From 6e0874d21ac0aae9d1bcb32b7eb93fcf70675935 Mon Sep 17 00:00:00 2001 From: Riya Saxena Date: Mon, 26 Aug 2024 09:54:39 -0700 Subject: [PATCH 1/3] revert chime/slack validations Signed-off-by: Riya Saxena --- .../core/utils/ValidationHelpers.kt | 9 +++- .../core/utils/ValidationHelpersTests.kt | 14 +++--- .../index/ConfigIndexingActions.kt | 4 +- .../opensearch/integtest/IntegTestHelpers.kt | 2 +- .../integtest/SecurityNotificationIT.kt | 12 ++--- .../NotificationsBackwardsCompatibilityIT.kt | 2 +- .../config/ChimeNotificationConfigCrudIT.kt | 4 +- .../config/CreateNotificationConfigIT.kt | 2 +- .../config/EmailNotificationConfigCrudIT.kt | 4 +- .../config/QueryNotificationConfigIT.kt | 4 +- .../config/SlackNotificationConfigCrudIT.kt | 47 +++++++++++++++++-- .../config/WebhookNotificationConfigCrudIT.kt | 2 +- .../index/ConfigIndexingActionsTests.kt | 39 +++++++++++++++ .../model/NotificationConfigDocTests.kt | 6 +-- 14 files changed, 120 insertions(+), 31 deletions(-) diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt index 28c6862c..ba9fc8b0 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt @@ -5,10 +5,12 @@ package org.opensearch.notifications.core.utils +import inet.ipaddr.HostName import inet.ipaddr.IPAddressString import org.apache.http.client.methods.HttpPatch import org.apache.http.client.methods.HttpPost import org.apache.http.client.methods.HttpPut +import org.apache.logging.log4j.LogManager import org.opensearch.core.common.Strings import java.net.URL @@ -37,9 +39,12 @@ fun isHostInDenylist(urlString: String, hostDenyList: List): Boolean { val url = URL(urlString) if (url.host != null) { val ipStr = IPAddressString(url.host) + val hostStr = HostName(url.host) for (network in hostDenyList) { - val netStr = IPAddressString(network) - if (netStr.contains(ipStr)) { + val denyIpStr = IPAddressString(network) + val denyHostStr = HostName(network) + if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) { + LogManager.getLogger().error("${url.host} is denied") return true } } diff --git a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt index c964b3de..848fca8d 100644 --- a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt +++ b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt @@ -10,7 +10,8 @@ import org.junit.jupiter.api.Test internal class ValidationHelpersTests { - private val hostDentyList = listOf( + private val hostDenyList = listOf( + "www.amazon.com", "127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", @@ -20,8 +21,9 @@ internal class ValidationHelpersTests { ) @Test - fun `test ips in denylist`() { + fun `test hosts in denylist`() { val ips = listOf( + "www.amazon.com", "127.0.0.1", // 127.0.0.0/8 "10.0.0.1", // 10.0.0.0/8 "10.11.12.13", // 10.0.0.0/8 @@ -31,15 +33,15 @@ internal class ValidationHelpersTests { "9.9.9.9" ) for (ip in ips) { - assertEquals(true, isHostInDenylist("https://$ip", hostDentyList)) + assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not") } } @Test - fun `test url in denylist`() { - val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com") + fun `test hosts not in denylist`() { + val urls = listOf("156.4.77.1", "www.something.com") for (url in urls) { - assertEquals(false, isHostInDenylist(url, hostDentyList)) + assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was") } } } diff --git a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt index 2ef5b93a..01e76dfa 100644 --- a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt +++ b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt @@ -56,7 +56,9 @@ object ConfigIndexingActions { @Suppress("UnusedPrivateMember") private fun validateSlackConfig(slack: Slack, user: User?) { - // TODO: URL validation with rules + require(slack.url.contains(Regex("https://hooks\\.(?:gov-)?slack\\.com/services"))) { + "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"" + } } @Suppress("UnusedPrivateMember") diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt index a897381a..ce10d630 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt @@ -116,7 +116,7 @@ fun getCreateNotificationRequestJsonString( .joinToString("") val configObjectString = when (configType) { ConfigType.SLACK -> """ - "slack":{"url":"https://slack.domain.com/sample_slack_url#$randomString"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url#$randomString"} """.trimIndent() ConfigType.CHIME -> """ "chime":{"url":"https://chime.domain.com/sample_chime_url#$randomString"} diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt index c6814d4c..e6e8a22d 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt @@ -53,7 +53,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_CREATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_CREATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -96,7 +96,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -132,7 +132,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_UPDATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_UPDATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -209,7 +209,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -245,7 +245,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_GET_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_GET_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -301,7 +301,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_DELETE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_DELETE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt index 6e7eee5f..5ae57fb4 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt @@ -103,7 +103,7 @@ class NotificationsBackwardsCompatibilityIT : PluginRestTestCase() { "description": "This is a sample config description $configId", "config_type": "slack", "is_enabled": true, - "slack": { "url": "https://slack.domain.com/sample_slack_url#$configId" } + "slack": { "url": "https://hooks.slack.com/services/sample_slack_url#$configId" } } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt index 3707bb83..744429ef 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt @@ -142,7 +142,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"chime", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://dummy.com"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} "chime":{"url":"${(referenceObject.configData as Chime).url}"} } } @@ -190,7 +190,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"this is a updated config description", "config_type":"slack", "is_enabled":"true", - "slack":{"url":"https://updated.domain.com/updated_slack_url#0987654321"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt index 64805e9d..163388c7 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt @@ -27,7 +27,7 @@ class CreateNotificationConfigIT : PluginRestTestCase() { fun `test Create slack notification config`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt index 3cd638c2..7f48ae94 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt @@ -908,7 +908,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${smtpAccountConfig.description}", "config_type":"smtp_account", "is_enabled":${smtpAccountConfig.isEnabled}, - "slack": {"url": "https://dummy.com"}, + "slack": {"url": "https://hooks.slack.com/services/sample_slack_url"}, "smtp_account":{ "host":"${sampleSmtpAccount.host}", "port":"${sampleSmtpAccount.port}", @@ -949,7 +949,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${emailConfig.description}", "config_type":"email", "is_enabled":${emailConfig.isEnabled}, - "slack":{"url": "https://dummy.com"}, + "slack":{"url": "https://hooks.slack.com/services/sample_slack_url"}, "email":{ "email_account_id":"${sampleEmail.emailAccountID}", "default_recipients":[ diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt index 47efbe32..6a8451ed 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt @@ -627,7 +627,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using query=slack @@ -702,7 +702,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using text_query=slack should not return any item diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt index 86c64cf2..5bbac40c 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt @@ -6,11 +6,16 @@ package org.opensearch.integtest.config import org.junit.Assert +import org.opensearch.client.Request +import org.opensearch.client.RequestOptions +import org.opensearch.client.ResponseException import org.opensearch.commons.notifications.model.ConfigType import org.opensearch.commons.notifications.model.NotificationConfig import org.opensearch.commons.notifications.model.Slack import org.opensearch.core.rest.RestStatus import org.opensearch.integtest.PluginRestTestCase +import org.opensearch.integtest.getResponseBody +import org.opensearch.integtest.jsonify import org.opensearch.notifications.NotificationPlugin.Companion.PLUGIN_BASE_URI import org.opensearch.notifications.verifySingleConfigEquals import org.opensearch.rest.RestRequest @@ -19,7 +24,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Create, Get, Update, Delete slack notification config using REST client`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -67,7 +72,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { Thread.sleep(100) // Updated notification config object - val updatedSlack = Slack("https://updated.domain.com/updated_slack_url#0987654321") + val updatedSlack = Slack("https://hooks.slack.com/services/updated_slack_url") val updatedObject = NotificationConfig( "this is a updated config name", "this is a updated config description", @@ -126,7 +131,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Bad Request for multiple config data for Slack using REST Client`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -155,4 +160,40 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { RestStatus.BAD_REQUEST.status ) } + + fun `test create config with wrong Slack url and get error text`() { + val sampleSlack = Slack("https://webhook.slack.com/services/sample_slack_url") + val referenceObject = NotificationConfig( + "this is a sample config name", + "this is a sample config description", + ConfigType.SLACK, + isEnabled = true, + configData = sampleSlack + ) + val createRequestJsonString = """ + { + "config":{ + "name":"${referenceObject.name}", + "description":"${referenceObject.description}", + "config_type":"slack", + "is_enabled":${referenceObject.isEnabled}, + "slack":{"url":"${(referenceObject.configData as Slack).url}"} + } + } + """.trimIndent() + val response = try { + val request = Request(RestRequest.Method.POST.name, "$PLUGIN_BASE_URI/configs") + request.setJsonEntity(createRequestJsonString) + val restOptionsBuilder = RequestOptions.DEFAULT.toBuilder() + restOptionsBuilder.addHeader("Content-Type", "application/json") + request.setOptions(restOptionsBuilder) + client().performRequest(request) + fail("Expected wrong Slack URL.") + } catch (exception: ResponseException) { + Assert.assertEquals( + "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"", + jsonify(getResponseBody(exception.response))["error"].asJsonObject["reason"].asString + ) + } + } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt index 893a64fe..1977a040 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt @@ -159,7 +159,7 @@ class WebhookNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"webhook", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://dummy.com"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} "webhook":{"url":"${(referenceObject.configData as Webhook).url}"} } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt index d2c6b0ee..ddbe104e 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt @@ -8,6 +8,7 @@ import org.junit.jupiter.api.BeforeAll import org.junit.jupiter.api.Test import org.opensearch.commons.authuser.User import org.opensearch.commons.notifications.model.MicrosoftTeams +import org.opensearch.commons.notifications.model.Slack import java.lang.reflect.Method import kotlin.test.assertFails @@ -28,8 +29,42 @@ class ConfigIndexingActionsTests { assertFails { validateMicrosoftTeamsConfig.invoke(ConfigIndexingActions, microsoftTeams, user) } } + @Test + fun `test validate slack`() { + val user = User() + var slack = Slack("https://hooks.slack.com/services/123456789/123456789/123456789") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.gov-slack.com/services/123456789/123456789/123456789") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.gov-slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("http://hooks.slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("http://hooks.gov-slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://gov-slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.slack.com/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.gov-slack.com/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hook.slack.com/services/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hook.gov-slack.com/services/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.slack.com/") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.gov-slack.com/") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + } + companion object { private lateinit var validateMicrosoftTeamsConfig: Method + private lateinit var validateSlackConfig: Method @BeforeAll @JvmStatic @@ -38,8 +73,12 @@ class ConfigIndexingActionsTests { validateMicrosoftTeamsConfig = ConfigIndexingActions::class.java.getDeclaredMethod( "validateMicrosoftTeamsConfig", MicrosoftTeams::class.java, User::class.java ) + validateSlackConfig = ConfigIndexingActions::class.java.getDeclaredMethod( + "validateSlackConfig", Slack::class.java, User::class.java + ) validateMicrosoftTeamsConfig.isAccessible = true + validateSlackConfig.isAccessible = true } } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt index 0f36945e..24a8baa8 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt @@ -25,7 +25,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://domain.com/sample_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val config = NotificationConfig( "name", "description", @@ -47,7 +47,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://domain.com/sample_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val config = NotificationConfig( "name", "description", @@ -67,7 +67,7 @@ internal class NotificationConfigDocTests { "description":"description", "config_type":"slack", "is_enabled":true, - "slack":{"url":"https://domain.com/sample_url#1234567890"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} }, "extra_field_1":["extra", "value"], "extra_field_2":{"extra":"value"}, From d4a6dce465086edc5065d543e7e1d34cbc0dc97f Mon Sep 17 00:00:00 2001 From: Riya Saxena Date: Mon, 26 Aug 2024 09:55:59 -0700 Subject: [PATCH 2/3] revert chime/slack validations Signed-off-by: Riya Saxena --- .../core/utils/ValidationHelpers.kt | 9 +--- .../core/utils/ValidationHelpersTests.kt | 14 +++--- .../index/ConfigIndexingActions.kt | 4 +- .../opensearch/integtest/IntegTestHelpers.kt | 2 +- .../integtest/SecurityNotificationIT.kt | 12 ++--- .../NotificationsBackwardsCompatibilityIT.kt | 2 +- .../config/ChimeNotificationConfigCrudIT.kt | 4 +- .../config/CreateNotificationConfigIT.kt | 2 +- .../config/EmailNotificationConfigCrudIT.kt | 4 +- .../config/QueryNotificationConfigIT.kt | 4 +- .../config/SlackNotificationConfigCrudIT.kt | 47 ++----------------- .../config/WebhookNotificationConfigCrudIT.kt | 2 +- .../index/ConfigIndexingActionsTests.kt | 39 --------------- .../model/NotificationConfigDocTests.kt | 6 +-- 14 files changed, 31 insertions(+), 120 deletions(-) diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt index ba9fc8b0..28c6862c 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt @@ -5,12 +5,10 @@ package org.opensearch.notifications.core.utils -import inet.ipaddr.HostName import inet.ipaddr.IPAddressString import org.apache.http.client.methods.HttpPatch import org.apache.http.client.methods.HttpPost import org.apache.http.client.methods.HttpPut -import org.apache.logging.log4j.LogManager import org.opensearch.core.common.Strings import java.net.URL @@ -39,12 +37,9 @@ fun isHostInDenylist(urlString: String, hostDenyList: List): Boolean { val url = URL(urlString) if (url.host != null) { val ipStr = IPAddressString(url.host) - val hostStr = HostName(url.host) for (network in hostDenyList) { - val denyIpStr = IPAddressString(network) - val denyHostStr = HostName(network) - if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) { - LogManager.getLogger().error("${url.host} is denied") + val netStr = IPAddressString(network) + if (netStr.contains(ipStr)) { return true } } diff --git a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt index 848fca8d..c964b3de 100644 --- a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt +++ b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt @@ -10,8 +10,7 @@ import org.junit.jupiter.api.Test internal class ValidationHelpersTests { - private val hostDenyList = listOf( - "www.amazon.com", + private val hostDentyList = listOf( "127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", @@ -21,9 +20,8 @@ internal class ValidationHelpersTests { ) @Test - fun `test hosts in denylist`() { + fun `test ips in denylist`() { val ips = listOf( - "www.amazon.com", "127.0.0.1", // 127.0.0.0/8 "10.0.0.1", // 10.0.0.0/8 "10.11.12.13", // 10.0.0.0/8 @@ -33,15 +31,15 @@ internal class ValidationHelpersTests { "9.9.9.9" ) for (ip in ips) { - assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not") + assertEquals(true, isHostInDenylist("https://$ip", hostDentyList)) } } @Test - fun `test hosts not in denylist`() { - val urls = listOf("156.4.77.1", "www.something.com") + fun `test url in denylist`() { + val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com") for (url in urls) { - assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was") + assertEquals(false, isHostInDenylist(url, hostDentyList)) } } } diff --git a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt index 01e76dfa..2ef5b93a 100644 --- a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt +++ b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt @@ -56,9 +56,7 @@ object ConfigIndexingActions { @Suppress("UnusedPrivateMember") private fun validateSlackConfig(slack: Slack, user: User?) { - require(slack.url.contains(Regex("https://hooks\\.(?:gov-)?slack\\.com/services"))) { - "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"" - } + // TODO: URL validation with rules } @Suppress("UnusedPrivateMember") diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt index ce10d630..a897381a 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt @@ -116,7 +116,7 @@ fun getCreateNotificationRequestJsonString( .joinToString("") val configObjectString = when (configType) { ConfigType.SLACK -> """ - "slack":{"url":"https://hooks.slack.com/services/sample_slack_url#$randomString"} + "slack":{"url":"https://slack.domain.com/sample_slack_url#$randomString"} """.trimIndent() ConfigType.CHIME -> """ "chime":{"url":"https://chime.domain.com/sample_chime_url#$randomString"} diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt index e6e8a22d..c6814d4c 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt @@ -53,7 +53,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_CREATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_CREATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -96,7 +96,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -132,7 +132,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_UPDATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_UPDATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -209,7 +209,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -245,7 +245,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_GET_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_GET_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -301,7 +301,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_DELETE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_DELETE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt index 5ae57fb4..6e7eee5f 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt @@ -103,7 +103,7 @@ class NotificationsBackwardsCompatibilityIT : PluginRestTestCase() { "description": "This is a sample config description $configId", "config_type": "slack", "is_enabled": true, - "slack": { "url": "https://hooks.slack.com/services/sample_slack_url#$configId" } + "slack": { "url": "https://slack.domain.com/sample_slack_url#$configId" } } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt index 744429ef..3707bb83 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt @@ -142,7 +142,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"chime", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} + "slack":{"url":"https://dummy.com"} "chime":{"url":"${(referenceObject.configData as Chime).url}"} } } @@ -190,7 +190,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"this is a updated config description", "config_type":"slack", "is_enabled":"true", - "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} + "slack":{"url":"https://updated.domain.com/updated_slack_url#0987654321"} } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt index 163388c7..64805e9d 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt @@ -27,7 +27,7 @@ class CreateNotificationConfigIT : PluginRestTestCase() { fun `test Create slack notification config`() { // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt index 7f48ae94..3cd638c2 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt @@ -908,7 +908,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${smtpAccountConfig.description}", "config_type":"smtp_account", "is_enabled":${smtpAccountConfig.isEnabled}, - "slack": {"url": "https://hooks.slack.com/services/sample_slack_url"}, + "slack": {"url": "https://dummy.com"}, "smtp_account":{ "host":"${sampleSmtpAccount.host}", "port":"${sampleSmtpAccount.port}", @@ -949,7 +949,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${emailConfig.description}", "config_type":"email", "is_enabled":${emailConfig.isEnabled}, - "slack":{"url": "https://hooks.slack.com/services/sample_slack_url"}, + "slack":{"url": "https://dummy.com"}, "email":{ "email_account_id":"${sampleEmail.emailAccountID}", "default_recipients":[ diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt index 6a8451ed..47efbe32 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt @@ -627,7 +627,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using query=slack @@ -702,7 +702,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using text_query=slack should not return any item diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt index 5bbac40c..86c64cf2 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt @@ -6,16 +6,11 @@ package org.opensearch.integtest.config import org.junit.Assert -import org.opensearch.client.Request -import org.opensearch.client.RequestOptions -import org.opensearch.client.ResponseException import org.opensearch.commons.notifications.model.ConfigType import org.opensearch.commons.notifications.model.NotificationConfig import org.opensearch.commons.notifications.model.Slack import org.opensearch.core.rest.RestStatus import org.opensearch.integtest.PluginRestTestCase -import org.opensearch.integtest.getResponseBody -import org.opensearch.integtest.jsonify import org.opensearch.notifications.NotificationPlugin.Companion.PLUGIN_BASE_URI import org.opensearch.notifications.verifySingleConfigEquals import org.opensearch.rest.RestRequest @@ -24,7 +19,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Create, Get, Update, Delete slack notification config using REST client`() { // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -72,7 +67,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { Thread.sleep(100) // Updated notification config object - val updatedSlack = Slack("https://hooks.slack.com/services/updated_slack_url") + val updatedSlack = Slack("https://updated.domain.com/updated_slack_url#0987654321") val updatedObject = NotificationConfig( "this is a updated config name", "this is a updated config description", @@ -131,7 +126,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Bad Request for multiple config data for Slack using REST Client`() { // Create sample config request reference - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -160,40 +155,4 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { RestStatus.BAD_REQUEST.status ) } - - fun `test create config with wrong Slack url and get error text`() { - val sampleSlack = Slack("https://webhook.slack.com/services/sample_slack_url") - val referenceObject = NotificationConfig( - "this is a sample config name", - "this is a sample config description", - ConfigType.SLACK, - isEnabled = true, - configData = sampleSlack - ) - val createRequestJsonString = """ - { - "config":{ - "name":"${referenceObject.name}", - "description":"${referenceObject.description}", - "config_type":"slack", - "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"${(referenceObject.configData as Slack).url}"} - } - } - """.trimIndent() - val response = try { - val request = Request(RestRequest.Method.POST.name, "$PLUGIN_BASE_URI/configs") - request.setJsonEntity(createRequestJsonString) - val restOptionsBuilder = RequestOptions.DEFAULT.toBuilder() - restOptionsBuilder.addHeader("Content-Type", "application/json") - request.setOptions(restOptionsBuilder) - client().performRequest(request) - fail("Expected wrong Slack URL.") - } catch (exception: ResponseException) { - Assert.assertEquals( - "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"", - jsonify(getResponseBody(exception.response))["error"].asJsonObject["reason"].asString - ) - } - } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt index 1977a040..893a64fe 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt @@ -159,7 +159,7 @@ class WebhookNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"webhook", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} + "slack":{"url":"https://dummy.com"} "webhook":{"url":"${(referenceObject.configData as Webhook).url}"} } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt index ddbe104e..d2c6b0ee 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt @@ -8,7 +8,6 @@ import org.junit.jupiter.api.BeforeAll import org.junit.jupiter.api.Test import org.opensearch.commons.authuser.User import org.opensearch.commons.notifications.model.MicrosoftTeams -import org.opensearch.commons.notifications.model.Slack import java.lang.reflect.Method import kotlin.test.assertFails @@ -29,42 +28,8 @@ class ConfigIndexingActionsTests { assertFails { validateMicrosoftTeamsConfig.invoke(ConfigIndexingActions, microsoftTeams, user) } } - @Test - fun `test validate slack`() { - val user = User() - var slack = Slack("https://hooks.slack.com/services/123456789/123456789/123456789") - validateSlackConfig.invoke(ConfigIndexingActions, slack, user) - slack = Slack("https://hooks.gov-slack.com/services/123456789/123456789/123456789") - validateSlackConfig.invoke(ConfigIndexingActions, slack, user) - slack = Slack("https://hooks.slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") - validateSlackConfig.invoke(ConfigIndexingActions, slack, user) - slack = Slack("https://hooks.gov-slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") - validateSlackConfig.invoke(ConfigIndexingActions, slack, user) - slack = Slack("http://hooks.slack.com/services/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("http://hooks.gov-slack.com/services/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://slack.com/services/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://gov-slack.com/services/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hooks.slack.com/123456789/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hooks.gov-slack.com/123456789/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hook.slack.com/services/123456789/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hook.gov-slack.com/services/123456789/123456789/123456789/123456789/123456789") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hooks.slack.com/") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - slack = Slack("https://hooks.gov-slack.com/") - assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } - } - companion object { private lateinit var validateMicrosoftTeamsConfig: Method - private lateinit var validateSlackConfig: Method @BeforeAll @JvmStatic @@ -73,12 +38,8 @@ class ConfigIndexingActionsTests { validateMicrosoftTeamsConfig = ConfigIndexingActions::class.java.getDeclaredMethod( "validateMicrosoftTeamsConfig", MicrosoftTeams::class.java, User::class.java ) - validateSlackConfig = ConfigIndexingActions::class.java.getDeclaredMethod( - "validateSlackConfig", Slack::class.java, User::class.java - ) validateMicrosoftTeamsConfig.isAccessible = true - validateSlackConfig.isAccessible = true } } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt index 24a8baa8..0f36945e 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt @@ -25,7 +25,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_url#1234567890") val config = NotificationConfig( "name", "description", @@ -47,7 +47,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") + val sampleSlack = Slack("https://domain.com/sample_url#1234567890") val config = NotificationConfig( "name", "description", @@ -67,7 +67,7 @@ internal class NotificationConfigDocTests { "description":"description", "config_type":"slack", "is_enabled":true, - "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} + "slack":{"url":"https://domain.com/sample_url#1234567890"} }, "extra_field_1":["extra", "value"], "extra_field_2":{"extra":"value"}, From 05a84fdc7ced9db31fef68656ee84a564ad3a46a Mon Sep 17 00:00:00 2001 From: Riya Saxena Date: Mon, 26 Aug 2024 09:59:01 -0700 Subject: [PATCH 3/3] revert chime/slack validations Signed-off-by: Riya Saxena --- .../core/utils/ValidationHelpers.kt | 9 +++- .../core/utils/ValidationHelpersTests.kt | 14 +++--- .../index/ConfigIndexingActions.kt | 4 +- .../opensearch/integtest/IntegTestHelpers.kt | 2 +- .../integtest/SecurityNotificationIT.kt | 12 ++--- .../NotificationsBackwardsCompatibilityIT.kt | 2 +- .../config/ChimeNotificationConfigCrudIT.kt | 4 +- .../config/CreateNotificationConfigIT.kt | 2 +- .../config/EmailNotificationConfigCrudIT.kt | 4 +- .../config/QueryNotificationConfigIT.kt | 4 +- .../config/SlackNotificationConfigCrudIT.kt | 47 +++++++++++++++++-- .../config/WebhookNotificationConfigCrudIT.kt | 2 +- .../index/ConfigIndexingActionsTests.kt | 39 +++++++++++++++ .../model/NotificationConfigDocTests.kt | 6 +-- 14 files changed, 120 insertions(+), 31 deletions(-) diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt index 28c6862c..ba9fc8b0 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt @@ -5,10 +5,12 @@ package org.opensearch.notifications.core.utils +import inet.ipaddr.HostName import inet.ipaddr.IPAddressString import org.apache.http.client.methods.HttpPatch import org.apache.http.client.methods.HttpPost import org.apache.http.client.methods.HttpPut +import org.apache.logging.log4j.LogManager import org.opensearch.core.common.Strings import java.net.URL @@ -37,9 +39,12 @@ fun isHostInDenylist(urlString: String, hostDenyList: List): Boolean { val url = URL(urlString) if (url.host != null) { val ipStr = IPAddressString(url.host) + val hostStr = HostName(url.host) for (network in hostDenyList) { - val netStr = IPAddressString(network) - if (netStr.contains(ipStr)) { + val denyIpStr = IPAddressString(network) + val denyHostStr = HostName(network) + if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) { + LogManager.getLogger().error("${url.host} is denied") return true } } diff --git a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt index c964b3de..848fca8d 100644 --- a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt +++ b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt @@ -10,7 +10,8 @@ import org.junit.jupiter.api.Test internal class ValidationHelpersTests { - private val hostDentyList = listOf( + private val hostDenyList = listOf( + "www.amazon.com", "127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", @@ -20,8 +21,9 @@ internal class ValidationHelpersTests { ) @Test - fun `test ips in denylist`() { + fun `test hosts in denylist`() { val ips = listOf( + "www.amazon.com", "127.0.0.1", // 127.0.0.0/8 "10.0.0.1", // 10.0.0.0/8 "10.11.12.13", // 10.0.0.0/8 @@ -31,15 +33,15 @@ internal class ValidationHelpersTests { "9.9.9.9" ) for (ip in ips) { - assertEquals(true, isHostInDenylist("https://$ip", hostDentyList)) + assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not") } } @Test - fun `test url in denylist`() { - val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com") + fun `test hosts not in denylist`() { + val urls = listOf("156.4.77.1", "www.something.com") for (url in urls) { - assertEquals(false, isHostInDenylist(url, hostDentyList)) + assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was") } } } diff --git a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt index 2ef5b93a..01e76dfa 100644 --- a/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt +++ b/notifications/notifications/src/main/kotlin/org/opensearch/notifications/index/ConfigIndexingActions.kt @@ -56,7 +56,9 @@ object ConfigIndexingActions { @Suppress("UnusedPrivateMember") private fun validateSlackConfig(slack: Slack, user: User?) { - // TODO: URL validation with rules + require(slack.url.contains(Regex("https://hooks\\.(?:gov-)?slack\\.com/services"))) { + "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"" + } } @Suppress("UnusedPrivateMember") diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt index a897381a..ce10d630 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/IntegTestHelpers.kt @@ -116,7 +116,7 @@ fun getCreateNotificationRequestJsonString( .joinToString("") val configObjectString = when (configType) { ConfigType.SLACK -> """ - "slack":{"url":"https://slack.domain.com/sample_slack_url#$randomString"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url#$randomString"} """.trimIndent() ConfigType.CHIME -> """ "chime":{"url":"https://chime.domain.com/sample_chime_url#$randomString"} diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt index c6814d4c..e6e8a22d 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/SecurityNotificationIT.kt @@ -53,7 +53,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_CREATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_CREATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -96,7 +96,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -132,7 +132,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_UPDATE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_UPDATE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -209,7 +209,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_NO_ACCESS_ROLE, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_NO_ACCESS_ROLE]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -245,7 +245,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_GET_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_GET_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -301,7 +301,7 @@ class SecurityNotificationIT : PluginRestTestCase() { createUserWithCustomRole(user, password, NOTIFICATION_DELETE_CONFIG_ACCESS, "", ROLE_TO_PERMISSION_MAPPING[NOTIFICATION_DELETE_CONFIG_ACCESS]) // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt index 6e7eee5f..5ae57fb4 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/bwc/NotificationsBackwardsCompatibilityIT.kt @@ -103,7 +103,7 @@ class NotificationsBackwardsCompatibilityIT : PluginRestTestCase() { "description": "This is a sample config description $configId", "config_type": "slack", "is_enabled": true, - "slack": { "url": "https://slack.domain.com/sample_slack_url#$configId" } + "slack": { "url": "https://hooks.slack.com/services/sample_slack_url#$configId" } } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt index 3707bb83..744429ef 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/ChimeNotificationConfigCrudIT.kt @@ -142,7 +142,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"chime", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://dummy.com"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} "chime":{"url":"${(referenceObject.configData as Chime).url}"} } } @@ -190,7 +190,7 @@ class ChimeNotificationConfigCrudIT : PluginRestTestCase() { "description":"this is a updated config description", "config_type":"slack", "is_enabled":"true", - "slack":{"url":"https://updated.domain.com/updated_slack_url#0987654321"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} } } """.trimIndent() diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt index 64805e9d..163388c7 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/CreateNotificationConfigIT.kt @@ -27,7 +27,7 @@ class CreateNotificationConfigIT : PluginRestTestCase() { fun `test Create slack notification config`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt index 3cd638c2..7f48ae94 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/EmailNotificationConfigCrudIT.kt @@ -908,7 +908,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${smtpAccountConfig.description}", "config_type":"smtp_account", "is_enabled":${smtpAccountConfig.isEnabled}, - "slack": {"url": "https://dummy.com"}, + "slack": {"url": "https://hooks.slack.com/services/sample_slack_url"}, "smtp_account":{ "host":"${sampleSmtpAccount.host}", "port":"${sampleSmtpAccount.port}", @@ -949,7 +949,7 @@ class EmailNotificationConfigCrudIT : PluginRestTestCase() { "description":"${emailConfig.description}", "config_type":"email", "is_enabled":${emailConfig.isEnabled}, - "slack":{"url": "https://dummy.com"}, + "slack":{"url": "https://hooks.slack.com/services/sample_slack_url"}, "email":{ "email_account_id":"${sampleEmail.emailAccountID}", "default_recipients":[ diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt index 47efbe32..6a8451ed 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/QueryNotificationConfigIT.kt @@ -627,7 +627,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using query=slack @@ -702,7 +702,7 @@ class QueryNotificationConfigIT : PluginRestTestCase() { val urlIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId) val recipientIds = setOf(emailGroupId) val fromIds = setOf(emailGroupId, smtpAccountId) - val domainIds = setOf(slackId, chimeId, microsoftTeamsId, webhookId, smtpAccountId) + val domainIds = setOf(chimeId, microsoftTeamsId, webhookId, smtpAccountId) Thread.sleep(1000) // Get notification configs using text_query=slack should not return any item diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt index 86c64cf2..5bbac40c 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/SlackNotificationConfigCrudIT.kt @@ -6,11 +6,16 @@ package org.opensearch.integtest.config import org.junit.Assert +import org.opensearch.client.Request +import org.opensearch.client.RequestOptions +import org.opensearch.client.ResponseException import org.opensearch.commons.notifications.model.ConfigType import org.opensearch.commons.notifications.model.NotificationConfig import org.opensearch.commons.notifications.model.Slack import org.opensearch.core.rest.RestStatus import org.opensearch.integtest.PluginRestTestCase +import org.opensearch.integtest.getResponseBody +import org.opensearch.integtest.jsonify import org.opensearch.notifications.NotificationPlugin.Companion.PLUGIN_BASE_URI import org.opensearch.notifications.verifySingleConfigEquals import org.opensearch.rest.RestRequest @@ -19,7 +24,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Create, Get, Update, Delete slack notification config using REST client`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -67,7 +72,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { Thread.sleep(100) // Updated notification config object - val updatedSlack = Slack("https://updated.domain.com/updated_slack_url#0987654321") + val updatedSlack = Slack("https://hooks.slack.com/services/updated_slack_url") val updatedObject = NotificationConfig( "this is a updated config name", "this is a updated config description", @@ -126,7 +131,7 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { fun `test Bad Request for multiple config data for Slack using REST Client`() { // Create sample config request reference - val sampleSlack = Slack("https://domain.com/sample_slack_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val referenceObject = NotificationConfig( "this is a sample config name", "this is a sample config description", @@ -155,4 +160,40 @@ class SlackNotificationConfigCrudIT : PluginRestTestCase() { RestStatus.BAD_REQUEST.status ) } + + fun `test create config with wrong Slack url and get error text`() { + val sampleSlack = Slack("https://webhook.slack.com/services/sample_slack_url") + val referenceObject = NotificationConfig( + "this is a sample config name", + "this is a sample config description", + ConfigType.SLACK, + isEnabled = true, + configData = sampleSlack + ) + val createRequestJsonString = """ + { + "config":{ + "name":"${referenceObject.name}", + "description":"${referenceObject.description}", + "config_type":"slack", + "is_enabled":${referenceObject.isEnabled}, + "slack":{"url":"${(referenceObject.configData as Slack).url}"} + } + } + """.trimIndent() + val response = try { + val request = Request(RestRequest.Method.POST.name, "$PLUGIN_BASE_URI/configs") + request.setJsonEntity(createRequestJsonString) + val restOptionsBuilder = RequestOptions.DEFAULT.toBuilder() + restOptionsBuilder.addHeader("Content-Type", "application/json") + request.setOptions(restOptionsBuilder) + client().performRequest(request) + fail("Expected wrong Slack URL.") + } catch (exception: ResponseException) { + Assert.assertEquals( + "Wrong Slack url. Should contain \"hooks.slack.com/services/\" or \"hooks.gov-slack.com/services/\"", + jsonify(getResponseBody(exception.response))["error"].asJsonObject["reason"].asString + ) + } + } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt index 893a64fe..1977a040 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/integtest/config/WebhookNotificationConfigCrudIT.kt @@ -159,7 +159,7 @@ class WebhookNotificationConfigCrudIT : PluginRestTestCase() { "description":"${referenceObject.description}", "config_type":"webhook", "is_enabled":${referenceObject.isEnabled}, - "slack":{"url":"https://dummy.com"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} "webhook":{"url":"${(referenceObject.configData as Webhook).url}"} } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt index d2c6b0ee..ddbe104e 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/index/ConfigIndexingActionsTests.kt @@ -8,6 +8,7 @@ import org.junit.jupiter.api.BeforeAll import org.junit.jupiter.api.Test import org.opensearch.commons.authuser.User import org.opensearch.commons.notifications.model.MicrosoftTeams +import org.opensearch.commons.notifications.model.Slack import java.lang.reflect.Method import kotlin.test.assertFails @@ -28,8 +29,42 @@ class ConfigIndexingActionsTests { assertFails { validateMicrosoftTeamsConfig.invoke(ConfigIndexingActions, microsoftTeams, user) } } + @Test + fun `test validate slack`() { + val user = User() + var slack = Slack("https://hooks.slack.com/services/123456789/123456789/123456789") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.gov-slack.com/services/123456789/123456789/123456789") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("https://hooks.gov-slack.com/services/samplesamplesamplesamplesamplesamplesamplesamplesample") + validateSlackConfig.invoke(ConfigIndexingActions, slack, user) + slack = Slack("http://hooks.slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("http://hooks.gov-slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://gov-slack.com/services/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.slack.com/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.gov-slack.com/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hook.slack.com/services/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hook.gov-slack.com/services/123456789/123456789/123456789/123456789/123456789") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.slack.com/") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + slack = Slack("https://hooks.gov-slack.com/") + assertFails { validateSlackConfig.invoke(ConfigIndexingActions, slack, user) } + } + companion object { private lateinit var validateMicrosoftTeamsConfig: Method + private lateinit var validateSlackConfig: Method @BeforeAll @JvmStatic @@ -38,8 +73,12 @@ class ConfigIndexingActionsTests { validateMicrosoftTeamsConfig = ConfigIndexingActions::class.java.getDeclaredMethod( "validateMicrosoftTeamsConfig", MicrosoftTeams::class.java, User::class.java ) + validateSlackConfig = ConfigIndexingActions::class.java.getDeclaredMethod( + "validateSlackConfig", Slack::class.java, User::class.java + ) validateMicrosoftTeamsConfig.isAccessible = true + validateSlackConfig.isAccessible = true } } } diff --git a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt index 0f36945e..24a8baa8 100644 --- a/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt +++ b/notifications/notifications/src/test/kotlin/org/opensearch/notifications/model/NotificationConfigDocTests.kt @@ -25,7 +25,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://domain.com/sample_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val config = NotificationConfig( "name", "description", @@ -47,7 +47,7 @@ internal class NotificationConfigDocTests { createdTimeMs, listOf("br1", "br2", "br3") ) - val sampleSlack = Slack("https://domain.com/sample_url#1234567890") + val sampleSlack = Slack("https://hooks.slack.com/services/sample_slack_url") val config = NotificationConfig( "name", "description", @@ -67,7 +67,7 @@ internal class NotificationConfigDocTests { "description":"description", "config_type":"slack", "is_enabled":true, - "slack":{"url":"https://domain.com/sample_url#1234567890"} + "slack":{"url":"https://hooks.slack.com/services/sample_slack_url"} }, "extra_field_1":["extra", "value"], "extra_field_2":{"extra":"value"},