[7.17][Security Solution][Endpoint] Fix artifact path file name checking utility

[paul-tavares]

Summary

• Fixes a bug in the RegExp of the hasSimpleExecutableName() utility that was causing an infinite loop when used from Artifact Manifest manager and in turn preventing access to the entire Kibana system.

About the bug:

With long paths defined with the matches operator defined for a Trusted App, BUT having no wildcards in the path, the artifact builder task does not complete and causes a Kibana TLS handshake timeout.

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[ashokaditya]

This can also be return !/[\*\?]/.test(lastString), but I think the current one reads better.

[kobelb]

Could we use https://github.com/uhop/node-re2 here instead of the built-in RegExp library to further protect ourselves?

[paul-tavares]

Hi @kobelb - thanks for the comment. The change here (almost all of it) is actually a copy of the code in main - we had already altered this method in main for 8.2 and we know it works. Do you know if node-re2 can be used both in browser and server side? this utility method is used in both.

[kevinlog]

@kobelb - we removed the RegEx here entirely for this 7.17.4 patch which goes out soon. We'll look into node-re2 when we've got a bit more time.

Related change: 0dc084b

[dasansol92]

Can we add a test case with a very large path?

[paul-tavares]

yeah, I forgot about that. I'll add one next.

[dasansol92]

Would like to see how it looks with the re2 package suggested but other than that it LGTM!

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 0dc084b
• Storybooks Preview

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	4.6MB	4.6MB	-12.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

[kevinlog]

Checked it out and tried it.

Added several long paths with and without * with the MATCHES operator and all worked as expected.

Ex:

• C:\ProgramData\Package Cache\sdfsds\Installers\WimMountAdkSetupAmd64.exe
• C:\ProgramData\Package Cache\fefeef\Installers\asdasd\asdasdasd\asdasdasd\asdasdasdds\sdsds\dssd\sd\ad\dcsdsas\ds\a\sd\sasd\asdasdas\asdas\sdsdsdsd\sdsdssdsd\sd\wswswsws\asdas\asdasda\sd\WimMountAdkSetupAmd64.exe
• C:\ProgramData\Package Cache\dwdwdw\Installers\asdasd\asdasdasd\asdasdasd\asdasdasdds\sdsds\dssd\sd\ad\dcsdsas\ds\a\sd\sasd\asdasdas\asdas\sdsdsdsd\sdsdssdsd\sd\wswswsws\asdas\asdasda\sd\*\asdasdasdas\asda\dsasd\sasdas\asda\asda\asd\asdasdasdas\asdasdas\dsdsdsd\wwsws\dsaw\dsaw\dswdwd\asdw\asdw\asdw\asd\sx\s\dw\asdwasdw\sdsdawdsdwd\asdwdasdws\s\wdasdw\sdsawedasd\wasdw\asdw\asd\wad\wasd\wdwddwdwd\asd\asd\wdsa\wdasdsdwasd\dwasdwdasdw\asdwasdawdas\wdasdwasdw\WimMountAdkSetupAmd64.exe
• C:\ProgramData\Package Cache\dwdwd\Installers\asdasd\asdasdasd\asdasdasd\asdasdasdds\sdsds\dssd\sd\ad\dcsdsas\ds\a\sd\sasd\asdasdas\asdas\sdsdsdsd\sdsdssdsd\sd\wswswsws\asdas\asdasda\sd\sdsqwdasdwd\asdasdasdas\asda\dsasd\sasdas\asda\asda\asd\asdasdasdas\asdasdas\dsdsdsd\wwsws\dsaw\dsaw\dswdwd\asdw\asdw\asdw\asd\sx\s\dw\asdwasdw\sdsdawdsdwd\asdwdasdws\s\wdasdw\sdsawedasd\wasdw\asdw\asd\wad\wasd\wdwddwdwd\asd\asd\wdsa\wdasdsdwasd\dwasdwdasdw\asdwasdawdas\wdasdwasdw\WimMountAdkSetupAmd64.exe

LGTM!

EDIT:

I also verified that regular, expected wildcard scenarios still work in Trusted Apps with mimikatz.