From c6cd428f6e0ae7f38966d7a84409d0fc93c910bd Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Mon, 2 Dec 2024 14:01:56 -0500 Subject: [PATCH] [Stack Connectors][SentinelOne + Crowdstrike] Update Crowdstrike and Sentinelone connectors to NOT validate API responses (#202515) ## Summary - Changed Crowdstrike and SentinelOne connectors to no longer validate API responses from the external system --- .../plugins/stack_connectors/common/crowdstrike/schema.ts | 4 +++- .../plugins/stack_connectors/common/sentinelone/schema.ts | 4 +++- .../server/connector_types/crowdstrike/crowdstrike.ts | 5 +++++ .../server/connector_types/sentinelone/sentinelone.test.ts | 3 +-- .../server/connector_types/sentinelone/sentinelone.ts | 6 ++++++ 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/stack_connectors/common/crowdstrike/schema.ts b/x-pack/plugins/stack_connectors/common/crowdstrike/schema.ts index 379adfb0fcc95..d5e8cd693af98 100644 --- a/x-pack/plugins/stack_connectors/common/crowdstrike/schema.ts +++ b/x-pack/plugins/stack_connectors/common/crowdstrike/schema.ts @@ -17,7 +17,9 @@ export const CrowdstrikeSecretsSchema = schema.object({ clientSecret: schema.string(), }); -export const RelaxedCrowdstrikeBaseApiResponseSchema = schema.object({}, { unknowns: 'allow' }); +export const RelaxedCrowdstrikeBaseApiResponseSchema = schema.maybe( + schema.object({}, { unknowns: 'allow' }) +); export const CrowdstrikeBaseApiResponseSchema = schema.object( { resources: schema.arrayOf(schema.any()), diff --git a/x-pack/plugins/stack_connectors/common/sentinelone/schema.ts b/x-pack/plugins/stack_connectors/common/sentinelone/schema.ts index d9dde5773d79b..7daf615e01d31 100644 --- a/x-pack/plugins/stack_connectors/common/sentinelone/schema.ts +++ b/x-pack/plugins/stack_connectors/common/sentinelone/schema.ts @@ -16,7 +16,9 @@ export const SentinelOneSecretsSchema = schema.object({ token: schema.string(), }); -export const SentinelOneBaseApiResponseSchema = schema.object({}, { unknowns: 'allow' }); +export const SentinelOneBaseApiResponseSchema = schema.maybe( + schema.object({}, { unknowns: 'allow' }) +); export const SentinelOneGetAgentsResponseSchema = schema.object( { diff --git a/x-pack/plugins/stack_connectors/server/connector_types/crowdstrike/crowdstrike.ts b/x-pack/plugins/stack_connectors/server/connector_types/crowdstrike/crowdstrike.ts index 686612956d175..bd1f6613d5f04 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/crowdstrike/crowdstrike.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/crowdstrike/crowdstrike.ts @@ -236,6 +236,11 @@ export class CrowdstrikeConnector extends SubActionConnector< const response = await this.request( { ...req, + // We don't validate responses from Crowdstrike API's because we do not want failures for cases + // where the external system might add/remove/change values in the response that we have no + // control over. + responseSchema: + RelaxedCrowdstrikeBaseApiResponseSchema as unknown as SubActionRequestParams['responseSchema'], headers: { ...req.headers, Authorization: `Bearer ${CrowdstrikeConnector.token}`, diff --git a/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.test.ts index 8a13a48e47be1..90da950fecbbc 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.test.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.test.ts @@ -12,7 +12,6 @@ import { SentinelOneGetActivitiesParams, } from '../../../common/sentinelone/types'; import { API_PATH } from './sentinelone'; -import { SentinelOneGetActivitiesResponseSchema } from '../../../common/sentinelone/schema'; import { ConnectorUsageCollector } from '@kbn/actions-plugin/server/types'; import { loggingSystemMock } from '@kbn/core-logging-server-mocks'; @@ -107,7 +106,7 @@ describe('SentinelOne Connector', () => { params: { APIToken: 'token-abc', }, - responseSchema: SentinelOneGetActivitiesResponseSchema, + responseSchema: expect.any(Object), }); }); diff --git a/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.ts b/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.ts index dd73bafae8d2f..42d946edbc787 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/sentinelone/sentinelone.ts @@ -43,6 +43,7 @@ import { SentinelOneGetRemoteScriptResultsParamsSchema, SentinelOneDownloadRemoteScriptResultsParamsSchema, SentinelOneDownloadRemoteScriptResultsResponseSchema, + SentinelOneBaseApiResponseSchema, } from '../../../common/sentinelone/schema'; import { SUB_ACTION } from '../../../common/sentinelone/constants'; import { @@ -400,6 +401,11 @@ export class SentinelOneConnector extends SubActionConnector< const response = await this.request( { ...req, + // We don't validate responses from SentinelOne API's because we do not want failures for cases + // where the external system might add/remove/change values in the response that we have no + // control over. + responseSchema: + SentinelOneBaseApiResponseSchema as unknown as SubActionRequestParams['responseSchema'], params: { ...req.params, APIToken: this.secrets.token,