Filtered RestRequests should allow access to the remote address (elastic/x-pack-elasticsearch#741)

When adding support for rest request filtering of sensitive content, the overridden rest request did not properly delegate the #getRemoteAddress method to the wrapped request. This resulted in a NPE when a filtered rest request was created and an audit record needed to be generated. relates elastic/x-pack-elasticsearch#714 Original commit: elastic/x-pack-elasticsearch@710b43355b
2017-03-15 07:13:09 -06:00 · 2017-03-15 07:13:09 -06:00 · 149e251445
parent bc53dbfb46
commit 149e251445
2 changed files with 27 additions and 0 deletions
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java
@ -6,6 +6,7 @@
 package org.elasticsearch.xpack.security.rest;

 import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.collect.Tuple;
@ -16,6 +17,7 @@ import org.elasticsearch.common.xcontent.support.XContentMapValues;
 import org.elasticsearch.rest.RestRequest;

 import java.io.IOException;
+import java.net.SocketAddress;
 import java.util.Map;
 import java.util.Set;

@ -50,6 +52,18 @@ public interface RestRequestFilter {
                    return true;
                }

+                @Nullable
+                @Override
+                public SocketAddress getRemoteAddress() {
+                    return restRequest.getRemoteAddress();
+                }
+
+                @Nullable
+                @Override
+                public SocketAddress getLocalAddress() {
+                    return restRequest.getLocalAddress();
+                }
+
                @Override
                public BytesReference content() {
                    if (filteredBytes == null) {
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java
@ -14,6 +14,8 @@ import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.rest.FakeRestRequest;

 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
 import java.util.Collections;
 import java.util.Map;

@ -69,4 +71,15 @@ public class RestRequestFilterTests extends ESTestCase {
        assertEquals("bar", second.get("foo"));
        assertNull(second.get("third"));
    }
+
+    public void testRemoteAddressWorks() throws IOException {
+        BytesReference content = new BytesArray("{\"root\": {\"second\": {\"third\": \"password\", \"foo\": \"bar\"}}}");
+        RestRequestFilter filter = () -> Collections.singleton("*.third");
+        InetSocketAddress address = new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 32768);
+        FakeRestRequest restRequest =
+                new FakeRestRequest.Builder(NamedXContentRegistry.EMPTY).withContent(content, XContentType.JSON)
+                        .withRemoteAddress(address).build();
+        RestRequest filtered = filter.getFilteredRequest(restRequest);
+        assertEquals(address, filtered.getRemoteAddress());
+    }
 }