From fef38a2a424bff6a4f048e802a20f80c3a5cf603 Mon Sep 17 00:00:00 2001 From: toepkerd <120457569+toepkerd@users.noreply.github.com> Date: Thu, 22 Feb 2024 12:51:51 -0800 Subject: [PATCH] Adding max http response string length as a setting, and capping http response string based on that setting (#861) Signed-off-by: Dennis Toepker (cherry picked from commit 8c662a675e78a9f9f32d4c7ffaa67a89ade806f6) --- .../core/client/DestinationHttpClient.kt | 4 +- .../core/setting/PluginSettings.kt | 38 +++++++++++++++++++ .../core/settings/PluginSettingsTests.kt | 30 +++++++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/client/DestinationHttpClient.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/client/DestinationHttpClient.kt index 5764f852..f85fd519 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/client/DestinationHttpClient.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/client/DestinationHttpClient.kt @@ -19,7 +19,7 @@ import org.apache.http.impl.client.CloseableHttpClient import org.apache.http.impl.client.DefaultHttpRequestRetryHandler import org.apache.http.impl.client.HttpClientBuilder import org.apache.http.impl.conn.PoolingHttpClientConnectionManager -import org.apache.http.util.EntityUtils +import org.apache.hc.core5.http.io.entity.EntityUtils import org.opensearch.common.xcontent.XContentFactory import org.opensearch.common.xcontent.XContentType import org.opensearch.notifications.core.setting.PluginSettings @@ -141,7 +141,7 @@ class DestinationHttpClient { @Throws(IOException::class) fun getResponseString(response: CloseableHttpResponse): String { val entity: HttpEntity = response.entity ?: return "{}" - val responseString = EntityUtils.toString(entity) + val responseString = EntityUtils.toString(entity, PluginSettings.maxHttpResponseSize / 2) // Java char is 2 bytes // DeliveryStatus need statusText must not be empty, convert empty response to {} return if (responseString.isNullOrEmpty()) "{}" else responseString } diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/setting/PluginSettings.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/setting/PluginSettings.kt index da03cb43..845cfb27 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/setting/PluginSettings.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/setting/PluginSettings.kt @@ -16,6 +16,7 @@ import org.opensearch.common.settings.Setting.Property.Dynamic import org.opensearch.common.settings.Setting.Property.Final import org.opensearch.common.settings.Setting.Property.NodeScope import org.opensearch.common.settings.Settings +import org.opensearch.http.HttpTransportSettings.SETTING_HTTP_MAX_CONTENT_LENGTH import org.opensearch.notifications.core.NotificationCorePlugin.Companion.LOG_PREFIX import org.opensearch.notifications.core.NotificationCorePlugin.Companion.PLUGIN_NAME import org.opensearch.notifications.core.utils.OpenForTesting @@ -81,6 +82,11 @@ internal object PluginSettings { */ private const val SOCKET_TIMEOUT_MILLISECONDS_KEY = "$HTTP_CONNECTION_KEY_PREFIX.socket_timeout" + /** + * Setting for maximum string length of HTTP response, allows protection from DoS + */ + private const val MAX_HTTP_RESPONSE_SIZE_KEY = "$KEY_PREFIX.max_http_response_size" + /** * Legacy setting for list of host deny list in Alerting */ @@ -146,6 +152,11 @@ internal object PluginSettings { */ private const val DEFAULT_SOCKET_TIMEOUT_MILLISECONDS = 50000 + /** + * Default maximum HTTP response string length + */ + private val DEFAULT_MAX_HTTP_RESPONSE_SIZE = SETTING_HTTP_MAX_CONTENT_LENGTH.getDefault(Settings.EMPTY).getBytes().toInt() + /** * Default email header length. minimum value from 100 reference emails */ @@ -222,6 +233,12 @@ internal object PluginSettings { @Volatile var socketTimeout: Int + /** + * Maximum HTTP response string length + */ + @Volatile + var maxHttpResponseSize: Int + /** * Tooltip support */ @@ -272,6 +289,7 @@ internal object PluginSettings { connectionTimeout = (settings?.get(CONNECTION_TIMEOUT_MILLISECONDS_KEY)?.toInt()) ?: DEFAULT_CONNECTION_TIMEOUT_MILLISECONDS socketTimeout = (settings?.get(SOCKET_TIMEOUT_MILLISECONDS_KEY)?.toInt()) ?: DEFAULT_SOCKET_TIMEOUT_MILLISECONDS + maxHttpResponseSize = (settings?.get(MAX_HTTP_RESPONSE_SIZE_KEY)?.toInt()) ?: DEFAULT_MAX_HTTP_RESPONSE_SIZE allowedConfigTypes = settings?.getAsList(ALLOWED_CONFIG_TYPE_KEY, null) ?: DEFAULT_ALLOWED_CONFIG_TYPES tooltipSupport = settings?.getAsBoolean(TOOLTIP_SUPPORT_KEY, true) ?: DEFAULT_TOOLTIP_SUPPORT hostDenyList = settings?.getAsList(HOST_DENY_LIST_KEY, null) ?: DEFAULT_HOST_DENY_LIST @@ -285,6 +303,7 @@ internal object PluginSettings { MAX_CONNECTIONS_PER_ROUTE_KEY to maxConnectionsPerRoute.toString(DECIMAL_RADIX), CONNECTION_TIMEOUT_MILLISECONDS_KEY to connectionTimeout.toString(DECIMAL_RADIX), SOCKET_TIMEOUT_MILLISECONDS_KEY to socketTimeout.toString(DECIMAL_RADIX), + MAX_HTTP_RESPONSE_SIZE_KEY to maxHttpResponseSize.toString(DECIMAL_RADIX), TOOLTIP_SUPPORT_KEY to tooltipSupport.toString() ) } @@ -326,6 +345,13 @@ internal object PluginSettings { NodeScope, Dynamic ) + val MAX_HTTP_RESPONSE_SIZE: Setting = Setting.intSetting( + MAX_HTTP_RESPONSE_SIZE_KEY, + defaultSettings[MAX_HTTP_RESPONSE_SIZE_KEY]!!.toInt(), + NodeScope, + Dynamic + ) + val ALLOWED_CONFIG_TYPES: Setting> = Setting.listSetting( ALLOWED_CONFIG_TYPE_KEY, DEFAULT_ALLOWED_CONFIG_TYPES, @@ -407,6 +433,7 @@ internal object PluginSettings { MAX_CONNECTIONS_PER_ROUTE, CONNECTION_TIMEOUT_MILLISECONDS, SOCKET_TIMEOUT_MILLISECONDS, + MAX_HTTP_RESPONSE_SIZE, ALLOWED_CONFIG_TYPES, TOOLTIP_SUPPORT, HOST_DENY_LIST, @@ -426,6 +453,7 @@ internal object PluginSettings { maxConnectionsPerRoute = MAX_CONNECTIONS_PER_ROUTE.get(clusterService.settings) connectionTimeout = CONNECTION_TIMEOUT_MILLISECONDS.get(clusterService.settings) socketTimeout = SOCKET_TIMEOUT_MILLISECONDS.get(clusterService.settings) + maxHttpResponseSize = MAX_HTTP_RESPONSE_SIZE.get(clusterService.settings) tooltipSupport = TOOLTIP_SUPPORT.get(clusterService.settings) hostDenyList = HOST_DENY_LIST.get(clusterService.settings) destinationSettings = loadDestinationSettings(clusterService.settings) @@ -468,6 +496,11 @@ internal object PluginSettings { log.debug("$LOG_PREFIX:$SOCKET_TIMEOUT_MILLISECONDS_KEY -autoUpdatedTo-> $clusterSocketTimeout") socketTimeout = clusterSocketTimeout } + val clusterMaxHttpResponseSize = clusterService.clusterSettings.get(MAX_HTTP_RESPONSE_SIZE) + if (clusterMaxHttpResponseSize != null) { + log.debug("$LOG_PREFIX:$MAX_HTTP_RESPONSE_SIZE_KEY -autoUpdatedTo-> $clusterMaxHttpResponseSize") + socketTimeout = clusterSocketTimeout + } val clusterAllowedConfigTypes = clusterService.clusterSettings.get(ALLOWED_CONFIG_TYPES) if (clusterAllowedConfigTypes != null) { log.debug("$LOG_PREFIX:$ALLOWED_CONFIG_TYPE_KEY -autoUpdatedTo-> $clusterAllowedConfigTypes") @@ -528,6 +561,10 @@ internal object PluginSettings { socketTimeout = it log.info("$LOG_PREFIX:$SOCKET_TIMEOUT_MILLISECONDS_KEY -updatedTo-> $it") } + clusterService.clusterSettings.addSettingsUpdateConsumer(MAX_HTTP_RESPONSE_SIZE) { + maxHttpResponseSize = it + log.info("$LOG_PREFIX:$MAX_HTTP_RESPONSE_SIZE_KEY -updatedTo-> $it") + } clusterService.clusterSettings.addSettingsUpdateConsumer(TOOLTIP_SUPPORT) { tooltipSupport = it log.info("$LOG_PREFIX:$TOOLTIP_SUPPORT_KEY -updatedTo-> $it") @@ -591,6 +628,7 @@ internal object PluginSettings { maxConnectionsPerRoute = DEFAULT_MAX_CONNECTIONS_PER_ROUTE connectionTimeout = DEFAULT_CONNECTION_TIMEOUT_MILLISECONDS socketTimeout = DEFAULT_SOCKET_TIMEOUT_MILLISECONDS + maxHttpResponseSize = DEFAULT_MAX_HTTP_RESPONSE_SIZE allowedConfigTypes = DEFAULT_ALLOWED_CONFIG_TYPES tooltipSupport = DEFAULT_TOOLTIP_SUPPORT hostDenyList = DEFAULT_HOST_DENY_LIST diff --git a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/settings/PluginSettingsTests.kt b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/settings/PluginSettingsTests.kt index 098da401..094a7cfb 100644 --- a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/settings/PluginSettingsTests.kt +++ b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/settings/PluginSettingsTests.kt @@ -16,6 +16,7 @@ import org.opensearch.cluster.ClusterName import org.opensearch.cluster.service.ClusterService import org.opensearch.common.settings.ClusterSettings import org.opensearch.common.settings.Settings +import org.opensearch.http.HttpTransportSettings.SETTING_HTTP_MAX_CONTENT_LENGTH import org.opensearch.notifications.core.NotificationCorePlugin import org.opensearch.notifications.core.setting.PluginSettings @@ -32,6 +33,7 @@ internal class PluginSettingsTests { private val httpMaxConnectionPerRouteKey = "$httpKeyPrefix.max_connection_per_route" private val httpConnectionTimeoutKey = "$httpKeyPrefix.connection_timeout" private val httpSocketTimeoutKey = "$httpKeyPrefix.socket_timeout" + private val maxHttpResponseSizeKey = "$keyPrefix.max_http_response_size" private val legacyAlertingHostDenyListKey = "opendistro.destination.host.deny_list" private val alertingHostDenyListKey = "plugins.destination.host.deny_list" private val httpHostDenyListKey = "$httpKeyPrefix.host_deny_list" @@ -48,6 +50,7 @@ internal class PluginSettingsTests { .put(httpMaxConnectionPerRouteKey, 20) .put(httpConnectionTimeoutKey, 5000) .put(httpSocketTimeoutKey, 50000) + .put(maxHttpResponseSizeKey, SETTING_HTTP_MAX_CONTENT_LENGTH.getDefault(Settings.EMPTY).getBytes().toInt()) .putList(httpHostDenyListKey, emptyList()) .putList( allowedConfigTypeKey, @@ -90,6 +93,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.HOST_DENY_LIST @@ -117,6 +121,10 @@ internal class PluginSettingsTests { defaultSettings[httpSocketTimeoutKey], PluginSettings.socketTimeout.toString() ) + Assertions.assertEquals( + defaultSettings[maxHttpResponseSizeKey], + PluginSettings.maxHttpResponseSize.toString() + ) Assertions.assertEquals( defaultSettings[allowedConfigTypeKey], PluginSettings.allowedConfigTypes.toString() @@ -144,6 +152,7 @@ internal class PluginSettingsTests { .put(httpMaxConnectionPerRouteKey, 100) .put(httpConnectionTimeoutKey, 100) .put(httpSocketTimeoutKey, 100) + .put(maxHttpResponseSizeKey, 20000000) .putList(httpHostDenyListKey, listOf("sample")) .putList(allowedConfigTypeKey, listOf("slack")) .put(tooltipSupportKey, false) @@ -162,6 +171,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.HOST_DENY_LIST, @@ -190,6 +200,14 @@ internal class PluginSettingsTests { 100, clusterService.clusterSettings.get(PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS) ) + Assertions.assertEquals( + 100, + clusterService.clusterSettings.get(PluginSettings.SOCKET_TIMEOUT_MILLISECONDS) + ) + Assertions.assertEquals( + 20000000, + clusterService.clusterSettings.get(PluginSettings.MAX_HTTP_RESPONSE_SIZE) + ) Assertions.assertEquals( listOf("sample"), clusterService.clusterSettings.get(PluginSettings.HOST_DENY_LIST) @@ -223,6 +241,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.HOST_DENY_LIST, @@ -251,6 +270,14 @@ internal class PluginSettingsTests { defaultSettings[httpConnectionTimeoutKey], clusterService.clusterSettings.get(PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS).toString() ) + Assertions.assertEquals( + defaultSettings[httpSocketTimeoutKey], + clusterService.clusterSettings.get(PluginSettings.SOCKET_TIMEOUT_MILLISECONDS).toString() + ) + Assertions.assertEquals( + defaultSettings[maxHttpResponseSizeKey], + clusterService.clusterSettings.get(PluginSettings.MAX_HTTP_RESPONSE_SIZE).toString() + ) Assertions.assertEquals( defaultSettings[httpHostDenyListKey], clusterService.clusterSettings.get(PluginSettings.HOST_DENY_LIST).toString() @@ -289,6 +316,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.LEGACY_ALERTING_HOST_DENY_LIST, @@ -324,6 +352,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.LEGACY_ALERTING_HOST_DENY_LIST, @@ -358,6 +387,7 @@ internal class PluginSettingsTests { PluginSettings.MAX_CONNECTIONS_PER_ROUTE, PluginSettings.CONNECTION_TIMEOUT_MILLISECONDS, PluginSettings.SOCKET_TIMEOUT_MILLISECONDS, + PluginSettings.MAX_HTTP_RESPONSE_SIZE, PluginSettings.ALLOWED_CONFIG_TYPES, PluginSettings.TOOLTIP_SUPPORT, PluginSettings.LEGACY_ALERTING_HOST_DENY_LIST,