Add disablePrototypePoisoningProtection configuration (#2992) (#3324)

Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1a82ae3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
opensearch-project · Jan 25, 2023 · a66d91c · a66d91c
1 parent 2a8b3a7
commit a66d91c
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 0 deletions.
diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml
@@ -107,6 +107,11 @@
 # Logs queries sent to OpenSearch. Requires logging.verbose set to true.
 #opensearch.logQueries: false
 
+# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
+# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
+# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
+#opensearch.disablePrototypePoisoningProtection: false
+
 # Specifies the path where OpenSearch Dashboards creates the process ID file.
 #pid.file: /var/run/opensearchDashboards.pid
 

diff --git a/src/core/server/opensearch/client/client_config.test.ts b/src/core/server/opensearch/client/client_config.test.ts
@@ -184,6 +184,24 @@ describe('parseClientOptions', () => {
               ]
           `);
     });
+
+    it('`disablePrototypePoisoningProtection` option', () => {
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: false }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(false);
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: true }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(true);
+
+      expect(
+        parseClientOptions(createConfig({}), false).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+      expect(
+        parseClientOptions(createConfig({}), true).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+    });
   });
 
   describe('authorization', () => {

diff --git a/src/core/server/opensearch/client/client_config.ts b/src/core/server/opensearch/client/client_config.ts
@@ -52,6 +52,7 @@ export type OpenSearchClientConfig = Pick<
   | 'hosts'
   | 'username'
   | 'password'
+  | 'disablePrototypePoisoningProtection'
 > & {
   memoryCircuitBreaker?:
     | OpenSearchConfig['memoryCircuitBreaker']
@@ -115,6 +116,10 @@ export function parseClientOptions(config: OpenSearchClientConfig, scoped: boole
     );
   }
 
+  if (config.disablePrototypePoisoningProtection != null) {
+    clientOptions.disablePrototypePoisoningProtection = config.disablePrototypePoisoningProtection;
+  }
+
   return clientOptions;
 }
 

diff --git a/src/core/server/opensearch/opensearch_config.test.ts b/src/core/server/opensearch/opensearch_config.test.ts
@@ -72,6 +72,7 @@ test('set correct defaults', () => {
     OpenSearchConfig {
       "apiVersion": "7.x",
       "customHeaders": Object {},
+      "disablePrototypePoisoningProtection": undefined,
       "healthCheckDelay": "PT2.5S",
       "hosts": Array [
         "http://localhost:9200",

diff --git a/src/core/server/opensearch/opensearch_config.ts b/src/core/server/opensearch/opensearch_config.ts
@@ -142,6 +142,7 @@ export const configSchema = schema.object({
     }),
     schema.boolean({ defaultValue: false })
   ),
+  disablePrototypePoisoningProtection: schema.maybe(schema.boolean({ defaultValue: false })),
 });
 
 const deprecations: ConfigDeprecationProvider = ({ renameFromRoot, renameFromRootWithoutMap }) => [
@@ -318,6 +319,12 @@ export class OpenSearchConfig {
    */
   public readonly customHeaders: OpenSearchConfigType['customHeaders'];
 
+  /**
+   * Specifies whether the client should attempt to protect against reserved words
+   * or not.
+   */
+  public readonly disablePrototypePoisoningProtection?: boolean;
+
   constructor(rawConfig: OpenSearchConfigType) {
     this.ignoreVersionMismatch = rawConfig.ignoreVersionMismatch;
     this.apiVersion = rawConfig.apiVersion;
@@ -338,6 +345,7 @@ export class OpenSearchConfig {
     this.username = rawConfig.username;
     this.password = rawConfig.password;
     this.customHeaders = rawConfig.customHeaders;
+    this.disablePrototypePoisoningProtection = rawConfig.disablePrototypePoisoningProtection;
 
     const { alwaysPresentCertificate, verificationMode } = rawConfig.ssl;
     const { key, keyPassphrase, certificate, certificateAuthorities } = readKeyAndCerts(rawConfig);

diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/bin/opensearch-dashboards-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/bin/opensearch-dashboards-docker
@@ -50,6 +50,7 @@ opensearch_dashboards_vars=(
     opensearch.ssl.truststore.password
     opensearch.ssl.verificationMode
     opensearch.username
+    opensearch.disablePrototypePoisoningProtection
     i18n.locale
     interpreter.enableInVisualize
     opensearchDashboards.autocompleteTerminateAfter