[Winlogbeat] protect against accessing undefined variable in security module #22937
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
botelastic
bot
added
the
needs_team
botelastic
bot
removed
the
needs_team
Pearson-k
changed the title
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
andrewkroh
added
the
needs_backport
andrewkroh
pushed a commit
to andrewkroh/beats
that referenced
this pull request
Dec 7, 2020
… module (elastic#22937) Adding protection for undefined variable in copy target user (cherry picked from commit 7c64f53)
2 tasks
andrewkroh
added
v7.11.0
and removed
needs_backport
andrewkroh
added a commit
that referenced
this pull request
Dec 9, 2020
…efined variable in security module (#22971) * [Winlogbeat] protect against accessing undefined variable in security module (#22937) Adding protection for undefined variable in copy target user (cherry picked from commit 7c64f53) Co-authored-by: Kyle Pearson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This pull request protects against trying to use string functions against a variable which is undefined. This has already been done for two other variables, but not this one:
logonSuccess
https://github.com/elastic/beats/blob/8369eff1c4d75fd164a8b171f1f2481c1a13932b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js#L1689-L1704
event4648
https://github.com/elastic/beats/blob/8369eff1c4d75fd164a8b171f1f2481c1a13932b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js#L1707-L1721
Why is it important?
In some environments, as much as 99% of some events are showing this error (particularly with event id 4625)
Checklist
[ ] I have commented my code, particularly in hard-to-understand areas[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Similar work was recently done for the Sysmon module: #22236 #22219
Use cases
Screenshots
Logs