change slack action to only report on whitelisted host name

pmuellr · pmuellr · commit b330ddc3c478 · 2020-02-13T11:09:23.000-05:00
diff --git a/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts b/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts
@@ -74,6 +74,12 @@ describe('validateActionTypeSecrets()', () => {
     }).toThrowErrorMatchingInlineSnapshot(
       `"error validating action type secrets: [webhookUrl]: expected value of type [string] but got [number]"`
     );
+
+    expect(() => {
+      validateSecrets(actionType, { webhookUrl: 'fee-fi-fo-fum' });
+    }).toThrowErrorMatchingInlineSnapshot(
+      `"error validating action type secrets: error configuring slack action: unable to parse host name from webhookUrl"`
+    );
   });
 
   test('should validate and pass when the slack webhookUrl is whitelisted', () => {
@@ -95,16 +101,16 @@ describe('validateActionTypeSecrets()', () => {
     actionType = getActionType({
       configurationUtilities: {
         ...configUtilsMock,
-        ensureWhitelistedUri: url => {
-          throw new Error(`target url is not whitelisted`);
+        ensureWhitelistedHostname: url => {
+          throw new Error(`target hostname is not whitelisted`);
         },
       },
     });
 
     expect(() => {
       validateSecrets(actionType, { webhookUrl: 'https://api.slack.com/' });
     }).toThrowErrorMatchingInlineSnapshot(
-      `"error validating action type secrets: error configuring slack action: target url is not whitelisted"`
+      `"error validating action type secrets: error configuring slack action: target hostname is not whitelisted"`
     );
   });
 });
diff --git a/x-pack/plugins/actions/server/builtin_action_types/slack.ts b/x-pack/plugins/actions/server/builtin_action_types/slack.ts
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { URL } from 'url';
 import { curry } from 'lodash';
 import { i18n } from '@kbn/i18n';
 import { schema, TypeOf } from '@kbn/config-schema';
@@ -66,8 +67,17 @@ function valdiateActionTypeConfig(
   configurationUtilities: ActionsConfigurationUtilities,
   secretsObject: ActionTypeSecretsType
 ) {
+  let url: URL;
   try {
-    configurationUtilities.ensureWhitelistedUri(secretsObject.webhookUrl);
+    url = new URL(secretsObject.webhookUrl);
+  } catch (err) {
+    return i18n.translate('xpack.actions.builtin.slack.slackConfigurationErrorNoHostname', {
+      defaultMessage: 'error configuring slack action: unable to parse host name from webhookUrl',
+    });
+  }
+
+  try {
+    configurationUtilities.ensureWhitelistedHostname(url.hostname);
   } catch (whitelistError) {
     return i18n.translate('xpack.actions.builtin.slack.slackConfigurationError', {
       defaultMessage: 'error configuring slack action: {message}',
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/slack.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/builtin_action_types/slack.ts
@@ -94,7 +94,7 @@ export default function slackTest({ getService }: FtrProviderContext) {
           name: 'A slack action',
           actionTypeId: '.slack',
           secrets: {
-            webhookUrl: 'http://slack.mynonexistent.com',
+            webhookUrl: 'http://slack.mynonexistent.com/other/stuff/in/the/path',
           },
         })
         .expect(400)
@@ -103,7 +103,7 @@ export default function slackTest({ getService }: FtrProviderContext) {
             statusCode: 400,
             error: 'Bad Request',
             message:
-              'error validating action type secrets: error configuring slack action: target url "http://slack.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
+              'error validating action type secrets: error configuring slack action: target hostname "slack.mynonexistent.com" is not whitelisted in the Kibana config xpack.actions.whitelistedHosts',
           });
         });
     });
