Add disablePrototypePoisoningProtection configuration (opensearch-pro…

…ject#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>

CHANGELOG.md

@@ -56,7 +56,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Vis Builder] Add app filter and query persistence without using state container ([#3100](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3100))
 - [Optimizer] Increase timeout waiting for the exiting of an optimizer worker ([#3193](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3193))
 - [Data] Update `createAggConfig` so that newly created configs can be added to beginning of `aggConfig` array ([#3160](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3160))
-
+- Add disablePrototypePoisoningProtection configuration to prevent JS client from erroring when cluster utilizes JS reserved words ([#2992](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2992))
 
 ### 🐛 Bug Fixes
 

config/opensearch_dashboards.yml

@@ -112,6 +112,11 @@ opensearch.ssl.verificationMode: none
 # Logs queries sent to OpenSearch. Requires logging.verbose set to true.
 #opensearch.logQueries: false
 
+# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
+# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
+# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
+#opensearch.disablePrototypePoisoningProtection: false
+
 # Specifies the path where OpenSearch Dashboards creates the process ID file.
 #pid.file: /var/run/opensearchDashboards.pid
 

src/core/server/opensearch/client/client_config.test.ts

@@ -184,6 +184,24 @@ describe('parseClientOptions', () => {
               ]
           `);
     });
+
+    it('`disablePrototypePoisoningProtection` option', () => {
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: false }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(false);
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: true }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(true);
+
+      expect(
+        parseClientOptions(createConfig({}), false).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+      expect(
+        parseClientOptions(createConfig({}), true).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+    });
   });
 
   describe('authorization', () => {

src/core/server/opensearch/client/client_config.ts

@@ -52,6 +52,7 @@ export type OpenSearchClientConfig = Pick<
   | 'hosts'
   | 'username'
   | 'password'
+  | 'disablePrototypePoisoningProtection'
 > & {
   memoryCircuitBreaker?:
     | OpenSearchConfig['memoryCircuitBreaker']
@@ -115,6 +116,10 @@ export function parseClientOptions(config: OpenSearchClientConfig, scoped: boole
     );
   }
 
+  if (config.disablePrototypePoisoningProtection != null) {
+    clientOptions.disablePrototypePoisoningProtection = config.disablePrototypePoisoningProtection;
+  }
+
   return clientOptions;
 }
 

src/core/server/opensearch/opensearch_config.test.ts

@@ -72,6 +72,7 @@ test('set correct defaults', () => {
     OpenSearchConfig {
       "apiVersion": "7.x",
       "customHeaders": Object {},
+      "disablePrototypePoisoningProtection": undefined,
       "healthCheckDelay": "PT2.5S",
       "hosts": Array [
         "http://localhost:9200",

src/core/server/opensearch/opensearch_config.ts

@@ -142,6 +142,7 @@ export const configSchema = schema.object({
     }),
     schema.boolean({ defaultValue: false })
   ),
+  disablePrototypePoisoningProtection: schema.maybe(schema.boolean({ defaultValue: false })),
 });
 
 const deprecations: ConfigDeprecationProvider = ({ renameFromRoot, renameFromRootWithoutMap }) => [
@@ -318,6 +319,12 @@ export class OpenSearchConfig {
    */
   public readonly customHeaders: OpenSearchConfigType['customHeaders'];
 
+  /**
+   * Specifies whether the client should attempt to protect against reserved words
+   * or not.
+   */
+  public readonly disablePrototypePoisoningProtection?: boolean;
+
   constructor(rawConfig: OpenSearchConfigType) {
     this.ignoreVersionMismatch = rawConfig.ignoreVersionMismatch;
     this.apiVersion = rawConfig.apiVersion;
@@ -338,6 +345,7 @@ export class OpenSearchConfig {
     this.username = rawConfig.username;
     this.password = rawConfig.password;
     this.customHeaders = rawConfig.customHeaders;
+    this.disablePrototypePoisoningProtection = rawConfig.disablePrototypePoisoningProtection;
 
     const { alwaysPresentCertificate, verificationMode } = rawConfig.ssl;
     const { key, keyPassphrase, certificate, certificateAuthorities } = readKeyAndCerts(rawConfig);

src/dev/build/tasks/os_packages/docker_generator/resources/bin/opensearch-dashboards-docker

@@ -50,6 +50,7 @@ opensearch_dashboards_vars=(
     opensearch.ssl.truststore.password
     opensearch.ssl.verificationMode
     opensearch.username
+    opensearch.disablePrototypePoisoningProtection
     i18n.locale
     interpreter.enableInVisualize
     opensearchDashboards.autocompleteTerminateAfter