maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Rename Whitelist to AllowList in Actions and Alerting (#75099)

Browse source 
* Rename Whitelist to AllowList in Actions and Alerting

* revert not related change

* Fixed due to comments and tests failing

* Fixed failing tests

* Fixed due to comments
This commit is contained in:
Yuliia Naumenko 2020-08-24 16:25:05 -07:00 committed by GitHub
parent 6b9092609a
commit f28a9e6e2d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 181 additions and 202 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
x-pack/plugins/actions/README.md
View file

@ -19,7 +19,7 @@ Table of Contents
- [Usage](#usage)
- [Kibana Actions Configuration](#kibana-actions-configuration)
- [Configuration Options](#configuration-options)
- [Whitelisting Built-in Action Types](#whitelisting-built-in-action-types)
- [Adding Built-in Action Types to allowedHosts](#adding-built-in-action-types-to-hosts-allow-list)
- [Configuration Utilities](#configuration-utilities)
- [Action types](#action-types)
- [Methods](#methods)
@ -106,15 +106,15 @@ Built-In-Actions are configured using the _xpack.actions_ namespoace under _kiba
| Namespaced Key | Description | Type |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| _xpack.actions._**enabled** | Feature toggle which enabled Actions in Kibana. | boolean |
| _xpack.actions._**whitelistedHosts** | Which _hostnames_ are whitelisted for the Built-In-Action? This list should contain hostnames of every external service you wish to interact with using Webhooks, Email or any other built in Action. Note that you may use the string "\*" in place of a specific hostname to enable Kibana to target any URL, but keep in mind the potential use of such a feature to execute [SSRF](https://www.owasp.org/index.php/Server_Side_Request_Forgery) attacks from your server. | Array<String> |
| _xpack.actions._**allowedHosts** | Which _hostnames_ are allowed for the Built-In-Action? This list should contain hostnames of every external service you wish to interact with using Webhooks, Email or any other built in Action. Note that you may use the string "\*" in place of a specific hostname to enable Kibana to target any URL, but keep in mind the potential use of such a feature to execute [SSRF](https://www.owasp.org/index.php/Server_Side_Request_Forgery) attacks from your server. | Array<String> |
| _xpack.actions._**enabledActionTypes** | A list of _actionTypes_ id's that are enabled. A "\*" may be used as an element to indicate all registered actionTypes should be enabled. The actionTypes registered for Kibana are `.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, `.webhook`. Default: `["*"]` | Array<String> |
| _xpack.actions._**preconfigured** | A object of action id / preconfigured actions. Default: `{}` | Array<Object> |
#### Whitelisting Built-in Action Types
#### Adding Built-in Action Types to allowedHosts
It is worth noting that the **whitelistedHosts** configuation applies to built-in action types (such as Slack, or PagerDuty) as well.
It is worth noting that the **allowedHosts** configuation applies to built-in action types (such as Slack, or PagerDuty) as well.
Uniquely, the _PagerDuty Action Type_ has been configured to support the service's Events API (at _https://events.pagerduty.com/v2/enqueue_, which you can read about [here](https://v2.developer.pagerduty.com/docs/events-api-v2)) as a default, but this too, must be included in the whitelist before the PagerDuty action can be used.
Uniquely, the _PagerDuty Action Type_ has been configured to support the service's Events API (at _https://events.pagerduty.com/v2/enqueue_, which you can read about [here](https://v2.developer.pagerduty.com/docs/events-api-v2)) as a default, but this too, must be included in the allowedHosts before the PagerDuty action can be used.
### Configuration Utilities
@ -122,11 +122,11 @@ This module provides a Utilities for interacting with the configuration.
| Method | Arguments | Description | Return Type |
| ------------------------- | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- |
| isWhitelistedUri | _uri_: The URI you wish to validate is whitelisted | Validates whether the URI is whitelisted. This checks the configuration and validates that the hostname of the URI is in the list of whitelisted Hosts and returns `true` if it is whitelisted. If the configuration says that all URI's are whitelisted (using an "\*") then it will always return `true`. | Boolean |
| isWhitelistedHostname | _hostname_: The Hostname you wish to validate is whitelisted | Validates whether the Hostname is whitelisted. This checks the configuration and validates that the hostname is in the list of whitelisted Hosts and returns `true` if it is whitelisted. If the configuration says that all Hostnames are whitelisted (using an "\*") then it will always return `true`. | Boolean |
| isUriAllowed | _uri_: The URI you wish to validate is allowed | Validates whether the URI is allowed. This checks the configuration and validates that the hostname of the URI is in the list of allowed Hosts and returns `true` if it is allowed. If the configuration says that all URI's are allowed (using an "\*") then it will always return `true`. | Boolean |
| isHostnameAllowed | _hostname_: The Hostname you wish to validate is allowed | Validates whether the Hostname is allowed. This checks the configuration and validates that the hostname is in the list of allowed Hosts and returns `true` if it is allowed. If the configuration says that all Hostnames are allowed (using an "\*") then it will always return `true`. | Boolean |
| isActionTypeEnabled | _actionType_: The actionType to check to see if it's enabled | Returns true if the actionType is enabled, otherwise false. | Boolean |
| ensureWhitelistedUri | _uri_: The URI you wish to validate is whitelisted | Validates whether the URI is whitelisted. This checks the configuration and validates that the hostname of the URI is in the list of whitelisted Hosts and throws an error if it is not whitelisted. If the configuration says that all URI's are whitelisted (using an "\*") then it will never throw. | No return value, throws if URI isn't whitelisted |
| ensureWhitelistedHostname | _hostname_: The Hostname you wish to validate is whitelisted | Validates whether the Hostname is whitelisted. This checks the configuration and validates that the hostname is in the list of whitelisted Hosts and throws an error if it is not whitelisted. If the configuration says that all Hostnames are whitelisted (using an "\*") then it will never throw | No return value, throws if Hostname isn't whitelisted |
| ensureUriAllowed | _uri_: The URI you wish to validate is allowed | Validates whether the URI is allowed. This checks the configuration and validates that the hostname of the URI is in the list of allowed Hosts and throws an error if it is not allowed. If the configuration says that all URI's are allowed (using an "\*") then it will never throw. | No return value, throws if URI isn't allowed |
| ensureHostnameAllowed | _hostname_: The Hostname you wish to validate is allowed | Validates whether the Hostname is allowed. This checks the configuration and validates that the hostname is in the list of allowed Hosts and throws an error if it is not allowed. If the configuration says that all Hostnames are allowed (using an "\*") then it will never throw | No return value, throws if Hostname isn't allowed . |
| ensureActionTypeEnabled | _actionType_: The actionType to check to see if it's enabled | Throws an error if the actionType is not enabled | No return value, throws if actionType isn't enabled |
## Action types
@ -666,7 +666,7 @@ Currently actions are licensed as "basic" if the action only interacts with the
Currently actions that are licensed as "basic" **MUST** be implemented in the actions plugin, other actions can be implemented in any other plugin that pre-reqs the actions plugin. If the new action is generic across the stack, it probably belongs in the actions plugin, but if your action is very specific to a plugin/solution, it might be easiest to implement it in the plugin/solution. Keep in mind that if Kibana is run without the plugin being enabled, any actions defined in that plugin will not run, nor will those actions be available via APIs or UI.
Actions that take URLs or hostnames should check that those values are whitelisted. The whitelisting utilities are currently internal to the actions plugin, and so such actions will need to be implemented in the actions plugin. Longer-term, we will expose these utilities so they can be used by alerts implemented in other plugins; see [issue #64659](https://github.com/elastic/kibana/issues/64659).
Actions that take URLs or hostnames should check that those values are allowed. The allowed host list utilities are currently internal to the actions plugin, and so such actions will need to be implemented in the actions plugin. Longer-term, we will expose these utilities so they can be used by alerts implemented in other plugins; see [issue #64659](https://github.com/elastic/kibana/issues/64659).
## documentation

2
x-pack/plugins/actions/server/actions_client.test.ts
View file

@ -295,7 +295,7 @@ describe('create()', () => {
const localConfigUtils = getActionsConfigurationUtilities({
enabled: true,
enabledActionTypes: ['some-not-ignored-action-type'],
whitelistedHosts: ['*'],
allowedHosts: ['*'],
});
const localActionTypeRegistryParams = {

8
x-pack/plugins/actions/server/actions_config.mock.ts
View file

@ -8,11 +8,11 @@ import { ActionsConfigurationUtilities } from './actions_config';
const createActionsConfigMock = () => {
const mocked: jest.Mocked<ActionsConfigurationUtilities> = {
isWhitelistedHostname: jest.fn().mockReturnValue(true),
isWhitelistedUri: jest.fn().mockReturnValue(true),
isHostnameAllowed: jest.fn().mockReturnValue(true),
isUriAllowed: jest.fn().mockReturnValue(true),
isActionTypeEnabled: jest.fn().mockReturnValue(true),
ensureWhitelistedHostname: jest.fn().mockReturnValue({}),
ensureWhitelistedUri: jest.fn().mockReturnValue({}),
ensureHostnameAllowed: jest.fn().mockReturnValue({}),
ensureUriAllowed: jest.fn().mockReturnValue({}),
ensureActionTypeEnabled: jest.fn().mockReturnValue({}),
};
return mocked;

104
x-pack/plugins/actions/server/actions_config.test.ts
View file

@ -7,163 +7,151 @@
import { ActionsConfigType } from './types';
import {
getActionsConfigurationUtilities,
WhitelistedHosts,
AllowedHosts,
EnabledActionTypes,
} from './actions_config';
const DefaultActionsConfig: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: [],
};
describe('ensureWhitelistedUri', () => {
describe('ensureUriAllowed', () => {
test('returns true when "any" hostnames are allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [WhitelistedHosts.Any],
allowedHosts: [AllowedHosts.Any],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).ensureWhitelistedUri(
'https://github.com/elastic/kibana'
)
getActionsConfigurationUtilities(config).ensureUriAllowed('https://github.com/elastic/kibana')
).toBeUndefined();
});
test('throws when the hostname in the requested uri is not in the whitelist', () => {
test('throws when the hostname in the requested uri is not in the allowedHosts', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(() =>
getActionsConfigurationUtilities(config).ensureWhitelistedUri(
'https://github.com/elastic/kibana'
)
getActionsConfigurationUtilities(config).ensureUriAllowed('https://github.com/elastic/kibana')
).toThrowErrorMatchingInlineSnapshot(
`"target url \\"https://github.com/elastic/kibana\\" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts"`
`"target url \\"https://github.com/elastic/kibana\\" is not added to the Kibana config xpack.actions.allowedHosts"`
);
});
test('throws when the uri cannot be parsed as a valid URI', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(() =>
getActionsConfigurationUtilities(config).ensureWhitelistedUri('github.com/elastic')
getActionsConfigurationUtilities(config).ensureUriAllowed('github.com/elastic')
).toThrowErrorMatchingInlineSnapshot(
`"target url \\"github.com/elastic\\" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts"`
`"target url \\"github.com/elastic\\" is not added to the Kibana config xpack.actions.allowedHosts"`
);
});
test('returns true when the hostname in the requested uri is in the whitelist', () => {
test('returns true when the hostname in the requested uri is in the allowedHosts', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: ['github.com'],
allowedHosts: ['github.com'],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).ensureWhitelistedUri(
'https://github.com/elastic/kibana'
)
getActionsConfigurationUtilities(config).ensureUriAllowed('https://github.com/elastic/kibana')
).toBeUndefined();
});
});
describe('ensureWhitelistedHostname', () => {
describe('ensureHostnameAllowed', () => {
test('returns true when "any" hostnames are allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [WhitelistedHosts.Any],
allowedHosts: [AllowedHosts.Any],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).ensureWhitelistedHostname('github.com')
getActionsConfigurationUtilities(config).ensureHostnameAllowed('github.com')
).toBeUndefined();
});
test('throws when the hostname in the requested uri is not in the whitelist', () => {
test('throws when the hostname in the requested uri is not in the allowedHosts', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(() =>
getActionsConfigurationUtilities(config).ensureWhitelistedHostname('github.com')
getActionsConfigurationUtilities(config).ensureHostnameAllowed('github.com')
).toThrowErrorMatchingInlineSnapshot(
`"target hostname \\"github.com\\" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts"`
`"target hostname \\"github.com\\" is not added to the Kibana config xpack.actions.allowedHosts"`
);
});
test('returns true when the hostname in the requested uri is in the whitelist', () => {
test('returns true when the hostname in the requested uri is in the allowedHosts', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: ['github.com'],
allowedHosts: ['github.com'],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).ensureWhitelistedHostname('github.com')
getActionsConfigurationUtilities(config).ensureHostnameAllowed('github.com')
).toBeUndefined();
});
});
describe('isWhitelistedUri', () => {
describe('isUriAllowed', () => {
test('returns true when "any" hostnames are allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [WhitelistedHosts.Any],
allowedHosts: [AllowedHosts.Any],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).isWhitelistedUri('https://github.com/elastic/kibana')
getActionsConfigurationUtilities(config).isUriAllowed('https://github.com/elastic/kibana')
).toEqual(true);
});
test('throws when the hostname in the requested uri is not in the whitelist', () => {
test('throws when the hostname in the requested uri is not in the allowedHosts', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(
getActionsConfigurationUtilities(config).isWhitelistedUri('https://github.com/elastic/kibana')
getActionsConfigurationUtilities(config).isUriAllowed('https://github.com/elastic/kibana')
).toEqual(false);
});
test('throws when the uri cannot be parsed as a valid URI', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(getActionsConfigurationUtilities(config).isWhitelistedUri('github.com/elastic')).toEqual(
expect(getActionsConfigurationUtilities(config).isUriAllowed('github.com/elastic')).toEqual(
false
);
});
test('returns true when the hostname in the requested uri is in the whitelist', () => {
test('returns true when the hostname in the requested uri is in the allowedHosts', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: ['github.com'],
allowedHosts: ['github.com'],
enabledActionTypes: [],
};
expect(
getActionsConfigurationUtilities(config).isWhitelistedUri('https://github.com/elastic/kibana')
getActionsConfigurationUtilities(config).isUriAllowed('https://github.com/elastic/kibana')
).toEqual(true);
});
});
describe('isWhitelistedHostname', () => {
describe('isHostnameAllowed', () => {
test('returns true when "any" hostnames are allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [WhitelistedHosts.Any],
allowedHosts: [AllowedHosts.Any],
enabledActionTypes: [],
};
expect(getActionsConfigurationUtilities(config).isWhitelistedHostname('github.com')).toEqual(
true
);
expect(getActionsConfigurationUtilities(config).isHostnameAllowed('github.com')).toEqual(true);
});
test('throws when the hostname in the requested uri is not in the whitelist', () => {
test('throws when the hostname in the requested uri is not in the allowedHosts', () => {
const config: ActionsConfigType = DefaultActionsConfig;
expect(getActionsConfigurationUtilities(config).isWhitelistedHostname('github.com')).toEqual(
false
);
expect(getActionsConfigurationUtilities(config).isHostnameAllowed('github.com')).toEqual(false);
});
test('returns true when the hostname in the requested uri is in the whitelist', () => {
test('returns true when the hostname in the requested uri is in the allowedHosts', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: ['github.com'],
allowedHosts: ['github.com'],
enabledActionTypes: [],
};
expect(getActionsConfigurationUtilities(config).isWhitelistedHostname('github.com')).toEqual(
true
);
expect(getActionsConfigurationUtilities(config).isHostnameAllowed('github.com')).toEqual(true);
});
});
@ -171,7 +159,7 @@ describe('isActionTypeEnabled', () => {
test('returns true when "any" actionTypes are allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['ignore', EnabledActionTypes.Any],
};
expect(getActionsConfigurationUtilities(config).isActionTypeEnabled('foo')).toEqual(true);
@ -180,7 +168,7 @@ describe('isActionTypeEnabled', () => {
test('returns false when no actionType is allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: [],
};
expect(getActionsConfigurationUtilities(config).isActionTypeEnabled('foo')).toEqual(false);
@ -189,7 +177,7 @@ describe('isActionTypeEnabled', () => {
test('returns false when the actionType is not in the enabled list', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['foo'],
};
expect(getActionsConfigurationUtilities(config).isActionTypeEnabled('bar')).toEqual(false);
@ -198,7 +186,7 @@ describe('isActionTypeEnabled', () => {
test('returns true when the actionType is in the enabled list', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['ignore', 'foo'],
};
expect(getActionsConfigurationUtilities(config).isActionTypeEnabled('foo')).toEqual(true);
@ -209,7 +197,7 @@ describe('ensureActionTypeEnabled', () => {
test('does not throw when any actionType is allowed', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['ignore', EnabledActionTypes.Any],
};
expect(getActionsConfigurationUtilities(config).ensureActionTypeEnabled('foo')).toBeUndefined();
@ -227,7 +215,7 @@ describe('ensureActionTypeEnabled', () => {
test('throws when actionType is not enabled', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['ignore'],
};
expect(() =>
@ -240,7 +228,7 @@ describe('ensureActionTypeEnabled', () => {
test('does not throw when actionType is enabled', () => {
const config: ActionsConfigType = {
enabled: false,
whitelistedHosts: [],
allowedHosts: [],
enabledActionTypes: ['ignore', 'foo'],
};
expect(getActionsConfigurationUtilities(config).ensureActionTypeEnabled('foo')).toBeUndefined();

50
x-pack/plugins/actions/server/actions_config.ts
View file

@ -13,7 +13,7 @@ import { pipe } from 'fp-ts/lib/pipeable';
import { ActionsConfigType } from './types';
import { ActionTypeDisabledError } from './lib';
export enum WhitelistedHosts {
export enum AllowedHosts {
Any = '*',
}
@ -21,24 +21,24 @@ export enum EnabledActionTypes {
Any = '*',
}
enum WhitelistingField {
enum AllowListingField {
url = 'url',
hostname = 'hostname',
}
export interface ActionsConfigurationUtilities {
isWhitelistedHostname: (hostname: string) => boolean;
isWhitelistedUri: (uri: string) => boolean;
isHostnameAllowed: (hostname: string) => boolean;
isUriAllowed: (uri: string) => boolean;
isActionTypeEnabled: (actionType: string) => boolean;
ensureWhitelistedHostname: (hostname: string) => void;
ensureWhitelistedUri: (uri: string) => void;
ensureHostnameAllowed: (hostname: string) => void;
ensureUriAllowed: (uri: string) => void;
ensureActionTypeEnabled: (actionType: string) => void;
}
function whitelistingErrorMessage(field: WhitelistingField, value: string) {
return i18n.translate('xpack.actions.urlWhitelistConfigurationError', {
function allowListErrorMessage(field: AllowListingField, value: string) {
return i18n.translate('xpack.actions.urlAllowedHostsConfigurationError', {
defaultMessage:
'target {field} "{value}" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'target {field} "{value}" is not added to the Kibana config xpack.actions.allowedHosts',
values: {
value,
field,
@ -56,18 +56,18 @@ function disabledActionTypeErrorMessage(actionType: string) {
});
}
function isWhitelisted({ whitelistedHosts }: ActionsConfigType, hostname: string): boolean {
const whitelisted = new Set(whitelistedHosts);
if (whitelisted.has(WhitelistedHosts.Any)) return true;
if (whitelisted.has(hostname)) return true;
function isAllowed({ allowedHosts }: ActionsConfigType, hostname: string): boolean {
const allowed = new Set(allowedHosts);
if (allowed.has(AllowedHosts.Any)) return true;
if (allowed.has(hostname)) return true;
return false;
}
function isWhitelistedHostnameInUri(config: ActionsConfigType, uri: string): boolean {
function isHostnameAllowedInUri(config: ActionsConfigType, uri: string): boolean {
return pipe(
tryCatch(() => new URL(uri)),
map((url) => url.hostname),
mapNullable((hostname) => isWhitelisted(config, hostname)),
mapNullable((hostname) => isAllowed(config, hostname)),
getOrElse<boolean>(() => false)
);
}
@ -85,21 +85,21 @@ function isActionTypeEnabledInConfig(
export function getActionsConfigurationUtilities(
config: ActionsConfigType
): ActionsConfigurationUtilities {
const isWhitelistedHostname = curry(isWhitelisted)(config);
const isWhitelistedUri = curry(isWhitelistedHostnameInUri)(config);
const isHostnameAllowed = curry(isAllowed)(config);
const isUriAllowed = curry(isHostnameAllowedInUri)(config);
const isActionTypeEnabled = curry(isActionTypeEnabledInConfig)(config);
return {
isWhitelistedHostname,
isWhitelistedUri,
isHostnameAllowed,
isUriAllowed,
isActionTypeEnabled,
ensureWhitelistedUri(uri: string) {
if (!isWhitelistedUri(uri)) {
throw new Error(whitelistingErrorMessage(WhitelistingField.url, uri));
ensureUriAllowed(uri: string) {
if (!isUriAllowed(uri)) {
throw new Error(allowListErrorMessage(AllowListingField.url, uri));
}
},
ensureWhitelistedHostname(hostname: string) {
if (!isWhitelistedHostname(hostname)) {
throw new Error(whitelistingErrorMessage(WhitelistingField.hostname, hostname));
ensureHostnameAllowed(hostname: string) {
if (!isHostnameAllowed(hostname)) {
throw new Error(allowListErrorMessage(AllowListingField.hostname, hostname));
}
},
ensureActionTypeEnabled(actionType: string) {

6
x-pack/plugins/actions/server/builtin_action_types/case/validators.ts
View file

@ -23,9 +23,9 @@ export const validateCommonConfig = (
return i18n.MAPPING_EMPTY;
}
configurationUtilities.ensureWhitelistedUri(configObject.apiUrl);
} catch (whitelistError) {
return i18n.WHITE_LISTED_ERROR(whitelistError.message);
configurationUtilities.ensureUriAllowed(configObject.apiUrl);
} catch (allowListError) {
return i18n.WHITE_LISTED_ERROR(allowListError.message);
}
};

34
x-pack/plugins/actions/server/builtin_action_types/email.test.ts
View file

@ -121,56 +121,56 @@ describe('config validation', () => {
const NODEMAILER_AOL_SERVICE = 'AOL';
const NODEMAILER_AOL_SERVICE_HOST = 'smtp.aol.com';
test('config validation handles email host whitelisting', () => {
test('config validation handles email host in allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
isWhitelistedHostname: (hostname) => hostname === NODEMAILER_AOL_SERVICE_HOST,
isHostnameAllowed: (hostname) => hostname === NODEMAILER_AOL_SERVICE_HOST,
},
});
const baseConfig = {
from: 'bob@example.com',
};
const whitelistedConfig1 = {
const allowedHosts1 = {
...baseConfig,
service: NODEMAILER_AOL_SERVICE,
};
const whitelistedConfig2 = {
const allowedHosts2 = {
...baseConfig,
host: NODEMAILER_AOL_SERVICE_HOST,
port: 42,
};
const notWhitelistedConfig1 = {
const notAllowedHosts1 = {
...baseConfig,
service: 'gmail',
};
const notWhitelistedConfig2 = {
const notAllowedHosts2 = {
...baseConfig,
host: 'smtp.gmail.com',
port: 42,
};
const validatedConfig1 = validateConfig(actionType, whitelistedConfig1);
expect(validatedConfig1.service).toEqual(whitelistedConfig1.service);
expect(validatedConfig1.from).toEqual(whitelistedConfig1.from);
const validatedConfig1 = validateConfig(actionType, allowedHosts1);
expect(validatedConfig1.service).toEqual(allowedHosts1.service);
expect(validatedConfig1.from).toEqual(allowedHosts1.from);
const validatedConfig2 = validateConfig(actionType, whitelistedConfig2);
expect(validatedConfig2.host).toEqual(whitelistedConfig2.host);
expect(validatedConfig2.port).toEqual(whitelistedConfig2.port);
expect(validatedConfig2.from).toEqual(whitelistedConfig2.from);
const validatedConfig2 = validateConfig(actionType, allowedHosts2);
expect(validatedConfig2.host).toEqual(allowedHosts2.host);
expect(validatedConfig2.port).toEqual(allowedHosts2.port);
expect(validatedConfig2.from).toEqual(allowedHosts2.from);
expect(() => {
validateConfig(actionType, notWhitelistedConfig1);
validateConfig(actionType, notAllowedHosts1);
}).toThrowErrorMatchingInlineSnapshot(
`"error validating action type config: [service] value 'gmail' resolves to host 'smtp.gmail.com' which is not in the whitelistedHosts configuration"`
`"error validating action type config: [service] value 'gmail' resolves to host 'smtp.gmail.com' which is not in the allowedHosts configuration"`
);
expect(() => {
validateConfig(actionType, notWhitelistedConfig2);
validateConfig(actionType, notAllowedHosts2);
}).toThrowErrorMatchingInlineSnapshot(
`"error validating action type config: [host] value 'smtp.gmail.com' is not in the whitelistedHosts configuration"`
`"error validating action type config: [host] value 'smtp.gmail.com' is not in the allowedHosts configuration"`
);
});
});

8
x-pack/plugins/actions/server/builtin_action_types/email.ts
View file

@ -66,16 +66,16 @@ function validateConfig(
return '[port] is required if [service] is not provided';
}
if (!configurationUtilities.isWhitelistedHostname(config.host)) {
return `[host] value '${config.host}' is not in the whitelistedHosts configuration`;
if (!configurationUtilities.isHostnameAllowed(config.host)) {
return `[host] value '${config.host}' is not in the allowedHosts configuration`;
}
} else {
const host = getServiceNameHost(config.service);
if (host == null) {
return `[service] value '${config.service}' is not valid`;
}
if (!configurationUtilities.isWhitelistedHostname(host)) {
return `[service] value '${config.service}' resolves to host '${host}' which is not in the whitelistedHosts configuration`;
if (!configurationUtilities.isHostnameAllowed(host)) {
return `[service] value '${config.service}' resolves to host '${host}' which is not in the allowedHosts configuration`;
}
}
}

12
x-pack/plugins/actions/server/builtin_action_types/pagerduty.test.ts
View file

@ -64,12 +64,12 @@ describe('validateConfig()', () => {
);
});
test('should validate and pass when the pagerduty url is whitelisted', () => {
test('should validate and pass when the pagerduty url is added to allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
ensureWhitelistedUri: (url) => {
ensureUriAllowed: (url) => {
expect(url).toEqual('https://events.pagerduty.com/v2/enqueue');
},
},
@ -80,13 +80,13 @@ describe('validateConfig()', () => {
).toEqual({ apiUrl: 'https://events.pagerduty.com/v2/enqueue' });
});
test('config validation returns an error if the specified URL isnt whitelisted', () => {
test('config validation returns an error if the specified URL isnt added to allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
ensureWhitelistedUri: (_) => {
throw new Error(`target url is not whitelisted`);
ensureUriAllowed: (_) => {
throw new Error(`target url is not added to allowedHosts`);
},
},
});
@ -94,7 +94,7 @@ describe('validateConfig()', () => {
expect(() => {
validateConfig(actionType, { apiUrl: 'https://events.pagerduty.com/v2/enqueue' });
}).toThrowErrorMatchingInlineSnapshot(
`"error validating action type config: error configuring pagerduty action: target url is not whitelisted"`
`"error validating action type config: error configuring pagerduty action: target url is not added to allowedHosts"`
);
});
});

6
x-pack/plugins/actions/server/builtin_action_types/pagerduty.ts
View file

@ -135,12 +135,12 @@ function valdiateActionTypeConfig(
configObject: ActionTypeConfigType
) {
try {
configurationUtilities.ensureWhitelistedUri(getPagerDutyApiUrl(configObject));
} catch (whitelistError) {
configurationUtilities.ensureUriAllowed(getPagerDutyApiUrl(configObject));
} catch (allowListError) {
return i18n.translate('xpack.actions.builtin.pagerduty.pagerdutyConfigurationError', {
defaultMessage: 'error configuring pagerduty action: {message}',
values: {
message: whitelistError.message,
message: allowListError.message,
},
});
}

6
x-pack/plugins/actions/server/builtin_action_types/servicenow/validators.ts
View file

@ -26,9 +26,9 @@ export const validateCommonConfig = (
}
try {
configurationUtilities.ensureWhitelistedUri(configObject.apiUrl);
} catch (whitelistError) {
return i18n.WHITE_LISTED_ERROR(whitelistError.message);
configurationUtilities.ensureUriAllowed(configObject.apiUrl);
} catch (allowListError) {
return i18n.WHITE_LISTED_ERROR(allowListError.message);
}
};

12
x-pack/plugins/actions/server/builtin_action_types/slack.test.ts
View file

@ -96,12 +96,12 @@ describe('validateActionTypeSecrets()', () => {
);
});
test('should validate and pass when the slack webhookUrl is whitelisted', () => {
test('should validate and pass when the slack webhookUrl is added to allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
ensureWhitelistedUri: (url) => {
ensureUriAllowed: (url) => {
expect(url).toEqual('https://api.slack.com/');
},
},
@ -112,13 +112,13 @@ describe('validateActionTypeSecrets()', () => {
});
});
test('config validation returns an error if the specified URL isnt whitelisted', () => {
test('config validation returns an error if the specified URL isnt added to allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
ensureWhitelistedHostname: () => {
throw new Error(`target hostname is not whitelisted`);
ensureHostnameAllowed: () => {
throw new Error(`target hostname is not added to allowedHosts`);
},
},
});
@ -126,7 +126,7 @@ describe('validateActionTypeSecrets()', () => {
expect(() => {
validateSecrets(actionType, { webhookUrl: 'https://api.slack.com/' });
}).toThrowErrorMatchingInlineSnapshot(
`"error validating action type secrets: error configuring slack action: target hostname is not whitelisted"`
`"error validating action type secrets: error configuring slack action: target hostname is not added to allowedHosts"`
);
});
});

6
x-pack/plugins/actions/server/builtin_action_types/slack.ts
View file

@ -91,12 +91,12 @@ function valdiateActionTypeConfig(
}
try {
configurationUtilities.ensureWhitelistedHostname(url.hostname);
} catch (whitelistError) {
configurationUtilities.ensureHostnameAllowed(url.hostname);
} catch (allowListError) {
return i18n.translate('xpack.actions.builtin.slack.slackConfigurationError', {
defaultMessage: 'error configuring slack action: {message}',
values: {
message: whitelistError.message,
message: allowListError.message,
},
});
}

10
x-pack/plugins/actions/server/builtin_action_types/webhook.test.ts
View file

@ -176,7 +176,7 @@ describe('config validation', () => {
`);
});
test('config validation passes when kibana config whitelists the url', () => {
test('config validation passes when kibana config url does not present in allowedHosts', () => {
// any for testing
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const config: Record<string, any> = {
@ -192,13 +192,13 @@ describe('config validation', () => {
});
});
test('config validation returns an error if the specified URL isnt whitelisted', () => {
test('config validation returns an error if the specified URL isnt added to allowedHosts', () => {
actionType = getActionType({
logger: mockedLogger,
configurationUtilities: {
...actionsConfigMock.create(),
ensureWhitelistedUri: (_) => {
throw new Error(`target url is not whitelisted`);
ensureUriAllowed: (_) => {
throw new Error(`target url is not present in allowedHosts`);
},
},
});
@ -215,7 +215,7 @@ describe('config validation', () => {
expect(() => {
validateConfig(actionType, config);
}).toThrowErrorMatchingInlineSnapshot(
`"error validating action type config: error configuring webhook action: target url is not whitelisted"`
`"error validating action type config: error configuring webhook action: target url is not present in allowedHosts"`
);
});
});

6
x-pack/plugins/actions/server/builtin_action_types/webhook.ts
View file

@ -111,12 +111,12 @@ function validateActionTypeConfig(
}
try {
configurationUtilities.ensureWhitelistedUri(url.toString());
} catch (whitelistError) {
configurationUtilities.ensureUriAllowed(url.toString());
} catch (allowListError) {
return i18n.translate('xpack.actions.builtin.webhook.webhookConfigurationError', {
defaultMessage: 'error configuring webhook action: {message}',
values: {
message: whitelistError.message,
message: allowListError.message,
},
});
}

12
x-pack/plugins/actions/server/config.test.ts
View file

@ -10,15 +10,15 @@ describe('config validation', () => {
const config: Record<string, unknown> = {};
expect(configSchema.validate(config)).toMatchInlineSnapshot(`
Object {
"allowedHosts": Array [
"*",
],
"enabled": true,
"enabledActionTypes": Array [
"*",
],
"preconfigured": Object {},
"rejectUnauthorizedCertificates": true,
"whitelistedHosts": Array [
"*",
],
}
`);
});
@ -38,6 +38,9 @@ describe('config validation', () => {
};
expect(configSchema.validate(config)).toMatchInlineSnapshot(`
Object {
"allowedHosts": Array [
"*",
],
"enabled": true,
"enabledActionTypes": Array [
"*",
@ -53,9 +56,6 @@ describe('config validation', () => {
},
},
"rejectUnauthorizedCertificates": false,
"whitelistedHosts": Array [
"*",
],
}
`);
});

10
x-pack/plugins/actions/server/config.ts
View file

@ -5,7 +5,7 @@
*/
import { schema, TypeOf } from '@kbn/config-schema';
import { WhitelistedHosts, EnabledActionTypes } from './actions_config';
import { AllowedHosts, EnabledActionTypes } from './actions_config';
const preconfiguredActionSchema = schema.object({
name: schema.string({ minLength: 1 }),
@ -16,16 +16,16 @@ const preconfiguredActionSchema = schema.object({
export const configSchema = schema.object({
enabled: schema.boolean({ defaultValue: true }),
whitelistedHosts: schema.arrayOf(
schema.oneOf([schema.string({ hostname: true }), schema.literal(WhitelistedHosts.Any)]),
allowedHosts: schema.arrayOf(
schema.oneOf([schema.string({ hostname: true }), schema.literal(AllowedHosts.Any)]),
{
defaultValue: [WhitelistedHosts.Any],
defaultValue: [AllowedHosts.Any],
}
),
enabledActionTypes: schema.arrayOf(
schema.oneOf([schema.string(), schema.literal(EnabledActionTypes.Any)]),
{
defaultValue: [WhitelistedHosts.Any],
defaultValue: [AllowedHosts.Any],
}
),
preconfigured: schema.recordOf(schema.string(), preconfiguredActionSchema, {

4
x-pack/plugins/actions/server/plugin.test.ts
View file

@ -32,7 +32,7 @@ describe('Actions Plugin', () => {
context = coreMock.createPluginInitializerContext<ActionsConfig>({
enabled: true,
enabledActionTypes: ['*'],
whitelistedHosts: ['*'],
allowedHosts: ['*'],
preconfigured: {},
rejectUnauthorizedCertificates: true,
});
@ -186,7 +186,7 @@ describe('Actions Plugin', () => {
const context = coreMock.createPluginInitializerContext<ActionsConfig>({
enabled: true,
enabledActionTypes: ['*'],
whitelistedHosts: ['*'],
allowedHosts: ['*'],
preconfigured: {
preconfiguredServerLog: {
actionTypeId: '.server-log',

6
x-pack/plugins/actions/server/types.ts
View file

@ -47,7 +47,7 @@ export interface ActionsPlugin {
export interface ActionsConfigType {
enabled: boolean;
whitelistedHosts: string[];
allowedHosts: string[];
enabledActionTypes: string[];
}
@ -100,8 +100,8 @@ interface ValidatorType<Type> {
}
export interface ActionValidationService {
isWhitelistedHostname(hostname: string): boolean;
isWhitelistedUri(uri: string): boolean;
isHostnameAllowed(hostname: string): boolean;
isUriAllowed(uri: string): boolean;
}
export interface ActionType<

2
x-pack/plugins/translations/translations/ja-JP.json
View file

@ -4599,7 +4599,7 @@
"xpack.actions.serverSideErrors.predefinedActionUpdateDisabled": "あらかじめ構成されたアクション{id}は更新できません。",
"xpack.actions.serverSideErrors.unavailableLicenseErrorMessage": "現時点でライセンス情報を入手できないため、アクションタイプ {actionTypeId} は無効です。",
"xpack.actions.serverSideErrors.unavailableLicenseInformationErrorMessage": "グラフを利用できません。現在ライセンス情報が利用できません。",
"xpack.actions.urlWhitelistConfigurationError": "target {field} \"{value}\" は Kibana 構成 xpack.actions.whitelistedHosts にはホワイトリスト化されていません。",
"xpack.actions.urlAllowedHostsConfigurationError": "target {field} \"{value}\" は Kibana 構成 xpack.actions.allowedHosts にはホワイトリスト化されていません。",
"xpack.alertingBuiltins.indexThreshold.actionGroupThresholdMetTitle": "しきい値一致",
"xpack.alertingBuiltins.indexThreshold.actionVariableContextDateLabel": "アラートがしきい値を超えた日付。",
"xpack.alertingBuiltins.indexThreshold.actionVariableContextGroupLabel": "しきい値を超えたグループ。",

2
x-pack/plugins/translations/translations/zh-CN.json
View file

@ -4600,7 +4600,7 @@
"xpack.actions.serverSideErrors.predefinedActionUpdateDisabled": "不允许更新预配置的操作 {id}。",
"xpack.actions.serverSideErrors.unavailableLicenseErrorMessage": "操作类型 {actionTypeId} 已禁用,因为许可证信息当前不可用。",
"xpack.actions.serverSideErrors.unavailableLicenseInformationErrorMessage": "操作不可用 - 许可信息当前不可用。",
"xpack.actions.urlWhitelistConfigurationError": "目标 {field}“{value}”在 Kibana 配置 xpack.actions.whitelistedHosts 中未列入白名单",
"xpack.actions.urlAllowedHostsConfigurationError": "目标 {field}“{value}”在 Kibana 配置 xpack.actions.allowedHosts 中未列入白名单",
"xpack.alertingBuiltins.indexThreshold.actionGroupThresholdMetTitle": "阈值已达到",
"xpack.alertingBuiltins.indexThreshold.actionVariableContextDateLabel": "告警超过阈值的日期。",
"xpack.alertingBuiltins.indexThreshold.actionVariableContextGroupLabel": "超过阈值的组。",

5
x-pack/test/alerting_api_integration/common/config.ts
View file

@ -85,10 +85,7 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
...xPackApiIntegrationTestsConfig.get('kbnTestServer'),
serverArgs: [
...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
`--xpack.actions.whitelistedHosts=${JSON.stringify([
'localhost',
'some.non.existent.com',
])}`,
`--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
'--xpack.encryptedSavedObjects.encryptionKey="wuGNaIhoMpk5sO4UBxgr3NyW1sFcLgIf"',
`--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
...actionsProxyUrl,

14
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/email.ts
View file

@ -153,7 +153,7 @@ export default function emailTest({ getService }: FtrProviderContext) {
});
});
it('should respond with a 400 Bad Request when creating an email action with non-whitelisted server', async () => {
it('should respond with a 400 Bad Request when creating an email action with a server not added to allowedHosts', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -161,7 +161,7 @@ export default function emailTest({ getService }: FtrProviderContext) {
name: 'An email action',
actionTypeId: '.email',
config: {
service: 'gmail', // not whitelisted in the config for this test
service: 'gmail', // not added to allowedHosts in the config for this test
from: 'bob@example.com',
},
secrets: {
@ -175,7 +175,7 @@ export default function emailTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
"error validating action type config: [service] value 'gmail' resolves to host 'smtp.gmail.com' which is not in the whitelistedHosts configuration",
"error validating action type config: [service] value 'gmail' resolves to host 'smtp.gmail.com' which is not in the allowedHosts configuration",
});
});
@ -186,7 +186,7 @@ export default function emailTest({ getService }: FtrProviderContext) {
name: 'An email action',
actionTypeId: '.email',
config: {
host: 'stmp.gmail.com', // not whitelisted in the config for this test
host: 'stmp.gmail.com', // not added to allowedHosts in the config for this test
port: 666,
from: 'bob@example.com',
},
@ -201,12 +201,12 @@ export default function emailTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
"error validating action type config: [host] value 'stmp.gmail.com' is not in the whitelistedHosts configuration",
"error validating action type config: [host] value 'stmp.gmail.com' is not in the allowedHosts configuration",
});
});
});
it('should handle creating an email action with a whitelisted server', async () => {
it('should handle creating an email action with a server added to allowedHosts', async () => {
const { body: createdAction } = await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -214,7 +214,7 @@ export default function emailTest({ getService }: FtrProviderContext) {
name: 'An email action',
actionTypeId: '.email',
config: {
host: 'some.non.existent.com', // whitelisted in the config for this test
host: 'some.non.existent.com', // added to allowedHosts in the config for this test
port: 666,
from: 'bob@example.com',
},

4
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/jira.ts
View file

@ -176,7 +176,7 @@ export default function jiraTest({ getService }: FtrProviderContext) {
});
});
it('should respond with a 400 Bad Request when creating a jira action with a non whitelisted apiUrl', async () => {
it('should respond with a 400 Bad Request when creating a jira action with a not present in allowedHosts apiUrl', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -196,7 +196,7 @@ export default function jiraTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
'error validating action type config: error configuring connector action: target url "http://jira.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'error validating action type config: error configuring connector action: target url "http://jira.mynonexistent.com" is not added to the Kibana config xpack.actions.allowedHosts',
});
});
});

4
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/pagerduty.ts
View file

@ -106,7 +106,7 @@ export default function pagerdutyTest({ getService }: FtrProviderContext) {
});
});
it('should return unsuccessfully when default pagerduty url is not whitelisted', async () => {
it('should return unsuccessfully when default pagerduty url is not present in allowedHosts', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -121,7 +121,7 @@ export default function pagerdutyTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
'error validating action type config: error configuring pagerduty action: target url "https://events.pagerduty.com/v2/enqueue" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'error validating action type config: error configuring pagerduty action: target url "https://events.pagerduty.com/v2/enqueue" is not added to the Kibana config xpack.actions.allowedHosts',
});
});
});

4
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/resilient.ts
View file

@ -175,7 +175,7 @@ export default function resilientTest({ getService }: FtrProviderContext) {
});
});
it('should respond with a 400 Bad Request when creating a ibm resilient action with a non whitelisted apiUrl', async () => {
it('should respond with a 400 Bad Request when creating a ibm resilient action with a not present in allowedHosts apiUrl', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -195,7 +195,7 @@ export default function resilientTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
'error validating action type config: error configuring connector action: target url "http://resilient.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'error validating action type config: error configuring connector action: target url "http://resilient.mynonexistent.com" is not added to the Kibana config xpack.actions.allowedHosts',
});
});
});

4
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/servicenow.ts
View file

@ -157,7 +157,7 @@ export default function servicenowTest({ getService }: FtrProviderContext) {
});
});
it('should respond with a 400 Bad Request when creating a servicenow action with a non whitelisted apiUrl', async () => {
it('should respond with a 400 Bad Request when creating a servicenow action with a not present in allowedHosts apiUrl', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -177,7 +177,7 @@ export default function servicenowTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
'error validating action type config: error configuring connector action: target url "http://servicenow.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'error validating action type config: error configuring connector action: target url "http://servicenow.mynonexistent.com" is not added to the Kibana config xpack.actions.allowedHosts',
});
});
});

4
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/slack.ts
View file

@ -94,7 +94,7 @@ export default function slackTest({ getService }: FtrProviderContext) {
});
});
it('should respond with a 400 Bad Request when creating a slack action with a non whitelisted webhookUrl', async () => {
it('should respond with a 400 Bad Request when creating a slack action with not present in allowedHosts webhookUrl', async () => {
await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'foo')
@ -111,7 +111,7 @@ export default function slackTest({ getService }: FtrProviderContext) {
statusCode: 400,
error: 'Bad Request',
message:
'error validating action type secrets: error configuring slack action: target hostname "slack.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
'error validating action type secrets: error configuring slack action: target hostname "slack.mynonexistent.com" is not added to the Kibana config xpack.actions.allowedHosts',
});
});
});

6
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/webhook.ts
View file

@ -191,7 +191,7 @@ export default function webhookTest({ getService }: FtrProviderContext) {
expect(result.status).to.eql('ok');
});
it('should handle target webhooks that are not whitelisted', async () => {
it('should handle target webhooks that are not added to allowedHosts', async () => {
const { body: result } = await supertest
.post('/api/actions/action')
.set('kbn-xsrf', 'test')
@ -203,13 +203,13 @@ export default function webhookTest({ getService }: FtrProviderContext) {
password: 'mypassphrase',
},
config: {
url: 'http://a.none.whitelisted.webhook/endpoint',
url: 'http://a.none.allowedHosts.webhook/endpoint',
},
})
.expect(400);
expect(result.error).to.eql('Bad Request');
expect(result.message).to.match(/is not whitelisted in the Kibana config/);
expect(result.message).to.match(/is not added to the Kibana config/);
});
it('should handle unreachable webhook targets', async () => {

2
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts
View file

@ -344,7 +344,7 @@ export default function ({ getService }: FtrProviderContext) {
actionTypeId: '.email',
config: {
from: 'email-from-1@example.com',
// this host is specifically whitelisted in:
// this host is specifically added to allowedHosts in:
// x-pack/test/alerting_api_integration/common/config.ts
host: 'some.non.existent.com',
port: 666,

5
x-pack/test/case_api_integration/common/config.ts
View file

@ -74,10 +74,7 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
...xPackApiIntegrationTestsConfig.get('kbnTestServer'),
serverArgs: [
...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
`--xpack.actions.whitelistedHosts=${JSON.stringify([
'localhost',
'some.non.existent.com',
])}`,
`--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
`--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
'--xpack.eventLog.logEntries=true',
...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),

5
x-pack/test/detection_engine_api_integration/common/config.ts
View file

@ -67,10 +67,7 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
...xPackApiIntegrationTestsConfig.get('kbnTestServer'),
serverArgs: [
...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
`--xpack.actions.whitelistedHosts=${JSON.stringify([
'localhost',
'some.non.existent.com',
])}`,
`--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
`--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
'--xpack.eventLog.logEntries=true',
...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),