[EDR Workflows] Add Signer option to Mac trusted apps #197821
Conversation
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts
Outdated
Show resolved
Hide resolved
@ashokaditya We do plan on testing it E2E with an agent installed on MacOS though ;) |
x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/trusted_apps.cy.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/management/pages/trusted_apps/state/type_guards.ts
Outdated
Show resolved
Hide resolved
You can use the artifact downloader to test that the entries are correctly generated. |
There was a problem hiding this comment.
thanks for the changes, @szwarckonrad!
there's a small hiccup with the form when changing OS when windows/macOS and Signature is selected:
- if you switch to Linux, the field defaults back to Hash,
- but if you switch between win/mac, the field simply goes blank
also, when you try to save it, it shows that API input validation works perfect! 😄 🚀
Screen.Recording.2024-11-05.at.11.27.39.mov
...gins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/management/pages/trusted_apps/state/type_guards.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/trusted_apps.cy.ts
Show resolved
Hide resolved
| | (T & { | ||
| effectScope: { type: string }; | ||
| entries: TrustedAppConditionEntry[]; | ||
| os: OperatingSystem.WINDOWS; | ||
| name: string; | ||
| description: string; | ||
| }) | ||
| | { | ||
| effectScope: { type: string }; | ||
| entries: TrustedAppConditionEntry[]; | ||
| os: OperatingSystem.WINDOWS; | ||
| name: string; | ||
| description: string; | ||
| } => ({ |
There was a problem hiding this comment.
i've been thinking about this change. i can't put my finger on it why there is a type error without this change, but it feels broken. i mean - we cannot assign an array of TrustedAppConditionEntry type to NewTrustedApp['entries']? it just doesn't seem right
i'll think about this a bit more. do you have any idea?
There was a problem hiding this comment.
looks like the problem roots around using enums as generics, where we want to create a type where only a partial set of the enum elements are should be used
when we create TrustedAppConditionEntry, we want its field: T to possibly have the values ot the ConditionEntryField enum, but in cases, only a subset of those (e.g. Linux only has path and hash)
export interface TrustedAppConditionEntry<T extends ConditionEntryField = ConditionEntryField>but, in the test, we fall back to the default generic type, ConditionEntryField, that has all enum elements
so far it has worked, because accidentally one of the derived types contained all elements of the enum:
export type WindowsConditionEntry = TrustedAppConditionEntry<
ConditionEntryField.HASH | ConditionEntryField.PATH | ConditionEntryField.SIGNER
>;which ensured that there is a possibility, using the default of the generic (i.e. ConditionEntryField), to meet this criteria
but, with your modification, now neither of the derived types contains all of the enum elements, hence the error message. and i have no idea how to fix it either in the generic rule, or defining the generics type in the test file
still, looks like there's a nice quick fix to avoid the type mess: type assertion! i'll add it in a new comment
btw, i was worried about this issue, bc type system is one of our guard on code quality, and although automated and manual tests showed that everything works fine, still didn't want to throw out the typing
There was a problem hiding this comment.
couldn't add it in a suggestion, bc the lines are out of your modifications, so here it is simply:
const createNewTrustedApp = <T>(data?: T): NewTrustedApp =>
({
name: 'Some Anti-Virus App',
description: 'this one is ok',
os: OperatingSystem.WINDOWS,
effectScope: { type: 'global' },
entries: [createConditionEntry()],
...(data || {}),
} as NewTrustedApp);simply asserting the created object as NewTrustedApp solves the type error, while ensures that the created object aligns with the expectations in both places
There was a problem hiding this comment.
Makes total sense! Thanks for looking into this, I appreciate it! 9d39376
There was a problem hiding this comment.
Detection Engine LGTM
There are changes not directly used in our part of app, but triggered review request, due to entire utils folder belonging to the team.
Which we'll revise on team sync, what could be the best approach here
packages/kbn-securitysolution-utils @elastic/security-detection-engine
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsReferences to deprecated APIs
History
|
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11893336148 |
This PR adds a Signer condition for trusted apps on macOS. Previously, users could only build conditions using hash, path, and signer options on Windows. With these changes, macOS also supports the Signer option, leaving only Linux limited to Path and Hash options. https://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b (cherry picked from commit 55134ab)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…#200566) # Backport This will backport the following commits from `main` to `8.x`: - [[EDR Workflows] Add Signer option to Mac trusted apps (#197821)](#197821) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Konrad Szwarc","email":"konrad.szwarc@elastic.co"},"sourceCommit":{"committedDate":"2024-11-18T13:20:54Z","message":"[EDR Workflows] Add Signer option to Mac trusted apps (#197821)\n\nThis PR adds a Signer condition for trusted apps on macOS. Previously,\r\nusers could only build conditions using hash, path, and signer options\r\non Windows. With these changes, macOS also supports the Signer option,\r\nleaving only Linux limited to Path and Hash options.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b","sha":"55134abbedaf64dba41455b8f8fb6f97f162a0d6","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","Team:Defend Workflows","release_note:feature","ci:cloud-deploy","ci:cloud-redeploy","backport:version","v8.17.0"],"title":"[EDR Workflows] Add Signer option to Mac trusted apps","number":197821,"url":"https://github.com/elastic/kibana/pull/197821","mergeCommit":{"message":"[EDR Workflows] Add Signer option to Mac trusted apps (#197821)\n\nThis PR adds a Signer condition for trusted apps on macOS. Previously,\r\nusers could only build conditions using hash, path, and signer options\r\non Windows. With these changes, macOS also supports the Signer option,\r\nleaving only Linux limited to Path and Hash options.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b","sha":"55134abbedaf64dba41455b8f8fb6f97f162a0d6"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197821","number":197821,"mergeCommit":{"message":"[EDR Workflows] Add Signer option to Mac trusted apps (#197821)\n\nThis PR adds a Signer condition for trusted apps on macOS. Previously,\r\nusers could only build conditions using hash, path, and signer options\r\non Windows. With these changes, macOS also supports the Signer option,\r\nleaving only Linux limited to Path and Hash options.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b","sha":"55134abbedaf64dba41455b8f8fb6f97f162a0d6"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
This PR adds a Signer condition for trusted apps on macOS. Previously, users could only build conditions using hash, path, and signer options on Windows. With these changes, macOS also supports the Signer option, leaving only Linux limited to Path and Hash options. https://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b
This PR adds a Signer condition for trusted apps on macOS. Previously, users could only build conditions using hash, path, and signer options on Windows. With these changes, macOS also supports the Signer option, leaving only Linux limited to Path and Hash options. https://github.com/user-attachments/assets/ea8fb734-7884-451d-8873-e3a29861876b
This PR adds a Signer condition for trusted apps on macOS. Previously, users could only build conditions using hash, path, and signer options on Windows. With these changes, macOS also supports the Signer option, leaving only Linux limited to Path and Hash options.
Screen.Recording.2024-10-28.at.10.16.05.mov