From f18da76dfaee68f7f77d29dec45ae586013b4af0 Mon Sep 17 00:00:00 2001 From: Surya Sashank Nistala Date: Tue, 9 Jul 2024 14:44:42 -0700 Subject: [PATCH] add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala --- .../SATIFSourceConfigManagementService.java | 37 ++++++++++++++++++- .../TransportIndexTIFSourceConfigAction.java | 5 ++- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java index de3b0891b..472ef8a5a 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java @@ -51,6 +51,7 @@ import java.util.stream.Collectors; import static org.opensearch.securityanalytics.threatIntel.common.SourceConfigType.IOC_UPLOAD; +import static org.opensearch.securityanalytics.threatIntel.common.SourceConfigType.URL_DOWNLOAD; /** * Service class for threat intel feed source config object @@ -511,6 +512,11 @@ public void deleteTIFSourceConfig( ) { saTifSourceConfigService.getTIFSourceConfig(saTifSourceConfigId, ActionListener.wrap( saTifSourceConfig -> { + if (URL_DOWNLOAD.equals(saTifSourceConfig.getType())) { + log.error("Cannot delete tif source config {} as it's a built-in config and not user-defined.", saTifSourceConfigId); + listener.onFailure(new IllegalArgumentException("Cannot delete built-in tif source config " + saTifSourceConfigId)); + return; + } // Check if all threat intel monitors are deleted saTifSourceConfigService.checkAndEnsureThreatIntelMonitorsDeleted(ActionListener.wrap( isDeleted -> { @@ -770,15 +776,42 @@ public SATIFSourceConfig convertToSATIFConfig(SATIFSourceConfigDto saTifSourceCo } private SATIFSourceConfig updateSaTifSourceConfig(SATIFSourceConfigDto saTifSourceConfigDto, SATIFSourceConfig saTifSourceConfig) { + // currently url download is only for default tif configs and supports only activate/deactivate. Ideally should be via an activate API + if (URL_DOWNLOAD.equals(saTifSourceConfig.getType())) { + return new SATIFSourceConfig( + saTifSourceConfig.getId(), + saTifSourceConfig.getVersion(), + saTifSourceConfig.getName(), + saTifSourceConfig.getFormat(), + saTifSourceConfig.getType(), + saTifSourceConfig.getDescription(), + saTifSourceConfig.getCreatedByUser(), + saTifSourceConfig.getCreatedAt(), + saTifSourceConfig.getSource(), + saTifSourceConfig.getEnabledTime(), + saTifSourceConfig.getLastUpdateTime(), + saTifSourceConfig.getSchedule(), + saTifSourceConfig.getState(), + saTifSourceConfig.getRefreshType(), + saTifSourceConfig.getLastRefreshedTime(), + saTifSourceConfig.getLastRefreshedUser(), + saTifSourceConfig.isEnabled(), + saTifSourceConfig.getIocStoreConfig(), + saTifSourceConfig.getIocTypes(), + saTifSourceConfigDto.isEnabledForScan() + ); + } + if (false == saTifSourceConfig.getSource().getClass().equals(saTifSourceConfigDto.getSource().getClass())) { + throw new IllegalArgumentException(""); + } // remove duplicates from iocTypes Set iocTypes = new LinkedHashSet<>(saTifSourceConfigDto.getIocTypes()); - return new SATIFSourceConfig( saTifSourceConfig.getId(), saTifSourceConfig.getVersion(), saTifSourceConfigDto.getName(), saTifSourceConfigDto.getFormat(), - saTifSourceConfigDto.getType(), + saTifSourceConfig.getType(), saTifSourceConfigDto.getDescription(), saTifSourceConfig.getCreatedByUser(), saTifSourceConfig.getCreatedAt(), diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java index 0528b821a..9b6378cf9 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java @@ -15,6 +15,7 @@ import org.opensearch.commons.authuser.User; import org.opensearch.core.action.ActionListener; import org.opensearch.core.rest.RestStatus; +import org.opensearch.rest.RestRequest; import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings; import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigAction; import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigRequest; @@ -96,8 +97,10 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques } try { SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto(); - if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource) { + if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource + && request.getMethod().equals(RestRequest.Method.POST)) { listener.onFailure(new UnsupportedOperationException("Unsupported Threat intel Source Config Type passed - " + saTifSourceConfigDto.getType())); + return; } saTifSourceConfigManagementService.createOrUpdateTifSourceConfig( saTifSourceConfigDto,