Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx #116127

Merged
merged 3 commits into from
Oct 26, 2021
Merged

[Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx #116127

merged 3 commits into from
Oct 26, 2021

Conversation

academo
Copy link
Contributor

@academo academo commented Oct 25, 2021
edited
Loading

Summary

Adds an additional regex validation for IPV4 values on top of the ipadrs library to only accept IPV4 formated like x.x.x.x/xx or x.x.x.x

Closes #116084 #116114 and #116082

Checklist

@academo academo added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution auto-backport Deprecated - use backport:version if exact versions are needed v7.16.0 labels Oct 25, 2021
academo
academo commented Oct 25, 2021
View reviewed changes
x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/utils.ts
return true;
} catch (e) {
return ipaddr.IPv4.isValid(maybeIp);
const ipv4re = /^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$/;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

regex explanation https://regex101.com/r/UaqhDn/

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct me if I'm wrong, but this regex is going to validate an ip like this as true:
33.333.33.3
And this is wrong since 333 > 255. Is this going to be validated by the IPv4 as false?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes. the regex is merely here to perform the basics format validation, the the actual validation will be done with ipaddr which has a full logic inside to handle all possible cases.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it! Thanks! 👍

@academo academo marked this pull request as ready for review October 25, 2021 13:20
@academo academo requested a review from a team as a code owner October 25, 2021 13:20
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

This was referenced Oct 25, 2021
Closed
Closed
Closed
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.6MB 4.6MB +81.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

dasansol92
dasansol92 approved these changes Oct 26, 2021
View reviewed changes
Copy link
Contributor

@dasansol92 dasansol92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🐑 it

@academo academo merged commit d7f2029 into elastic:master Oct 26, 2021
@academo academo deleted the fix/host-isolation-exception-validation branch October 26, 2021 08:49
@kibanamachine kibanamachine mentioned this pull request Oct 26, 2021
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 26, 2021
@academo @kibanamachine
[Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx (elasti…
0623e2d 
…c#116127)
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.16

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Oct 26, 2021
@kibanamachine @academo
[Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx (#116127)…
99f4c8f 
… (#116254)

Co-authored-by: Esteban Beltran <academo@users.noreply.github.com>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 26, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into reporting/poc…
446dc6e 
…-migrate-away-from-injected-css-js

* 'master' of github.com:elastic/kibana: (347 commits)
  [Upgrade Assistant] Disable UI by default in 8.0 (elastic#115782)
  [Uptime] Added permission for new tls alert (elastic#116107)
  [APM] Optimize synthtrace (elastic#116091)
  Fix ux/apm inspector panel (elastic#116188)
  [RAC]: add experimental badge to alerts (elastic#116090)
  Unskip jest handled promise rejections (elastic#116021)
  [Lens] Improve tick placement for binary formatter (elastic#116158)
  chore: rename getApmHref to getLegacyApmHref (elastic#115689)
  [Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx (elastic#116127)
  [Fleet] Use data stream name in query to get data stream info (elastic#115805)
  [Uptime] TLS and TLS legacy alert translation mismatch (elastic#116113)
  New field for integrations field (elastic#116175)
  Set required to false until the input is not visited (elastic#116099)
  Enable interactive setup by default (elastic#116141)
  Add not ready response to interactive setup (elastic#116138)
  Hide or button if needed (elastic#116124)
  [ML] Adding datafeed api tests (elastic#116133)
  Add page title to index advanced page (elastic#116134)
  chore: rename functions in aggregated_transactions helper  (elastic#116001)
  Fix bug where number rendered as date (elastic#116224)
  ...

# Conflicts:
#	x-pack/plugins/reporting/server/lib/screenshots/observable.ts
#	x-pack/plugins/reporting/server/lib/screenshots/open_url.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dasansol92 dasansol92 dasansol92 approved these changes

@ashokaditya ashokaditya Awaiting requested review from ashokaditya ashokaditya was automatically assigned from elastic/security-onboarding-and-lifecycle-mgt

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security Solution] User is allowed to add wrong type IP in the Host Isolation Exception list.
4 participants
@academo @elasticmachine @kibanamachine @dasansol92