Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
c1dbca6779
PromucFlow_constructor/app/server/appsmith-plugins
History
Arpit Mohan c1dbca6779
fix: Adding checks to prevent disallowed hosts from connecting via Elasticsearch plugin (#15834) 
## Description

This PR fixes an issue where a potentially malicious user can connect to disallowed hosts from the Elasticsearch plugin within Appsmith. This is because Elasticsearch client SDK is a HTTP interface underneath the hood. 

## Type of change

- Bug fix (non-breaking change which fixes an issue)

## How Has This Been Tested?

- Junits for the following:
  - create datasource with disallowed host
  - validate datasource with disallowed host
  - test datasource with disallowed host

## Checklist:

- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my feature works
- [x] New and existing unit tests pass locally with my changes
2022-08-08 21:07:15 +05:30
..
amazons3Plugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
arangoDBPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
dynamoPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
elasticSearchPlugin fix: Adding checks to prevent disallowed hosts from connecting via Elasticsearch plugin (#15834) 2022-08-08 21:07:15 +05:30
firestorePlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
googleSheetsPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
jsPlugin chore: Upgrade dependencies reported by Dependabot (#13735) 2022-07-19 10:23:27 +05:30
mongoPlugin fix: fix Mongo plugin query execution failure (#15591) 2022-08-02 14:55:06 +05:30
mssqlPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
mysqlPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
postgresPlugin chore: bump postgresql from 42.3.3 to 42.4.1 in /app/server/appsmith-plugins/postgresPlugin (#15781) 2022-08-06 12:35:25 +05:30
rapidApiPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
redisPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
redshiftPlugin fix: fix query failure on simultaneous execution of multiple queries (#15458) 2022-07-28 17:01:17 +05:30
restApiPlugin fix: Adding a check for invalid hosts on redirects as well (#15782) 2022-08-06 12:36:43 +05:30
saasPlugin chore: Upgrade dependencies reported by Dependabot (#13735) 2022-07-19 10:23:27 +05:30
smtpPlugin chore: Better server logging infra (#15440) 2022-07-28 09:40:03 +05:30
snowflakePlugin chore: Closing resources to ensure there are no memory leaks (#15343) 2022-07-29 19:51:10 +05:30
pom.xml chore: Upgrade dependencies reported by Dependabot (#13735) 2022-07-19 10:23:27 +05:30