From cd907739f3cb4c57bb2ace7a6da538226b5334d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90=E1=BB=97=20Tr=E1=BB=8Dng=20H=E1=BA=A3i?= <41283691+hainenber@users.noreply.github.com> Date: Thu, 25 Jan 2024 00:38:47 +0700 Subject: [PATCH] fix(x-pack/reporting): use FIPS-compliant ID generator `uuidv4` in Reporting plugin (#174809) ## Summary Closes #174798 ### Checklist Delete any items that are not applicable to this PR. ### Risk Matrix Delete this section if it is not applicable to this PR. ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Tim Sullivan Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- package.json | 2 -- .../use_push_to_service/callout/helpers.test.tsx | 8 ++++---- .../use_push_to_service/callout/helpers.tsx | 4 ++-- x-pack/plugins/reporting/server/lib/puid.d.ts | 15 --------------- .../plugins/reporting/server/lib/store/report.ts | 5 ++--- .../common/generate/request_handler.test.ts | 10 +--------- yarn.lock | 5 ----- 7 files changed, 9 insertions(+), 40 deletions(-) delete mode 100644 x-pack/plugins/reporting/server/lib/puid.d.ts diff --git a/package.json b/package.json index bc68dac0ffe07..410dffca4b7ef 100644 --- a/package.json +++ b/package.json @@ -1003,7 +1003,6 @@ "mapbox-gl-draw-rectangle-mode": "1.0.4", "maplibre-gl": "3.1.0", "markdown-it": "^12.3.2", - "md5": "^2.1.0", "mdast-util-to-hast": "10.2.0", "memoize-one": "^6.0.0", "mime": "^2.4.4", @@ -1040,7 +1039,6 @@ "pretty-ms": "6.0.0", "prop-types": "^15.8.1", "proxy-from-env": "1.0.0", - "puid": "1.0.7", "puppeteer": "21.5.2", "query-string": "^6.13.2", "rbush": "^3.0.1", diff --git a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx index b5b92a3374874..4a2265a095a37 100644 --- a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx +++ b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx @@ -5,24 +5,24 @@ * 2.0. */ -import md5 from 'md5'; +import { sha256 } from 'js-sha256'; import { createCalloutId } from './helpers'; describe('createCalloutId', () => { it('creates id correctly with one id', () => { - const digest = md5('one'); + const digest = sha256('one'); const id = createCalloutId(['one']); expect(id).toBe(digest); }); it('creates id correctly with multiples ids', () => { - const digest = md5('one|two|three'); + const digest = sha256('one|two|three'); const id = createCalloutId(['one', 'two', 'three']); expect(id).toBe(digest); }); it('creates id correctly with multiples ids and delimiter', () => { - const digest = md5('one,two,three'); + const digest = sha256('one,two,three'); const id = createCalloutId(['one', 'two', 'three'], ','); expect(id).toBe(digest); }); diff --git a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx index fdd49ad17168d..e83d215c61ed9 100644 --- a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx +++ b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import md5 from 'md5'; +import { sha256 } from 'js-sha256'; export const createCalloutId = (ids: string[], delimiter: string = '|'): string => - md5(ids.join(delimiter)); + sha256(ids.join(delimiter)); diff --git a/x-pack/plugins/reporting/server/lib/puid.d.ts b/x-pack/plugins/reporting/server/lib/puid.d.ts deleted file mode 100644 index 4ac240157971f..0000000000000 --- a/x-pack/plugins/reporting/server/lib/puid.d.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -declare module 'puid' { - class Puid { - generate(): string; - } - - // eslint-disable-next-line import/no-default-export - export default Puid; -} diff --git a/x-pack/plugins/reporting/server/lib/store/report.ts b/x-pack/plugins/reporting/server/lib/store/report.ts index c302aaa34ea8b..e62f4f2f20b58 100644 --- a/x-pack/plugins/reporting/server/lib/store/report.ts +++ b/x-pack/plugins/reporting/server/lib/store/report.ts @@ -7,7 +7,7 @@ import { omit } from 'lodash'; import moment from 'moment'; -import Puid from 'puid'; +import { v4 as uuidv4 } from 'uuid'; import { JOB_STATUS } from '@kbn/reporting-common'; import { @@ -19,7 +19,6 @@ import { import type { ReportTaskParams } from '../tasks'; -const puid = new Puid(); export const MIGRATION_VERSION = '7.14.0'; /* @@ -63,7 +62,7 @@ export class Report implements Partial { * Index string is required */ constructor(opts: Partial & Partial, fields?: ReportFields) { - this._id = opts._id != null ? opts._id : puid.generate(); + this._id = opts._id != null ? opts._id : uuidv4(); this._index = opts._index; this._primary_term = opts._primary_term; this._seq_no = opts._seq_no; diff --git a/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts b/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts index 0d84eb1c56061..8ef72e9ee385c 100644 --- a/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts +++ b/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts @@ -5,15 +5,7 @@ * 2.0. */ -jest.mock( - 'puid', - () => - class MockPuid { - generate() { - return 'mock-report-id'; - } - } -); +jest.mock('uuid', () => ({ v4: () => 'mock-report-id' })); import rison from '@kbn/rison'; diff --git a/yarn.lock b/yarn.lock index c022206277664..50ea6503d5906 100644 --- a/yarn.lock +++ b/yarn.lock @@ -25343,11 +25343,6 @@ public-encrypt@^4.0.0: parse-asn1 "^5.0.0" randombytes "^2.0.1" -puid@1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/puid/-/puid-1.0.7.tgz#fa638a737d7b20419059d93965aed36ca20e1c84" - integrity sha1-+mOKc317IEGQWdk5Za7TbKIOHIQ= - pump@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909"