Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix NPE in Logfile Audit Filter (#38120) #38271

Merged

Conversation

albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented Feb 3, 2019

The culprit in #38097 is an IndicesRequest that has no indices,
but instead of request.indices() returning null or String[0]
it returned String[] {null} . This tripped the audit filter.

I have addressed this in two ways:

  1. request.indices() returning String[] {null} is treated as null
    or String[0], i.e. no indices
  2. null values among the roles and indices lists, which are
    unexpected, will never again stumble the audit filter; null values
    are treated as special values that will not match any policy,
    i.e. their events will always be printed.

Closes #38097

The culprit in elastic#38097 is an `IndicesRequest` that has no indices,
but instead of `request.indices()` returning `null` or `String[0]`
it returned `String[] {null}` . This tripped the audit filter.

I have addressed this in two ways:
1. `request.indices()` returning `String[] {null}` is treated as `null`
    or `String[0]`, i.e. no indices
2. `null` values among the roles and indices lists, which are
    unexpected, will never again stumble the audit filter; `null` values
    are treated as special values that will not match any policy,
    i.e. their events will always be printed.

Closes elastic#38097
@albertzaharovits albertzaharovits self-assigned this Feb 3, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@albertzaharovits albertzaharovits merged commit 72a36b4 into elastic:6.x Feb 3, 2019
@albertzaharovits albertzaharovits deleted the 6.7-backport-fix-bug-38097 branch February 3, 2019 11:24
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Feb 4, 2019
…round-sync-6.x

* elastic/6.x:
  Fix testRestoreIncreasesPrimaryTerms on 6.x (elastic#38314)
  SQL: Remove exceptions from Analyzer (elastic#38260) (elastic#38287)
  SQL: Move metrics tracking inside PlanExecutor (elastic#38259) (elastic#38288)
  Backport of elastic#38311: Move TokenService to seqno powered cas
  Handle scheduler exceptions (elastic#38183)
  Mute MlMigrationFullClusterRestartIT#testMigration (elastic#38316)
  6.x Backport of elastic#38278: Move ML Optimistic Concurrency Control to Seq No
  Cleanup construction of interceptors (elastic#38296)
  Throw if two inner_hits have the same name (elastic#37645) (elastic#38194)
  AsyncTwoPhaseIndexerTests race condition fixed elastic#38195 Backport#37830
  Enable SSL in reindex with security QA tests (elastic#38293)
  Ensure ILM policies run safely on leader indices  (elastic#38140)
  Introduce ssl settings to reindex from remote (elastic#38292)
  Fix ordering problem in add or renew lease test (elastic#38281)
  Mute ReplicationTrackerRetentionLeaseTests#testAddOrRenewRetentionLease (elastic#38276)
  Fix NPE in Logfile Audit Filter (elastic#38120) (elastic#38271)
  Enable trace log in FollowerFailOverIT (elastic#38148)
  SQL: Generate relevant error message when grouping functions are not used in GROUP BY (elastic#38017)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport :Security/Audit X-Pack Audit logging
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants