From 69e6a5213d4bb7559e3c0575a3a732cdef818e6e Mon Sep 17 00:00:00 2001 From: James Baiera Date: Wed, 26 May 2021 14:16:31 -0400 Subject: [PATCH 1/5] Add product response header to all responses --- .../src/main/java/org/elasticsearch/rest/RestController.java | 4 ++++ .../test/java/org/elasticsearch/rest/RestControllerTests.java | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/server/src/main/java/org/elasticsearch/rest/RestController.java b/server/src/main/java/org/elasticsearch/rest/RestController.java index b9875795006d7..bf6c7a93be3e3 100644 --- a/server/src/main/java/org/elasticsearch/rest/RestController.java +++ b/server/src/main/java/org/elasticsearch/rest/RestController.java @@ -57,6 +57,8 @@ public class RestController implements HttpServerTransport.Dispatcher { private static final Logger logger = LogManager.getLogger(RestController.class); private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(RestController.class); + private static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; + private static final String ELASTIC_PRODUCT_HTTP_HEADER_VALUE = "Elasticsearch"; private static final String ELASTIC_PRODUCT_ORIGIN_HTTP_HEADER = "X-elastic-product-origin"; private static final BytesReference FAVICON_RESPONSE; @@ -210,6 +212,7 @@ public void registerHandler(final RestHandler handler) { @Override public void dispatchRequest(RestRequest request, RestChannel channel, ThreadContext threadContext) { + threadContext.addResponseHeader(ELASTIC_PRODUCT_HTTP_HEADER, ELASTIC_PRODUCT_HTTP_HEADER_VALUE); try { tryAllHandlers(request, channel, threadContext); } catch (Exception e) { @@ -225,6 +228,7 @@ public void dispatchRequest(RestRequest request, RestChannel channel, ThreadCont @Override public void dispatchBadRequest(final RestChannel channel, final ThreadContext threadContext, final Throwable cause) { + threadContext.addResponseHeader(ELASTIC_PRODUCT_HTTP_HEADER, ELASTIC_PRODUCT_HTTP_HEADER_VALUE); try { final Exception e; if (cause == null) { diff --git a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java index f989a9c69ef0d..4976738014630 100644 --- a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java +++ b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java @@ -40,6 +40,7 @@ import org.junit.Before; import java.io.IOException; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -142,6 +143,9 @@ public MethodHandlers next() { assertEquals("true", threadContext.getHeader("header.1")); assertEquals("true", threadContext.getHeader("header.2")); assertNull(threadContext.getHeader("header.3")); + List expectedProductResponseHeader = new ArrayList<>(); + expectedProductResponseHeader.add("Elasticsearch"); + assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders().getOrDefault("X-Elastic-Product", null)); } public void testRequestWithDisallowedMultiValuedHeader() { From d1a7b67ae65f10710c3a19d17fe8ab8ad227caa4 Mon Sep 17 00:00:00 2001 From: James Baiera Date: Wed, 26 May 2021 14:49:16 -0400 Subject: [PATCH 2/5] share header value privately across package --- .../src/main/java/org/elasticsearch/rest/RestController.java | 4 ++-- .../test/java/org/elasticsearch/rest/RestControllerTests.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/server/src/main/java/org/elasticsearch/rest/RestController.java b/server/src/main/java/org/elasticsearch/rest/RestController.java index bf6c7a93be3e3..674ec592dd581 100644 --- a/server/src/main/java/org/elasticsearch/rest/RestController.java +++ b/server/src/main/java/org/elasticsearch/rest/RestController.java @@ -57,8 +57,8 @@ public class RestController implements HttpServerTransport.Dispatcher { private static final Logger logger = LogManager.getLogger(RestController.class); private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(RestController.class); - private static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; - private static final String ELASTIC_PRODUCT_HTTP_HEADER_VALUE = "Elasticsearch"; + static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; + static final String ELASTIC_PRODUCT_HTTP_HEADER_VALUE = "Elasticsearch"; private static final String ELASTIC_PRODUCT_ORIGIN_HTTP_HEADER = "X-elastic-product-origin"; private static final BytesReference FAVICON_RESPONSE; diff --git a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java index 4976738014630..71ae3b114433e 100644 --- a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java +++ b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java @@ -144,8 +144,8 @@ public MethodHandlers next() { assertEquals("true", threadContext.getHeader("header.2")); assertNull(threadContext.getHeader("header.3")); List expectedProductResponseHeader = new ArrayList<>(); - expectedProductResponseHeader.add("Elasticsearch"); - assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders().getOrDefault("X-Elastic-Product", null)); + expectedProductResponseHeader.add(RestController.ELASTIC_PRODUCT_HTTP_HEADER_VALUE); + assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders().getOrDefault(RestController.ELASTIC_PRODUCT_HTTP_HEADER, null)); } public void testRequestWithDisallowedMultiValuedHeader() { From 0d396ee6d9271cd85b96c0a7729be842d4c04c31 Mon Sep 17 00:00:00 2001 From: James Baiera Date: Thu, 27 May 2021 15:53:57 -0400 Subject: [PATCH 3/5] Make the product header lowercase. --- server/src/main/java/org/elasticsearch/rest/RestController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/org/elasticsearch/rest/RestController.java b/server/src/main/java/org/elasticsearch/rest/RestController.java index 674ec592dd581..299009434ec5a 100644 --- a/server/src/main/java/org/elasticsearch/rest/RestController.java +++ b/server/src/main/java/org/elasticsearch/rest/RestController.java @@ -57,7 +57,7 @@ public class RestController implements HttpServerTransport.Dispatcher { private static final Logger logger = LogManager.getLogger(RestController.class); private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(RestController.class); - static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; + static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-elastic-product"; static final String ELASTIC_PRODUCT_HTTP_HEADER_VALUE = "Elasticsearch"; private static final String ELASTIC_PRODUCT_ORIGIN_HTTP_HEADER = "X-elastic-product-origin"; From 359a1f50fb62c0602b84014749d3f289735794dd Mon Sep 17 00:00:00 2001 From: James Baiera Date: Thu, 27 May 2021 15:54:40 -0400 Subject: [PATCH 4/5] Do not expose the product header if request is unauthenticated. --- .../xpack/security/rest/SecurityRestFilter.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index 643e7562ea8a1..544f0cad7970d 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -111,7 +111,10 @@ private void handleException(String actionType, RestRequest request, RestChannel @Override public Map> filterHeaders(Map> headers) { if (headers.containsKey("Warning")) { - return Maps.copyMapWithRemovedEntry(headers, "Warning"); + headers = Maps.copyMapWithRemovedEntry(headers, "Warning"); + } + if (headers.containsKey("X-elastic-product")) { + headers = Maps.copyMapWithRemovedEntry(headers, "X-elastic-product"); } return headers; } From cbafa3a5e11850d6fcb685b20006397cd1c0bbeb Mon Sep 17 00:00:00 2001 From: James Baiera Date: Tue, 1 Jun 2021 11:45:14 -0400 Subject: [PATCH 5/5] Fix checkstyle --- .../test/java/org/elasticsearch/rest/RestControllerTests.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java index 71ae3b114433e..083a08dad1da7 100644 --- a/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java +++ b/server/src/test/java/org/elasticsearch/rest/RestControllerTests.java @@ -145,7 +145,8 @@ public MethodHandlers next() { assertNull(threadContext.getHeader("header.3")); List expectedProductResponseHeader = new ArrayList<>(); expectedProductResponseHeader.add(RestController.ELASTIC_PRODUCT_HTTP_HEADER_VALUE); - assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders().getOrDefault(RestController.ELASTIC_PRODUCT_HTTP_HEADER, null)); + assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders() + .getOrDefault(RestController.ELASTIC_PRODUCT_HTTP_HEADER, null)); } public void testRequestWithDisallowedMultiValuedHeader() {