Skip to content

Commit

Permalink
Update security telemetry allowlist. (#103471) (#103626)
Browse files Browse the repository at this point in the history
Co-authored-by: Pete Hampton <pjhampton@users.noreply.github.com>
  • Loading branch information
kibanamachine and pjhampton authored Jun 29, 2021
1 parent fd02892 commit c9aa40f
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ describe('TelemetryEventsSender', () => {
version: '100',
},
file: {
extension: '.exe',
size: 3,
created: 0,
path: 'X',
Expand Down Expand Up @@ -72,6 +73,7 @@ describe('TelemetryEventsSender', () => {
name: 'foo.exe',
nope: 'nope',
executable: null, // null fields are never allowlisted
working_directory: '/some/usr/dir',
},
Target: {
process: {
Expand Down Expand Up @@ -101,6 +103,7 @@ describe('TelemetryEventsSender', () => {
version: '100',
},
file: {
extension: '.exe',
size: 3,
created: 0,
path: 'X',
Expand All @@ -126,6 +129,7 @@ describe('TelemetryEventsSender', () => {
},
process: {
name: 'foo.exe',
working_directory: '/some/usr/dir',
},
Target: {
process: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,7 @@ const allowlistProcessFields: AllowlistFields = {
},
},
thread: true,
working_directory: true,
};

// Allow list for event-related fields, which can also be nested under events[]
Expand All @@ -322,6 +323,7 @@ const allowlistBaseEventFields: AllowlistFields = {
},
event: true,
file: {
extension: true,
name: true,
path: true,
size: true,
Expand Down

0 comments on commit c9aa40f

Please sign in to comment.