Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Add disablePrototypePoisoningProtection configuration #3324

Merged
merged 2 commits into from
Jan 25, 2023
Merged

[Backport 2.x] Add disablePrototypePoisoningProtection configuration #3324

merged 2 commits into from
Jan 25, 2023

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 1a82ae3 from #2992.

@github-actions
Add disablePrototypePoisoningProtection configuration (#2992)
c305c10 
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <[email protected]>

Signed-off-by: Kawika Avilla <[email protected]>
Co-authored-by: Anan Zhuang <[email protected]>
(cherry picked from commit 1a82ae3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
@opensearch-trigger-bot opensearch-trigger-bot bot requested a review from a team as a code owner January 25, 2023 20:26
@codecov-commenter
Copy link

codecov-commenter commented Jan 25, 2023
edited
Loading

Codecov Report

Merging #3324 (42482f7) into 2.x (2a8b3a7) will increase coverage by 0.00%.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##              2.x    #3324   +/-   ##
=======================================
  Coverage   66.55%   66.55%           
=======================================
  Files        3203     3203           
  Lines       61327    61330    +3     
  Branches     9452     9453    +1     
=======================================
+ Hits        40815    40818    +3     
  Misses      18256    18256           
  Partials     2256     2256
Flag Coverage Δ
Linux 66.49% <100.00%> (+<0.01%) ⬆️
Windows 66.50% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/core/server/opensearch/client/client_config.ts 82.22% <100.00%> (+0.82%) ⬆️
src/core/server/opensearch/opensearch_config.ts 93.58% <100.00%> (+0.08%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@kavilla kavilla added the autocut Skip the changelog verification check on backports label Jan 25, 2023
@ananzh ananzh merged commit a66d91c into 2.x Jan 25, 2023
@github-actions github-actions bot deleted the backport/backport-2992-to-2.x branch January 25, 2023 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kavilla kavilla kavilla approved these changes

@ananzh ananzh ananzh approved these changes

Assignees
No one assigned
Labels
autocut Skip the changelog verification check on backports v2.6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@codecov-commenter @kavilla @ananzh @joshuarrrr