diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..3abeaa497
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,19 @@
+# This workflow builds a production-ready package when a tag is created.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Build
+
+on:
+ push:
+ tags:
+ - 'v*'
+jobs:
+ build:
+ name: Build app package (auto)
+ uses: ./.github/workflows/dev-environment.yml
+ with:
+ reference: ${{ github.ref_name }}
+ command: 'yarn build'
+ artifact_name: 'wazuh-security-dashboards-plugin-${{ github.ref_name }}'
+ artifact_path: './wazuh-security-plugin/build'
\ No newline at end of file
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..092c298a3
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,77 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "main", "[0-9].[0-9]", "[0-9].x" ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ "main" ]
+ schedule:
+ - cron: '00 8 * * 5'
+ workflow_dispatch:
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'javascript' ]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+ # Use only 'java' to analyze code written in Java, Kotlin or both
+ # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/cypress-test-tenancy-disabled.yml b/.github/workflows/cypress-test-tenancy-disabled.yml
index d67e478a4..972a138ff 100644
--- a/.github/workflows/cypress-test-tenancy-disabled.yml
+++ b/.github/workflows/cypress-test-tenancy-disabled.yml
@@ -1,6 +1,6 @@
name: Cypress Tests Multitenancy Disabled
-on: [ push, pull_request ]
+on: [push, pull_request]
env:
TEST_BROWSER_HEADLESS: 1
@@ -50,7 +50,7 @@ jobs:
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
- plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
+ plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip'
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
@@ -73,6 +73,7 @@ jobs:
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin
+ app_reference: ${{ vars.WZD_REF }}
opensearch_dashboards_yml: tenancy-disabled-opensearch-dashboards-config.yml
- name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
diff --git a/.github/workflows/cypress-test.yml b/.github/workflows/cypress-test.yml
index c9a85ac6f..408cb9962 100644
--- a/.github/workflows/cypress-test.yml
+++ b/.github/workflows/cypress-test.yml
@@ -1,6 +1,6 @@
name: Cypress Tests
-on: [ push, pull_request ]
+on: [push, pull_request]
env:
TEST_BROWSER_HEADLESS: 1
@@ -21,7 +21,7 @@ jobs:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
- steps:
+ steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
@@ -50,7 +50,7 @@ jobs:
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
- plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
+ plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip'
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
@@ -75,6 +75,7 @@ jobs:
uses: derek-ho/setup-opensearch-dashboards@v1
with:
plugin_name: security-dashboards-plugin
+ app_reference: ${{ vars.WZD_REF }}
opensearch_dashboards_yml: cypress-opensearch-dashboards-config.yml
- name: Configure and Run OpenSearch Dashboards with Cypress Test Cases
@@ -82,7 +83,7 @@ jobs:
cd ./OpenSearch-Dashboards
nohup yarn start --no-base-path --no-watch &
sleep 500
- git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git
+ git clone https://github.com/opensearch-project/opensearch-dashboards-functional-test.git -b ${{ env.OPENSEARCH_VERSION }}
cd opensearch-dashboards-functional-test
npm install cypress --save-dev
yarn cypress:run-with-security-and-aggregation-view --browser chrome --spec "cypress/integration/plugins/security-dashboards-plugin/aggregation_view.js"
diff --git a/.github/workflows/dev-environment.yml b/.github/workflows/dev-environment.yml
new file mode 100644
index 000000000..7bcec2419
--- /dev/null
+++ b/.github/workflows/dev-environment.yml
@@ -0,0 +1,96 @@
+# This workflow downloads the source code at the given git reference
+# (branch, tag or commit), an sets up an environment (Kibana or OpenSearch)
+# to run this code and a command (build, test, ...).
+#
+# This workflow is used as a base for other workflows.
+
+name: Base workflow - Environment
+
+on:
+ workflow_call:
+ inputs:
+ reference:
+ required: true
+ type: string
+ default: master
+ description: Source code reference (branch, tag or commit SHA).
+ command:
+ required: true
+ type: string
+ default: 'yarn build'
+ description: Command to run in the environment
+ docker_run_extra_args:
+ type: string
+ default: ''
+ description: Additional paramaters for the docker run command.
+ required: false
+ artifact_name:
+ type: string
+ default: ''
+ description: Artifact name (will be automatically suffixed with .zip)
+ required: false
+ artifact_path:
+ type: string
+ default: ''
+ description: Folder to include in the archive.
+ required: false
+ notify_jest_coverage_summary:
+ type: boolean
+ default: false
+ required: false
+
+jobs:
+ # Deploy the plugin in a development environment and run a command
+ # using a pre-built Docker image, hosted in Quay.io.
+ deploy_and_run_command:
+ name: Deploy and run command
+ runs-on: ubuntu-latest
+ steps:
+ - name: Step 01 - Download the plugin's source code
+ uses: actions/checkout@v3
+ with:
+ repository: wazuh/wazuh-security-dashboards-plugin
+ ref: ${{ inputs.reference }}
+ path: wazuh-security-plugin
+
+ # Fix source code ownership so the internal user of the Docker
+ # container is also owner.
+ - name: Step 02 - Change code ownership
+ run: sudo chown 1000:1000 -R wazuh-security-plugin;
+
+ - name: Step 03 - Set up the environment and run the command
+ run: |
+ # Read the platform version from the package.json file
+ echo "Reading the platform version from the package.json...";
+ platform_version=$(jq -r '.opensearchDashboards.version | select(. != null)' wazuh-security-plugin/package.json);
+ echo "Plugin platform version: $platform_version";
+
+ # Up the environment and run the command
+ docker run -t --rm \
+ -e OPENSEARCH_DASHBOARDS_VERSION=${platform_version} \
+ -v `pwd`/wazuh-security-plugin:/home/node/kbn/plugins/wazuh-security-plugin \
+ ${{ inputs.docker_run_extra_args }} \
+ quay.io/wazuh/osd-dev:${platform_version} \
+ bash -c '
+ yarn config set registry https://registry.yarnpkg.com;
+ cd /home/node/kbn/plugins/wazuh-security-plugin && yarn && ${{ inputs.command }};
+ '
+ - name: Get the plugin version
+ run: |
+ echo "version=$(jq -r '.wazuh.version' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+ echo "revision=$(jq -r '.wazuh.revision' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+
+ - name: Step 04 - Upload artifact to GitHub
+ if: ${{ inputs.artifact_name && inputs.artifact_path }}
+ uses: actions/upload-artifact@v3
+ with:
+ name: ${{ inputs.artifact_name }}_${{ env.version }}-${{ env.revision }}_${{ inputs.reference }}.zip
+ path: ${{ inputs.artifact_path }}
+
+ - name: Step 05 - Upload coverage results to GitHub
+ if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }}
+ uses: AthleticNet/comment-test-coverage@1.2.2
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
+ path: ./wazuh-security-plugin/target/test-coverage/coverage-summary.json
+ title: "Code coverage (Jest)"
\ No newline at end of file
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
index 53bd6a9f9..7b5a646b8 100644
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -14,13 +14,13 @@ jobs:
strategy:
fail-fast: false
matrix:
- os: [ ubuntu-latest , windows-latest ]
+ os: [ubuntu-latest] # Removed windows-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Branch
uses: actions/checkout@v3
-
+
- name: Set up JDK
uses: actions/setup-java@v1
with:
@@ -34,7 +34,25 @@ jobs:
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV
shell: bash
- - name: Download security plugin and create setup scripts for remote cluster
+ - uses: browser-actions/setup-geckodriver@v0.0.0
+ - run: geckodriver --version
+
+ - name: Set up Firefox browser
+ if: ${{ runner.os == 'Linux' }}
+ uses: browser-actions/setup-firefox@v1
+
+ - run: firefox --version
+ if: ${{ runner.os == 'Linux' }}
+
+ # Browser-action version does not work on Windows
+ # - name: Set up Firefox browser for Windows
+ # if: ${{ runner.os == 'Windows' }}
+ # uses: RyanL1997/setup-browser@main
+ # with:
+ # browser: firefox
+ # version: latest
+
+ - name: Download security plugin and create setup scripts
uses: ./.github/actions/download-plugin
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
@@ -69,7 +87,7 @@ jobs:
uses: derek-ho/start-opensearch@v2
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
- plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
+ plugins: 'file:$(pwd)/${{ env.PLUGIN_NAME }}.zip'
security-enabled: true
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
@@ -83,7 +101,8 @@ jobs:
- id: install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v3
with:
- plugin_name: security-dashboards-plugin
+ plugin_name: wazuh-security-dashboards-plugin
+ app_reference: ${{ vars.WZD_REF }}
- name: Start Dashboards in background
run: node scripts/build_opensearch_dashboards_platform_plugins.js
@@ -101,11 +120,10 @@ jobs:
shell: bash
working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
- - name: Run integration tests on Windows
- if: ${{ runner.os == 'Windows' }}
- run: |
- echo "check if opensearch is ready"
- curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k
- export ADMIN_PASSWORD=${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} && node ./test/run_jest_tests.js --runInBand --detectOpenHandles --forceExit --config ./test/jest.config.server.js
- shell: bash
- working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
+ # - name: Run integration tests on Windows
+ # if: ${{ runner.os == 'Windows' }}
+ # run: |
+ # echo "check if opensearch is ready"
+ # curl -XGET https://localhost:9200 -u 'admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}' -k
+ # node .\test\run_jest_tests.js --runInBand --detectOpenHandles --forceExit --config .\test\jest.config.server.js
+ # working-directory: ${{ steps.install-dashboards.outputs.plugin-directory }}
diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml
new file mode 100644
index 000000000..54a1288da
--- /dev/null
+++ b/.github/workflows/manual-build.yml
@@ -0,0 +1,34 @@
+# This workflow builds a production-ready package from the given Git reference.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Manual build
+
+on:
+ workflow_call:
+ inputs:
+ reference:
+ required: true
+ type: string
+ description: Source code reference (branch, tag or commit SHA)
+ default: 4.10.0
+ workflow_dispatch:
+ inputs:
+ reference:
+ required: true
+ type: string
+ default: master
+ description: Source code reference (branch, tag or commit SHA)
+
+jobs:
+ # Build an app package from the given source code reference.
+ build:
+ name: Build app package
+ uses: ./.github/workflows/dev-environment.yml
+ with:
+ reference: ${{ inputs.reference }}
+ command: 'yarn build'
+ artifact_name: 'wazuh-security-dashboards-plugin'
+ artifact_path: './wazuh-security-plugin/build'
+ secrets: inherit
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
index c517df304..bd104510c 100644
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@@ -1,6 +1,6 @@
name: Unit Tests
-on: [ push, pull_request ]
+on: [push, pull_request]
jobs:
unit-tests:
@@ -8,13 +8,13 @@ jobs:
strategy:
fail-fast: false
matrix:
- os: [ ubuntu-latest , windows-latest ]
+ os: [ubuntu-latest] # Removed windows-latest, macos-latest
runs-on: ${{ matrix.os }}
steps:
- - name: Enable longer filenames
- if: ${{ matrix.os == 'windows-latest' }}
- run: git config --system core.longpaths true
+ # - name: Enable longer filenames
+ # if: ${{ matrix.os == 'windows-latest' }}
+ # run: git config --system core.longpaths true
- name: Checkout Branch
uses: actions/checkout@v2
@@ -22,7 +22,8 @@ jobs:
- id: install-dashboards
uses: derek-ho/setup-opensearch-dashboards@v3
with:
- plugin_name: security-dashboards-plugin
+ plugin_name: wazuh-security-dashboards-plugin
+ app_reference: ${{ vars.WZD_REF }}
- name: Run lint
run: yarn lint
diff --git a/README.md b/README.md
index 5eda6aaaa..861b0ecc4 100644
--- a/README.md
+++ b/README.md
@@ -1,31 +1,32 @@
-[](https://github.com/opensearch-project/security-dashboards-plugin/actions)[](https://github.com/opensearch-project/security-dashboards-plugin/actions)[](https://github.com/opensearch-project/security-dashboards-plugin)
+
+
+
-
+# Wazuh Security Dashboards Plugin
-# OpenSearch Dashboards Security Plugin
+Wazuh Security Dashboards Plugin is a fork of the OpenSearch Dashboards Security Plugin which incorporate changes to make it easier to use for Wazuh users. Our aim is to contribute back any work not tied specifically to Wazuh.
-This plugin for OpenSearch Dashboards adds a configuration management UI for the OpenSearch Security features, as well as authentication, session management and multi-tenancy support to your secured cluster.
+This plugin for Wazuh Dashboard adds a configuration management UI for the Wazuh Security features, as well as authentication, session management and multi-tenancy support to your secured cluster.
- [Features](#features)
- [Installation](#installation)
- [Contributing](#contributing)
- [Getting Help](#getting-help)
-- [Code of Conduct](#code-of-conduct)
- [Security](#security)
- [License](#license)
- [Copyright](#copyright)
## Features
-* OpenSearch Dashboards authentication for OpenSearch
-* OpenSearch Dashboards session management
-* OpenSearch Security configuration UI
-* Multi-tenancy support for OpenSearch Dashboards
-* OpenSearch audit logging configuration UI
+* Wazuh Dashboard authentication for OpenSearch
+* Wazuh Dashboard session management
+* Wazuh Security configuration UI
+* Multi-tenancy support for Wazuh Dashboard
+* Wazuh audit logging configuration UI
## Installation
-The OpenSearch Dashboards Security Plugin comes bundled by default as part of the OpenSearch Dashboards distribution. Please refer to the [installation guide](https://opensearch.org/docs/latest/dashboards/install/index/) and [technical documentation](https://opensearch.org/docs/latest/security-plugin/index/) for detailed information on installing and configuring the OpenSearch Security Plugin.
+The Wazuh Security Dashboards Plugin comes bundled by default as part of the Wazuh Dashboards distribution. Please refer to the [installation guide](https://documentation.wazuh.com/current/installation-guide/index.html).
## Contributing
@@ -35,15 +36,11 @@ See [developer guide](DEVELOPER_GUIDE.md) and [how to contribute to this project
If you find a bug, or have a feature request, please don't hesitate to open an issue in this repository.
-For more information, see [project website](https://opensearch.org/) and [documentation](https://opensearch.org/docs/latest). If you need help and are unsure where to open an issue, try [forums](https://discuss.opendistrocommunity.dev/).
-
-## Code of Conduct
-
-This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments.
+For more information, see [project website](https://wazuh.com/) and [documentation](https://documentation.wazuh.com/current/index.html). If you need help and are unsure where to open an [issue](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues).
## Security
-If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue.
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues/new/choose). Please do **not** create a public GitHub issue.
## License
@@ -51,4 +48,5 @@ This code is licensed under the Apache 2.0 License.
## Copyright
-Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
+- Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
+- Copyright Wazuh, Inc.
diff --git a/SECURITY.md b/SECURITY.md
index 9c8175303..164723b5d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,45 @@
-# Reporting a Vulnerability
+# Wazuh Open Source Project Security Policy
-If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue.
+Version: 2023-06-12
+
+## Introduction
+This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
+
+## Scope
+This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
+
+## Reporting Security Vulnerabilities
+If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
+
+Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
+
+## Vulnerability Disclosure Policy
+Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
+
+1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+2. Validation: We will validate the issue and work on reproducing it in our environment.
+3. Remediation: We will work on a fix and thoroughly test it
+4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+
+This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
+
+## Automatic Scanning
+We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
+
+## Credit
+We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
+
+We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
+
+## Compliance with this Policy
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+
+Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
+
+We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
+
+## Changes to this Security Policy
+This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
+
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
diff --git a/package.json b/package.json
index f9cde0196..8c1bebf99 100644
--- a/package.json
+++ b/package.json
@@ -6,6 +6,10 @@
"version": "2.17.1",
"templateVersion": "2.17.1"
},
+ "wazuh": {
+ "version": "5.0.0",
+ "revision": "00"
+ },
"license": "Apache-2.0",
"homepage": "https://github.com/opensearch-project/security-dashboards-plugin",
"scripts": {
diff --git a/public/apps/account/account-app.tsx b/public/apps/account/account-app.tsx
index 0f973a1bc..424a1086c 100644
--- a/public/apps/account/account-app.tsx
+++ b/public/apps/account/account-app.tsx
@@ -105,7 +105,7 @@ export async function setupTopNavButton(coreStart: CoreStart, config: ClientConf
}
}
- setShouldShowTenantPopup(shouldShowTenantPopup);
+ setShouldShowTenantPopup(false);
const isPlacedInLeftNav = coreStart.uiSettings.get('home:useNewHomePage');
diff --git a/public/apps/account/test/account-app.test.tsx b/public/apps/account/test/account-app.test.tsx
index ef0b44699..3a48a4130 100644
--- a/public/apps/account/test/account-app.test.tsx
+++ b/public/apps/account/test/account-app.test.tsx
@@ -107,14 +107,14 @@ describe('Account app', () => {
});
});
- it('Should show tenant selection popup when neither securitytenant in url nor saved tenant', (done) => {
+ it('Should not show tenant selection popup', (done) => {
(getSavedTenant as jest.Mock).mockReturnValueOnce(null);
setupTopNavButton(mockCoreStart, mockConfig as any);
process.nextTick(() => {
expect(getSavedTenant).toBeCalledTimes(1);
- expect(setShouldShowTenantPopup).toBeCalledWith(true);
+ expect(setShouldShowTenantPopup).toBeCalledWith(false);
done();
});
});
diff --git a/public/apps/login/login-page.tsx b/public/apps/login/login-page.tsx
index 4591c032c..4c813a05b 100644
--- a/public/apps/login/login-page.tsx
+++ b/public/apps/login/login-page.tsx
@@ -28,6 +28,7 @@ import {
} from '@elastic/eui';
import { CoreStart } from '../../../../../src/core/public';
import { ClientConfigType } from '../../types';
+import defaultBrandImage from '../../assets/ui/wazuh_logo.svg';
import { validateCurrentPassword } from '../../utils/login-utils';
import {
ANONYMOUS_AUTH_LOGIN,
@@ -279,23 +280,23 @@ export function LoginPage(props: LoginPageDeps) {
};
// TODO: Get brand image from server config
+ // Don't force custom logo to have 100% width. It should be handled in the svg properties if needed. (Removed fullWidth in the image)
return (
{props.config.ui.basicauth.login.showbrandimage && (
)}
- {props.config.ui.basicauth.login.title || 'Log in to OpenSearch Dashboards'}
+ {props.config.ui.basicauth.login.title || ''}
- {props.config.ui.basicauth.login.subtitle ||
- 'If you have forgotten your username or password, contact your system administrator.'}
+ {props.config.ui.basicauth.login.subtitle || ''}
diff --git a/public/apps/login/test/__snapshots__/login-page.test.tsx.snap b/public/apps/login/test/__snapshots__/login-page.test.tsx.snap
index d36178728..0cd63d070 100644
--- a/public/apps/login/test/__snapshots__/login-page.test.tsx.snap
+++ b/public/apps/login/test/__snapshots__/login-page.test.tsx.snap
@@ -725,7 +725,7 @@ exports[`Login page renders renders with default value: string 1`] = `
- Log in to OpenSearch Dashboards
-
+ />
- If you have forgotten your username or password, contact your system administrator.
-
+ />
@@ -819,7 +815,7 @@ exports[`Login page renders renders with default value: string array 1`] = `
- Log in to OpenSearch Dashboards
-
+ />
- If you have forgotten your username or password, contact your system administrator.
-
+ />
diff --git a/public/assets/ui/wazuh_logo.svg b/public/assets/ui/wazuh_logo.svg
new file mode 100644
index 000000000..b74126093
--- /dev/null
+++ b/public/assets/ui/wazuh_logo.svg
@@ -0,0 +1,51 @@
+
+
\ No newline at end of file
diff --git a/public/plugin.ts b/public/plugin.ts
index d5280574f..677120c70 100644
--- a/public/plugin.ts
+++ b/public/plugin.ts
@@ -157,7 +157,7 @@ export class SecurityPlugin
core.application.register({
id: PLUGIN_NAME,
title: 'Security',
- order: 9050,
+ order: 9030,
workspaceAvailability: WorkspaceAvailability.outsideWorkspace,
navLinkStatus: core.chrome.navGroup.getNavGroupEnabled()
? AppNavLinkStatus.hidden
@@ -317,7 +317,7 @@ export class SecurityPlugin
deps.managementOverview.register({
id: PLUGIN_NAME,
title: 'Security',
- order: 9050,
+ order: 9030,
description: i18n.translate('security.securityDescription', {
defaultMessage:
'Configure how users access data in OpenSearch with authentication, access control and audit logging.',
diff --git a/server/index.ts b/server/index.ts
index 68a20f533..e2cfa596b 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -134,11 +134,8 @@ export const configSchema = schema.object({
}),
loadbalancer_url: schema.maybe(schema.string()),
login: schema.object({
- title: schema.string({ defaultValue: 'Log in to OpenSearch Dashboards' }),
- subtitle: schema.string({
- defaultValue:
- 'If you have forgotten your username or password, contact your system administrator.',
- }),
+ title: schema.string({ defaultValue: '' }),
+ subtitle: schema.string({ defaultValue: '' }),
showbrandimage: schema.boolean({ defaultValue: true }),
brandimage: schema.string({ defaultValue: '' }), // TODO: update brand image
buttonstyle: schema.string({ defaultValue: '' }),
@@ -251,11 +248,8 @@ export const configSchema = schema.object({
// the login config here is the same as old config `_security.basicauth.login`
// Since we are now rendering login page to browser app, so move these config to browser side.
login: schema.object({
- title: schema.string({ defaultValue: 'Log in to OpenSearch Dashboards' }),
- subtitle: schema.string({
- defaultValue:
- 'If you have forgotten your username or password, contact your system administrator.',
- }),
+ title: schema.string({ defaultValue: '' }),
+ subtitle: schema.string({ defaultValue: '' }),
showbrandimage: schema.boolean({ defaultValue: true }),
brandimage: schema.string({ defaultValue: '' }),
buttonstyle: schema.string({ defaultValue: '' }),
diff --git a/test/cypress/e2e/oidc/oidc_auth_test.spec.js b/test/cypress/e2e/oidc/oidc_auth_test.spec.js
index 79a41807d..48bcc694d 100644
--- a/test/cypress/e2e/oidc/oidc_auth_test.spec.js
+++ b/test/cypress/e2e/oidc/oidc_auth_test.spec.js
@@ -105,6 +105,9 @@ describe('Log in via OIDC', () => {
});
localStorage.setItem('home:newThemeModal:show', 'false');
+ cy.get('#user-icon-btn').should('be.visible');
+ cy.get('#user-icon-btn').click();
+ cy.get('button[data-test-subj^="switch-tenants"]').click();
cy.get('#private').should('be.enabled');
cy.get('#private').click({ force: true });
diff --git a/test/cypress/e2e/saml/saml_auth_test.spec.js b/test/cypress/e2e/saml/saml_auth_test.spec.js
index fc6c6934c..2dd9f8f93 100644
--- a/test/cypress/e2e/saml/saml_auth_test.spec.js
+++ b/test/cypress/e2e/saml/saml_auth_test.spec.js
@@ -102,6 +102,9 @@ describe('Log in via SAML', () => {
});
samlLogin();
+ cy.get('#user-icon-btn').should('be.visible');
+ cy.get('#user-icon-btn').click();
+ cy.get('button[data-test-subj^="switch-tenants"]').click();
cy.get('#private').should('be.enabled');
cy.get('#private').click({ force: true });
diff --git a/test/jest.config.server.js b/test/jest.config.server.js
index 783003154..f625ee260 100644
--- a/test/jest.config.server.js
+++ b/test/jest.config.server.js
@@ -17,24 +17,24 @@ import config from '../../../src/dev/jest/config';
export default {
...config,
- roots: ['/plugins/security-dashboards-plugin'],
+ roots: ['/plugins/wazuh-security-dashboards-plugin'],
testMatch: ['**/test/jest_integration/**/*.test.ts', '**/server/**/*.test.ts'],
testPathIgnorePatterns: config.testPathIgnorePatterns.filter(
(pattern) => !pattern.includes('integration_tests')
),
setupFilesAfterEnv: [
'/src/dev/jest/setup/after_env.integration.js',
- '/plugins/security-dashboards-plugin/test/setup/after_env.js',
+ '/plugins/wazuh-security-dashboards-plugin/test/setup/after_env.js',
],
collectCoverageFrom: [
- '/plugins/security-dashboards-plugin/server/**/*.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/server/**/*.test.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/server/auth/types/jwt/**/*.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/server/auth/types/openid/**/*.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/server/auth/types/saml/**/*.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/server/auth/types/proxy/**/*.{ts,tsx}',
+ '/plugins/wazuh-security-dashboards-plugin/server/**/*.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/server/**/*.test.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/jwt/**/*.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/openid/**/*.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/saml/**/*.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/server/auth/types/proxy/**/*.{ts,tsx}',
],
coverageDirectory:
- '/plugins/security-dashboards-plugin/opensearch-dashboards-coverage/jest_server',
+ '/plugins/wazuh-security-dashboards-plugin/opensearch-dashboards-coverage/jest_server',
coverageReporters: ['lcov', 'text', 'cobertura', 'html'],
};
diff --git a/test/jest.config.ui.js b/test/jest.config.ui.js
index b3ec9bc2e..dfe15acbe 100644
--- a/test/jest.config.ui.js
+++ b/test/jest.config.ui.js
@@ -17,19 +17,19 @@ import config from '../../../src/dev/jest/config';
export default {
...config,
- roots: ['/plugins/security-dashboards-plugin'],
+ roots: ['/plugins/wazuh-security-dashboards-plugin'],
testMatch: ['**/public/**/*.test.{ts,tsx,js,jsx}', '**/common/*.test.{ts, tsx}'],
testPathIgnorePatterns: [
- '/plugins/security-dashboards-plugin/build/',
- '/plugins/security-dashboards-plugin/node_modules/',
+ '/plugins/wazuh-security-dashboards-plugin/build/',
+ '/plugins/wazuh-security-dashboards-plugin/node_modules/',
],
setupFilesAfterEnv: ['/src/dev/jest/setup/after_env.integration.js'],
collectCoverageFrom: [
- '/plugins/security-dashboards-plugin/public/**/*.{ts,tsx}',
- '!/plugins/security-dashboards-plugin/public/**/*.test.{ts,tsx}',
+ '/plugins/wazuh-security-dashboards-plugin/public/**/*.{ts,tsx}',
+ '!/plugins/wazuh-security-dashboards-plugin/public/**/*.test.{ts,tsx}',
],
coverageDirectory:
- '/plugins/security-dashboards-plugin/opensearch-dashboards-coverage/jest_ui',
+ '/plugins/wazuh-security-dashboards-plugin/opensearch-dashboards-coverage/jest_ui',
clearMocks: true,
coverageReporters: ['lcov', 'text', 'cobertura', 'html'],
};
diff --git a/test/jest_integration/jwt_auth.test.ts b/test/jest_integration/jwt_auth.test.ts
index 7fc2dde76..d8e313994 100644
--- a/test/jest_integration/jwt_auth.test.ts
+++ b/test/jest_integration/jwt_auth.test.ts
@@ -219,8 +219,8 @@ describe('start OpenSearch Dashboards server', () => {
// shutdown OpenSearchDashboards server
await root.shutdown();
});
-
- it('Login to app/opensearch_dashboards_overview#/ when JWT is enabled', async () => {
+ // Wazuh: Skip test because overview page is disabled
+ it.skip('Login to app/opensearch_dashboards_overview#/ when JWT is enabled', async () => {
const payload = {
sub: 'jwt_test',
roles: 'admin,kibanauser',
@@ -267,8 +267,8 @@ describe('start OpenSearch Dashboards server', () => {
await driver.manage().deleteAllCookies();
await driver.quit();
});
-
- it('Login to app/opensearch_dashboards_overview#/ when JWT is enabled with invalid token', async () => {
+ // Wazuh: Skip test because overview page is disabled
+ it.skip('Login to app/opensearch_dashboards_overview#/ when JWT is enabled with invalid token', async () => {
const payload = {
sub: 'jwt_test',
roles: 'admin,kibanauser',
@@ -294,8 +294,8 @@ describe('start OpenSearch Dashboards server', () => {
await driver.manage().deleteAllCookies();
await driver.quit();
});
-
- it('Login to app/dev_tools#/console when JWT is enabled with invalid token', async () => {
+ // Wazuh: Skip test because this issue https://github.com/opensearch-project/security-dashboards-plugin/issues/1540
+ it.skip('Login to app/dev_tools#/console when JWT is enabled with invalid token', async () => {
const payload = {
sub: 'jwt_test',
roles: 'admin,kibanauser',
+
+# Wazuh Security Dashboards Plugin
-# OpenSearch Dashboards Security Plugin
+Wazuh Security Dashboards Plugin is a fork of the OpenSearch Dashboards Security Plugin which incorporate changes to make it easier to use for Wazuh users. Our aim is to contribute back any work not tied specifically to Wazuh.
-This plugin for OpenSearch Dashboards adds a configuration management UI for the OpenSearch Security features, as well as authentication, session management and multi-tenancy support to your secured cluster.
+This plugin for Wazuh Dashboard adds a configuration management UI for the Wazuh Security features, as well as authentication, session management and multi-tenancy support to your secured cluster.
- [Features](#features)
- [Installation](#installation)
- [Contributing](#contributing)
- [Getting Help](#getting-help)
-- [Code of Conduct](#code-of-conduct)
- [Security](#security)
- [License](#license)
- [Copyright](#copyright)
## Features
-* OpenSearch Dashboards authentication for OpenSearch
-* OpenSearch Dashboards session management
-* OpenSearch Security configuration UI
-* Multi-tenancy support for OpenSearch Dashboards
-* OpenSearch audit logging configuration UI
+* Wazuh Dashboard authentication for OpenSearch
+* Wazuh Dashboard session management
+* Wazuh Security configuration UI
+* Multi-tenancy support for Wazuh Dashboard
+* Wazuh audit logging configuration UI
## Installation
-The OpenSearch Dashboards Security Plugin comes bundled by default as part of the OpenSearch Dashboards distribution. Please refer to the [installation guide](https://opensearch.org/docs/latest/dashboards/install/index/) and [technical documentation](https://opensearch.org/docs/latest/security-plugin/index/) for detailed information on installing and configuring the OpenSearch Security Plugin.
+The Wazuh Security Dashboards Plugin comes bundled by default as part of the Wazuh Dashboards distribution. Please refer to the [installation guide](https://documentation.wazuh.com/current/installation-guide/index.html).
## Contributing
@@ -35,15 +36,11 @@ See [developer guide](DEVELOPER_GUIDE.md) and [how to contribute to this project
If you find a bug, or have a feature request, please don't hesitate to open an issue in this repository.
-For more information, see [project website](https://opensearch.org/) and [documentation](https://opensearch.org/docs/latest). If you need help and are unsure where to open an issue, try [forums](https://discuss.opendistrocommunity.dev/).
-
-## Code of Conduct
-
-This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments.
+For more information, see [project website](https://wazuh.com/) and [documentation](https://documentation.wazuh.com/current/index.html). If you need help and are unsure where to open an [issue](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues).
## Security
-If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue.
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](https://github.com/wazuh/wazuh-security-dashboards-plugin/issues/new/choose). Please do **not** create a public GitHub issue.
## License
@@ -51,4 +48,5 @@ This code is licensed under the Apache 2.0 License.
## Copyright
-Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
+- Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
+- Copyright Wazuh, Inc.
diff --git a/SECURITY.md b/SECURITY.md
index 9c8175303..164723b5d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,45 @@
-# Reporting a Vulnerability
+# Wazuh Open Source Project Security Policy
-If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue.
+Version: 2023-06-12
+
+## Introduction
+This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
+
+## Scope
+This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
+
+## Reporting Security Vulnerabilities
+If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
+
+Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
+
+## Vulnerability Disclosure Policy
+Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
+
+1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+2. Validation: We will validate the issue and work on reproducing it in our environment.
+3. Remediation: We will work on a fix and thoroughly test it
+4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+
+This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
+
+## Automatic Scanning
+We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
+
+## Credit
+We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
+
+We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
+
+## Compliance with this Policy
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+
+Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
+
+We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
+
+## Changes to this Security Policy
+This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
+
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
diff --git a/package.json b/package.json
index f9cde0196..8c1bebf99 100644
--- a/package.json
+++ b/package.json
@@ -6,6 +6,10 @@
"version": "2.17.1",
"templateVersion": "2.17.1"
},
+ "wazuh": {
+ "version": "5.0.0",
+ "revision": "00"
+ },
"license": "Apache-2.0",
"homepage": "https://github.com/opensearch-project/security-dashboards-plugin",
"scripts": {
diff --git a/public/apps/account/account-app.tsx b/public/apps/account/account-app.tsx
index 0f973a1bc..424a1086c 100644
--- a/public/apps/account/account-app.tsx
+++ b/public/apps/account/account-app.tsx
@@ -105,7 +105,7 @@ export async function setupTopNavButton(coreStart: CoreStart, config: ClientConf
}
}
- setShouldShowTenantPopup(shouldShowTenantPopup);
+ setShouldShowTenantPopup(false);
const isPlacedInLeftNav = coreStart.uiSettings.get('home:useNewHomePage');
diff --git a/public/apps/account/test/account-app.test.tsx b/public/apps/account/test/account-app.test.tsx
index ef0b44699..3a48a4130 100644
--- a/public/apps/account/test/account-app.test.tsx
+++ b/public/apps/account/test/account-app.test.tsx
@@ -107,14 +107,14 @@ describe('Account app', () => {
});
});
- it('Should show tenant selection popup when neither securitytenant in url nor saved tenant', (done) => {
+ it('Should not show tenant selection popup', (done) => {
(getSavedTenant as jest.Mock).mockReturnValueOnce(null);
setupTopNavButton(mockCoreStart, mockConfig as any);
process.nextTick(() => {
expect(getSavedTenant).toBeCalledTimes(1);
- expect(setShouldShowTenantPopup).toBeCalledWith(true);
+ expect(setShouldShowTenantPopup).toBeCalledWith(false);
done();
});
});
diff --git a/public/apps/login/login-page.tsx b/public/apps/login/login-page.tsx
index 4591c032c..4c813a05b 100644
--- a/public/apps/login/login-page.tsx
+++ b/public/apps/login/login-page.tsx
@@ -28,6 +28,7 @@ import {
} from '@elastic/eui';
import { CoreStart } from '../../../../../src/core/public';
import { ClientConfigType } from '../../types';
+import defaultBrandImage from '../../assets/ui/wazuh_logo.svg';
import { validateCurrentPassword } from '../../utils/login-utils';
import {
ANONYMOUS_AUTH_LOGIN,
@@ -279,23 +280,23 @@ export function LoginPage(props: LoginPageDeps) {
};
// TODO: Get brand image from server config
+ // Don't force custom logo to have 100% width. It should be handled in the svg properties if needed. (Removed fullWidth in the image)
return (