Skip to content
This repository has been archived by the owner on Mar 25, 2024. It is now read-only.

Commit

Permalink
Add disablePrototypePoisoningProtection configuration (opensearch-pro…
Browse files Browse the repository at this point in the history
…ject#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <[email protected]>

Signed-off-by: Kawika Avilla <[email protected]>
Co-authored-by: Anan Zhuang <[email protected]>
Signed-off-by: David Sinclair <[email protected]>
  • Loading branch information
2 people authored and sikhote committed Apr 24, 2023
1 parent 030d13d commit e026ed5
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 1 deletion.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [Vis Builder] Add app filter and query persistence without using state container ([#3100](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3100))
- [Optimizer] Increase timeout waiting for the exiting of an optimizer worker ([#3193](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3193))
- [Data] Update `createAggConfig` so that newly created configs can be added to beginning of `aggConfig` array ([#3160](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3160))

- Add disablePrototypePoisoningProtection configuration to prevent JS client from erroring when cluster utilizes JS reserved words ([#2992](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2992))

### 🐛 Bug Fixes

Expand Down
5 changes: 5 additions & 0 deletions config/opensearch_dashboards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@
# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
#opensearch.logQueries: false

# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
#opensearch.disablePrototypePoisoningProtection: false

# Specifies the path where OpenSearch Dashboards creates the process ID file.
#pid.file: /var/run/opensearchDashboards.pid

Expand Down
18 changes: 18 additions & 0 deletions src/core/server/opensearch/client/client_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,24 @@ describe('parseClientOptions', () => {
]
`);
});

it('`disablePrototypePoisoningProtection` option', () => {
expect(
parseClientOptions(createConfig({ disablePrototypePoisoningProtection: false }), false)
.disablePrototypePoisoningProtection
).toEqual(false);
expect(
parseClientOptions(createConfig({ disablePrototypePoisoningProtection: true }), false)
.disablePrototypePoisoningProtection
).toEqual(true);

expect(
parseClientOptions(createConfig({}), false).disablePrototypePoisoningProtection
).toBeUndefined();
expect(
parseClientOptions(createConfig({}), true).disablePrototypePoisoningProtection
).toBeUndefined();
});
});

describe('authorization', () => {
Expand Down
5 changes: 5 additions & 0 deletions src/core/server/opensearch/client/client_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ export type OpenSearchClientConfig = Pick<
| 'hosts'
| 'username'
| 'password'
| 'disablePrototypePoisoningProtection'
> & {
memoryCircuitBreaker?:
| OpenSearchConfig['memoryCircuitBreaker']
Expand Down Expand Up @@ -115,6 +116,10 @@ export function parseClientOptions(config: OpenSearchClientConfig, scoped: boole
);
}

if (config.disablePrototypePoisoningProtection != null) {
clientOptions.disablePrototypePoisoningProtection = config.disablePrototypePoisoningProtection;
}

return clientOptions;
}

Expand Down
1 change: 1 addition & 0 deletions src/core/server/opensearch/opensearch_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ test('set correct defaults', () => {
OpenSearchConfig {
"apiVersion": "7.x",
"customHeaders": Object {},
"disablePrototypePoisoningProtection": undefined,
"healthCheckDelay": "PT2.5S",
"hosts": Array [
"http://localhost:9200",
Expand Down
8 changes: 8 additions & 0 deletions src/core/server/opensearch/opensearch_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ export const configSchema = schema.object({
}),
schema.boolean({ defaultValue: false })
),
disablePrototypePoisoningProtection: schema.maybe(schema.boolean({ defaultValue: false })),
});

const deprecations: ConfigDeprecationProvider = ({ renameFromRoot, renameFromRootWithoutMap }) => [
Expand Down Expand Up @@ -318,6 +319,12 @@ export class OpenSearchConfig {
*/
public readonly customHeaders: OpenSearchConfigType['customHeaders'];

/**
* Specifies whether the client should attempt to protect against reserved words
* or not.
*/
public readonly disablePrototypePoisoningProtection?: boolean;

constructor(rawConfig: OpenSearchConfigType) {
this.ignoreVersionMismatch = rawConfig.ignoreVersionMismatch;
this.apiVersion = rawConfig.apiVersion;
Expand All @@ -338,6 +345,7 @@ export class OpenSearchConfig {
this.username = rawConfig.username;
this.password = rawConfig.password;
this.customHeaders = rawConfig.customHeaders;
this.disablePrototypePoisoningProtection = rawConfig.disablePrototypePoisoningProtection;

const { alwaysPresentCertificate, verificationMode } = rawConfig.ssl;
const { key, keyPassphrase, certificate, certificateAuthorities } = readKeyAndCerts(rawConfig);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ opensearch_dashboards_vars=(
opensearch.ssl.truststore.password
opensearch.ssl.verificationMode
opensearch.username
opensearch.disablePrototypePoisoningProtection
i18n.locale
interpreter.enableInVisualize
opensearchDashboards.autocompleteTerminateAfter
Expand Down

0 comments on commit e026ed5

Please sign in to comment.