Unauthorized route migration for routes owned by security-defend-work…

…flows (#198375) ### Authz API migration for unauthorized routes Fix unauthorized routes
elastic · Nov 18, 2024 · dbab221 · dbab221
1 parent 020acbe
commit dbab221
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts b/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
@@ -31,6 +31,13 @@ export const createLiveQueryRoute = (router: IRouter, osqueryContext: OsqueryApp
     .addVersion(
       {
         version: API_VERSIONS.public.v1,
+        security: {
+          authz: {
+            enabled: false,
+            reason:
+              'We do the check for 2 different scenarios below (const isInvalid): writeLiveQueries and runSavedQueries with saved_query_id, or pack_id',
+          },
+        },
         validate: {
           request: {
             body: buildRouteValidation<

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
@@ -83,6 +83,11 @@ export function registerEndpointRoutes(
     .addVersion(
       {
         version: '2023-10-31',
+        security: {
+          authz: {
+            requiredPrivileges: ['securitySolution'],
+          },
+        },
         validate: {
           request: GetMetadataRequestSchema,
         },

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
@@ -29,6 +29,11 @@ export function registerPolicyRoutes(
     .addVersion(
       {
         version: '2023-10-31',
+        security: {
+          authz: {
+            requiredPrivileges: ['securitySolution'],
+          },
+        },
         validate: {
           request: GetPolicyResponseSchema,
         },

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver.ts
@@ -35,6 +35,11 @@ export const registerResolverRoutes = (
   router.post(
     {
       path: '/api/endpoint/resolver/tree',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       validate: validateTree,
       options: { authRequired: true },
     },
@@ -44,6 +49,11 @@ export const registerResolverRoutes = (
   router.post(
     {
       path: '/api/endpoint/resolver/events',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       validate: validateEvents,
       options: { authRequired: true },
     },
@@ -56,6 +66,11 @@ export const registerResolverRoutes = (
   router.get(
     {
       path: '/api/endpoint/resolver/entity',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       validate: validateEntities,
       options: { authRequired: true },
     },