[Filebeat] Add single quotes around configurable string values in O365 #25215

andrewkroh · 2021-04-21T19:30:16Z

What does this PR do?

Values passed in by users that are expected to be strings should be single-quoted.

Also, this fixes the tojson function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This
caused problems if the value is an api keys or password that contained one of those characters.

Fixes #25058

Why is it important?

We don't want to create arbitrary restrictions on the allowed characters in client secrets.

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have made corresponding change to the default configuration files
I have added tests that prove my fix is effective or that my feature works
I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Fixes [Filebeat][O365 Module] client_secret produces error if secret starts with @ #25058

Values passed in by users that are expected to be strings should be single-quoted. Also, this fixes the `tojson` function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This caused problems if the value is an api keys or password that contained one of those characters. Fixes elastic#25058

elasticmachine · 2021-04-21T19:30:18Z

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

elasticmachine · 2021-04-21T20:33:41Z

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

Build Cause: marc-gr commented: /test
Start Time: 2021-04-22T08:50:56.376+0000
Duration: 79 min 1 sec
Commit: c453988

Test stats 🧪

Test	Results
Failed	0
Passed	2053
Skipped	162
Total	2215

Trends 🧪

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	2053
Skipped	162
Total	2215

marc-gr · 2021-04-22T08:50:36Z

/test

Values passed in by users that are expected to be strings should be single-quoted. Also, this fixes the `tojson` function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This caused problems if the value is an api keys or password that contained one of those characters. Fixes #25058 (cherry picked from commit eed1cbb)

…25231) Values passed in by users that are expected to be strings should be single-quoted. Also, this fixes the `tojson` function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This caused problems if the value is an api keys or password that contained one of those characters. Fixes #25058 (cherry picked from commit eed1cbb) Co-authored-by: Andrew Kroh <[email protected]>

Values passed in by users that are expected to be strings should be single-quoted. Also, this fixes the `tojson` function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This caused problems if the value is an api keys or password that contained one of those characters. Fixes #25058 (cherry picked from commit eed1cbb)

…5 (backport #25215) (#25232) * Add single quotes around configurable string values in O365 (#25215) Values passed in by users that are expected to be strings should be single-quoted. Also, this fixes the `tojson` function to not escape &, <, and > to to \u0026, \u003c, and \u003e. This caused problems if the value is an api keys or password that contained one of those characters. Fixes #25058 (cherry picked from commit eed1cbb) * Fix changelog Co-authored-by: Andrew Kroh <[email protected]>

andrewkroh added bug review Filebeat Filebeat Team:Security-External Integrations backport-v7.13.0 Automated backport with mergify backport-v7.14.0 Automated backport with mergify labels Apr 21, 2021

botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Apr 21, 2021

marc-gr approved these changes Apr 22, 2021

View reviewed changes

andrewkroh merged commit eed1cbb into elastic:master Apr 22, 2021

mergify bot mentioned this pull request Apr 22, 2021

[Filebeat] Add single quotes around configurable string values in O365 (backport #25215) #25231

Merged

mergify bot mentioned this pull request Apr 22, 2021

[Filebeat] Add single quotes around configurable string values in O365 (backport #25215) #25232

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Filebeat] Add single quotes around configurable string values in O365 #25215

[Filebeat] Add single quotes around configurable string values in O365 #25215

andrewkroh commented Apr 21, 2021

elasticmachine commented Apr 21, 2021

elasticmachine commented Apr 21, 2021 •

edited by jenkins-beats-ci bot

Loading

Build stats

Test stats 🧪

Trends 🧪

Test stats 🧪

marc-gr commented Apr 22, 2021

[Filebeat] Add single quotes around configurable string values in O365 #25215

[Filebeat] Add single quotes around configurable string values in O365 #25215

Conversation

andrewkroh commented Apr 21, 2021

What does this PR do?

Why is it important?

Checklist

Related issues

elasticmachine commented Apr 21, 2021

elasticmachine commented Apr 21, 2021 • edited by jenkins-beats-ci bot Loading

💚 Build Succeeded

Build stats

Test stats 🧪

Trends 🧪

💚 Flaky test report

Test stats 🧪

marc-gr commented Apr 22, 2021

elasticmachine commented Apr 21, 2021 •

edited by jenkins-beats-ci bot

Loading