From 1533e1a96eea22046f7ba6f7da51af113f83a725 Mon Sep 17 00:00:00 2001 From: Angelique Date: Fri, 10 Jan 2025 12:02:46 +0100 Subject: [PATCH 1/4] Fix auth0 provider for env variable --- opencti-platform/opencti-graphql/src/config/conf.js | 4 ++-- opencti-platform/opencti-graphql/src/config/providers.js | 4 ++-- opencti-platform/opencti-graphql/src/http/httpPlatform.js | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/opencti-platform/opencti-graphql/src/config/conf.js b/opencti-platform/opencti-graphql/src/config/conf.js index 83ecd9b5d853..2a7457a64083 100644 --- a/opencti-platform/opencti-graphql/src/config/conf.js +++ b/opencti-platform/opencti-graphql/src/config/conf.js @@ -253,8 +253,8 @@ export const logApp = { if (appLogTransports.length > 0 && appLogger.isLevelEnabled(level)) { const data = addBasicMetaInformation(LOG_APP, error, { ...meta, source: 'backend' }); // Prevent meta information to be too massive. - const limitedData = limitMetaErrorComplexity(data); - appLogger.log(level, message, limitedData); + // const limitedData = limitMetaErrorComplexity(data); + appLogger.log(level, message, data); } }, _logWithError: (level, messageOrError, meta = {}) => { diff --git a/opencti-platform/opencti-graphql/src/config/providers.js b/opencti-platform/opencti-graphql/src/config/providers.js index f138cc0fc710..ed3364de91b0 100644 --- a/opencti-platform/opencti-graphql/src/config/providers.js +++ b/opencti-platform/opencti-graphql/src/config/providers.js @@ -487,8 +487,8 @@ for (let i = 0; i < providerKeys.length; i += 1) { authorizationURL: `https://${authDomain}/authorize`, tokenURL: `https://${authDomain}/oauth/token`, userInfoURL: `https://${authDomain}/userinfo`, - client_id: config.clientID, - client_secret: config.clientSecret, + client_id: config.clientID ? config.clientID : mappedConfig.clientID, // backward compatibility with Json conf & env var + client_secret: config.clientSecret ? config.clientSecret : mappedConfig.clientSecret, redirect_uri: config.callback_url }; const auth0config = { ...config, ...auth0OpenIDConfiguration }; diff --git a/opencti-platform/opencti-graphql/src/http/httpPlatform.js b/opencti-platform/opencti-graphql/src/http/httpPlatform.js index 38572222ec88..992910dabcf4 100644 --- a/opencti-platform/opencti-graphql/src/http/httpPlatform.js +++ b/opencti-platform/opencti-graphql/src/http/httpPlatform.js @@ -440,7 +440,6 @@ const createApp = async (app) => { } catch (e) { logApp.error('Error auth provider callback', { cause: e, provider }); setCookieError(res, 'Invalid authentication, please ask your administrator'); - res.status(503).send({ status: 'error', error: e.message }); } finally { res.redirect(referer ?? '/'); } From ff9e1c776bc1f70b4bb60737a0ccf7afb0936b41 Mon Sep 17 00:00:00 2001 From: Julien Richard Date: Fri, 10 Jan 2025 13:06:03 +0100 Subject: [PATCH 2/4] [backend] Reactivate logging limit (#9554) --- .../opencti-graphql/src/config/conf.js | 49 ++++++++++--------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/opencti-platform/opencti-graphql/src/config/conf.js b/opencti-platform/opencti-graphql/src/config/conf.js index 2a7457a64083..2d3877178950 100644 --- a/opencti-platform/opencti-graphql/src/config/conf.js +++ b/opencti-platform/opencti-graphql/src/config/conf.js @@ -96,6 +96,7 @@ nconf.file('default', resolveEnvFile('default')); const appLogLevel = nconf.get('app:app_logs:logs_level'); const appLogFileTransport = booleanConf('app:app_logs:logs_files', true); const appLogConsoleTransport = booleanConf('app:app_logs:logs_console', true); +export const appLogLevelMaxDepthSize = nconf.get('app:app_logs:max_depth_size') ?? 5; export const appLogLevelMaxArraySize = nconf.get('app:app_logs:max_array_size') ?? 50; export const appLogLevelMaxStringSize = nconf.get('app:app_logs:max_string_size') ?? 5000; export const appLogExtendedErrors = booleanConf('app:app_logs:extended_error_message', false); @@ -105,29 +106,31 @@ export const extendedErrors = (metaExtension) => { } return {}; }; -export const limitMetaErrorComplexity = (obj) => { - if (Array.isArray(obj)) { - // Create a new array with a limited size - const limitedArray = obj.slice(0, appLogLevelMaxArraySize); - // Recursively process each item in the truncated array - const processedArray = []; - for (let i = 0; i < limitedArray.length; i += 1) { - processedArray[i] = limitMetaErrorComplexity(limitedArray[i]); +export const limitMetaErrorComplexity = (obj, current_depth = 0) => { + if (obj !== null && current_depth > appLogLevelMaxDepthSize && typeof obj !== 'function') { + if (Array.isArray(obj)) { + // Create a new array with a limited size + const limitedArray = obj.slice(0, appLogLevelMaxArraySize); + // Recursively process each item in the truncated array + const processedArray = []; + for (let i = 0; i < limitedArray.length; i += 1) { + processedArray[i] = limitMetaErrorComplexity(limitedArray[i], current_depth + 1); + } + return processedArray; } - return processedArray; - } - if (typeof obj === 'string' && obj.length > appLogLevelMaxStringSize) { - return `${obj.substring(0, appLogLevelMaxStringSize - 3)}...`; - } - if (obj !== null && typeof obj === 'object') { - // Create a new object to hold the processed properties - const limitedObject = {}; - const keys = Object.keys(obj); // Get the keys of the object - for (let i = 0; i < keys.length; i += 1) { - const key = keys[i]; - limitedObject[key] = limitMetaErrorComplexity(obj[key]); + if (typeof obj === 'string' && obj.length > appLogLevelMaxStringSize) { + return `${obj.substring(0, appLogLevelMaxStringSize - 3)}...`; + } + if (typeof obj === 'object') { + // Create a new object to hold the processed properties + const limitedObject = {}; + const keys = Object.keys(obj); // Get the keys of the object + for (let i = 0; i < keys.length; i += 1) { + const key = keys[i]; + limitedObject[key] = limitMetaErrorComplexity(obj[key], current_depth + 1); + } + return limitedObject; } - return limitedObject; } return obj; }; @@ -253,8 +256,8 @@ export const logApp = { if (appLogTransports.length > 0 && appLogger.isLevelEnabled(level)) { const data = addBasicMetaInformation(LOG_APP, error, { ...meta, source: 'backend' }); // Prevent meta information to be too massive. - // const limitedData = limitMetaErrorComplexity(data); - appLogger.log(level, message, data); + const limitedData = limitMetaErrorComplexity(data); + appLogger.log(level, message, limitedData); } }, _logWithError: (level, messageOrError, meta = {}) => { From 2b602ba6f9381a3388d7b72cd43750a46966b1d3 Mon Sep 17 00:00:00 2001 From: Julien Richard Date: Fri, 10 Jan 2025 15:21:05 +0100 Subject: [PATCH 3/4] [backend] Logging limit (#9554) --- opencti-platform/opencti-graphql/src/config/conf.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/opencti-platform/opencti-graphql/src/config/conf.js b/opencti-platform/opencti-graphql/src/config/conf.js index 2d3877178950..fc9b886108be 100644 --- a/opencti-platform/opencti-graphql/src/config/conf.js +++ b/opencti-platform/opencti-graphql/src/config/conf.js @@ -96,7 +96,7 @@ nconf.file('default', resolveEnvFile('default')); const appLogLevel = nconf.get('app:app_logs:logs_level'); const appLogFileTransport = booleanConf('app:app_logs:logs_files', true); const appLogConsoleTransport = booleanConf('app:app_logs:logs_console', true); -export const appLogLevelMaxDepthSize = nconf.get('app:app_logs:max_depth_size') ?? 5; +export const appLogLevelMaxDepthSize = nconf.get('app:app_logs:max_depth_size') ?? 10; export const appLogLevelMaxArraySize = nconf.get('app:app_logs:max_array_size') ?? 50; export const appLogLevelMaxStringSize = nconf.get('app:app_logs:max_string_size') ?? 5000; export const appLogExtendedErrors = booleanConf('app:app_logs:extended_error_message', false); @@ -107,7 +107,7 @@ export const extendedErrors = (metaExtension) => { return {}; }; export const limitMetaErrorComplexity = (obj, current_depth = 0) => { - if (obj !== null && current_depth > appLogLevelMaxDepthSize && typeof obj !== 'function') { + if (obj !== null && current_depth < appLogLevelMaxDepthSize && typeof obj !== 'function') { if (Array.isArray(obj)) { // Create a new array with a limited size const limitedArray = obj.slice(0, appLogLevelMaxArraySize); From 6e2dc490d0e8894be37c4d53eef74f3e76806bb9 Mon Sep 17 00:00:00 2001 From: Julien Richard Date: Fri, 10 Jan 2025 16:48:35 +0100 Subject: [PATCH 4/4] [backend] Adapt test and add a new protection (#9554) --- .../opencti-graphql/src/config/conf.js | 24 ++- .../tests/01-unit/utils/logger-test.ts | 137 ++++++++---------- 2 files changed, 77 insertions(+), 84 deletions(-) diff --git a/opencti-platform/opencti-graphql/src/config/conf.js b/opencti-platform/opencti-graphql/src/config/conf.js index fc9b886108be..4c382c061108 100644 --- a/opencti-platform/opencti-graphql/src/config/conf.js +++ b/opencti-platform/opencti-graphql/src/config/conf.js @@ -96,9 +96,10 @@ nconf.file('default', resolveEnvFile('default')); const appLogLevel = nconf.get('app:app_logs:logs_level'); const appLogFileTransport = booleanConf('app:app_logs:logs_files', true); const appLogConsoleTransport = booleanConf('app:app_logs:logs_console', true); -export const appLogLevelMaxDepthSize = nconf.get('app:app_logs:max_depth_size') ?? 10; -export const appLogLevelMaxArraySize = nconf.get('app:app_logs:max_array_size') ?? 50; -export const appLogLevelMaxStringSize = nconf.get('app:app_logs:max_string_size') ?? 5000; +export const appLogLevelMaxDepthSize = nconf.get('app:app_logs:control:max_depth_size') ?? 5; +export const appLogLevelMaxDepthKeys = nconf.get('app:app_logs:control:max_depth_keys') ?? 20; +export const appLogLevelMaxArraySize = nconf.get('app:app_logs:control:max_array_size') ?? 50; +export const appLogLevelMaxStringSize = nconf.get('app:app_logs:control:max_string_size') ?? 5000; export const appLogExtendedErrors = booleanConf('app:app_logs:extended_error_message', false); export const extendedErrors = (metaExtension) => { if (appLogExtendedErrors) { @@ -106,15 +107,18 @@ export const extendedErrors = (metaExtension) => { } return {}; }; -export const limitMetaErrorComplexity = (obj, current_depth = 0) => { - if (obj !== null && current_depth < appLogLevelMaxDepthSize && typeof obj !== 'function') { +const limitMetaErrorComplexityWrapper = (obj, acc, current_depth = 0) => { + const noMaxDepth = current_depth < appLogLevelMaxDepthSize; + const noMaxKeys = acc.current_nb_key < appLogLevelMaxDepthKeys; + const isNotAKeyFunction = typeof obj !== 'function'; + if (obj !== null && noMaxDepth && noMaxKeys && isNotAKeyFunction) { if (Array.isArray(obj)) { // Create a new array with a limited size const limitedArray = obj.slice(0, appLogLevelMaxArraySize); // Recursively process each item in the truncated array const processedArray = []; for (let i = 0; i < limitedArray.length; i += 1) { - processedArray[i] = limitMetaErrorComplexity(limitedArray[i], current_depth + 1); + processedArray[i] = limitMetaErrorComplexityWrapper(limitedArray[i], acc, current_depth); } return processedArray; } @@ -125,15 +129,21 @@ export const limitMetaErrorComplexity = (obj, current_depth = 0) => { // Create a new object to hold the processed properties const limitedObject = {}; const keys = Object.keys(obj); // Get the keys of the object + const newDepth = current_depth + 1; for (let i = 0; i < keys.length; i += 1) { + acc.current_nb_key += 1; const key = keys[i]; - limitedObject[key] = limitMetaErrorComplexity(obj[key], current_depth + 1); + limitedObject[key] = limitMetaErrorComplexityWrapper(obj[key], acc, newDepth); } return limitedObject; } } return obj; }; +export const limitMetaErrorComplexity = (obj) => { + const acc = { current_nb_key: 0 }; + return limitMetaErrorComplexityWrapper(obj, acc); +}; const appLogTransports = []; const logsDirname = nconf.get('app:app_logs:logs_directory'); diff --git a/opencti-platform/opencti-graphql/tests/01-unit/utils/logger-test.ts b/opencti-platform/opencti-graphql/tests/01-unit/utils/logger-test.ts index ebf8095a2669..45accfc52726 100644 --- a/opencti-platform/opencti-graphql/tests/01-unit/utils/logger-test.ts +++ b/opencti-platform/opencti-graphql/tests/01-unit/utils/logger-test.ts @@ -105,85 +105,68 @@ const TOO_COMPLEX_OBJECT = { teams: [ { teamName: 'AI Team', - members: [ - { - name: 'Alice', - role: 'Lead Engineer', - category_to_limit: ['2', '1'] - }, - { - name: 'Bob', - role: 'Data Scientist', - category_to_limit: [ - 'Item 1', - 'Item 2', - 'Item 3', - 'Item 4', - 'Item 5', - 'Item 6', - 'Item 7', - 'Item 8', - 'Item 9', - 'Item 10', - 'Item 11', - 'Item 12', - 'Item 13', - 'Item 14', - 'Item 15', - 'Item 16', - 'Item 17', - 'Item 18', - 'Item 19', - 'Item 20', - 'Item 21', - 'Item 22', - 'Item 23', - 'Item 24', - 'Item 25', - 'Item 26', - 'Item 27', - 'Item 28', - 'Item 29', - 'Item 30', - 'Item 31', - 'Item 32', - 'Item 33', - 'Item 34', - 'Item 35', - 'Item 36', - 'Item 37', - 'Item 38', - 'Item 39', - 'Item 40', - 'Item 41', - 'Item 42', - 'Item 43', - 'Item 44', - 'Item 45', - 'Item 46', - 'Item 47', - 'Item 48', - 'Item 49', - 'Item 50', - 'Item 51', - 'Item 52', - 'Item 53', - 'Item 54', - 'Item 55', - 'Item 56' - ] - } + category_to_limit: [ + 'Item 1', + 'Item 2', + 'Item 3', + 'Item 4', + 'Item 5', + 'Item 6', + 'Item 7', + 'Item 8', + 'Item 9', + 'Item 10', + 'Item 11', + 'Item 12', + 'Item 13', + 'Item 14', + 'Item 15', + 'Item 16', + 'Item 17', + 'Item 18', + 'Item 19', + 'Item 20', + 'Item 21', + 'Item 22', + 'Item 23', + 'Item 24', + 'Item 25', + 'Item 26', + 'Item 27', + 'Item 28', + 'Item 29', + 'Item 30', + 'Item 31', + 'Item 32', + 'Item 33', + 'Item 34', + 'Item 35', + 'Item 36', + 'Item 37', + 'Item 38', + 'Item 39', + 'Item 40', + 'Item 41', + 'Item 42', + 'Item 43', + 'Item 44', + 'Item 45', + 'Item 46', + 'Item 47', + 'Item 48', + 'Item 49', + 'Item 50', + 'Item 51', + 'Item 52', + 'Item 53', + 'Item 54', + 'Item 55', + 'Item 56' ] }, { teamName: 'Robotics Team', - members: [ - { - name: 'Charlie', - role: 'Mechanical Engineer', - category_to_limit: ['2', '1', '3'], - } - ] + category_to_limit: ['2', '1', '3'], } ] } @@ -213,8 +196,8 @@ describe('Logger test suite', () => { expect(initialSize).to.be.gt(appLogLevelMaxArraySize); expect(cleanedSize).to.be.eq(appLogLevelMaxArraySize); // check more inside look - initialSize = TOO_COMPLEX_OBJECT.errors[0].departments[0].teams[0].members[1].category_to_limit.length; - cleanedSize = cleanObject.errors[0].departments[0].teams[0].members[1].category_to_limit.length; + initialSize = TOO_COMPLEX_OBJECT.errors[0].departments[0].teams[0].category_to_limit.length; + cleanedSize = cleanObject.errors[0].departments[0].teams[0].category_to_limit.length; expect(initialSize).not.toEqual(cleanedSize); expect(initialSize).to.be.gt(appLogLevelMaxArraySize); expect(cleanedSize).to.be.eq(appLogLevelMaxArraySize);