Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper handling of special characters in elasticsearch user's password #594

Open
cllasyx opened this issue Dec 1, 2023 · 0 comments
Open

Improper handling of special characters in elasticsearch user's password #594

cllasyx opened this issue Dec 1, 2023 · 0 comments
Labels
bug Something isn't working elastalert-server please contribute

Comments

@cllasyx
Copy link

cllasyx commented Dec 1, 2023

🐛 Bug decsription

  • If user has special characters such as '#', '/', '!' and others, then elastalert-server docker container cannot handle these characters in the URL path with the status code ERR_INVALID_URL

  • praecoapp/praeco: 1.8.16

  • praecoapp/elastalert-server: 20231126

  • Error in elastalert-server:

elastalert_1  | TypeError: Invalid URL
elastalert_1  |     at new NodeError (node:internal/errors:387:5)
elastalert_1  |     at URL.onParseError (node:internal/url:565:9)
elastalert_1  |     at new URL (node:internal/url:641:5)
elastalert_1  |     at dispatchHttpRequest (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:219:20)
elastalert_1  |     at /opt/elastalert-server/node_modules/axios/lib/adapters/http.js:143:5
elastalert_1  |     at new Promise (<anonymous>)
elastalert_1  |     at wrapAsync (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:123:10)
elastalert_1  |     at http (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:161:10)
elastalert_1  |     at Axios.dispatchRequest (/opt/elastalert-server/node_modules/axios/lib/core/dispatchRequest.js:51:10)
elastalert_1  |     at Axios.request (/opt/elastalert-server/node_modules/axios/lib/core/Axios.js:146:33)
elastalert_1  |     at Axios.<computed> [as get] (/opt/elastalert-server/node_modules/axios/lib/core/Axios.js:172:17)
elastalert_1  |     at Function.get (/opt/elastalert-server/node_modules/axios/lib/helpers/bind.js:5:15)
elastalert_1  |     at getClientVersion (/opt/elastalert-server/src/common/elasticsearch_client.js:86:19)
elastalert_1  |     at metadataElastalertHandler (/opt/elastalert-server/src/handlers/metadata/get.js:101:46)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/route.js:144:13)
elastalert_1  |     at Route.dispatch (/opt/elastalert-server/node_modules/express/lib/router/route.js:114:3)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at /opt/elastalert-server/node_modules/express/lib/router/index.js:284:15
elastalert_1  |     at Function.process_params (/opt/elastalert-server/node_modules/express/lib/router/index.js:346:12)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/index.js:280:10)
elastalert_1  |     at urlencodedParser (/opt/elastalert-server/node_modules/body-parser/lib/types/urlencoded.js:91:7)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at trim_prefix (/opt/elastalert-server/node_modules/express/lib/router/index.js:328:13)
elastalert_1  |     at /opt/elastalert-server/node_modules/express/lib/router/index.js:286:9
elastalert_1  |     at Function.process_params (/opt/elastalert-server/node_modules/express/lib/router/index.js:346:12)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/index.js:280:10)
elastalert_1  |     at jsonParser (/opt/elastalert-server/node_modules/body-parser/lib/types/json.js:110:7)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at trim_prefix (/opt/elastalert-server/node_modules/express/lib/router/index.js:328:13)
elastalert_1  |     at /opt/elastalert-server/node_modules/express/lib/router/index.js:286:9
elastalert_1  |     at Function.process_params (/opt/elastalert-server/node_modules/express/lib/router/index.js:346:12)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/index.js:280:10)
elastalert_1  |     at cors (/opt/elastalert-server/node_modules/cors/lib/index.js:188:7)
elastalert_1  |     at /opt/elastalert-server/node_modules/cors/lib/index.js:224:17
elastalert_1  |     at originCallback (/opt/elastalert-server/node_modules/cors/lib/index.js:214:15)
elastalert_1  |     at /opt/elastalert-server/node_modules/cors/lib/index.js:219:13
elastalert_1  |     at optionsCallback (/opt/elastalert-server/node_modules/cors/lib/index.js:199:9)
elastalert_1  |     at corsMiddleware (/opt/elastalert-server/node_modules/cors/lib/index.js:204:7)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at trim_prefix (/opt/elastalert-server/node_modules/express/lib/router/index.js:328:13)
elastalert_1  |     at /opt/elastalert-server/node_modules/express/lib/router/index.js:286:9
elastalert_1  |     at Function.process_params (/opt/elastalert-server/node_modules/express/lib/router/index.js:346:12)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/index.js:280:10)
elastalert_1  |     at expressInit (/opt/elastalert-server/node_modules/express/lib/middleware/init.js:40:5)
elastalert_1  |     at Layer.handle [as handle_request] (/opt/elastalert-server/node_modules/express/lib/router/layer.js:95:5)
elastalert_1  |     at trim_prefix (/opt/elastalert-server/node_modules/express/lib/router/index.js:328:13)
elastalert_1  |     at /opt/elastalert-server/node_modules/express/lib/router/index.js:286:9
elastalert_1  |     at Function.process_params (/opt/elastalert-server/node_modules/express/lib/router/index.js:346:12)
elastalert_1  |     at next (/opt/elastalert-server/node_modules/express/lib/router/index.js:280:10) {
elastalert_1  |   input: 'https://elastalertuser:A#23!vsT2/@myelasticsearch.mydomain.com:9200',
elastalert_1  |   code: 'ERR_INVALID_URL'
elastalert_1  | }
elastalert_1  | TypeError: Invalid URL
elastalert_1  |     at new NodeError (node:internal/errors:387:5)
elastalert_1  |     at URL.onParseError (node:internal/url:565:9)
elastalert_1  |     at new URL (node:internal/url:641:5)
elastalert_1  |     at dispatchHttpRequest (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:219:20)
elastalert_1  |     at /opt/elastalert-server/node_modules/axios/lib/adapters/http.js:143:5
elastalert_1  |     at new Promise (<anonymous>)
elastalert_1  |     at wrapAsync (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:123:10)
elastalert_1  |     at http (/opt/elastalert-server/node_modules/axios/lib/adapters/http.js:161:10)
elastalert_1  |     at Axios.dispatchRequest (/opt/elastalert-server/node_modules/axios/lib/core/dispatchRequest.js:51:10)
elastalert_1  |     at Axios.request (/opt/elastalert-server/node_modules/axios/lib/core/Axios.js:146:33)
elastalert_1  |     at Axios.<computed> [as get] (/opt/elastalert-server/node_modules/axios/lib/core/Axios.js:172:17)
elastalert_1  |     at Function.get (/opt/elastalert-server/node_modules/axios/lib/helpers/bind.js:5:15)
elastalert_1  |     at getClientVersion (/opt/elastalert-server/src/common/elasticsearch_client.js:86:19)
elastalert_1  |     at getClient (/opt/elastalert-server/src/common/elasticsearch_client.js:169:30)
elastalert_1  |     at metadataElastalertHandler (/opt/elastalert-server/src/handlers/metadata/get.js:102:35)
elastalert_1  |     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
elastalert_1  |   input: 'https://elastalertuser:A#23!vsT2/@myelasticsearch.mydomain.com:9200',
elastalert_1  |   code: 'ERR_INVALID_URL'
elastalert_1  | }
elastalert_1  | TypeError: Cannot read properties of undefined (reading 'search')
elastalert_1  |     at metadataElastalertHandler (/opt/elastalert-server/src/handlers/metadata/get.js:154:14)
elastalert_1  |     at processTicksAndRejections (node:internal/process/task_queues:96:5)

👀 Steps to reproduce

  • praeco/config/api.config.json
{
  "appName": "elastalert-server",
  "port": 3030,
  "wsport": 3333,
  "elastalertPath": "/opt/elastalert",
  "verbose": true,
  "es_debug": true,
  "debug": false,
  "rulesPath": {
    "relative": true,
    "path": "/rules"
  },
  "templatesPath": {
    "relative": true,
    "path": "/rule_templates"
  },
  "dataPath": {
    "relative": true,
    "path": "/server_data"
  },
  "es_host": "myelasticsearch.mydomain.com",
  "es_port": 9200,
  "es_username": "elastalertuser",
  "es_password": "A#23!vsT2/",
  "es_ssl": true,
  "ea_verify_certs": true,
  "es_ca_certs": "/opt/elastalert-server/config/CA.pem",
  "writeback_index": "elastalert_status"
}
  • praeco/config/elastalert.yaml
es_host: myelasticsearch.mydomain.com
es_port: 9200
es_username: "elastalertuser"
es_password: "A#23!vsT2/"
use_ssl: True
verify_certs: True
ca_certs: /opt/elastalert-server/config/CA.pem

rules_folder: rules

run_every:
  seconds: 60

buffer_time:
  minutes: 1

writeback_index: elastalert_status

alert_time_limit:
  days: 2

skip_invalid: True
  • /praeco/docker-compose.yml
version: '3'

services:
  elastalert:
    image: 'praecoapp/elastalert-server:latest'
    ports:
      - 3030:3030
      - 3333:3333
    volumes:
      - ./config/elastalert.yaml:/opt/elastalert/config.yaml
      - ./config/api.config.json:/opt/elastalert-server/config/config.json
      - ./rules:/opt/elastalert/rules
      - ./rule_templates:/opt/elastalert/rule_templates
      - ./certs/CA.pem:/opt/elastalert-server/config/CA.pem
    tty: true

  webapp:
    image: 'praecoapp/praeco:latest'
    ports:
      - 8080:8080
    volumes:
      - ./public/praeco.config.json:/var/www/html/praeco.config.json
      - ./nginx_config/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx_config/default.conf:/etc/nginx/conf.d/default.conf
    tty: true
  1. Configure elastalert2 and elastalert-server with the configs above
  2. Start docker containers via docker-compose up when in the praeco folder with Dockerfile and docker-compose.yml
  3. When every container is started visit praeco web UI on port 8080
  4. The log error is produced with code ERR_INVALID_URL

🆗 Expected behavior

Be able to include special characters in user's password. Karql's elastalert2-server works without problems with the same password.
@cllasyx cllasyx added the bug Something isn't working label Dec 1, 2023
@nsano-rururu nsano-rururu added please contribute api Requires api changes labels Dec 1, 2023
@nsano-rururu nsano-rururu added this to the 1.8.17 milestone Dec 1, 2023
@nsano-rururu nsano-rururu removed this from the 1.8.17 milestone Dec 2, 2023
@nsano-rururu nsano-rururu added elastalert-server and removed api Requires api changes labels Dec 12, 2023
Repository owner locked and limited conversation to collaborators Apr 13, 2024
Repository owner unlocked this conversation Apr 13, 2024
@nsano-rururu nsano-rururu reopened this Apr 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working elastalert-server please contribute
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nsano-rururu @cllasyx