Closed Bug 943478 Opened 11 years ago Closed 11 years ago

esFrontLine does not whitelist allowed indexes

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: st3fan, Assigned: ekyle)

References

Details

Stefan Arentz | :st3fan | ⏰ EST | he/him

Reporter

Description

•

11 years ago

On the test instance I was able to query indexes like org_chart131126_145625, reviews131125_034647 and telemetry_agg_valid_201302.

It might be better to whitelist specific index names that are to be made publicly available.

If the public bugs index is the only index that will be hosted in ES then that may not be needed. Although I think it would be a good safeguard for accidental mistakes.

Kyle Lahnakoski [:ekyle]

Assignee

Comment 1

•

11 years ago

added whitelist checking
https://github.com/klahnakoski/esFrontLine/commit/bce133b1b12ff6792908489834ce3aa6c5afbee9#diff-4f1490608dfd64f043e4585063a302bdR31


test telemetry not allowed
https://github.com/klahnakoski/esFrontLine/commit/bce133b1b12ff6792908489834ce3aa6c5afbee9#diff-4f1490608dfd64f043e4585063a302bdR31

test bugs index is allowed
https://github.com/klahnakoski/esFrontLine/commit/bce133b1b12ff6792908489834ce3aa6c5afbee9#diff-4f1490608dfd64f043e4585063a302bdR31

added example of whitelist
https://github.com/klahnakoski/esFrontLine/commit/39d7d78f54d8c19cd140b65c23174d21a44b70fd#diff-04c6e90faac2675aa89e2176d2eec7d8R61

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

esFrontLine does not whitelist allowed indexes

Categories

(Testing :: General, defect)

Tracking

(Not tracked)

People

(Reporter: st3fan, Assigned: ekyle)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1