From 9f2c18ce1719f713cdb9b66e544d3b929163e23c Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 16:25:08 -0400 Subject: [PATCH 01/13] 2.13 release notes (#1832) (#1837) * 2.13 release notes Signed-off-by: Stephen Crawford * Fix style and package Signed-off-by: Stephen Crawford * Fix style and package Signed-off-by: Stephen Crawford * Fix link Signed-off-by: Stephen Crawford --------- Signed-off-by: Stephen Crawford (cherry picked from commit 7c8058f376d235d651f76552d9bdd12840ebd329) Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- ...urity-dashboards-plugin.release-notes-2.13.0.0.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 release-notes/opensearch-security-dashboards-plugin.release-notes-2.13.0.0.md diff --git a/release-notes/opensearch-security-dashboards-plugin.release-notes-2.13.0.0.md b/release-notes/opensearch-security-dashboards-plugin.release-notes-2.13.0.0.md new file mode 100644 index 000000000..6faa11f1d --- /dev/null +++ b/release-notes/opensearch-security-dashboards-plugin.release-notes-2.13.0.0.md @@ -0,0 +1,12 @@ +## 2024-03-19 Version 2.13.0.0 + +Compatible with OpenSearch-Dashboards 2.13.0 + +### Enhancements +* Clear the contents of opensearch_dashboards prior to putting settings ([#1781](https://github.com/opensearch-project/security-dashboards-plugin/pull/1781)) +* Add loose flag to OSD bootstrap ([#1789](https://github.com/opensearch-project/security-dashboards-plugin/pull/1789)) +* Hide tenant when disabled in the account nav button popover ([#1792](https://github.com/opensearch-project/security-dashboards-plugin/pull/1792)) +* Use start-opensearch and setup-opensearch-dashboards actions ([#1808](https://github.com/opensearch-project/security-dashboards-plugin/pull/1808)) +* Fix cookie expiry issues from IDP/JWT auth methods, disables keepalive for JWT/IDP ([#1806](https://github.com/opensearch-project/security-dashboards-plugin/pull/1806)) +* Copy tenant with Short URL ([#1812](https://github.com/opensearch-project/security-dashboards-plugin/pull/1812)) +* Add toast handling for purge cache action ([#1827](https://github.com/opensearch-project/security-dashboards-plugin/pull/1827)) From 65b7332323321ad63f03e7be6acd16fa0e5a7306 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 12:20:26 -0400 Subject: [PATCH 02/13] Add required ml permissions to support new roles (#1838) (#1844) * Add required ml permissions to support new roles Signed-off-by: Sicheng Song * Add ml permissions Signed-off-by: Sicheng Song * Remove internal ml action permissions Signed-off-by: Sicheng Song * Add back internal ml action permissions Signed-off-by: Sicheng Song --------- Signed-off-by: Sicheng Song (cherry picked from commit f0cd1cf8cb6c11074ebdcd2dbea4604b0654decf) Co-authored-by: Sicheng Song --- public/apps/configuration/constants.tsx | 46 +++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/public/apps/configuration/constants.tsx b/public/apps/configuration/constants.tsx index b66dd4bf3..b55372ba1 100644 --- a/public/apps/configuration/constants.tsx +++ b/public/apps/configuration/constants.tsx @@ -143,24 +143,64 @@ export const CLUSTER_PERMISSIONS: string[] = [ 'cluster:admin/opensearch/ql/async_query/result', 'cluster:admin/opensearch/ql/async_query/delete', 'cluster:admin/opensearch/ppl', + 'cluster:admin/opensearch/ml/agents/delete', + 'cluster:admin/opensearch/ml/agents/get', + 'cluster:admin/opensearch/ml/agents/register', + 'cluster:admin/opensearch/ml/agents/search', + 'cluster:admin/opensearch/ml/config/get', + 'cluster:admin/opensearch/ml/create_connector', + 'cluster:admin/opensearch/ml/connectors/get', + 'cluster:admin/opensearch/ml/connectors/search', + 'cluster:admin/opensearch/ml/connectors/update', + 'cluster:admin/opensearch/ml/controllers/create', + 'cluster:admin/opensearch/ml/controllers/delete', + 'cluster:admin/opensearch/ml/controllers/deploy', + 'cluster:admin/opensearch/ml/controllers/get', + 'cluster:admin/opensearch/ml/controllers/undeploy', + 'cluster:admin/opensearch/ml/controllers/update', 'cluster:admin/opensearch/ml/create_model_meta', 'cluster:admin/opensearch/ml/execute', - 'cluster:admin/opensearch/ml/load_model', - 'cluster:admin/opensearch/ml/load_model_on_nodes', + 'cluster:admin/opensearch/ml/deploy_model', + 'cluster:admin/opensearch/ml/deploy_model_on_nodes', + 'cluster:admin/opensearch/ml/memory/conversation/get', + 'cluster:admin/opensearch/ml/memory/conversation/interaction/search', + 'cluster:admin/opensearch/ml/memory/conversation/delete', + 'cluster:admin/opensearch/ml/memory/conversation/list', + 'cluster:admin/opensearch/ml/memory/conversation/search', + 'cluster:admin/opensearch/ml/memory/conversation/create', + 'cluster:admin/opensearch/ml/memory/conversation/update', + 'cluster:admin/opensearch/ml/memory/interaction/create', + 'cluster:admin/opensearch/ml/memory/interaction/update', + 'cluster:admin/opensearch/ml/memory/interaction/get', + 'cluster:admin/opensearch/ml/memory/interaction/list', + 'cluster:admin/opensearch/ml/memory/trace/get', + 'cluster:admin/opensearch/ml/model_groups/delete', + 'cluster:admin/opensearch/ml/model_groups/get', + 'cluster:admin/opensearch/ml/model_groups/search', + 'cluster:admin/opensearch/ml/register_model_group', + 'cluster:admin/opensearch/ml/update_model_group', 'cluster:admin/opensearch/ml/models/delete', 'cluster:admin/opensearch/ml/models/get', 'cluster:admin/opensearch/ml/models/search', + 'cluster:admin/opensearch/ml/models/update', + 'cluster:admin/opensearch/ml/models/update_cache', 'cluster:admin/opensearch/ml/predict', 'cluster:admin/opensearch/ml/profile/nodes', + 'cluster:admin/opensearch/ml/register_model', + 'cluster:admin/opensearch/ml/register_model_meta', 'cluster:admin/opensearch/ml/stats/nodes', 'cluster:admin/opensearch/ml/tasks/delete', 'cluster:admin/opensearch/ml/tasks/get', 'cluster:admin/opensearch/ml/tasks/search', + 'cluster:admin/opensearch/ml/tools/get', + 'cluster:admin/opensearch/ml/tools/list', 'cluster:admin/opensearch/ml/train', 'cluster:admin/opensearch/ml/trainAndPredict', - 'cluster:admin/opensearch/ml/unload_model', + 'cluster:admin/opensearch/ml/undeploy_model', + 'cluster:admin/opensearch/ml/undeploy_models', 'cluster:admin/opensearch/ml/upload_model', 'cluster:admin/opensearch/ml/upload_model_chunk', + 'cluster:admin/opensearch/mlinternal/forward', 'cluster:admin/opensearch/observability/create', 'cluster:admin/opensearch/observability/delete', 'cluster:admin/opensearch/observability/get', From 101c80a610c94a9f5e0ab47bb89daa5ba654b354 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 21 Nov 2023 13:23:31 +0100 Subject: [PATCH 03/13] Add compatibility with OpenSearch 2.11.0 (#31) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bump version Security Dashboards Plugin 2.9.0.0 (#21) * Upgrade to version 2.8.0 of Security Dashboards Plugin (#20) * Patch actions and workflows. Skip integration tests that fail (#4) * Change plugin name in actions and workflows * Patch install-dashboards action * Change jest config path * Skip tests --------- Co-authored-by: Alex Ruiz Becerra Co-authored-by: yenienserrano * Change Wazuh logo and titles (#3) * Change Wazuh logo and titles * Don't force custom logo to have 100% width * Add comment * Fix lint * Fix prettier * Update snapshots --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Co-authored-by: yenienserrano Co-authored-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> * Disable tenant popup (#5) Co-authored-by: Alex Ruiz Becerra * Replace readme (#16) * Replace readme * Replace Opensearch to Wazuh * Update README.md Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> * Add GitHub workflow for automated build (#15) * Manual build * Workflow for automated build * Update .github/workflows/dev-environment.yml Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz * Create codeql.yml Signed-off-by: Álex Ruiz * Revert changes in cypress-test.yml * Revert changes in integration-test.yml * Fix integration test * Fix cypress test tenancy disabled --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Signed-off-by: Álex Ruiz Co-authored-by: Federico Rodriguez Co-authored-by: Alex Ruiz Becerra Co-authored-by: Álex Ruiz * Skip overview page test * Skip test for issue * Skip test for issue --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Signed-off-by: Álex Ruiz Co-authored-by: Federico Rodriguez Co-authored-by: Alex Ruiz Becerra Co-authored-by: Álex Ruiz * Fix home image and lint * Fix lint * Fix snapshot * Fix integration test * Revert selector --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Signed-off-by: Álex Ruiz Co-authored-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Co-authored-by: Federico Rodriguez Co-authored-by: yenienserrano --- .github/workflows/build.yml | 19 ++++ .github/workflows/codeql.yml | 77 ++++++++++++++++ .../cypress-test-tenancy-disabled.yml | 5 +- .github/workflows/cypress-test.yml | 7 +- .github/workflows/dev-environment.yml | 91 +++++++++++++++++++ .github/workflows/integration-test.yml | 3 +- .github/workflows/manual-build.yml | 27 ++++++ .github/workflows/unit-test.yml | 5 +- README.md | 34 ++++--- public/apps/account/account-app.tsx | 2 +- public/apps/account/test/account-app.test.tsx | 4 +- public/apps/login/login-page.tsx | 9 +- .../__snapshots__/login-page.test.tsx.snap | 20 ++-- public/assets/ui/wazuh_logo.svg | 51 +++++++++++ server/index.ts | 14 +-- test/jest.config.server.js | 18 ++-- test/jest.config.ui.js | 12 +-- test/jest_integration/jwt_auth.test.ts | 12 +-- 18 files changed, 332 insertions(+), 78 deletions(-) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dev-environment.yml create mode 100644 .github/workflows/manual-build.yml create mode 100644 public/assets/ui/wazuh_logo.svg diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..3abeaa497 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,19 @@ +# This workflow builds a production-ready package when a tag is created. +# +# This workflow is based on the `dev-environment` workflow. + +name: Build + +on: + push: + tags: + - 'v*' +jobs: + build: + name: Build app package (auto) + uses: ./.github/workflows/dev-environment.yml + with: + reference: ${{ github.ref_name }} + command: 'yarn build' + artifact_name: 'wazuh-security-dashboards-plugin-${{ github.ref_name }}' + artifact_path: './wazuh-security-plugin/build' \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..092c298a3 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,77 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main", "[0-9].[0-9]", "[0-9].x" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '00 8 * * 5' + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cypress-test-tenancy-disabled.yml b/.github/workflows/cypress-test-tenancy-disabled.yml index 8ba25a4c8..109bb5ebf 100644 --- a/.github/workflows/cypress-test-tenancy-disabled.yml +++ b/.github/workflows/cypress-test-tenancy-disabled.yml @@ -1,6 +1,6 @@ name: Cypress Tests Multitenancy Disabled -on: [ push, pull_request ] +on: [push, pull_request] env: TEST_BROWSER_HEADLESS: 1 @@ -49,7 +49,7 @@ jobs: uses: derek-ho/start-opensearch@v2 with: opensearch-version: ${{ env.OPENSEARCH_VERSION }} - plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip" + plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip' security-enabled: true admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} @@ -72,6 +72,7 @@ jobs: uses: derek-ho/setup-opensearch-dashboards@v1 with: plugin_name: security-dashboards-plugin + app_reference: ${{ vars.WZD_REF }} opensearch_dashboards_yml: tenancy-disabled-opensearch-dashboards-config.yml - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases diff --git a/.github/workflows/cypress-test.yml b/.github/workflows/cypress-test.yml index ab5000383..c60ab99ba 100644 --- a/.github/workflows/cypress-test.yml +++ b/.github/workflows/cypress-test.yml @@ -1,6 +1,6 @@ name: Cypress Tests -on: [ push, pull_request ] +on: [push, pull_request] env: TEST_BROWSER_HEADLESS: 1 @@ -21,7 +21,7 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} - steps: + steps: - name: Set up JDK uses: actions/setup-java@v1 with: @@ -49,7 +49,7 @@ jobs: uses: derek-ho/start-opensearch@v2 with: opensearch-version: ${{ env.OPENSEARCH_VERSION }} - plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip" + plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip' security-enabled: true admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} @@ -74,6 +74,7 @@ jobs: uses: derek-ho/setup-opensearch-dashboards@v1 with: plugin_name: security-dashboards-plugin + app_reference: ${{ vars.WZD_REF }} opensearch_dashboards_yml: cypress-opensearch-dashboards-config.yml - name: Configure and Run OpenSearch Dashboards with Cypress Test Cases diff --git a/.github/workflows/dev-environment.yml b/.github/workflows/dev-environment.yml new file mode 100644 index 000000000..1820c280f --- /dev/null +++ b/.github/workflows/dev-environment.yml @@ -0,0 +1,91 @@ +# This workflow downloads the source code at the given git reference +# (branch, tag or commit), an sets up an environment (Kibana or OpenSearch) +# to run this code and a command (build, test, ...). +# +# This workflow is used as a base for other workflows. + +name: Base workflow - Environment + +on: + workflow_call: + inputs: + reference: + required: true + type: string + default: master + description: Source code reference (branch, tag or commit SHA). + command: + required: true + type: string + default: 'yarn build' + description: Command to run in the environment + docker_run_extra_args: + type: string + default: '' + description: Additional paramaters for the docker run command. + required: false + artifact_name: + type: string + default: '' + description: Artifact name (will be automatically suffixed with .zip) + required: false + artifact_path: + type: string + default: '' + description: Folder to include in the archive. + required: false + notify_jest_coverage_summary: + type: boolean + default: false + required: false + +jobs: + # Deploy the plugin in a development environment and run a command + # using a pre-built Docker image, hosted in Quay.io. + deploy_and_run_command: + name: Deploy and run command + runs-on: ubuntu-latest + steps: + - name: Step 01 - Download the plugin's source code + uses: actions/checkout@v3 + with: + ref: ${{ inputs.reference }} + path: wazuh-security-plugin + + # Fix source code ownership so the internal user of the Docker + # container is also owner. + - name: Step 02 - Change code ownership + run: sudo chown 1000:1000 -R wazuh-security-plugin; + + - name: Step 03 - Set up the environment and run the command + run: | + # Read the platform version from the package.json file + echo "Reading the platform version from the package.json..."; + platform_version=$(jq -r '.opensearchDashboards.version | select(. != null)' wazuh-security-plugin/package.json); + echo "Plugin platform version: $platform_version"; + + # Up the environment and run the command + docker run -t --rm \ + -e OPENSEARCH_DASHBOARDS_VERSION=${platform_version} \ + -v `pwd`/wazuh-security-plugin:/home/node/kbn/plugins/wazuh-security-plugin \ + ${{ inputs.docker_run_extra_args }} \ + quay.io/wazuh/osd-dev:${platform_version} \ + bash -c ' + yarn config set registry https://registry.yarnpkg.com; + cd /home/node/kbn/plugins/wazuh-security-plugin && yarn && ${{ inputs.command }}; + ' + + - name: Step 04 - Upload artifact to GitHub + if: ${{ inputs.artifact_name && inputs.artifact_path }} + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.artifact_name }} + path: ${{ inputs.artifact_path }} + + - name: Step 05 - Upload coverage results to GitHub + if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }} + uses: AthleticNet/comment-test-coverage@1.2.2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + path: ./wazuh-security-plugin/target/test-coverage/coverage-summary.json + title: "Code coverage (Jest)" \ No newline at end of file diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index e90197d1d..946ce5c59 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -79,7 +79,8 @@ jobs: - id: install-dashboards uses: derek-ho/setup-opensearch-dashboards@v1 with: - plugin_name: security-dashboards-plugin + plugin_name: wazuh-security-dashboards-plugin + app_reference: ${{ vars.WZD_REF }} - name: Start Dashboards in background run: node scripts/build_opensearch_dashboards_platform_plugins.js diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml new file mode 100644 index 000000000..80b798dbd --- /dev/null +++ b/.github/workflows/manual-build.yml @@ -0,0 +1,27 @@ +# This workflow builds a production-ready package from the given Git reference. +# Any branch, tag or commit SHA existing in the origin can be used. +# +# This workflow is based on the `dev-environment` workflow. + +name: Manual build + +on: + workflow_dispatch: + inputs: + reference: + required: true + type: string + default: master + description: Source code reference (branch, tag or commit SHA) + +jobs: + # Build an app package from the given source code reference. + build: + name: Build app package + uses: ./.github/workflows/dev-environment.yml + with: + reference: ${{ github.event.inputs.reference }} + command: 'yarn build' + artifact_name: 'wazuh-security-dashboards-plugin-${{ github.event.inputs.reference }}.zip' + artifact_path: './wazuh-security-plugin/build' + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 8ee310d6d..f08f12063 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -8,7 +8,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest , windows-latest, macos-latest ] + os: [ubuntu-latest, windows-latest, macos-latest] runs-on: ${{ matrix.os }} steps: @@ -22,7 +22,8 @@ jobs: - id: install-dashboards uses: derek-ho/setup-opensearch-dashboards@v1 with: - plugin_name: security-dashboards-plugin + plugin_name: wazuh-security-dashboards-plugin + app_reference: ${{ vars.WZD_REF }} - name: Run lint run: yarn lint diff --git a/README.md b/README.md index 40cc1497b..861b0ecc4 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,32 @@ -[![Unit tests](https://github.com/opensearch-project/security-dashboards-plugin/workflows/Unit%20Tests/badge.svg?branch=main)](https://github.com/opensearch-project/security-dashboards-plugin/actions)[![Integration tests](https://github.com/opensearch-project/security-dashboards-plugin/workflows/Integration%20Tests/badge.svg?branch=main)](https://github.com/opensearch-project/security-dashboards-plugin/actions)[![codecov](https://codecov.io/gh/opensearch-project/security-dashboards-plugin/branch/main/graphs/badge.svg)](https://github.com/opensearch-project/security-dashboards-plugin) +
+ +
- +# Wazuh Security Dashboards Plugin -# OpenSearch Dashboards Security Plugin +Wazuh Security Dashboards Plugin is a fork of the OpenSearch Dashboards Security Plugin which incorporate changes to make it easier to use for Wazuh users. Our aim is to contribute back any work not tied specifically to Wazuh. -This plugin for OpenSearch Dashboards adds a configuration management UI for the OpenSearch Security features, as well as authentication, session management and multi-tenancy support to your secured cluster. +This plugin for Wazuh Dashboard adds a configuration management UI for the Wazuh Security features, as well as authentication, session management and multi-tenancy support to your secured cluster. - [Features](#features) - [Installation](#installation) - [Contributing](#contributing) - [Getting Help](#getting-help) -- [Code of Conduct](#code-of-conduct) - [Security](#security) - [License](#license) - [Copyright](#copyright) ## Features -* OpenSearch Dashboards authentication for OpenSearch -* OpenSearch Dashboards session management -* OpenSearch Security configuration UI -* Multi-tenancy support for OpenSearch Dashboards -* OpenSearch audit logging configuration UI +* Wazuh Dashboard authentication for OpenSearch +* Wazuh Dashboard session management +* Wazuh Security configuration UI +* Multi-tenancy support for Wazuh Dashboard +* Wazuh audit logging configuration UI ## Installation -The OpenSearch Dashboards Security Plugin comes bundled by default as part of the OpenSearch Dashboards distribution. Please refer to the [installation guide](https://opensearch.org/docs/latest/dashboards/install/index/) and [technical documentation](https://opensearch.org/docs/latest/security-plugin/index/) for detailed information on installing and configuring the OpenSearch Security Plugin. +The Wazuh Security Dashboards Plugin comes bundled by default as part of the Wazuh Dashboards distribution. Please refer to the [installation guide](https://documentation.wazuh.com/current/installation-guide/index.html). ## Contributing @@ -35,15 +36,11 @@ See [developer guide](DEVELOPER_GUIDE.md) and [how to contribute to this project If you find a bug, or have a feature request, please don't hesitate to open an issue in this repository. -For more information, see [project website](https://opensearch.org/) and [documentation](https://opensearch.org/docs/latest). If you need help and are unsure where to open an issue, try [forums](https://discuss.opendistrocommunity.dev/). - -## Code of Conduct - -This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments. +For more information, see [project website](https://wazuh.com/) and [documentation](https://documentation.wazuh.com/current/index.html). If you need help and are unsure where to open an [issue](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues). ## Security -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues/new/choose). Please do **not** create a public GitHub issue. ## License @@ -51,4 +48,5 @@ This code is licensed under the Apache 2.0 License. ## Copyright -Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details. \ No newline at end of file +- Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details. +- Copyright Wazuh, Inc. diff --git a/public/apps/account/account-app.tsx b/public/apps/account/account-app.tsx index 879eb5a93..983cdf8d0 100644 --- a/public/apps/account/account-app.tsx +++ b/public/apps/account/account-app.tsx @@ -105,7 +105,7 @@ export async function setupTopNavButton(coreStart: CoreStart, config: ClientConf } } - setShouldShowTenantPopup(shouldShowTenantPopup); + setShouldShowTenantPopup(false); coreStart.chrome.navControls.registerRight({ // Pin to rightmost, since newsfeed plugin is using 1000, here needs a number > 1000 diff --git a/public/apps/account/test/account-app.test.tsx b/public/apps/account/test/account-app.test.tsx index 3c7e1a744..8cd6dca49 100644 --- a/public/apps/account/test/account-app.test.tsx +++ b/public/apps/account/test/account-app.test.tsx @@ -111,14 +111,14 @@ describe('Account app', () => { }); }); - it('Should show tenant selection popup when neither securitytenant in url nor saved tenant', (done) => { + it('Should not show tenant selection popup', (done) => { (getSavedTenant as jest.Mock).mockReturnValueOnce(null); setupTopNavButton(mockCoreStart, mockConfig as any); process.nextTick(() => { expect(getSavedTenant).toBeCalledTimes(1); - expect(setShouldShowTenantPopup).toBeCalledWith(true); + expect(setShouldShowTenantPopup).toBeCalledWith(false); done(); }); }); diff --git a/public/apps/login/login-page.tsx b/public/apps/login/login-page.tsx index 70d894781..ed9b80d3a 100644 --- a/public/apps/login/login-page.tsx +++ b/public/apps/login/login-page.tsx @@ -28,6 +28,7 @@ import { } from '@elastic/eui'; import { CoreStart } from '../../../../../src/core/public'; import { ClientConfigType } from '../../types'; +import defaultBrandImage from '../../assets/ui/wazuh_logo.svg'; import { validateCurrentPassword } from '../../utils/login-utils'; import { ANONYMOUS_AUTH_LOGIN, @@ -255,23 +256,23 @@ export function LoginPage(props: LoginPageDeps) { }; // TODO: Get brand image from server config + // Don't force custom logo to have 100% width. It should be handled in the svg properties if needed. (Removed fullWidth in the image) return ( {props.config.ui.basicauth.login.showbrandimage && ( )} - {props.config.ui.basicauth.login.title || 'Log in to OpenSearch Dashboards'} + {props.config.ui.basicauth.login.title || ''} - {props.config.ui.basicauth.login.subtitle || - 'If you have forgotten your username or password, contact your system administrator.'} + {props.config.ui.basicauth.login.subtitle || ''} diff --git a/public/apps/login/test/__snapshots__/login-page.test.tsx.snap b/public/apps/login/test/__snapshots__/login-page.test.tsx.snap index b8a1e1182..393a4f3a9 100644 --- a/public/apps/login/test/__snapshots__/login-page.test.tsx.snap +++ b/public/apps/login/test/__snapshots__/login-page.test.tsx.snap @@ -366,7 +366,7 @@ exports[`Login page renders renders with default value: string 1`] = ` - Log in to OpenSearch Dashboards - + /> - If you have forgotten your username or password, contact your system administrator. - + /> @@ -469,7 +465,7 @@ exports[`Login page renders renders with default value: string array 1`] = ` - Log in to OpenSearch Dashboards - + /> - If you have forgotten your username or password, contact your system administrator. - + /> diff --git a/public/assets/ui/wazuh_logo.svg b/public/assets/ui/wazuh_logo.svg new file mode 100644 index 000000000..b74126093 --- /dev/null +++ b/public/assets/ui/wazuh_logo.svg @@ -0,0 +1,51 @@ + + + + + + Layer 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/server/index.ts b/server/index.ts index 68a20f533..e2cfa596b 100644 --- a/server/index.ts +++ b/server/index.ts @@ -134,11 +134,8 @@ export const configSchema = schema.object({ }), loadbalancer_url: schema.maybe(schema.string()), login: schema.object({ - title: schema.string({ defaultValue: 'Log in to OpenSearch Dashboards' }), - subtitle: schema.string({ - defaultValue: - 'If you have forgotten your username or password, contact your system administrator.', - }), + title: schema.string({ defaultValue: '' }), + subtitle: schema.string({ defaultValue: '' }), showbrandimage: schema.boolean({ defaultValue: true }), brandimage: schema.string({ defaultValue: '' }), // TODO: update brand image buttonstyle: schema.string({ defaultValue: '' }), @@ -251,11 +248,8 @@ export const configSchema = schema.object({ // the login config here is the same as old config `_security.basicauth.login` // Since we are now rendering login page to browser app, so move these config to browser side. login: schema.object({ - title: schema.string({ defaultValue: 'Log in to OpenSearch Dashboards' }), - subtitle: schema.string({ - defaultValue: - 'If you have forgotten your username or password, contact your system administrator.', - }), + title: schema.string({ defaultValue: '' }), + subtitle: schema.string({ defaultValue: '' }), showbrandimage: schema.boolean({ defaultValue: true }), brandimage: schema.string({ defaultValue: '' }), buttonstyle: schema.string({ defaultValue: '' }), diff --git a/test/jest.config.server.js b/test/jest.config.server.js index 783003154..f625ee260 100644 --- a/test/jest.config.server.js +++ b/test/jest.config.server.js @@ -17,24 +17,24 @@ import config from '../../../src/dev/jest/config'; export default { ...config, - roots: ['/plugins/security-dashboards-plugin'], + roots: ['/plugins/wazuh-security-dashboards-plugin'], testMatch: ['**/test/jest_integration/**/*.test.ts', '**/server/**/*.test.ts'], testPathIgnorePatterns: config.testPathIgnorePatterns.filter( (pattern) => !pattern.includes('integration_tests') ), setupFilesAfterEnv: [ '/src/dev/jest/setup/after_env.integration.js', - '/plugins/security-dashboards-plugin/test/setup/after_env.js', + '/plugins/wazuh-security-dashboards-plugin/test/setup/after_env.js', ], collectCoverageFrom: [ - '/plugins/security-dashboards-plugin/server/**/*.{ts,tsx}', - '!/plugins/security-dashboards-plugin/server/**/*.test.{ts,tsx}', - '!/plugins/security-dashboards-plugin/server/auth/types/jwt/**/*.{ts,tsx}', - '!/plugins/security-dashboards-plugin/server/auth/types/openid/**/*.{ts,tsx}', - '!/plugins/security-dashboards-plugin/server/auth/types/saml/**/*.{ts,tsx}', - '!/plugins/security-dashboards-plugin/server/auth/types/proxy/**/*.{ts,tsx}', + '/plugins/wazuh-security-dashboards-plugin/server/**/*.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/server/**/*.test.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/jwt/**/*.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/openid/**/*.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/saml/**/*.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/proxy/**/*.{ts,tsx}', ], coverageDirectory: - '/plugins/security-dashboards-plugin/opensearch-dashboards-coverage/jest_server', + '/plugins/wazuh-security-dashboards-plugin/opensearch-dashboards-coverage/jest_server', coverageReporters: ['lcov', 'text', 'cobertura', 'html'], }; diff --git a/test/jest.config.ui.js b/test/jest.config.ui.js index b3ec9bc2e..dfe15acbe 100644 --- a/test/jest.config.ui.js +++ b/test/jest.config.ui.js @@ -17,19 +17,19 @@ import config from '../../../src/dev/jest/config'; export default { ...config, - roots: ['/plugins/security-dashboards-plugin'], + roots: ['/plugins/wazuh-security-dashboards-plugin'], testMatch: ['**/public/**/*.test.{ts,tsx,js,jsx}', '**/common/*.test.{ts, tsx}'], testPathIgnorePatterns: [ - '/plugins/security-dashboards-plugin/build/', - '/plugins/security-dashboards-plugin/node_modules/', + '/plugins/wazuh-security-dashboards-plugin/build/', + '/plugins/wazuh-security-dashboards-plugin/node_modules/', ], setupFilesAfterEnv: ['/src/dev/jest/setup/after_env.integration.js'], collectCoverageFrom: [ - '/plugins/security-dashboards-plugin/public/**/*.{ts,tsx}', - '!/plugins/security-dashboards-plugin/public/**/*.test.{ts,tsx}', + '/plugins/wazuh-security-dashboards-plugin/public/**/*.{ts,tsx}', + '!/plugins/wazuh-security-dashboards-plugin/public/**/*.test.{ts,tsx}', ], coverageDirectory: - '/plugins/security-dashboards-plugin/opensearch-dashboards-coverage/jest_ui', + '/plugins/wazuh-security-dashboards-plugin/opensearch-dashboards-coverage/jest_ui', clearMocks: true, coverageReporters: ['lcov', 'text', 'cobertura', 'html'], }; diff --git a/test/jest_integration/jwt_auth.test.ts b/test/jest_integration/jwt_auth.test.ts index 7fc2dde76..d8e313994 100644 --- a/test/jest_integration/jwt_auth.test.ts +++ b/test/jest_integration/jwt_auth.test.ts @@ -219,8 +219,8 @@ describe('start OpenSearch Dashboards server', () => { // shutdown OpenSearchDashboards server await root.shutdown(); }); - - it('Login to app/opensearch_dashboards_overview#/ when JWT is enabled', async () => { + // Wazuh: Skip test because overview page is disabled + it.skip('Login to app/opensearch_dashboards_overview#/ when JWT is enabled', async () => { const payload = { sub: 'jwt_test', roles: 'admin,kibanauser', @@ -267,8 +267,8 @@ describe('start OpenSearch Dashboards server', () => { await driver.manage().deleteAllCookies(); await driver.quit(); }); - - it('Login to app/opensearch_dashboards_overview#/ when JWT is enabled with invalid token', async () => { + // Wazuh: Skip test because overview page is disabled + it.skip('Login to app/opensearch_dashboards_overview#/ when JWT is enabled with invalid token', async () => { const payload = { sub: 'jwt_test', roles: 'admin,kibanauser', @@ -294,8 +294,8 @@ describe('start OpenSearch Dashboards server', () => { await driver.manage().deleteAllCookies(); await driver.quit(); }); - - it('Login to app/dev_tools#/console when JWT is enabled with invalid token', async () => { + // Wazuh: Skip test because this issue https://github.com/opensearch-project/security-dashboards-plugin/issues/1540 + it.skip('Login to app/dev_tools#/console when JWT is enabled with invalid token', async () => { const payload = { sub: 'jwt_test', roles: 'admin,kibanauser', From bb51ae7706b422fc97617ec254b3ef14c4cb9cf5 Mon Sep 17 00:00:00 2001 From: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Date: Thu, 7 Dec 2023 14:50:38 +0100 Subject: [PATCH 04/13] Update of the GitHub actions to create the packages (#33) * Update Build manual Github action * Add wazuh version in package.json * Update package.json Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> --------- Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> --- .github/workflows/dev-environment.yml | 7 ++++++- .github/workflows/manual-build.yml | 11 +++++++++-- package.json | 6 +++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev-environment.yml b/.github/workflows/dev-environment.yml index 1820c280f..7bcec2419 100644 --- a/.github/workflows/dev-environment.yml +++ b/.github/workflows/dev-environment.yml @@ -49,6 +49,7 @@ jobs: - name: Step 01 - Download the plugin's source code uses: actions/checkout@v3 with: + repository: wazuh/wazuh-security-dashboards-plugin ref: ${{ inputs.reference }} path: wazuh-security-plugin @@ -74,12 +75,16 @@ jobs: yarn config set registry https://registry.yarnpkg.com; cd /home/node/kbn/plugins/wazuh-security-plugin && yarn && ${{ inputs.command }}; ' + - name: Get the plugin version + run: | + echo "version=$(jq -r '.wazuh.version' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV + echo "revision=$(jq -r '.wazuh.revision' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV - name: Step 04 - Upload artifact to GitHub if: ${{ inputs.artifact_name && inputs.artifact_path }} uses: actions/upload-artifact@v3 with: - name: ${{ inputs.artifact_name }} + name: ${{ inputs.artifact_name }}_${{ env.version }}-${{ env.revision }}_${{ inputs.reference }}.zip path: ${{ inputs.artifact_path }} - name: Step 05 - Upload coverage results to GitHub diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml index 80b798dbd..5077ffa4d 100644 --- a/.github/workflows/manual-build.yml +++ b/.github/workflows/manual-build.yml @@ -6,6 +6,13 @@ name: Manual build on: + workflow_call: + inputs: + reference: + required: true + type: string + description: Source code reference (branch, tag or commit SHA) + default: 4.9.0 workflow_dispatch: inputs: reference: @@ -20,8 +27,8 @@ jobs: name: Build app package uses: ./.github/workflows/dev-environment.yml with: - reference: ${{ github.event.inputs.reference }} + reference: ${{ inputs.reference }} command: 'yarn build' - artifact_name: 'wazuh-security-dashboards-plugin-${{ github.event.inputs.reference }}.zip' + artifact_name: 'wazuh-security-dashboards-plugin' artifact_path: './wazuh-security-plugin/build' secrets: inherit \ No newline at end of file diff --git a/package.json b/package.json index 8b501af61..0c98c7982 100644 --- a/package.json +++ b/package.json @@ -6,6 +6,10 @@ "version": "2.13.0", "templateVersion": "2.13.0" }, + "wazuh": { + "version": "4.9.0", + "revision": "00" + }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", "scripts": { @@ -46,4 +50,4 @@ "glob-parent": "^5.1.2", "debug": "^4.3.4" } -} \ No newline at end of file +} From c736927a890b816f3d08118b6c337a50715d60c5 Mon Sep 17 00:00:00 2001 From: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Date: Wed, 21 Feb 2024 13:14:04 +0100 Subject: [PATCH 05/13] Change order of security in left menu (#36) * Change order of security in left menu * Fix cypress test --- .github/workflows/cypress-test-tenancy-disabled.yml | 2 +- .github/workflows/cypress-test.yml | 2 +- public/plugin.ts | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cypress-test-tenancy-disabled.yml b/.github/workflows/cypress-test-tenancy-disabled.yml index 109bb5ebf..ecc67df84 100644 --- a/.github/workflows/cypress-test-tenancy-disabled.yml +++ b/.github/workflows/cypress-test-tenancy-disabled.yml @@ -80,7 +80,7 @@ jobs: cd ./OpenSearch-Dashboards nohup yarn start --no-base-path --no-watch & sleep 500 - git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git + git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git -b ${{ env.OPENSEARCH_VERSION }} cd opensearch-dashboards-functional-test npm install cypress --save-dev yarn cypress:run-with-security --browser chrome --spec "cypress/integration/plugins/security-dashboards-plugin/inaccessible_tenancy_features.js" diff --git a/.github/workflows/cypress-test.yml b/.github/workflows/cypress-test.yml index c60ab99ba..ca798c230 100644 --- a/.github/workflows/cypress-test.yml +++ b/.github/workflows/cypress-test.yml @@ -82,7 +82,7 @@ jobs: cd ./OpenSearch-Dashboards nohup yarn start --no-base-path --no-watch & sleep 500 - git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git + git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git -b ${{ env.OPENSEARCH_VERSION }} cd opensearch-dashboards-functional-test npm install cypress --save-dev yarn cypress:run-with-security-and-aggregation-view --browser chrome --spec "cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js" diff --git a/public/plugin.ts b/public/plugin.ts index 7ac039fb1..6c33710ce 100644 --- a/public/plugin.ts +++ b/public/plugin.ts @@ -100,7 +100,7 @@ export class SecurityPlugin core.application.register({ id: PLUGIN_NAME, title: 'Security', - order: 9050, + order: 9030, mount: async (params: AppMountParameters) => { const { renderApp } = await import('./apps/configuration/configuration-app'); const [coreStart, depsStart] = await core.getStartServices(); @@ -121,7 +121,7 @@ export class SecurityPlugin deps.managementOverview.register({ id: PLUGIN_NAME, title: 'Security', - order: 9050, + order: 9030, description: i18n.translate('security.securityDescription', { defaultMessage: 'Configure how users access data in OpenSearch with authentication, access control and audit logging.', From 1adeb671534c68d409b2f66d3d44085e1e3b275d Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Fri, 19 Apr 2024 08:51:48 -0300 Subject: [PATCH 06/13] Fix repository tests (#46) * Initial commit * Removed Windows and Mac tests * Fix oidc test * Fix SAML test --- .github/workflows/integration-test.yml | 32 ++++++++++---------- .github/workflows/unit-test.yml | 10 +++--- package.json | 2 +- test/cypress/e2e/oidc/oidc_auth_test.spec.js | 3 ++ test/cypress/e2e/saml/saml_auth_test.spec.js | 3 ++ 5 files changed, 28 insertions(+), 22 deletions(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 946ce5c59..be7a6e463 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest , windows-latest ] + os: [ubuntu-latest] # Removed windows-latest runs-on: ${{ matrix.os }} env: OPENSEARCH_INITIAL_ADMIN_PASSWORD: admin @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout Branch uses: actions/checkout@v3 - + - name: Set up JDK uses: actions/setup-java@v1 with: @@ -47,12 +47,12 @@ jobs: if: ${{ runner.os == 'Linux' }} # Browser-action version does not work on Windows - - name: Set up Firefox browser for Windows - if: ${{ runner.os == 'Windows' }} - uses: RyanL1997/setup-browser@main - with: - browser: firefox - version: latest + # - name: Set up Firefox browser for Windows + # if: ${{ runner.os == 'Windows' }} + # uses: RyanL1997/setup-browser@main + # with: + # browser: firefox + # version: latest - name: Download security plugin and create setup scripts uses: ./.github/actions/download-plugin @@ -65,7 +65,7 @@ jobs: uses: derek-ho/start-opensearch@v2 with: opensearch-version: ${{ env.OPENSEARCH_VERSION }} - plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip" + plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip' security-enabled: true admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} @@ -97,10 +97,10 @@ jobs: yarn test:jest_server --coverage working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }} - - name: Run integration tests on Windows - if: ${{ runner.os == 'Windows' }} - run: | - echo "check if opensearch is ready" - curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k - node .\test\run_jest_tests.js --runInBand --detectOpenHandles --forceExit --config .\test\jest.config.server.js - working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }} + # - name: Run integration tests on Windows + # if: ${{ runner.os == 'Windows' }} + # run: | + # echo "check if opensearch is ready" + # curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k + # node .\test\run_jest_tests.js --runInBand --detectOpenHandles --forceExit --config .\test\jest.config.server.js + # working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }} diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index f08f12063..58315d6f2 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -1,6 +1,6 @@ name: Unit Tests -on: [ push, pull_request ] +on: [push, pull_request] jobs: unit-tests: @@ -8,13 +8,13 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest] + os: [ubuntu-latest] # Removed windows-latest, macos-latest runs-on: ${{ matrix.os }} steps: - - name: Enable longer filenames - if: ${{ matrix.os == 'windows-latest' }} - run: git config --system core.longpaths true + # - name: Enable longer filenames + # if: ${{ matrix.os == 'windows-latest' }} + # run: git config --system core.longpaths true - name: Checkout Branch uses: actions/checkout@v2 diff --git a/package.json b/package.json index 0c98c7982..781fc922a 100644 --- a/package.json +++ b/package.json @@ -50,4 +50,4 @@ "glob-parent": "^5.1.2", "debug": "^4.3.4" } -} +} \ No newline at end of file diff --git a/test/cypress/e2e/oidc/oidc_auth_test.spec.js b/test/cypress/e2e/oidc/oidc_auth_test.spec.js index 08a7e8ae1..510bfdde6 100644 --- a/test/cypress/e2e/oidc/oidc_auth_test.spec.js +++ b/test/cypress/e2e/oidc/oidc_auth_test.spec.js @@ -105,6 +105,9 @@ describe('Log in via OIDC', () => { }); localStorage.setItem('home:newThemeModal:show', 'false'); + cy.get('#user-icon-btn').should('be.visible'); + cy.get('#user-icon-btn').click(); + cy.get('button[data-test-subj^="switch-tenants"]').click(); cy.get('#private').should('be.enabled'); cy.get('#private').click({ force: true }); diff --git a/test/cypress/e2e/saml/saml_auth_test.spec.js b/test/cypress/e2e/saml/saml_auth_test.spec.js index b8f6a134f..35e38e7b6 100644 --- a/test/cypress/e2e/saml/saml_auth_test.spec.js +++ b/test/cypress/e2e/saml/saml_auth_test.spec.js @@ -100,6 +100,9 @@ describe('Log in via SAML', () => { }); samlLogin(); + cy.get('#user-icon-btn').should('be.visible'); + cy.get('#user-icon-btn').click(); + cy.get('button[data-test-subj^="switch-tenants"]').click(); cy.get('#private').should('be.enabled'); cy.get('#private').click({ force: true }); From 9cebc39c0f7f1ea83562311a7c4f98aca306126f Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Thu, 20 Jun 2024 11:13:47 +0200 Subject: [PATCH 07/13] Bump 4.9.0 to revision 01 (#56) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 781fc922a..f8bd3820f 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "wazuh": { "version": "4.9.0", - "revision": "00" + "revision": "01" }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", From ee13dc553e1f26afc312f0448925655826da7dbf Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:58:16 +0200 Subject: [PATCH 08/13] chore: bump 4.9.0 revision 02 (#64) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f8bd3820f..9886bd018 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "wazuh": { "version": "4.9.0", - "revision": "01" + "revision": "02" }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", From c4737fcfefdf00bad6228b923c046a4cdb92109a Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Fri, 19 Jul 2024 12:17:00 -0300 Subject: [PATCH 09/13] Bump revision 03 (#74) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9886bd018..6813c984f 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "wazuh": { "version": "4.9.0", - "revision": "02" + "revision": "03" }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", From 3269b9778761dd55ab7f8c9a53f057fcb7a59bb8 Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Tue, 23 Jul 2024 10:12:30 +0200 Subject: [PATCH 10/13] chore: bump to 4.9.1 revision 00 (#76) --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 6813c984f..c5296e680 100644 --- a/package.json +++ b/package.json @@ -7,8 +7,8 @@ "templateVersion": "2.13.0" }, "wazuh": { - "version": "4.9.0", - "revision": "03" + "version": "4.9.1", + "revision": "00" }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin", From 60d88a68e4c2ceb057a6bd0fe402d27b709bc912 Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Thu, 12 Sep 2024 11:58:18 +0200 Subject: [PATCH 11/13] Update the security policy (#95) * change: update the security policy * fix: security policy --- SECURITY.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 79555ea3d..aea367a00 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,49 @@ -# Reporting a Vulnerability +# Wazuh Open Source Project Security Policy -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do **not** create a public GitHub issue. \ No newline at end of file +Version: 2023-06-12 + +## Introduction +This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities. + +## Scope +This policy applies to all open source projects developed, maintained, or hosted by Wazuh. + +## Reporting Security Vulnerabilities +If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly. + +Please submit your findings as [security advisories](https://github.com/wazuh/wazuh/security/advisories) under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to security@wazuh.com. + +## Vulnerability Disclosure Policy +Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps: + +1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation. + +2. Validation: We will validate the issue and work on reproducing it in our environment. + +3. Remediation: We will work on a fix and thoroughly test it + +4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party. + +5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments. + +This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability. + +## Automatic Scanning +We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner. + +## Credit +We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report. + +We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future. + +## Compliance with this Policy +We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. + +Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact. + +We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy. + +## Changes to this Security Policy +This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date. + +If you have any questions about this Security Policy, please contact us at security@wazuh.com From b3683d9f736485cfb871539e438eed7dd8cbb338 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Tue, 17 Sep 2024 14:49:12 +0200 Subject: [PATCH 12/13] Update repository security policy (#97) --- SECURITY.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index aea367a00..164723b5d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -11,19 +11,15 @@ This policy applies to all open source projects developed, maintained, or hosted ## Reporting Security Vulnerabilities If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly. -Please submit your findings as [security advisories](https://github.com/wazuh/wazuh/security/advisories) under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to security@wazuh.com. +Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com). ## Vulnerability Disclosure Policy Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps: 1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation. - 2. Validation: We will validate the issue and work on reproducing it in our environment. - 3. Remediation: We will work on a fix and thoroughly test it - 4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party. - 5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments. This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability. @@ -37,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future. ## Compliance with this Policy -We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. +We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact. @@ -46,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o ## Changes to this Security Policy This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date. -If you have any questions about this Security Policy, please contact us at security@wazuh.com +If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com) From 035e7c0adf8bffb76b9ea1e95ec1f390308f2cd1 Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:58:03 +0200 Subject: [PATCH 13/13] chore(bump): revision 4.9.1 01 (#99) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c5296e680..53a84f5b9 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "wazuh": { "version": "4.9.1", - "revision": "00" + "revision": "01" }, "license": "Apache-2.0", "homepage": "https://github.com/opensearch-project/security-dashboards-plugin",