASH_MD5, + }, + ], + }; + expect(() => body.validate(bodyMsg)).toThrow('[Hash] field can only be used once'); }); it('should validate Hash field valid value', () => { diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts index 29957682f72fc..60672cce972a3 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts @@ -5,6 +5,7 @@ */ import { schema } from '@kbn/config-schema'; +import { TrustedApp } from '../types'; const hashLengths: readonly number[] = [ 32, // MD5 @@ -13,6 +14,12 @@ const hashLengths: readonly number[] = [ ]; const hasInvalidCharacters = /[^0-9a-f]/i; +const entryFieldLabels: { [k in TrustedApp['entries'][0]['field']]: string } = { + 'process.hash.*': 'Hash', + 'process.executable.caseless': 'Path', + 'process.code_signature': 'Signer', +}; + export const DeleteTrustedAppsRequestSchema = { params: schema.object({ id: schema.string(), @@ -47,7 +54,7 @@ export const PostTrustedAppCreateRequestSchema = { const usedFields: string[] = []; for (const { field, value } of entries) { if (usedFields.includes(field)) { - return `[Hash] field can only be used once`; + return `[${entryFieldLabels[field]}] field can only be used once`; } usedFields.push(field);