Skip to content

Ensure SHA256 is not used in tests#42289

Merged
jkakavas merged 6 commits intoelastic:masterfrom
jkakavas:fix-cachingrealm-test
May 22, 2019
Merged

Ensure SHA256 is not used in tests#42289
jkakavas merged 6 commits intoelastic:masterfrom
jkakavas:fix-cachingrealm-test

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented May 21, 2019

SHA256 was recently added to the Hasher class in order to be used
in the TokenService. A few tests were still using values() to get
the available algorithms from the Enum and it could happen that
SHA256 would be picked up by these.
This change adds an extra convenience method
(Hasher#getAvailableAlgoCacheHash) and enures that only this and
Hasher#getAvailableAlgoStoredHash are used for getting the list of
available password hashing algorithms in our tests.

Resolves #42267

jkakavas added 2 commits May 21, 2019 11:39
@jkakavas
Ensure SHA256 is not used in tests
1380827 
SHA256 was recently added to the Hasher class in order to be used
in the TokenService. A few tests were still using values() to get
the available algorithms from the Enum and it could happen that
SHA256 would be picked up by these.
This change adds an extra convenience method
(Hasher#getAvailableAlgoCacheHash) and enures that only this and
Hasher#getAvailableAlgoStoredHash are used for getting the list of
available password hashing algorithms in our tests.
@jkakavas
Merge remote-tracking branch 'origin/master' into fix-cachingrealm-test
46b092d
@jkakavas jkakavas added >test-failure Triaged test failures from CI :Security/Security Security issues without another label v8.0.0 v7.2.0 labels May 21, 2019
@jkakavas jkakavas requested a review from tvernum May 21, 2019 12:45
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented May 21, 2019

Pinging @elastic/es-security

@jaymode
Copy link
Copy Markdown
Member

jaymode commented May 21, 2019
edited
Loading

my two cents is that we should probably make values for hasher a forbidden API or just change Hasher so that it is not an enum. It seems like it would be too easy for this to pop back up.

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented May 21, 2019

I contemplated other options too. I attempted to change this from an Enum when doing #31234 but circled back, not really sure what was the issue though. I also thought about moving the SHA256 to the TokenService as this is the only option with no salt ( well, NOOP too ).
I see your point and I think making values() a forbidden API makes sense. I don't worry that this will make it into a password hashing code since we use resolve and SHA256 is not available there, but it might well creep up to a test case with someone getting a random from Hasher.values() .

@jaymode
Copy link
Copy Markdown
Member

jaymode commented May 21, 2019

but it might well creep up to a test case with someone getting a random from Hasher.values() .

This is what I was thinking of.

talevy added a commit to talevy/elasticsearch that referenced this pull request May 21, 2019
@talevy
mute failing filerealm hash caching tests
2c7a045 
some tests are failing after the introduction of elastic#41792.

relates elastic#42267 and elastic#42289.
@talevy talevy mentioned this pull request May 21, 2019
Merged
talevy added a commit that referenced this pull request May 21, 2019
@talevy
mute failing filerealm hash caching tests (#42304)
8907dc9 
some tests are failing after the introduction of #41792.

relates #42267 and #42289.
talevy added a commit that referenced this pull request May 21, 2019
@talevy
mute failing filerealm hash caching tests (#42304)
39fbed1 
some tests are failing after the introduction of #41792.

relates #42267 and #42289.
@talevy
Copy link
Copy Markdown
Contributor

talevy commented May 21, 2019

fyi, I found another test that relates to this and muted two related tests in #42304

tvernum
tvernum approved these changes May 22, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkakavas jkakavas merged commit 18bff0c into elastic:master May 22, 2019
jkakavas added a commit that referenced this pull request May 22, 2019
@jkakavas
Ensure SHA256 is not used in tests (#42289)
34dda75 
SHA256 was recently added to the Hasher class in order to be used
in the TokenService. A few tests were still using values() to get
the available algorithms from the Enum and it could happen that
SHA256 would be picked up by these.
This change adds an extra convenience method
(Hasher#getAvailableAlgoCacheHash) and enures that only this and
Hasher#getAvailableAlgoStoredHash are used for getting the list of
available password hashing algorithms in our tests.
gurkankaymak pushed a commit to gurkankaymak/elasticsearch that referenced this pull request May 27, 2019
@talevy
mute failing filerealm hash caching tests (elastic#42304)
e59d8e2 
some tests are failing after the introduction of elastic#41792.

relates elastic#42267 and elastic#42289.
gurkankaymak pushed a commit to gurkankaymak/elasticsearch that referenced this pull request May 27, 2019
@jkakavas
Ensure SHA256 is not used in tests (elastic#42289)
101cbae 
SHA256 was recently added to the Hasher class in order to be used
in the TokenService. A few tests were still using values() to get
the available algorithms from the Enum and it could happen that
SHA256 would be picked up by these.
This change adds an extra convenience method
(Hasher#getAvailableAlgoCacheHash) and enures that only this and
Hasher#getAvailableAlgoStoredHash are used for getting the list of
available password hashing algorithms in our tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

:Security/Security Security issues without another label >test-failure Triaged test failures from CI v7.2.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Test failure: org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealmTests.testCacheSettings

6 participants

@jkakavas @elasticmachine @jaymode @talevy @tvernum @jakelandis