Skip to content

Commit

Permalink
add check to block create and delete operation url download type tif …
Browse files Browse the repository at this point in the history
…source configs

Signed-off-by: Surya Sashank Nistala <[email protected]>
  • Loading branch information
eirsep committed Jul 9, 2024
1 parent 242a7aa commit f18da76
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
import java.util.stream.Collectors;

import static org.opensearch.securityanalytics.threatIntel.common.SourceConfigType.IOC_UPLOAD;
import static org.opensearch.securityanalytics.threatIntel.common.SourceConfigType.URL_DOWNLOAD;

/**
* Service class for threat intel feed source config object
Expand Down Expand Up @@ -511,6 +512,11 @@ public void deleteTIFSourceConfig(
) {
saTifSourceConfigService.getTIFSourceConfig(saTifSourceConfigId, ActionListener.wrap(
saTifSourceConfig -> {
if (URL_DOWNLOAD.equals(saTifSourceConfig.getType())) {
log.error("Cannot delete tif source config {} as it's a built-in config and not user-defined.", saTifSourceConfigId);
listener.onFailure(new IllegalArgumentException("Cannot delete built-in tif source config " + saTifSourceConfigId));
return;
}
// Check if all threat intel monitors are deleted
saTifSourceConfigService.checkAndEnsureThreatIntelMonitorsDeleted(ActionListener.wrap(
isDeleted -> {
Expand Down Expand Up @@ -770,15 +776,42 @@ public SATIFSourceConfig convertToSATIFConfig(SATIFSourceConfigDto saTifSourceCo
}

private SATIFSourceConfig updateSaTifSourceConfig(SATIFSourceConfigDto saTifSourceConfigDto, SATIFSourceConfig saTifSourceConfig) {
// currently url download is only for default tif configs and supports only activate/deactivate. Ideally should be via an activate API
if (URL_DOWNLOAD.equals(saTifSourceConfig.getType())) {
return new SATIFSourceConfig(
saTifSourceConfig.getId(),
saTifSourceConfig.getVersion(),
saTifSourceConfig.getName(),
saTifSourceConfig.getFormat(),
saTifSourceConfig.getType(),
saTifSourceConfig.getDescription(),
saTifSourceConfig.getCreatedByUser(),
saTifSourceConfig.getCreatedAt(),
saTifSourceConfig.getSource(),
saTifSourceConfig.getEnabledTime(),
saTifSourceConfig.getLastUpdateTime(),
saTifSourceConfig.getSchedule(),
saTifSourceConfig.getState(),
saTifSourceConfig.getRefreshType(),
saTifSourceConfig.getLastRefreshedTime(),
saTifSourceConfig.getLastRefreshedUser(),
saTifSourceConfig.isEnabled(),
saTifSourceConfig.getIocStoreConfig(),
saTifSourceConfig.getIocTypes(),
saTifSourceConfigDto.isEnabledForScan()
);
}
if (false == saTifSourceConfig.getSource().getClass().equals(saTifSourceConfigDto.getSource().getClass())) {
throw new IllegalArgumentException("");
}
// remove duplicates from iocTypes
Set<String> iocTypes = new LinkedHashSet<>(saTifSourceConfigDto.getIocTypes());

return new SATIFSourceConfig(
saTifSourceConfig.getId(),
saTifSourceConfig.getVersion(),
saTifSourceConfigDto.getName(),
saTifSourceConfigDto.getFormat(),
saTifSourceConfigDto.getType(),
saTifSourceConfig.getType(),
saTifSourceConfigDto.getDescription(),
saTifSourceConfig.getCreatedByUser(),
saTifSourceConfig.getCreatedAt(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import org.opensearch.commons.authuser.User;
import org.opensearch.core.action.ActionListener;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.rest.RestRequest;
import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigRequest;
Expand Down Expand Up @@ -96,8 +97,10 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques
}
try {
SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto();
if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource) {
if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource
&& request.getMethod().equals(RestRequest.Method.POST)) {
listener.onFailure(new UnsupportedOperationException("Unsupported Threat intel Source Config Type passed - " + saTifSourceConfigDto.getType()));
return;
}
saTifSourceConfigManagementService.createOrUpdateTifSourceConfig(
saTifSourceConfigDto,
Expand Down

0 comments on commit f18da76

Please sign in to comment.