Closed Bug 943465 Opened 11 years ago Closed 11 years ago

esFrontLine does not filter paths strict enough

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: st3fan, Assigned: ekyle)

References

Details

Stefan Arentz | :st3fan | ⏰ EST | he/him

Reporter

Description

•

11 years ago

The filter() function is not strict enough. The expected behaviour is that it should only allow queries on the public indexes. Instead the following requests were possible. It is very possible that many more different kind of requests also fall through. curl --silent --compressed -XGET http://klahnakoski-es.corp.tor1.mozilla.com:9292/_cluster/nodes/_local | python -mjson.tool { "cluster_name": "scl3_prd_cluster02", "nodes": { "02-smVwRTratkF05cicBVw": { "hostname": "elasticsearch4.metrics.scl3.mozilla.com", "http_address": "inet[/10.22.27.71:9200]", "name": "Radd, Norrin", "transport_address": "inet[/10.22.27.71:9300]" } }, "ok": true } curl --silent --compressed -XGET http://klahnakoski-es.corp.tor1.mozilla.com:9292/_cluster/nodes/stats | python -mjson.tool { "cluster_name": "scl3_prd_cluster02", "nodes": { "02-smVwRTratkF05cicBVw": { "hostname": "elasticsearch4.metrics.scl3.mozilla.com", ...

Kyle Lahnakoski [:ekyle]

Assignee

Comment 1

•

11 years ago

fix https://github.com/klahnakoski/esFrontLine/commit/8902cdf3bbf8493cc2f33fe2c06df23766c0f981#diff-667b2537b691f14fe7ce43cf17bc2bfdL101 specific test https://github.com/klahnakoski/esFrontLine/commit/8902cdf3bbf8493cc2f33fe2c06df23766c0f981#diff-4f1490608dfd64f043e4585063a302bdR14

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

esFrontLine does not filter paths strict enough

Categories

(Testing :: General, defect)

Tracking

(Not tracked)

People

(Reporter: st3fan, Assigned: ekyle)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1