From 149e251445fe34ddf0fdc1e50f6ad40cdbde370a Mon Sep 17 00:00:00 2001 From: Jay Modi Date: Wed, 15 Mar 2017 07:13:09 -0600 Subject: [PATCH] Filtered RestRequests should allow access to the remote address (elastic/x-pack-elasticsearch#741) When adding support for rest request filtering of sensitive content, the overridden rest request did not properly delegate the #getRemoteAddress method to the wrapped request. This resulted in a NPE when a filtered rest request was created and an audit record needed to be generated. relates elastic/x-pack-elasticsearch#714 Original commit: elastic/x-pack-elasticsearch@710b43355b24d493e56284ae9cc88475d21e1435 --- .../xpack/security/rest/RestRequestFilter.java | 14 ++++++++++++++ .../security/rest/RestRequestFilterTests.java | 13 +++++++++++++ 2 files changed, 27 insertions(+) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java index fa859305a45..344586aff83 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/rest/RestRequestFilter.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.rest; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.collect.Tuple; @@ -16,6 +17,7 @@ import org.elasticsearch.common.xcontent.support.XContentMapValues; import org.elasticsearch.rest.RestRequest; import java.io.IOException; +import java.net.SocketAddress; import java.util.Map; import java.util.Set; @@ -50,6 +52,18 @@ public interface RestRequestFilter { return true; } + @Nullable + @Override + public SocketAddress getRemoteAddress() { + return restRequest.getRemoteAddress(); + } + + @Nullable + @Override + public SocketAddress getLocalAddress() { + return restRequest.getLocalAddress(); + } + @Override public BytesReference content() { if (filteredBytes == null) { diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java index 4f004e06554..a3730d73008 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/rest/RestRequestFilterTests.java @@ -14,6 +14,8 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.rest.FakeRestRequest; import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; import java.util.Collections; import java.util.Map; @@ -69,4 +71,15 @@ public class RestRequestFilterTests extends ESTestCase { assertEquals("bar", second.get("foo")); assertNull(second.get("third")); } + + public void testRemoteAddressWorks() throws IOException { + BytesReference content = new BytesArray("{\"root\": {\"second\": {\"third\": \"password\", \"foo\": \"bar\"}}}"); + RestRequestFilter filter = () -> Collections.singleton("*.third"); + InetSocketAddress address = new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 32768); + FakeRestRequest restRequest = + new FakeRestRequest.Builder(NamedXContentRegistry.EMPTY).withContent(content, XContentType.JSON) + .withRemoteAddress(address).build(); + RestRequest filtered = filter.getFilteredRequest(restRequest); + assertEquals(address, filtered.getRemoteAddress()); + } }