[alerting] encode rule/connector ids in http requests made from alerting UI #97854
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ing UI resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
pmuellr
added
Feature:Alerting
release_note:skip
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 23, 2021
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 23, 2021
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
|
Starting a backport for 7.13, after feature freeze this Tuesday, since this is a pretty nasty bug that was easy to fix. Going to attempt a 7.12 backport as well, but not hopeful due to the API naming changes we made in 7.13 |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 23, 2021
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail. # Conflicts: # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.ts # x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts
|
Ya, the 7.12.2 backport will end up being a re-write of this PR from scratch, due to the API name changes and file name changes. Not clear it's worth it at this point. 7.12.2 is scheduled for May 18, 7.13.0 is scheduled for May 25. |
pmuellr
added a commit
that referenced
this pull request
Apr 23, 2021
…ing UI (#97854) (#98208) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
pmuellr
added a commit
that referenced
this pull request
Apr 23, 2021
…ing UI (#97854) (#98209) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
pmuellr
added a commit
that referenced
this pull request
Apr 26, 2021
…m alerting UI (#97854) (#98211) * [alerting] encode rule/connector ids in http requests made from alerting UI (#97854) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail. # Conflicts: # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.ts # x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts * fix merge conflicts In 7.13.0, the structure of the connector and rules API libraries in triggers_actions_ui changed, where in 7.12 they were all in a single file - one for connectors, one for rules - but in 7.13 they are split out into separate files in a directory for connectors and one for rules. To cut down on the noise, I decided to not use the `encodeURIComponent()` wrappers on rule ids, just connector ids and alert ids, since it's not possible in 7.12 to have rule ids which are not UUIDs, and so don't need the encoding. * fix prettier errors Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
|
Went ahead and fixed the 7.12 backport, with some caveats: #98211 (comment) - this should ship in 7.12.2, so added that label. |
madirey
pushed a commit
to madirey/kibana
that referenced
this pull request
May 11, 2021
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves: #97852
Summary
Adds
encodeURIComponent()wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.Checklist
Delete any items that are not applicable to this PR.
Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorialsAny UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker listThis renders correctly on smaller devices using a responsive layout. (You can test this in your browser)This was checked for cross-browser compatibilityFor maintainers
This was checked for breaking API changes and was labeled appropriately