[ResponseOps][Connectors] Possible to open close incident in ServiceNow #184646

cnasikas · 2024-06-03T12:29:13Z

We got an SDH where it was possible to create new issues in ServiceNow with the state as closed due to race conditions. Taking a look at the following code

const { correlationId, incidentId } = params;
      let incidentToBeClosed = null;

      if (correlationId == null && incidentId == null) {
        throw new Error('No correlationId or incidentId found.');
      }

      if (incidentId) {
        incidentToBeClosed = await getIncident(incidentId);
      } else if (correlationId) {
        incidentToBeClosed = await getIncidentByCorrelationId(correlationId);
      }

      if (incidentToBeClosed === null) {
        logger.warn(
          `[ServiceNow][CloseIncident] No incident found with correlation_id: ${correlationId} or incidentId: ${incidentId}.`
        );

        return null;
      }

      if (incidentToBeClosed.state === '7') {
        logger.warn(
          `[ServiceNow][CloseIncident] Incident with correlation_id: ${correlationId} or incidentId: ${incidentId} is closed.`
        );

        return {
          title: incidentToBeClosed.number,
          id: incidentToBeClosed.sys_id,
          pushedDate: getPushedDate(incidentToBeClosed.sys_updated_on),
          url: getIncidentViewURL(incidentToBeClosed.sys_id),
        };
      }

      const closedIncident = await updateIncident({
        incidentId: incidentToBeClosed.sys_id,
        incident: {
          state: '7', // used for "closed" status in serviceNow
          close_code: 'Closed/Resolved by Caller',
          close_notes: 'Closed by Caller',
        },
      });

      return closedIncident;

we can see that for this to happen the incidentToBeClosed === null checks need to be bypassed so the await updateIncident({...}) can be called. This is possible only if getIncident or getIncidentByCorrelationId returns {}. This is possible if the user does not have permission on all records of the incident table (ServiceNow will return an empty object in this case). A possible fix would be to do the check as incidentToBeClosed == null || isEmpty(incidentToBeClosed) || isEmpty(incidentToBeClosed.sys_id).

The text was updated successfully, but these errors were encountered:

elasticmachine · 2024-06-03T12:29:15Z

Pinging @elastic/response-ops (Team:ResponseOps)

#199989) Closes #184646 ## Summary - updated the code to include additional validation, ensuring that updateIncident({...}) is not called when incidentToBeClosed object is empty, this ensured that cases where getIncident or getIncidentByCorrelationId return an empty object are properly handled. - small change in Run connector flyout > configuration tab: fixed typo, "read-only" instead of "readonly"

elastic#199989) Closes elastic#184646 ## Summary - updated the code to include additional validation, ensuring that updateIncident({...}) is not called when incidentToBeClosed object is empty, this ensured that cases where getIncident or getIncidentByCorrelationId return an empty object are properly handled. - small change in Run connector flyout > configuration tab: fixed typo, "read-only" instead of "readonly" (cherry picked from commit 5d77a1a)

elastic#199989) Closes elastic#184646 ## Summary - updated the code to include additional validation, ensuring that updateIncident({...}) is not called when incidentToBeClosed object is empty, this ensured that cases where getIncident or getIncidentByCorrelationId return an empty object are properly handled. - small change in Run connector flyout > configuration tab: fixed typo, "read-only" instead of "readonly"

cnasikas added bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Jun 3, 2024

cnasikas assigned js-jankisalvi Jun 3, 2024

cnasikas assigned georgianaonoleata1904 and unassigned js-jankisalvi Sep 19, 2024

heespi added appex-ro-mx-team-member-onboarding and removed Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Sep 20, 2024

botelastic bot added the needs-team Issues missing a team label label Sep 20, 2024

cnasikas added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) and removed needs-team Issues missing a team label labels Sep 21, 2024

georgianaonoleata1904 mentioned this issue Nov 18, 2024

[ResponseOps][Connectors]Possible to open close incident in ServiceNow #199989

Merged

georgianaonoleata1904 closed this as completed in #199989 Nov 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ResponseOps][Connectors] Possible to open close incident in ServiceNow #184646

[ResponseOps][Connectors] Possible to open close incident in ServiceNow #184646

cnasikas commented Jun 3, 2024 •

edited

Loading

elasticmachine commented Jun 3, 2024

[ResponseOps][Connectors] Possible to open close incident in ServiceNow #184646

[ResponseOps][Connectors] Possible to open close incident in ServiceNow #184646

Comments

cnasikas commented Jun 3, 2024 • edited Loading

elasticmachine commented Jun 3, 2024

cnasikas commented Jun 3, 2024 •

edited

Loading