-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[7.17][Security Solution][Endpoint] Fix artifact path
file name checking utility
#131085
Changes from 2 commits
215faf1
a6a9fc6
21a9070
0dc084b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -34,20 +34,13 @@ export const getDuplicateFields = (entries: ConditionEntry[]) => { | |
.map((entry) => entry[0]); | ||
}; | ||
|
||
/* | ||
* regex to match executable names | ||
* starts matching from the eol of the path | ||
* file names with a single or multiple spaces (for spaced names) | ||
* and hyphens and combinations of these that produce complex names | ||
* such as: | ||
* c:\home\lib\dmp.dmp | ||
* c:\home\lib\my-binary-app-+/ some/ x/ dmp.dmp | ||
* /home/lib/dmp.dmp | ||
* /home/lib/my-binary-app+-\ some\ x\ dmp.dmp | ||
/** | ||
* checks if the filename of a given path (if any) is a simple executable (does NOT have the | ||
* wildcards supported by endpoing (`*` and `?`)) | ||
* @param os | ||
* @param type | ||
* @param value | ||
*/ | ||
const WIN_EXEC_PATH = /\\(\w+|\w*[\w+|-]+\/ +)+\w+[\w+|-]+\.*\w+$/i; | ||
const UNIX_EXEC_PATH = /(\/|\w*[\w+|-]+\\ +)+\w+[\w+|-]+\.*\w*$/i; | ||
|
||
export const hasSimpleExecutableName = ({ | ||
os, | ||
type, | ||
|
@@ -57,10 +50,18 @@ export const hasSimpleExecutableName = ({ | |
type: TrustedAppEntryTypes; | ||
value: string; | ||
}): boolean => { | ||
if (type === 'wildcard') { | ||
return os === OperatingSystem.WINDOWS ? WIN_EXEC_PATH.test(value) : UNIX_EXEC_PATH.test(value); | ||
if (type !== 'wildcard') { | ||
return true; | ||
} | ||
return true; | ||
|
||
const separator = os === OperatingSystem.WINDOWS ? '\\' : '/'; | ||
const lastString = value.split(separator).pop(); | ||
|
||
if (!lastString) { | ||
return false; | ||
} | ||
|
||
return /[\*\?]/.test(lastString) === false; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This can also be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could we use https://github.com/uhop/node-re2 here instead of the built-in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hi @kobelb - thanks for the comment. The change here (almost all of it) is actually a copy of the code in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
}; | ||
|
||
export const isPathValid = ({ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a test case with a very large path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, I forgot about that. I'll add one next.