Skip to content

Commit

Permalink
[Stack Connectors][SentinelOne + Crowdstrike] Fix the validation of e…
Browse files Browse the repository at this point in the history
…xternal API responses that return non-JSON (ex. stream) (elastic#203820)

## Summary

- Changes the validation for API responses from SentinelOne and
Crowdstrike to allow anything
- The prior fix changed it to validate that the responses were `JSON`,
but the some APIs can return non-JSON: example: a `stream` as is the
case for file download.
  • Loading branch information
paul-tavares authored Dec 11, 2024
1 parent b4ccb0c commit 520c7c6
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 5 deletions.
2 changes: 2 additions & 0 deletions x-pack/plugins/stack_connectors/common/crowdstrike/schema.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ export const CrowdstrikeSecretsSchema = schema.object({
clientSecret: schema.string(),
});

export const CrowdstrikeApiDoNotValidateResponsesSchema = schema.any();

export const RelaxedCrowdstrikeBaseApiResponseSchema = schema.maybe(
schema.object({}, { unknowns: 'allow' })
);
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/stack_connectors/common/sentinelone/schema.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ export const SentinelOneSecretsSchema = schema.object({
token: schema.string(),
});

export const SentinelOneApiDoNotValidateResponsesSchema = schema.any();

export const SentinelOneBaseApiResponseSchema = schema.maybe(
schema.object({}, { unknowns: 'allow' })
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,14 @@ import type {
import {
CrowdstrikeHostActionsParamsSchema,
CrowdstrikeGetAgentsParamsSchema,
CrowdstrikeGetTokenResponseSchema,
CrowdstrikeHostActionsResponseSchema,
RelaxedCrowdstrikeBaseApiResponseSchema,
CrowdstrikeRTRCommandParamsSchema,
CrowdstrikeExecuteRTRResponseSchema,
CrowdstrikeGetScriptsParamsSchema,
CrowdStrikeExecuteRTRResponse,
CrowdstrikeApiDoNotValidateResponsesSchema,
CrowdstrikeGetTokenResponseSchema,
} from '../../../common/crowdstrike/schema';
import { SUB_ACTION } from '../../../common/crowdstrike/constants';
import { CrowdstrikeError } from './error';
Expand Down Expand Up @@ -229,7 +230,8 @@ export class CrowdstrikeConnector extends SubActionConnector<
'Content-Type': 'application/x-www-form-urlencoded',
authorization: 'Basic ' + CrowdstrikeConnector.base64encodedToken,
},
responseSchema: CrowdstrikeGetTokenResponseSchema,
responseSchema:
CrowdstrikeApiDoNotValidateResponsesSchema as unknown as typeof CrowdstrikeGetTokenResponseSchema,
},
connectorUsageCollector
);
Expand Down Expand Up @@ -265,7 +267,7 @@ export class CrowdstrikeConnector extends SubActionConnector<
// where the external system might add/remove/change values in the response that we have no
// control over.
responseSchema:
RelaxedCrowdstrikeBaseApiResponseSchema as unknown as SubActionRequestParams<R>['responseSchema'],
CrowdstrikeApiDoNotValidateResponsesSchema as unknown as SubActionRequestParams<R>['responseSchema'],
headers: {
...req.headers,
Authorization: `Bearer ${CrowdstrikeConnector.token}`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ import {
SentinelOneGetRemoteScriptResultsParamsSchema,
SentinelOneDownloadRemoteScriptResultsParamsSchema,
SentinelOneDownloadRemoteScriptResultsResponseSchema,
SentinelOneBaseApiResponseSchema,
SentinelOneApiDoNotValidateResponsesSchema,
} from '../../../common/sentinelone/schema';
import { SUB_ACTION } from '../../../common/sentinelone/constants';
import {
Expand Down Expand Up @@ -405,7 +405,7 @@ export class SentinelOneConnector extends SubActionConnector<
// where the external system might add/remove/change values in the response that we have no
// control over.
responseSchema:
SentinelOneBaseApiResponseSchema as unknown as SubActionRequestParams<R>['responseSchema'],
SentinelOneApiDoNotValidateResponsesSchema as unknown as SubActionRequestParams<R>['responseSchema'],
params: {
...req.params,
APIToken: this.secrets.token,
Expand Down

0 comments on commit 520c7c6

Please sign in to comment.