honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auditing requests with null indices (elastic/x-pack-elasticsearch#4016) 

Adds null check.

relates elastic/x-pack-elasticsearch#3988

Original commit: elastic/x-pack-elasticsearch@64bab62ca6
This commit is contained in:
Albert Zaharovits 2018-03-11 13:13:14 +02:00 committed by GitHub
parent 8d68b03cb6
commit d31d90d378
2 changed files with 62 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
View File

@ -287,8 +287,8 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
@Override @Override
public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) { public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) {
if (events.contains(REALM_AUTHENTICATION_FAILED) if (events.contains(REALM_AUTHENTICATION_FAILED) && filterPolicyPredicate
&& filterPolicyPredicate.test(new AuditEventMetaInfo(Optional.of(token), Optional.of(realm), Optional.empty())) == false) { .test(new AuditEventMetaInfo(Optional.of(token), Optional.of(realm), Optional.empty())) == false) {
if (includeRequestBody) { if (includeRequestBody) {
logger.info("{}[rest] [realm_authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", logger.info("{}[rest] [realm_authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]",
localNodeInfo.prefix, realm, hostAttributes(request), token.principal(), request.uri(), localNodeInfo.prefix, realm, hostAttributes(request), token.principal(), request.uri(),
@ -514,7 +514,10 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
static Optional<String[]> indices(TransportMessage message) { static Optional<String[]> indices(TransportMessage message) {
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
return Optional.ofNullable(((IndicesRequest) message).indices()); final String[] indices = ((IndicesRequest) message).indices();
if ((indices != null) && (indices.length != 0)) {
return Optional.of(((IndicesRequest) message).indices());
}
} }
return Optional.empty(); return Optional.empty();
} }
@ -546,7 +549,7 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
* that will be ignored, aka filtered out, aka not logged. The event can be * that will be ignored, aka filtered out, aka not logged. The event can be
* filtered by the following fields : `user`, `realm`, `role` and `index`. * filtered by the following fields : `user`, `realm`, `role` and `index`.
* Predicates on each field are ANDed together to form the filter predicate of * Predicates on each field are ANDed together to form the filter predicate of
* the policy. * the policy.
*/ */
private static final class EventFilterPolicy { private static final class EventFilterPolicy {
final String name; final String name;

55
plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
View File

@ -48,6 +48,8 @@ import java.util.Map;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.containsString;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@ -703,6 +705,59 @@ public class LoggingAuditTrailTests extends ESTestCase {
assertEmptyLog(logger); assertEmptyLog(logger);
} }
public void testRequestsWithoutIndices() throws Exception {
final Logger logger = CapturingLogger.newCapturingLogger(Level.INFO);
final Settings allEventsSettings = Settings.builder()
.put(settings)
.put("xpack.security.audit.logfile.events.include", "_all")
.build();
final LoggingAuditTrail auditTrail = new LoggingAuditTrail(allEventsSettings, clusterService, logger, threadContext);
final User user = new User("_username", new String[] { "r1" });
final String role = randomAlphaOfLengthBetween(1, 6);
final String realm = randomAlphaOfLengthBetween(1, 6);
// transport messages without indices
final TransportMessage[] messages = new TransportMessage[] { new MockMessage(threadContext),
new org.elasticsearch.action.MockIndicesRequest(IndicesOptions.strictExpandOpenAndForbidClosed(), new String[0]),
new org.elasticsearch.action.MockIndicesRequest(IndicesOptions.strictExpandOpenAndForbidClosed(), (String[]) null) };
final List<String> output = CapturingLogger.output(logger.getName(), Level.INFO);
int logEntriesCount = 1;
for (final TransportMessage message : messages) {
auditTrail.anonymousAccessDenied("_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.authenticationFailed(new MockToken(), "_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.authenticationFailed("_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.authenticationFailed(realm, new MockToken(), "_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.accessGranted(user, "_action", message, new String[] { role });
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.accessDenied(user, "_action", message, new String[] { role });
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.tamperedRequest("_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.tamperedRequest(user, "_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.runAsGranted(user, "_action", message, new String[] { role });
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.runAsDenied(user, "_action", message, new String[] { role });
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
auditTrail.authenticationSuccess(realm, user, "_action", message);
assertThat(output.size(), is(logEntriesCount++));
assertThat(output.get(logEntriesCount - 2), not(containsString("indices=[")));
}
}
private void assertMsg(Logger logger, Level level, String message) { private void assertMsg(Logger logger, Level level, String message) {
final List<String> output = CapturingLogger.output(logger.getName(), level); final List<String> output = CapturingLogger.output(logger.getName(), level);
assertThat(output.size(), is(1)); assertThat(output.size(), is(1));