-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint] New route for create an exception list and return the existing one if it already exists #139618
Changes from all commits
3aaeb59
049fe51
d576e6d
3591c3f
88cafae
418afef
42ed063
827f563
2288d28
72145b1
19d9f82
cf631c4
b41a27f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { left } from 'fp-ts/lib/Either'; | ||
import { pipe } from 'fp-ts/lib/pipeable'; | ||
|
||
import { ExceptionListTypeEnum } from '../../../common/exception_list'; | ||
import { exactCheck, foldLeftRight, getPaths } from '@kbn/securitysolution-io-ts-utils'; | ||
|
||
import { internalCreateExceptionListSchema } from '.'; | ||
import { getCreateExceptionListSchemaMock } from '../../create_exception_list_schema/index.mock'; | ||
|
||
describe('create_exception_list_schema', () => { | ||
test('it should accept artifact list_id', () => { | ||
const payload = { | ||
...getCreateExceptionListSchemaMock(), | ||
list_id: ExceptionListTypeEnum.ENDPOINT_BLOCKLISTS, | ||
}; | ||
const decoded = internalCreateExceptionListSchema.decode(payload); | ||
const checked = exactCheck(payload, decoded); | ||
const message = pipe(checked, foldLeftRight); | ||
expect(getPaths(left(message.errors))).toEqual([]); | ||
expect(message.schema).toEqual(payload); | ||
}); | ||
test('it should fail when invalid list_id', () => { | ||
const payload = { | ||
...getCreateExceptionListSchemaMock(), | ||
list_id: ExceptionListTypeEnum.DETECTION, | ||
}; | ||
const decoded = internalCreateExceptionListSchema.decode(payload); | ||
const checked = exactCheck(payload, decoded); | ||
const message = pipe(checked, foldLeftRight); | ||
expect(getPaths(left(message.errors))).toEqual([ | ||
'Invalid value "detection" supplied to "list_id"', | ||
]); | ||
expect(message.schema).toEqual({}); | ||
}); | ||
test('it should accept artifact type', () => { | ||
const payload = { | ||
...getCreateExceptionListSchemaMock(), | ||
list_id: ExceptionListTypeEnum.ENDPOINT_BLOCKLISTS, | ||
type: ExceptionListTypeEnum.ENDPOINT_BLOCKLISTS, | ||
}; | ||
const decoded = internalCreateExceptionListSchema.decode(payload); | ||
const checked = exactCheck(payload, decoded); | ||
const message = pipe(checked, foldLeftRight); | ||
expect(getPaths(left(message.errors))).toEqual([]); | ||
expect(message.schema).toEqual(payload); | ||
}); | ||
test('it should fail when invalid type', () => { | ||
const payload = { | ||
...getCreateExceptionListSchemaMock(), | ||
list_id: ExceptionListTypeEnum.ENDPOINT_BLOCKLISTS, | ||
type: ExceptionListTypeEnum.DETECTION, | ||
}; | ||
const decoded = internalCreateExceptionListSchema.decode(payload); | ||
const checked = exactCheck(payload, decoded); | ||
const message = pipe(checked, foldLeftRight); | ||
expect(getPaths(left(message.errors))).toEqual([ | ||
'Invalid value "detection" supplied to "type"', | ||
]); | ||
expect(message.schema).toEqual({}); | ||
}); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { | ||
ENDPOINT_BLOCKLISTS_LIST_ID, | ||
ENDPOINT_EVENT_FILTERS_LIST_ID, | ||
ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID, | ||
ENDPOINT_TRUSTED_APPS_LIST_ID, | ||
} from '@kbn/securitysolution-list-constants'; | ||
import * as t from 'io-ts'; | ||
|
||
import { | ||
createExceptionListSchema, | ||
CreateExceptionListSchemaDecoded, | ||
} from '../../create_exception_list_schema'; | ||
|
||
export const internalCreateExceptionListSchema = t.intersection([ | ||
t.exact( | ||
t.type({ | ||
type: t.keyof({ | ||
endpoint: null, | ||
endpoint_events: null, | ||
endpoint_host_isolation_exceptions: null, | ||
endpoint_blocklists: null, | ||
}), | ||
}) | ||
), | ||
t.exact( | ||
t.partial({ | ||
// TODO: Move the ALL_ENDPOINT_ARTIFACT_LIST_IDS inside the package and use it here instead | ||
list_id: t.keyof({ | ||
[ENDPOINT_TRUSTED_APPS_LIST_ID]: null, | ||
[ENDPOINT_EVENT_FILTERS_LIST_ID]: null, | ||
[ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID]: null, | ||
[ENDPOINT_BLOCKLISTS_LIST_ID]: null, | ||
}), | ||
}) | ||
), | ||
createExceptionListSchema, | ||
]); | ||
|
||
export type InternalCreateExceptionListSchema = t.OutputOf< | ||
typeof internalCreateExceptionListSchema | ||
>; | ||
|
||
// This type is used after a decode since some things are defaults after a decode. | ||
export type InternalCreateExceptionListSchemaDecoded = CreateExceptionListSchemaDecoded; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { validate } from '@kbn/securitysolution-io-ts-utils'; | ||
import { | ||
CreateExceptionListSchemaDecoded, | ||
exceptionListSchema, | ||
} from '@kbn/securitysolution-io-ts-list-types'; | ||
import { IKibanaResponse, KibanaRequest, KibanaResponseFactory } from '@kbn/core-http-server'; | ||
|
||
import { SiemResponseFactory, getExceptionListClient } from '../routes'; | ||
import { ListsRequestHandlerContext } from '../types'; | ||
|
||
export const createExceptionListHandler = async ( | ||
context: ListsRequestHandlerContext, | ||
request: KibanaRequest<unknown, unknown, CreateExceptionListSchemaDecoded, 'post'>, | ||
response: KibanaResponseFactory, | ||
siemResponse: SiemResponseFactory, | ||
options: { ignoreExisting: boolean } = { ignoreExisting: false } | ||
): Promise<IKibanaResponse> => { | ||
const { | ||
name, | ||
tags, | ||
meta, | ||
namespace_type: namespaceType, | ||
description, | ||
list_id: listId, | ||
type, | ||
version, | ||
} = request.body; | ||
const exceptionLists = await getExceptionListClient(context); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: Better to name this |
||
const exceptionList = await exceptionLists.getExceptionList({ | ||
id: undefined, | ||
listId, | ||
namespaceType, | ||
}); | ||
|
||
if (exceptionList != null) { | ||
if (options.ignoreExisting) { | ||
return response.ok({ body: exceptionList }); | ||
} | ||
return siemResponse.error({ | ||
body: `exception list id: "${listId}" already exists`, | ||
statusCode: 409, | ||
}); | ||
} else { | ||
const createdList = await exceptionLists.createExceptionList({ | ||
description, | ||
immutable: false, | ||
listId, | ||
meta, | ||
name, | ||
namespaceType, | ||
tags, | ||
type, | ||
version, | ||
}); | ||
const [validated, errors] = validate(createdList, exceptionListSchema); | ||
if (errors != null) { | ||
return siemResponse.error({ body: errors, statusCode: 500 }); | ||
} else { | ||
return response.ok({ body: validated ?? {} }); | ||
} | ||
} | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { transformError } from '@kbn/securitysolution-es-utils'; | ||
import { | ||
InternalCreateExceptionListSchemaDecoded, | ||
internalCreateExceptionListSchema, | ||
} from '@kbn/securitysolution-io-ts-list-types'; | ||
import { INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL } from '@kbn/securitysolution-list-constants'; | ||
|
||
import { createExceptionListHandler } from '../../handlers/create_exception_list_handler'; | ||
import type { ListsPluginRouter } from '../../types'; | ||
import { buildRouteValidation, buildSiemResponse } from '../utils'; | ||
|
||
export const internalCreateExceptionListRoute = (router: ListsPluginRouter): void => { | ||
router.post( | ||
{ | ||
options: { | ||
tags: ['access:lists-all'], | ||
}, | ||
path: INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL, | ||
validate: { | ||
body: buildRouteValidation< | ||
typeof internalCreateExceptionListSchema, | ||
InternalCreateExceptionListSchemaDecoded | ||
>(internalCreateExceptionListSchema), | ||
}, | ||
}, | ||
async (context, request, response) => { | ||
const siemResponse = buildSiemResponse(response); | ||
try { | ||
return await createExceptionListHandler(context, request, response, siemResponse, { | ||
ignoreExisting: true, | ||
}); | ||
} catch (err) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you need the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, it will catch all errors inside the handler and will return a proper http error if something throws. |
||
const error = transformError(err); | ||
return siemResponse.error({ | ||
body: error.message, | ||
statusCode: error.statusCode, | ||
}); | ||
} | ||
} | ||
); | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -222,11 +222,13 @@ export const getManagementFilteredLinks = async ( | |
plugins.fleet?.authz, | ||
currentUserResponse.roles | ||
); | ||
const hostIsolationExceptionsApiClientInstance = HostIsolationExceptionsApiClient.getInstance( | ||
core.http | ||
); | ||
|
||
if (!privileges.canAccessEndpointManagement) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👍 🙏 |
||
return getFilteredLinks([SecurityPageName.hostIsolationExceptions]); | ||
} | ||
if (!privileges.canIsolateHost) { | ||
const hostIsolationExceptionsApiClientInstance = HostIsolationExceptionsApiClient.getInstance( | ||
core.http | ||
); | ||
const summaryResponse = await hostIsolationExceptionsApiClientInstance.summary(); | ||
if (!summaryResponse.total) { | ||
return getFilteredLinks([SecurityPageName.hostIsolationExceptions]); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice - thanks for these updates!