From 03e75c9f25dd666871333c50b88751a217cc4e13 Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 00:09:11 -0400 Subject: [PATCH 1/8] Fix base64 download bug --- .../manifest_manager/manifest_manager.ts | 2 +- .../apis/endpoint/artifacts/index.ts | 35 ++++++++++++++++++- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts index e47a23b893b71..52887a38b3419 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts @@ -140,7 +140,7 @@ export class ManifestManager { try { await this.artifactClient.createArtifact(artifact); // Cache the body of the artifact - this.cache.set(diff.id, artifact.body); + this.cache.set(diff.id, Buffer.from(artifact.body, 'base64').toString()); } catch (err) { if (err.status === 409) { // This artifact already existed... diff --git a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts index 2721592ba3350..a52521b424d49 100644 --- a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts @@ -6,6 +6,7 @@ import expect from '@kbn/expect'; +import { WrappedTranslatedExceptionList } from '../../../../../plugins/security_solution/server/endpoint/schemas'; import { FtrProviderContext } from '../../../ftr_provider_context'; import { getSupertestWithoutAuth, setupIngest } from '../../fleet/agents/services'; @@ -69,7 +70,7 @@ export default function (providerContext: FtrProviderContext) { }); it('should download an artifact with correct hash', async () => { - await supertestWithoutAuth + const { body } = await supertestWithoutAuth .get( '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d' ) @@ -77,6 +78,38 @@ export default function (providerContext: FtrProviderContext) { .set('authorization', `ApiKey ${agentAccessAPIKey}`) .send() .expect(200); + + // console.log(body); + + // const artifactObj: WrappedTranslatedExceptionList = JSON.parse(body); + expect(body).to.eql({ + exceptions_list: [ + { + field: 'actingProcess.file.signer', + operator: 'included', + type: 'exact_cased', + value: 'Elastic, N.V.', + }, + { + entries: [ + { + field: 'signer', + operator: 'included', + type: 'exact_cased', + value: 'Evil', + }, + { + field: 'trusted', + operator: 'included', + type: 'exact_cased', + value: 'true', + }, + ], + field: 'file.signature', + type: 'nested', + }, + ], + } as WrappedTranslatedExceptionList); }); it('should fail on invalid api key', async () => { From 86205107a534b0ee300eeea137eba63e97a97cfa Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 12:37:03 -0400 Subject: [PATCH 2/8] Add test for artifact download --- .../apis/endpoint/artifacts/index.ts | 56 +++++++++---------- .../endpoint/artifacts/api_feature/data.json | 12 ++-- 2 files changed, 33 insertions(+), 35 deletions(-) diff --git a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts index a52521b424d49..a63c2c19dc96c 100644 --- a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts @@ -6,7 +6,6 @@ import expect from '@kbn/expect'; -import { WrappedTranslatedExceptionList } from '../../../../../plugins/security_solution/server/endpoint/schemas'; import { FtrProviderContext } from '../../../ftr_provider_context'; import { getSupertestWithoutAuth, setupIngest } from '../../fleet/agents/services'; @@ -70,46 +69,45 @@ export default function (providerContext: FtrProviderContext) { }); it('should download an artifact with correct hash', async () => { - const { body } = await supertestWithoutAuth + await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) .send() - .expect(200); - - // console.log(body); - - // const artifactObj: WrappedTranslatedExceptionList = JSON.parse(body); - expect(body).to.eql({ - exceptions_list: [ - { - field: 'actingProcess.file.signer', - operator: 'included', - type: 'exact_cased', - value: 'Elastic, N.V.', - }, - { - entries: [ + .expect(200) + .expect((response) => { + const artifactJson = JSON.parse(response.text); + expect(artifactJson).to.eql({ + exceptions_list: [ { - field: 'signer', + field: 'actingProcess.file.signer', operator: 'included', type: 'exact_cased', - value: 'Evil', + value: 'Elastic, N.V.', }, { - field: 'trusted', - operator: 'included', - type: 'exact_cased', - value: 'true', + entries: [ + { + field: 'signer', + operator: 'included', + type: 'exact_cased', + value: 'Evil', + }, + { + field: 'trusted', + operator: 'included', + type: 'exact_cased', + value: 'true', + }, + ], + field: 'file.signature', + type: 'nested', }, ], - field: 'file.signature', - type: 'nested', - }, - ], - } as WrappedTranslatedExceptionList); + }); + }); }); it('should fail on invalid api key', async () => { diff --git a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json index b156f2f6cc7bf..abc7c463ec96d 100644 --- a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json @@ -1,21 +1,21 @@ { "type": "doc", "value": { - "id": "endpoint:user-artifact:endpoint-exceptionlist-linux-1.0.0-a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d", + "id": "endpoint:user-artifact:endpoint-exceptionlist-linux-1.0.0-d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", "index": ".kibana", "source": { "references": [ ], "endpoint:user-artifact": { - "body": "eyJleGNlcHRpb25zX2xpc3QiOltdfQ==", + "body": "eyJleGNlcHRpb25zX2xpc3QiOlt7ImZpZWxkIjoiYWN0aW5nUHJvY2Vzcy5maWxlLnNpZ25lciIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6IkVsYXN0aWMsIE4uVi4ifSx7ImVudHJpZXMiOlt7ImZpZWxkIjoic2lnbmVyIiwib3BlcmF0b3IiOiJpbmNsdWRlZCIsInR5cGUiOiJleGFjdF9jYXNlZCIsInZhbHVlIjoiRXZpbCJ9LHsiZmllbGQiOiJ0cnVzdGVkIiwib3BlcmF0b3IiOiJpbmNsdWRlZCIsInR5cGUiOiJleGFjdF9jYXNlZCIsInZhbHVlIjoidHJ1ZSJ9XSwiZmllbGQiOiJmaWxlLnNpZ25hdHVyZSIsInR5cGUiOiJuZXN0ZWQifV19", "created": 1593016187465, "compressionAlgorithm": "none", "encryptionAlgorithm": "none", "identifier": "endpoint-exceptionlist-linux-1.0.0", - "compressedSha256": "a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d", - "compressedSize": 22, - "decompressedSha256": "a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d", - "decompressedSize": 22 + "compressedSha256": "d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", + "compressedSize": 336, + "decompressedSha256": "d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", + "decompressedSize": 336 }, "type": "endpoint:user-artifact", "updated_at": "2020-06-24T16:29:47.584Z" From 1456697298c6fdbb4c9f4205379f1b9a6a429e29 Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 13:19:46 -0400 Subject: [PATCH 3/8] Add more tests to ensure cached versions of artifacts are correct --- .../manifest_manager/manifest_manager.mock.ts | 8 ++- .../manifest_manager/manifest_manager.test.ts | 44 ++++++++++++++- .../manifest_manager/manifest_manager.ts | 1 + .../apis/endpoint/artifacts/index.ts | 55 +++++++++++++++++++ 4 files changed, 106 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts index cd70b11aef305..483b3434d63f2 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts @@ -84,9 +84,15 @@ export class ManifestManagerMock extends ManifestManager { } export const getManifestManagerMock = (opts?: { + cache?: ExceptionsCache; packageConfigService?: PackageConfigServiceMock; savedObjectsClient?: ReturnType<typeof savedObjectsClientMock.create>; }): ManifestManagerMock => { + let cache = new ExceptionsCache(5); + if (opts?.cache !== undefined) { + cache = opts.cache; + } + let packageConfigService = getPackageConfigServiceMock(); if (opts?.packageConfigService !== undefined) { packageConfigService = opts.packageConfigService; @@ -99,7 +105,7 @@ export const getManifestManagerMock = (opts?: { const manifestManager = new ManifestManagerMock({ artifactClient: getArtifactClientMock(savedObjectsClient), - cache: new ExceptionsCache(5), + cache, // @ts-ignore packageConfigService, exceptionListClient: listMock.getExceptionListClient(), diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts index ef4f921cb537e..900ad2c026956 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts @@ -5,7 +5,12 @@ */ import { savedObjectsClientMock } from 'src/core/server/mocks'; -import { ArtifactConstants, ManifestConstants, Manifest } from '../../../lib/artifacts'; +import { + ArtifactConstants, + ManifestConstants, + Manifest, + ExceptionsCache, +} from '../../../lib/artifacts'; import { getPackageConfigServiceMock, getManifestManagerMock } from './manifest_manager.mock'; describe('manifest_manager', () => { @@ -23,6 +28,43 @@ describe('manifest_manager', () => { expect(manifestWrapper!.manifest).toBeInstanceOf(Manifest); }); + test('ManifestManager populates cache properly', async () => { + const cache = new ExceptionsCache(5); + const manifestManager = getManifestManagerMock({ cache }); + const manifestWrapper = await manifestManager.refresh(); + expect(manifestWrapper!.diffs).toEqual([ + { + id: + 'endpoint-exceptionlist-linux-1.0.0-d34a1f6659bd86fc2023d7477aa2e5d2055c9c0fb0a0f10fae76bf8b94bebe49', + type: 'add', + }, + ]); + const diff = manifestWrapper!.diffs[0]; + const entry = JSON.parse(cache.get(diff!.id)!); + expect(entry).toEqual({ + exceptions_list: [ + { + entries: [ + { + field: 'nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some value', + }, + ], + field: 'some.parentField', + type: 'nested', + }, + { + field: 'some.not.nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some value', + }, + ], + }); + }); + test('ManifestManager can dispatch manifest', async () => { const packageConfigService = getPackageConfigServiceMock(); const manifestManager = getManifestManagerMock({ packageConfigService }); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts index 52887a38b3419..f7bc711d4bd05 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts @@ -139,6 +139,7 @@ export class ManifestManager { const artifact = newManifest.getArtifact(diff.id); try { await this.artifactClient.createArtifact(artifact); + // Cache the body of the artifact this.cache.set(diff.id, Buffer.from(artifact.body, 'base64').toString()); } catch (err) { diff --git a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts index a63c2c19dc96c..3193a4456ba37 100644 --- a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts @@ -110,6 +110,61 @@ export default function (providerContext: FtrProviderContext) { }); }); + it('should download an artifact with correct hash from cache', async () => { + await supertestWithoutAuth + .get( + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' + ) + .set('kbn-xsrf', 'xxx') + .set('authorization', `ApiKey ${agentAccessAPIKey}`) + .send() + .expect(200) + .expect((response) => { + JSON.parse(response.text); + }) + .then(async () => { + await supertestWithoutAuth + .get( + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' + ) + .set('kbn-xsrf', 'xxx') + .set('authorization', `ApiKey ${agentAccessAPIKey}`) + .send() + .expect(200) + .expect((response) => { + const artifactJson = JSON.parse(response.text); + expect(artifactJson).to.eql({ + exceptions_list: [ + { + field: 'actingProcess.file.signer', + operator: 'included', + type: 'exact_cased', + value: 'Elastic, N.V.', + }, + { + entries: [ + { + field: 'signer', + operator: 'included', + type: 'exact_cased', + value: 'Evil', + }, + { + field: 'trusted', + operator: 'included', + type: 'exact_cased', + value: 'true', + }, + ], + field: 'file.signature', + type: 'nested', + }, + ], + }); + }); + }); + }); + it('should fail on invalid api key', async () => { await supertestWithoutAuth .get( From eae1b8925b70d3fb279fe8a1c2c2b11c0f5d45e0 Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 14:17:05 -0400 Subject: [PATCH 4/8] Convert to new format --- .../common/endpoint/schema/manifest.ts | 8 +++--- .../server/endpoint/lib/artifacts/common.ts | 4 +-- .../endpoint/lib/artifacts/lists.test.ts | 12 ++++---- .../server/endpoint/lib/artifacts/lists.ts | 16 +++++------ .../endpoint/lib/artifacts/manifest.test.ts | 26 ++++++++--------- .../lib/artifacts/manifest_entry.test.ts | 16 +++++------ .../endpoint/lib/artifacts/manifest_entry.ts | 28 +++++++++---------- .../lib/artifacts/saved_object_mappings.ts | 8 +++--- .../endpoint/schemas/artifacts/lists.ts | 6 ++-- .../schemas/artifacts/saved_objects.ts | 8 +++--- .../services/artifacts/artifact_client.ts | 2 +- .../manifest_manager/manifest_manager.test.ts | 16 +++++------ .../apis/endpoint/artifacts/index.ts | 10 +++---- .../endpoint/artifacts/api_feature/data.json | 28 +++++++++---------- 14 files changed, 94 insertions(+), 94 deletions(-) diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts b/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts index 2f03895d91c74..1c8916dfdd5bb 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts @@ -19,10 +19,10 @@ import { export const manifestEntrySchema = t.exact( t.type({ relative_url: relativeUrl, - precompress_sha256: sha256, - precompress_size: size, - postcompress_sha256: sha256, - postcompress_size: size, + decoded_sha256: sha256, + decoded_size: size, + encoded_sha256: sha256, + encoded_size: size, compression_algorithm: compressionAlgorithm, encryption_algorithm: encryptionAlgorithm, }) diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts index b6a5bed9078ab..cf38147522083 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts @@ -6,12 +6,12 @@ export const ArtifactConstants = { GLOBAL_ALLOWLIST_NAME: 'endpoint-exceptionlist', - SAVED_OBJECT_TYPE: 'endpoint:user-artifact', + SAVED_OBJECT_TYPE: 'endpoint:user-artifact:v2', SUPPORTED_OPERATING_SYSTEMS: ['linux', 'macos', 'windows'], SCHEMA_VERSION: '1.0.0', }; export const ManifestConstants = { - SAVED_OBJECT_TYPE: 'endpoint:user-artifact-manifest', + SAVED_OBJECT_TYPE: 'endpoint:user-artifact-manifest:v2', SCHEMA_VERSION: '1.0.0', }; diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts index 738890fb4038f..80d7bd5658363 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts @@ -21,7 +21,7 @@ describe('buildEventTypeSignal', () => { test('it should convert the exception lists response to the proper endpoint format', async () => { const expectedEndpointExceptions = { - exceptions_list: [ + entries: [ { entries: [ { @@ -57,7 +57,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { - exceptions_list: [ + entries: [ { field: 'server.domain', operator: 'included', @@ -100,7 +100,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { - exceptions_list: [ + entries: [ { field: 'server.domain', operator: 'included', @@ -147,7 +147,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { - exceptions_list: [ + entries: [ { field: 'server.domain', operator: 'included', @@ -182,7 +182,7 @@ describe('buildEventTypeSignal', () => { .mockReturnValueOnce(second) .mockReturnValueOnce(third); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp.exceptions_list.length).toEqual(6); + expect(resp.entries.length).toEqual(6); }); test('it should handle no exceptions', async () => { @@ -191,6 +191,6 @@ describe('buildEventTypeSignal', () => { exceptionsResponse.total = 0; mockExceptionClient.findExceptionListItem = jest.fn().mockReturnValueOnce(exceptionsResponse); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp.exceptions_list.length).toEqual(0); + expect(resp.entries.length).toEqual(0); }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts index 2abb72234fecd..53cda8f2d2299 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts @@ -14,7 +14,7 @@ import { InternalArtifactSchema, TranslatedEntry, WrappedTranslatedExceptionList, - wrappedExceptionList, + wrappedTranslatedExceptionList, TranslatedEntryNestedEntry, translatedEntryNestedEntry, translatedEntry as translatedEntryType, @@ -36,10 +36,10 @@ export async function buildArtifact( identifier: `${ArtifactConstants.GLOBAL_ALLOWLIST_NAME}-${os}-${schemaVersion}`, compressionAlgorithm: 'none', encryptionAlgorithm: 'none', - decompressedSha256: sha256, - compressedSha256: sha256, - decompressedSize: exceptionsBuffer.byteLength, - compressedSize: exceptionsBuffer.byteLength, + decodedSha256: sha256, + encodedSha256: sha256, + decodedSize: exceptionsBuffer.byteLength, + encodedSize: exceptionsBuffer.byteLength, created: Date.now(), body: exceptionsBuffer.toString('base64'), }; @@ -50,7 +50,7 @@ export async function getFullEndpointExceptionList( os: string, schemaVersion: string ): Promise<WrappedTranslatedExceptionList> { - const exceptions: WrappedTranslatedExceptionList = { exceptions_list: [] }; + const exceptions: WrappedTranslatedExceptionList = { entries: [] }; let numResponses = 0; let page = 1; @@ -68,7 +68,7 @@ export async function getFullEndpointExceptionList( if (response?.data !== undefined) { numResponses = response.data.length; - exceptions.exceptions_list = exceptions.exceptions_list.concat( + exceptions.entries = exceptions.entries.concat( translateToEndpointExceptions(response, schemaVersion) ); @@ -78,7 +78,7 @@ export async function getFullEndpointExceptionList( } } while (numResponses > 0); - const [validated, errors] = validate(exceptions, wrappedExceptionList); + const [validated, errors] = validate(exceptions, wrappedTranslatedExceptionList); if (errors != null) { throw new Error(errors); } diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts index da8a449e1b026..00a651c0b60fe 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts @@ -57,30 +57,30 @@ describe('manifest', () => { 'endpoint-exceptionlist-linux-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - postcompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - precompress_size: 268, - postcompress_size: 268, + decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + decoded_size: 268, + encoded_size: 268, relative_url: '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', }, 'endpoint-exceptionlist-macos-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - postcompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - precompress_size: 268, - postcompress_size: 268, + decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + decoded_size: 268, + encoded_size: 268, relative_url: '/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', }, 'endpoint-exceptionlist-windows-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - postcompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - precompress_size: 268, - postcompress_size: 268, + decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + decoded_size: 268, + encoded_size: 268, relative_url: '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', }, @@ -119,7 +119,7 @@ describe('manifest', () => { test('Manifest returns data for given artifact', async () => { const artifact = artifacts[0]; - const returned = manifest1.getArtifact(`${artifact.identifier}-${artifact.compressedSha256}`); + const returned = manifest1.getArtifact(`${artifact.identifier}-${artifact.encodedSha256}`); expect(returned).toEqual(artifact); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts index c8cbdfc2fc5f4..41afd72efd366 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts @@ -33,17 +33,17 @@ describe('manifest_entry', () => { }); test('Correct sha256 is returned', () => { - expect(manifestEntry.getCompressedSha256()).toEqual( + expect(manifestEntry.getEncodedSha256()).toEqual( '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' ); - expect(manifestEntry.getDecompressedSha256()).toEqual( + expect(manifestEntry.getDecodedSha256()).toEqual( '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' ); }); test('Correct size is returned', () => { - expect(manifestEntry.getCompressedSize()).toEqual(268); - expect(manifestEntry.getDecompressedSize()).toEqual(268); + expect(manifestEntry.getEncodedSize()).toEqual(268); + expect(manifestEntry.getDecodedSize()).toEqual(268); }); test('Correct url is returned', () => { @@ -60,10 +60,10 @@ describe('manifest_entry', () => { expect(manifestEntry.getRecord()).toEqual({ compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - postcompress_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - precompress_size: 268, - postcompress_size: 268, + decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + decoded_size: 268, + encoded_size: 268, relative_url: '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', }); diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.ts index 860c2d7d704b2..c23258c4c3ba4 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.ts @@ -15,31 +15,31 @@ export class ManifestEntry { } public getDocId(): string { - return `${this.getIdentifier()}-${this.getCompressedSha256()}`; + return `${this.getIdentifier()}-${this.getEncodedSha256()}`; } public getIdentifier(): string { return this.artifact.identifier; } - public getCompressedSha256(): string { - return this.artifact.compressedSha256; + public getEncodedSha256(): string { + return this.artifact.encodedSha256; } - public getDecompressedSha256(): string { - return this.artifact.decompressedSha256; + public getDecodedSha256(): string { + return this.artifact.decodedSha256; } - public getCompressedSize(): number { - return this.artifact.compressedSize; + public getEncodedSize(): number { + return this.artifact.encodedSize; } - public getDecompressedSize(): number { - return this.artifact.decompressedSize; + public getDecodedSize(): number { + return this.artifact.decodedSize; } public getUrl(): string { - return `/api/endpoint/artifacts/download/${this.getIdentifier()}/${this.getCompressedSha256()}`; + return `/api/endpoint/artifacts/download/${this.getIdentifier()}/${this.getEncodedSha256()}`; } public getArtifact(): InternalArtifactSchema { @@ -50,10 +50,10 @@ export class ManifestEntry { return { compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: this.getDecompressedSha256(), - precompress_size: this.getDecompressedSize(), - postcompress_sha256: this.getCompressedSha256(), - postcompress_size: this.getCompressedSize(), + decoded_sha256: this.getDecodedSha256(), + decoded_size: this.getDecodedSize(), + encoded_sha256: this.getEncodedSha256(), + encoded_size: this.getEncodedSize(), relative_url: this.getUrl(), }; } diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/saved_object_mappings.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/saved_object_mappings.ts index 5e61b278e87e4..89e974a3d5fd3 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/saved_object_mappings.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/saved_object_mappings.ts @@ -24,18 +24,18 @@ export const exceptionsArtifactSavedObjectMappings: SavedObjectsType['mappings'] type: 'keyword', index: false, }, - compressedSha256: { + encodedSha256: { type: 'keyword', }, - compressedSize: { + encodedSize: { type: 'long', index: false, }, - decompressedSha256: { + decodedSha256: { type: 'keyword', index: false, }, - decompressedSize: { + decodedSize: { type: 'long', index: false, }, diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts index d071896c537bf..cdb841a8d4c82 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts @@ -72,9 +72,9 @@ export const translatedExceptionList = t.exact( ); export type TranslatedExceptionList = t.TypeOf<typeof translatedExceptionList>; -export const wrappedExceptionList = t.exact( +export const wrappedTranslatedExceptionList = t.exact( t.type({ - exceptions_list: t.array(translatedEntry), + entries: t.array(translatedEntry), }) ); -export type WrappedTranslatedExceptionList = t.TypeOf<typeof wrappedExceptionList>; +export type WrappedTranslatedExceptionList = t.TypeOf<typeof wrappedTranslatedExceptionList>; diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts index fe032586dda56..e4cd7f48a2901 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts @@ -19,10 +19,10 @@ export const internalArtifactSchema = t.exact( identifier, compressionAlgorithm, encryptionAlgorithm, - decompressedSha256: sha256, - decompressedSize: size, - compressedSha256: sha256, - compressedSize: size, + decodedSha256: sha256, + decodedSize: size, + encodedSha256: sha256, + encodedSize: size, created, body, }) diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/artifact_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/artifact_client.ts index 00ae802ba6f32..e899905602c8d 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/artifact_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/artifact_client.ts @@ -16,7 +16,7 @@ export class ArtifactClient { } public getArtifactId(artifact: InternalArtifactSchema) { - return `${artifact.identifier}-${artifact.compressedSha256}`; + return `${artifact.identifier}-${artifact.encodedSha256}`; } public async getArtifact(id: string): Promise<SavedObject<InternalArtifactSchema>> { diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts index 900ad2c026956..e2f22a10c10e3 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts @@ -21,7 +21,7 @@ describe('manifest_manager', () => { expect(manifestWrapper!.diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-d34a1f6659bd86fc2023d7477aa2e5d2055c9c0fb0a0f10fae76bf8b94bebe49', + 'endpoint-exceptionlist-linux-1.0.0-2a2ec06c957330deb42f41835d3029001432038106f823173fb9e7ea603decb5', type: 'add', }, ]); @@ -35,14 +35,14 @@ describe('manifest_manager', () => { expect(manifestWrapper!.diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-d34a1f6659bd86fc2023d7477aa2e5d2055c9c0fb0a0f10fae76bf8b94bebe49', + 'endpoint-exceptionlist-linux-1.0.0-2a2ec06c957330deb42f41835d3029001432038106f823173fb9e7ea603decb5', type: 'add', }, ]); const diff = manifestWrapper!.diffs[0]; const entry = JSON.parse(cache.get(diff!.id)!); expect(entry).toEqual({ - exceptions_list: [ + entries: [ { entries: [ { @@ -82,11 +82,11 @@ describe('manifest_manager', () => { [artifact.identifier]: { compression_algorithm: 'none', encryption_algorithm: 'none', - precompress_sha256: artifact.decompressedSha256, - postcompress_sha256: artifact.compressedSha256, - precompress_size: artifact.decompressedSize, - postcompress_size: artifact.compressedSize, - relative_url: `/api/endpoint/artifacts/download/${artifact.identifier}/${artifact.compressedSha256}`, + decoded_sha256: artifact.decodedSha256, + encoded_sha256: artifact.encodedSha256, + decoded_size: artifact.decodedSize, + encoded_size: artifact.encodedSize, + relative_url: `/api/endpoint/artifacts/download/${artifact.identifier}/${artifact.encodedSha256}`, }, }, }); diff --git a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts index 3193a4456ba37..0a801ed237885 100644 --- a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts @@ -71,7 +71,7 @@ export default function (providerContext: FtrProviderContext) { it('should download an artifact with correct hash', async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -80,7 +80,7 @@ export default function (providerContext: FtrProviderContext) { .expect((response) => { const artifactJson = JSON.parse(response.text); expect(artifactJson).to.eql({ - exceptions_list: [ + entries: [ { field: 'actingProcess.file.signer', operator: 'included', @@ -113,7 +113,7 @@ export default function (providerContext: FtrProviderContext) { it('should download an artifact with correct hash from cache', async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -125,7 +125,7 @@ export default function (providerContext: FtrProviderContext) { .then(async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -134,7 +134,7 @@ export default function (providerContext: FtrProviderContext) { .expect((response) => { const artifactJson = JSON.parse(response.text); expect(artifactJson).to.eql({ - exceptions_list: [ + entries: [ { field: 'actingProcess.file.signer', operator: 'included', diff --git a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json index abc7c463ec96d..565e1d619dda4 100644 --- a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json @@ -1,23 +1,23 @@ { "type": "doc", "value": { - "id": "endpoint:user-artifact:endpoint-exceptionlist-linux-1.0.0-d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", + "id": "endpoint:user-artifact:v2:endpoint-exceptionlist-linux-1.0.0-f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", "index": ".kibana", "source": { "references": [ ], - "endpoint:user-artifact": { - "body": "eyJleGNlcHRpb25zX2xpc3QiOlt7ImZpZWxkIjoiYWN0aW5nUHJvY2Vzcy5maWxlLnNpZ25lciIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6IkVsYXN0aWMsIE4uVi4ifSx7ImVudHJpZXMiOlt7ImZpZWxkIjoic2lnbmVyIiwib3BlcmF0b3IiOiJpbmNsdWRlZCIsInR5cGUiOiJleGFjdF9jYXNlZCIsInZhbHVlIjoiRXZpbCJ9LHsiZmllbGQiOiJ0cnVzdGVkIiwib3BlcmF0b3IiOiJpbmNsdWRlZCIsInR5cGUiOiJleGFjdF9jYXNlZCIsInZhbHVlIjoidHJ1ZSJ9XSwiZmllbGQiOiJmaWxlLnNpZ25hdHVyZSIsInR5cGUiOiJuZXN0ZWQifV19", + "endpoint:user-artifact:v2": { + "body": "eyJlbnRyaWVzIjpbeyJmaWVsZCI6ImFjdGluZ1Byb2Nlc3MuZmlsZS5zaWduZXIiLCJvcGVyYXRvciI6ImluY2x1ZGVkIiwidHlwZSI6ImV4YWN0X2Nhc2VkIiwidmFsdWUiOiJFbGFzdGljLCBOLlYuIn0seyJlbnRyaWVzIjpbeyJmaWVsZCI6InNpZ25lciIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6IkV2aWwifSx7ImZpZWxkIjoidHJ1c3RlZCIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6InRydWUifV0sImZpZWxkIjoiZmlsZS5zaWduYXR1cmUiLCJ0eXBlIjoibmVzdGVkIn1dfQ==", "created": 1593016187465, "compressionAlgorithm": "none", "encryptionAlgorithm": "none", "identifier": "endpoint-exceptionlist-linux-1.0.0", - "compressedSha256": "d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", - "compressedSize": 336, - "decompressedSha256": "d162f0302cbf419038ade7ea978e0a7ade7aad317fedefe455ff38dfa28b7cff", - "decompressedSize": 336 + "encodedSha256": "f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", + "encodedSize": 328, + "decodedSha256": "f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", + "decodedSize": 328 }, - "type": "endpoint:user-artifact", + "type": "endpoint:user-artifact:v2", "updated_at": "2020-06-24T16:29:47.584Z" } } @@ -26,20 +26,20 @@ { "type": "doc", "value": { - "id": "endpoint:user-artifact-manifest:endpoint-manifest-1.0.0", + "id": "endpoint:user-artifact-manifest:v2:endpoint-manifest-1.0.0", "index": ".kibana", "source": { "references": [ ], - "endpoint:user-artifact-manifest": { + "endpoint:user-artifact-manifest:v2": { "created": 1593183699663, "ids": [ - "endpoint-exceptionlist-linux-1.0.0-a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d", - "endpoint-exceptionlist-macos-1.0.0-a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d", - "endpoint-exceptionlist-windows-1.0.0-a4e4586e895fcb46dd25a25358b446f9a425279452afa3ef9a98bca39c39122d" + "endpoint-exceptionlist-linux-1.0.0-f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", + "endpoint-exceptionlist-macos-1.0.0-d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658", + "endpoint-exceptionlist-windows-1.0.0-d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658" ] }, - "type": "endpoint:user-artifact-manifest", + "type": "endpoint:user-artifact-manifest:v2", "updated_at": "2020-06-26T15:01:39.704Z" } } From 339c887a0aadec3ba03c85fcaefbce036711779b Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 15:44:23 -0400 Subject: [PATCH 5/8] missed some refs --- .../endpoint/lib/artifacts/manifest.test.ts | 54 +++++++++---------- .../lib/artifacts/manifest_entry.test.ts | 22 ++++---- .../artifacts/download_exception_list.test.ts | 2 +- .../endpoint/schemas/artifacts/lists.mock.ts | 2 +- .../schemas/artifacts/saved_objects.mock.ts | 2 +- 5 files changed, 41 insertions(+), 41 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts index 00a651c0b60fe..1a057b526edad 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts @@ -57,32 +57,32 @@ describe('manifest', () => { 'endpoint-exceptionlist-linux-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - decoded_size: 268, - encoded_size: 268, + decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + decoded_size: 260, + encoded_size: 260, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', }, 'endpoint-exceptionlist-macos-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - decoded_size: 268, - encoded_size: 268, + decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + decoded_size: 260, + encoded_size: 260, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', }, 'endpoint-exceptionlist-windows-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - decoded_size: 268, - encoded_size: 268, + decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + decoded_size: 260, + encoded_size: 260, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', }, }, manifest_version: 'abcd', @@ -94,9 +94,9 @@ describe('manifest', () => { expect(manifest1.toSavedObject()).toStrictEqual({ created: now.getTime(), ids: [ - 'endpoint-exceptionlist-linux-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - 'endpoint-exceptionlist-macos-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - 'endpoint-exceptionlist-windows-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', ], }); }); @@ -106,12 +106,12 @@ describe('manifest', () => { expect(diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', type: 'delete', }, { id: - 'endpoint-exceptionlist-linux-1.0.0-69328f83418f4957470640ed6cc605be6abb5fe80e0e388fd74f9764ad7ed5d1', + 'endpoint-exceptionlist-linux-1.0.0-27cfe2fae5550d3e312ca430821a3fdd5228c486dddc4852baf694455f89fde1', type: 'add', }, ]); @@ -127,15 +127,15 @@ describe('manifest', () => { const entries = manifest1.getEntries(); const keys = Object.keys(entries); expect(keys).toEqual([ - 'endpoint-exceptionlist-linux-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - 'endpoint-exceptionlist-macos-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - 'endpoint-exceptionlist-windows-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', ]); }); test('Manifest returns true if contains artifact', async () => { const found = manifest1.contains( - 'endpoint-exceptionlist-macos-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ); expect(found).toEqual(true); }); @@ -144,17 +144,17 @@ describe('manifest', () => { const manifest = Manifest.fromArtifacts(artifacts, '1.0.0', 'v0'); expect( manifest.contains( - 'endpoint-exceptionlist-linux-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ) ).toEqual(true); expect( manifest.contains( - 'endpoint-exceptionlist-macos-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ) ).toEqual(true); expect( manifest.contains( - 'endpoint-exceptionlist-windows-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ) ).toEqual(true); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts index 41afd72efd366..881a384d4054d 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts @@ -24,7 +24,7 @@ describe('manifest_entry', () => { test('Correct doc_id is returned', () => { expect(manifestEntry.getDocId()).toEqual( - 'endpoint-exceptionlist-windows-1.0.0-70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ); }); @@ -34,21 +34,21 @@ describe('manifest_entry', () => { test('Correct sha256 is returned', () => { expect(manifestEntry.getEncodedSha256()).toEqual( - '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ); expect(manifestEntry.getDecodedSha256()).toEqual( - '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ); }); test('Correct size is returned', () => { - expect(manifestEntry.getEncodedSize()).toEqual(268); - expect(manifestEntry.getDecodedSize()).toEqual(268); + expect(manifestEntry.getEncodedSize()).toEqual(260); + expect(manifestEntry.getDecodedSize()).toEqual(260); }); test('Correct url is returned', () => { expect(manifestEntry.getUrl()).toEqual( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' ); }); @@ -60,12 +60,12 @@ describe('manifest_entry', () => { expect(manifestEntry.getRecord()).toEqual({ compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - encoded_sha256: '70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', - decoded_size: 268, - encoded_size: 268, + decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + decoded_size: 260, + encoded_size: 260, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/70d2e0ee5db0073b242df9af32e64447b932b73c3e66de3a922c61a4077b1a9c', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', }); }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts index 863a1d5037756..4f87d25032804 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts @@ -31,7 +31,7 @@ import { WrappedTranslatedExceptionList } from '../../schemas/artifacts/lists'; const mockArtifactName = `${ArtifactConstants.GLOBAL_ALLOWLIST_NAME}-windows-1.0.0`; const expectedEndpointExceptions: WrappedTranslatedExceptionList = { - exceptions_list: [ + entries: [ { entries: [ { diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts index 7354b5fd0ec4d..94a0b4b015572 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts @@ -8,7 +8,7 @@ import { WrappedTranslatedExceptionList } from './lists'; export const getTranslatedExceptionListMock = (): WrappedTranslatedExceptionList => { return { - exceptions_list: [ + entries: [ { entries: [ { diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.mock.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.mock.ts index 1a9cc55ca5725..183a819807ed2 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.mock.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.mock.ts @@ -20,7 +20,7 @@ export const getInternalArtifactMockWithDiffs = async ( schemaVersion: string ): Promise<InternalArtifactSchema> => { const mock = getTranslatedExceptionListMock(); - mock.exceptions_list.pop(); + mock.entries.pop(); return buildArtifact(mock, os, schemaVersion); }; From aca7b8c2c930dad1542122deb0a4a8ab1be9c097 Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 17:46:08 -0400 Subject: [PATCH 6/8] partial fix to wrapper format --- .../endpoint/lib/artifacts/lists.test.ts | 20 ++++++++--- .../server/endpoint/lib/artifacts/lists.ts | 34 ++++++++++++------- .../artifacts/download_exception_list.test.ts | 28 +++++++++++---- .../endpoint/schemas/artifacts/lists.mock.ts | 28 +++++++++++---- .../endpoint/schemas/artifacts/lists.ts | 6 ++-- 5 files changed, 85 insertions(+), 31 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts index 80d7bd5658363..63021a87bbab0 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts @@ -21,6 +21,7 @@ describe('buildEventTypeSignal', () => { test('it should convert the exception lists response to the proper endpoint format', async () => { const expectedEndpointExceptions = { + type: 'simple', entries: [ { entries: [ @@ -46,7 +47,9 @@ describe('buildEventTypeSignal', () => { const first = getFoundExceptionListItemSchemaMock(); mockExceptionClient.findExceptionListItem = jest.fn().mockReturnValueOnce(first); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp).toEqual(expectedEndpointExceptions); + expect(resp).toEqual({ + entries: [expectedEndpointExceptions], + }); }); test('it should convert simple fields', async () => { @@ -57,6 +60,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { + type: 'simple', entries: [ { field: 'server.domain', @@ -84,7 +88,9 @@ describe('buildEventTypeSignal', () => { mockExceptionClient.findExceptionListItem = jest.fn().mockReturnValueOnce(first); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp).toEqual(expectedEndpointExceptions); + expect(resp).toEqual({ + entries: [expectedEndpointExceptions], + }); }); test('it should convert fields case sensitive', async () => { @@ -100,6 +106,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { + type: 'simple', entries: [ { field: 'server.domain', @@ -127,7 +134,9 @@ describe('buildEventTypeSignal', () => { mockExceptionClient.findExceptionListItem = jest.fn().mockReturnValueOnce(first); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp).toEqual(expectedEndpointExceptions); + expect(resp).toEqual({ + entries: [expectedEndpointExceptions], + }); }); test('it should ignore unsupported entries', async () => { @@ -147,6 +156,7 @@ describe('buildEventTypeSignal', () => { ]; const expectedEndpointExceptions = { + type: 'simple', entries: [ { field: 'server.domain', @@ -162,7 +172,9 @@ describe('buildEventTypeSignal', () => { mockExceptionClient.findExceptionListItem = jest.fn().mockReturnValueOnce(first); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp).toEqual(expectedEndpointExceptions); + expect(resp).toEqual({ + entries: [expectedEndpointExceptions], + }); }); test('it should convert the exception lists response to the proper endpoint format while paging', async () => { diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts index 53cda8f2d2299..a13781519b508 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts @@ -5,6 +5,7 @@ */ import { createHash } from 'crypto'; +import { ExceptionListItemSchema } from '../../../../../lists/common/schemas'; import { validate } from '../../../../common/validate'; import { Entry, EntryNested } from '../../../../../lists/common/schemas/types/entries'; @@ -21,6 +22,7 @@ import { TranslatedEntryMatcher, translatedEntryMatchMatcher, translatedEntryMatchAnyMatcher, + TranslatedExceptionListItem, } from '../../schemas'; import { ArtifactConstants } from './common'; @@ -92,19 +94,11 @@ export async function getFullEndpointExceptionList( export function translateToEndpointExceptions( exc: FoundExceptionListItemSchema, schemaVersion: string -): TranslatedEntry[] { +): TranslatedExceptionListItem[] { if (schemaVersion === '1.0.0') { - return exc.data - .flatMap((list) => { - return list.entries; - }) - .reduce((entries: TranslatedEntry[], entry) => { - const translatedEntry = translateEntry(schemaVersion, entry); - if (translatedEntry !== undefined && translatedEntryType.is(translatedEntry)) { - entries.push(translatedEntry); - } - return entries; - }, []); + return exc.data.map((item) => { + return translateItem(schemaVersion, item); + }); } else { throw new Error('unsupported schemaVersion'); } @@ -124,6 +118,22 @@ function normalizeFieldName(field: string): string { return field.endsWith('.text') ? field.substring(0, field.length - 5) : field; } +function translateItem( + schemaVersion: string, + item: ExceptionListItemSchema +): TranslatedExceptionListItem { + return { + type: item.type, + entries: item.entries.reduce((translatedEntries: TranslatedEntry[], entry) => { + const translatedEntry = translateEntry(schemaVersion, entry); + if (translatedEntry !== undefined && translatedEntryType.is(translatedEntry)) { + translatedEntries.push(translatedEntry); + } + return translatedEntries; + }, []), + }; +} + function translateEntry( schemaVersion: string, entry: Entry | EntryNested diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts index 4f87d25032804..fbcd3bd130dfd 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/artifacts/download_exception_list.test.ts @@ -33,7 +33,20 @@ const mockArtifactName = `${ArtifactConstants.GLOBAL_ALLOWLIST_NAME}-windows-1.0 const expectedEndpointExceptions: WrappedTranslatedExceptionList = { entries: [ { + type: 'simple', entries: [ + { + entries: [ + { + field: 'some.not.nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some value', + }, + ], + field: 'some.field', + type: 'nested', + }, { field: 'some.not.nested.field', operator: 'included', @@ -41,14 +54,17 @@ const expectedEndpointExceptions: WrappedTranslatedExceptionList = { value: 'some value', }, ], - field: 'some.field', - type: 'nested', }, { - field: 'some.not.nested.field', - operator: 'included', - type: 'exact_cased', - value: 'some value', + type: 'simple', + entries: [ + { + field: 'some.other.not.nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some other value', + }, + ], }, ], }; diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts index 94a0b4b015572..343b192163479 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.mock.ts @@ -10,7 +10,20 @@ export const getTranslatedExceptionListMock = (): WrappedTranslatedExceptionList return { entries: [ { + type: 'simple', entries: [ + { + entries: [ + { + field: 'some.not.nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some value', + }, + ], + field: 'some.field', + type: 'nested', + }, { field: 'some.not.nested.field', operator: 'included', @@ -18,14 +31,17 @@ export const getTranslatedExceptionListMock = (): WrappedTranslatedExceptionList value: 'some value', }, ], - field: 'some.field', - type: 'nested', }, { - field: 'some.not.nested.field', - operator: 'included', - type: 'exact_cased', - value: 'some value', + type: 'simple', + entries: [ + { + field: 'some.other.not.nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some other value', + }, + ], }, ], }; diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts index cdb841a8d4c82..b7f99fe6fe297 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts @@ -64,17 +64,17 @@ export const translatedEntry = t.union([ ]); export type TranslatedEntry = t.TypeOf<typeof translatedEntry>; -export const translatedExceptionList = t.exact( +export const translatedExceptionListItem = t.exact( t.type({ type: t.string, entries: t.array(translatedEntry), }) ); -export type TranslatedExceptionList = t.TypeOf<typeof translatedExceptionList>; +export type TranslatedExceptionListItem = t.TypeOf<typeof translatedExceptionListItem>; export const wrappedTranslatedExceptionList = t.exact( t.type({ - entries: t.array(translatedEntry), + entries: t.array(translatedExceptionListItem), }) ); export type WrappedTranslatedExceptionList = t.TypeOf<typeof wrappedTranslatedExceptionList>; From 04d57012779489da0726065c5fcbe4f3a2559cc0 Mon Sep 17 00:00:00 2001 From: Madison Caldwell <madison.caldwell@elastic.co> Date: Tue, 7 Jul 2020 17:59:55 -0400 Subject: [PATCH 7/8] update fixtures and integration test --- .../apis/endpoint/artifacts/index.ts | 72 +++++++++++-------- .../endpoint/artifacts/api_feature/data.json | 14 ++-- 2 files changed, 48 insertions(+), 38 deletions(-) diff --git a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts index 0a801ed237885..1f1c6f27b636a 100644 --- a/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/artifacts/index.ts @@ -71,7 +71,7 @@ export default function (providerContext: FtrProviderContext) { it('should download an artifact with correct hash', async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -82,28 +82,33 @@ export default function (providerContext: FtrProviderContext) { expect(artifactJson).to.eql({ entries: [ { - field: 'actingProcess.file.signer', - operator: 'included', - type: 'exact_cased', - value: 'Elastic, N.V.', - }, - { + type: 'simple', entries: [ { - field: 'signer', + field: 'actingProcess.file.signer', operator: 'included', type: 'exact_cased', - value: 'Evil', + value: 'Elastic, N.V.', }, { - field: 'trusted', - operator: 'included', - type: 'exact_cased', - value: 'true', + entries: [ + { + field: 'signer', + operator: 'included', + type: 'exact_cased', + value: 'Evil', + }, + { + field: 'trusted', + operator: 'included', + type: 'exact_cased', + value: 'true', + }, + ], + field: 'file.signature', + type: 'nested', }, ], - field: 'file.signature', - type: 'nested', }, ], }); @@ -113,7 +118,7 @@ export default function (providerContext: FtrProviderContext) { it('should download an artifact with correct hash from cache', async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -125,7 +130,7 @@ export default function (providerContext: FtrProviderContext) { .then(async () => { await supertestWithoutAuth .get( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f' ) .set('kbn-xsrf', 'xxx') .set('authorization', `ApiKey ${agentAccessAPIKey}`) @@ -136,28 +141,33 @@ export default function (providerContext: FtrProviderContext) { expect(artifactJson).to.eql({ entries: [ { - field: 'actingProcess.file.signer', - operator: 'included', - type: 'exact_cased', - value: 'Elastic, N.V.', - }, - { + type: 'simple', entries: [ { - field: 'signer', + field: 'actingProcess.file.signer', operator: 'included', type: 'exact_cased', - value: 'Evil', + value: 'Elastic, N.V.', }, { - field: 'trusted', - operator: 'included', - type: 'exact_cased', - value: 'true', + entries: [ + { + field: 'signer', + operator: 'included', + type: 'exact_cased', + value: 'Evil', + }, + { + field: 'trusted', + operator: 'included', + type: 'exact_cased', + value: 'true', + }, + ], + field: 'file.signature', + type: 'nested', }, ], - field: 'file.signature', - type: 'nested', }, ], }); diff --git a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json index 565e1d619dda4..3433070c08009 100644 --- a/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/artifacts/api_feature/data.json @@ -1,21 +1,21 @@ { "type": "doc", "value": { - "id": "endpoint:user-artifact:v2:endpoint-exceptionlist-linux-1.0.0-f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", + "id": "endpoint:user-artifact:v2:endpoint-exceptionlist-linux-1.0.0-d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f", "index": ".kibana", "source": { "references": [ ], "endpoint:user-artifact:v2": { - "body": "eyJlbnRyaWVzIjpbeyJmaWVsZCI6ImFjdGluZ1Byb2Nlc3MuZmlsZS5zaWduZXIiLCJvcGVyYXRvciI6ImluY2x1ZGVkIiwidHlwZSI6ImV4YWN0X2Nhc2VkIiwidmFsdWUiOiJFbGFzdGljLCBOLlYuIn0seyJlbnRyaWVzIjpbeyJmaWVsZCI6InNpZ25lciIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6IkV2aWwifSx7ImZpZWxkIjoidHJ1c3RlZCIsIm9wZXJhdG9yIjoiaW5jbHVkZWQiLCJ0eXBlIjoiZXhhY3RfY2FzZWQiLCJ2YWx1ZSI6InRydWUifV0sImZpZWxkIjoiZmlsZS5zaWduYXR1cmUiLCJ0eXBlIjoibmVzdGVkIn1dfQ==", + "body": "eyJlbnRyaWVzIjpbeyJ0eXBlIjoic2ltcGxlIiwiZW50cmllcyI6W3siZmllbGQiOiJhY3RpbmdQcm9jZXNzLmZpbGUuc2lnbmVyIiwib3BlcmF0b3IiOiJpbmNsdWRlZCIsInR5cGUiOiJleGFjdF9jYXNlZCIsInZhbHVlIjoiRWxhc3RpYywgTi5WLiJ9LHsiZW50cmllcyI6W3siZmllbGQiOiJzaWduZXIiLCJvcGVyYXRvciI6ImluY2x1ZGVkIiwidHlwZSI6ImV4YWN0X2Nhc2VkIiwidmFsdWUiOiJFdmlsIn0seyJmaWVsZCI6InRydXN0ZWQiLCJvcGVyYXRvciI6ImluY2x1ZGVkIiwidHlwZSI6ImV4YWN0X2Nhc2VkIiwidmFsdWUiOiJ0cnVlIn1dLCJmaWVsZCI6ImZpbGUuc2lnbmF0dXJlIiwidHlwZSI6Im5lc3RlZCJ9XX1dfQ==", "created": 1593016187465, "compressionAlgorithm": "none", "encryptionAlgorithm": "none", "identifier": "endpoint-exceptionlist-linux-1.0.0", - "encodedSha256": "f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", - "encodedSize": 328, - "decodedSha256": "f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", - "decodedSize": 328 + "encodedSha256": "d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f", + "encodedSize": 358, + "decodedSha256": "d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f", + "decodedSize": 358 }, "type": "endpoint:user-artifact:v2", "updated_at": "2020-06-24T16:29:47.584Z" @@ -34,7 +34,7 @@ "endpoint:user-artifact-manifest:v2": { "created": 1593183699663, "ids": [ - "endpoint-exceptionlist-linux-1.0.0-f59266b06ffb1d7250edb9dbabd946e00e98afa950f955d8ea9d8ffef0eb142a", + "endpoint-exceptionlist-linux-1.0.0-d2a9c760005b08d43394e59a8701ae75c80881934ccf15a006944452b80f7f9f", "endpoint-exceptionlist-macos-1.0.0-d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658", "endpoint-exceptionlist-windows-1.0.0-d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658" ] From ed87ad2d5ae4781b2d419d3d77792e2ece36bace Mon Sep 17 00:00:00 2001 From: Alex Kahan <alexander.kahan@elastic.co> Date: Tue, 7 Jul 2020 18:05:13 -0400 Subject: [PATCH 8/8] Fixing unit tests --- .../endpoint/lib/artifacts/lists.test.ts | 2 +- .../endpoint/lib/artifacts/manifest.test.ts | 54 +++++++++---------- .../lib/artifacts/manifest_entry.test.ts | 22 ++++---- .../manifest_manager/manifest_manager.test.ts | 27 ++++++---- 4 files changed, 55 insertions(+), 50 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts index 63021a87bbab0..0a1cd556e6e91 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.test.ts @@ -194,7 +194,7 @@ describe('buildEventTypeSignal', () => { .mockReturnValueOnce(second) .mockReturnValueOnce(third); const resp = await getFullEndpointExceptionList(mockExceptionClient, 'linux', '1.0.0'); - expect(resp.entries.length).toEqual(6); + expect(resp.entries.length).toEqual(3); }); test('it should handle no exceptions', async () => { diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts index 1a057b526edad..3e5fdbf9484ca 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest.test.ts @@ -57,32 +57,32 @@ describe('manifest', () => { 'endpoint-exceptionlist-linux-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - decoded_size: 260, - encoded_size: 260, + decoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + encoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + decoded_size: 430, + encoded_size: 430, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-linux-1.0.0/5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', }, 'endpoint-exceptionlist-macos-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - decoded_size: 260, - encoded_size: 260, + decoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + encoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + decoded_size: 430, + encoded_size: 430, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-1.0.0/5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', }, 'endpoint-exceptionlist-windows-1.0.0': { compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - decoded_size: 260, - encoded_size: 260, + decoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + encoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + decoded_size: 430, + encoded_size: 430, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', }, }, manifest_version: 'abcd', @@ -94,9 +94,9 @@ describe('manifest', () => { expect(manifest1.toSavedObject()).toStrictEqual({ created: now.getTime(), ids: [ - 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-linux-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + 'endpoint-exceptionlist-macos-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + 'endpoint-exceptionlist-windows-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', ], }); }); @@ -106,12 +106,12 @@ describe('manifest', () => { expect(diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-linux-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', type: 'delete', }, { id: - 'endpoint-exceptionlist-linux-1.0.0-27cfe2fae5550d3e312ca430821a3fdd5228c486dddc4852baf694455f89fde1', + 'endpoint-exceptionlist-linux-1.0.0-3d3546e94f70493021ee845be32c66e36ea7a720c64b4d608d8029fe949f7e51', type: 'add', }, ]); @@ -127,15 +127,15 @@ describe('manifest', () => { const entries = manifest1.getEntries(); const keys = Object.keys(entries); expect(keys).toEqual([ - 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + 'endpoint-exceptionlist-linux-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + 'endpoint-exceptionlist-macos-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + 'endpoint-exceptionlist-windows-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', ]); }); test('Manifest returns true if contains artifact', async () => { const found = manifest1.contains( - 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + 'endpoint-exceptionlist-macos-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ); expect(found).toEqual(true); }); @@ -144,17 +144,17 @@ describe('manifest', () => { const manifest = Manifest.fromArtifacts(artifacts, '1.0.0', 'v0'); expect( manifest.contains( - 'endpoint-exceptionlist-linux-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + 'endpoint-exceptionlist-linux-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ) ).toEqual(true); expect( manifest.contains( - 'endpoint-exceptionlist-macos-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + 'endpoint-exceptionlist-macos-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ) ).toEqual(true); expect( manifest.contains( - 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + 'endpoint-exceptionlist-windows-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ) ).toEqual(true); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts index 881a384d4054d..a52114ad90258 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/manifest_entry.test.ts @@ -24,7 +24,7 @@ describe('manifest_entry', () => { test('Correct doc_id is returned', () => { expect(manifestEntry.getDocId()).toEqual( - 'endpoint-exceptionlist-windows-1.0.0-339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + 'endpoint-exceptionlist-windows-1.0.0-5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ); }); @@ -34,21 +34,21 @@ describe('manifest_entry', () => { test('Correct sha256 is returned', () => { expect(manifestEntry.getEncodedSha256()).toEqual( - '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ); expect(manifestEntry.getDecodedSha256()).toEqual( - '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ); }); test('Correct size is returned', () => { - expect(manifestEntry.getEncodedSize()).toEqual(260); - expect(manifestEntry.getDecodedSize()).toEqual(260); + expect(manifestEntry.getEncodedSize()).toEqual(430); + expect(manifestEntry.getDecodedSize()).toEqual(430); }); test('Correct url is returned', () => { expect(manifestEntry.getUrl()).toEqual( - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d' + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735' ); }); @@ -60,12 +60,12 @@ describe('manifest_entry', () => { expect(manifestEntry.getRecord()).toEqual({ compression_algorithm: 'none', encryption_algorithm: 'none', - decoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - encoded_sha256: '339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', - decoded_size: 260, - encoded_size: 260, + decoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + encoded_sha256: '5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', + decoded_size: 430, + encoded_size: 430, relative_url: - '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/339af4b7d15db33dfb80268d3fa0b40f7fd1806becd691d8a757f425e782db7d', + '/api/endpoint/artifacts/download/endpoint-exceptionlist-windows-1.0.0/5f16e5e338c53e77cfa945c17c11b175c3967bf109aa87131de41fb93b149735', }); }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts index e2f22a10c10e3..1d6dffadde61a 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.test.ts @@ -21,7 +21,7 @@ describe('manifest_manager', () => { expect(manifestWrapper!.diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-2a2ec06c957330deb42f41835d3029001432038106f823173fb9e7ea603decb5', + 'endpoint-exceptionlist-linux-1.0.0-1a8295e6ccb93022c6f5ceb8997b29f2912389b3b38f52a8f5a2ff7b0154b1bc', type: 'add', }, ]); @@ -35,7 +35,7 @@ describe('manifest_manager', () => { expect(manifestWrapper!.diffs).toEqual([ { id: - 'endpoint-exceptionlist-linux-1.0.0-2a2ec06c957330deb42f41835d3029001432038106f823173fb9e7ea603decb5', + 'endpoint-exceptionlist-linux-1.0.0-1a8295e6ccb93022c6f5ceb8997b29f2912389b3b38f52a8f5a2ff7b0154b1bc', type: 'add', }, ]); @@ -44,22 +44,27 @@ describe('manifest_manager', () => { expect(entry).toEqual({ entries: [ { + type: 'simple', entries: [ { - field: 'nested.field', + entries: [ + { + field: 'nested.field', + operator: 'included', + type: 'exact_cased', + value: 'some value', + }, + ], + field: 'some.parentField', + type: 'nested', + }, + { + field: 'some.not.nested.field', operator: 'included', type: 'exact_cased', value: 'some value', }, ], - field: 'some.parentField', - type: 'nested', - }, - { - field: 'some.not.nested.field', - operator: 'included', - type: 'exact_cased', - value: 'some value', }, ], });