-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[alerting] encode rule/connector ids in http requests made from alerting UI #97854
Conversation
…ing UI resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@elasticmachine merge upstream |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
Starting a backport for 7.13, after feature freeze this Tuesday, since this is a pretty nasty bug that was easy to fix. Going to attempt a 7.12 backport as well, but not hopeful due to the API naming changes we made in 7.13 |
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail. # Conflicts: # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.ts # x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts
Ya, the 7.12.2 backport will end up being a re-write of this PR from scratch, due to the API name changes and file name changes. Not clear it's worth it at this point. 7.12.2 is scheduled for May 18, 7.13.0 is scheduled for May 25. |
…ing UI (#97854) (#98208) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
…ing UI (#97854) (#98209) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
…m alerting UI (#97854) (#98211) * [alerting] encode rule/connector ids in http requests made from alerting UI (#97854) resolves: #97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail. # Conflicts: # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/jira/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/resilient/api.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.test.ts # x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/servicenow/api.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/execute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/action_connector_api/update.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/alert_summary.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/delete.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/disable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/enable.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/get_rule.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/mute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/unmute_alert.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.test.ts # x-pack/plugins/triggers_actions_ui/public/application/lib/alert_api/update.ts # x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts * fix merge conflicts In 7.13.0, the structure of the connector and rules API libraries in triggers_actions_ui changed, where in 7.12 they were all in a single file - one for connectors, one for rules - but in 7.13 they are split out into separate files in a directory for connectors and one for rules. To cut down on the noise, I decided to not use the `encodeURIComponent()` wrappers on rule ids, just connector ids and alert ids, since it's not possible in 7.12 to have rule ids which are not UUIDs, and so don't need the encoding. * fix prettier errors Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Went ahead and fixed the 7.12 backport, with some caveats: #98211 (comment) - this should ship in 7.12.2, so added that label. |
…ing UI (elastic#97854) resolves: elastic#97852 Adds `encodeURIComponent()` wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.
resolves: #97852
Summary
Adds
encodeURIComponent()
wrappers around references to rule, alert, and connector ids. Without this fix, if an alert id (which can contain customer-generated data) contains a character that needs to be URL encoded, the resulting API call from the web UI will fail.Checklist
Delete any items that are not applicable to this PR.
Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorialsAny UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker listThis renders correctly on smaller devices using a responsive layout. (You can test this in your browser)This was checked for cross-browser compatibilityFor maintainers
This was checked for breaking API changes and was labeled appropriately