mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
# Backport This will backport the following commits from `main` to `8.12`: - [Update platform security modules (main) (#173232)](https://github.com/elastic/kibana/pull/173232) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"renovate[bot]","email":"29139614+renovate[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-20T19:58:38Z","message":"Update platform security modules (main) (#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","v8.13.0"],"number":173232,"url":"https://github.com/elastic/kibana/pull/173232","mergeCommit":{"message":"Update platform security modules (main) (#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173232","number":173232,"mergeCommit":{"message":"Update platform security modules (main) (#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}}]}] BACKPORT--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
Kibana Machine
GitHub
parent
170a221708
commit
73751e995d
5 changed files with 62 additions and 67 deletions
11
package.json
11
package.json
|
|
@ -935,7 +935,7 @@
|
|||
"file-saver": "^1.3.8",
|
||||
"fnv-plus": "^1.3.1",
|
||||
"font-awesome": "4.7.0",
|
||||
"formik": "^2.2.9",
|
||||
"formik": "^2.4.5",
|
||||
"fp-ts": "^2.3.1",
|
||||
"geojson-vt": "^3.2.1",
|
||||
"get-port": "^5.0.0",
|
||||
|
|
@ -1407,7 +1407,7 @@
|
|||
"@types/nock": "^10.0.3",
|
||||
"@types/node": "18.18.5",
|
||||
"@types/node-fetch": "2.6.4",
|
||||
"@types/node-forge": "^1.3.1",
|
||||
"@types/node-forge": "^1.3.10",
|
||||
"@types/nodemailer": "^6.4.0",
|
||||
"@types/normalize-path": "^3.0.0",
|
||||
"@types/object-hash": "^1.3.0",
|
||||
|
|
@ -1456,7 +1456,7 @@
|
|||
"@types/testing-library__jest-dom": "^5.14.7",
|
||||
"@types/textarea-caret": "^3.0.1",
|
||||
"@types/tinycolor2": "^1.4.1",
|
||||
"@types/tough-cookie": "^4.0.2",
|
||||
"@types/tough-cookie": "^4.0.5",
|
||||
"@types/type-detect": "^4.0.1",
|
||||
"@types/uuid": "^9.0.0",
|
||||
"@types/vinyl": "^2.0.4",
|
||||
|
|
@ -1466,7 +1466,6 @@
|
|||
"@types/webpack-env": "^1.15.3",
|
||||
"@types/webpack-merge": "^4.1.5",
|
||||
"@types/webpack-sources": "^0.1.4",
|
||||
"@types/xml-crypto": "^1.4.2",
|
||||
"@types/xml2js": "^0.4.11",
|
||||
"@types/yargs": "^15.0.0",
|
||||
"@types/yauzl": "^2.9.1",
|
||||
|
|
@ -1638,7 +1637,7 @@
|
|||
"tempy": "^0.3.0",
|
||||
"terser": "^5.16.5",
|
||||
"terser-webpack-plugin": "^4.2.3",
|
||||
"tough-cookie": "^4.1.2",
|
||||
"tough-cookie": "^4.1.3",
|
||||
"tree-kill": "^1.2.2",
|
||||
"ts-morph": "^13.0.2",
|
||||
"tsd": "^0.20.0",
|
||||
|
|
@ -1654,7 +1653,7 @@
|
|||
"webpack-dev-server": "^4.9.3",
|
||||
"webpack-merge": "^4.2.2",
|
||||
"webpack-sources": "^1.4.1",
|
||||
"xml-crypto": "^3.0.1",
|
||||
"xml-crypto": "^5.0.0",
|
||||
"xmlbuilder": "13.0.2",
|
||||
"yargs": "^15.4.1",
|
||||
"yarn-deduplicate": "^6.0.2"
|
||||
|
|
|
|||
|
|
@ -149,19 +149,19 @@ export async function createSAMLResponse(options: {
|
|||
</saml:Assertion>
|
||||
`;
|
||||
|
||||
const signature = new SignedXml();
|
||||
const signature = new SignedXml({ privateKey: await readFile(KBN_KEY_PATH) });
|
||||
signature.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
|
||||
signature.signingKey = await readFile(KBN_KEY_PATH);
|
||||
signature.canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
|
||||
|
||||
// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
|
||||
signature.addReference(
|
||||
`//*[local-name(.)='Assertion']`,
|
||||
[
|
||||
signature.addReference({
|
||||
xpath: `//*[local-name(.)='Assertion']`,
|
||||
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
||||
transforms: [
|
||||
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
|
||||
'http://www.w3.org/2001/10/xml-exc-c14n#',
|
||||
],
|
||||
'http://www.w3.org/2001/04/xmlenc#sha256'
|
||||
);
|
||||
});
|
||||
|
||||
signature.computeSignature(samlAssertionTemplateXML, {
|
||||
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ const parseStringAsync = promisify(parseString);
|
|||
|
||||
const signingKey = fs.readFileSync(KBN_KEY_PATH);
|
||||
const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
|
||||
const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
|
||||
|
||||
export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
|
||||
const inflatedSAMLRequest = (await inflateRawAsync(
|
||||
|
|
@ -87,19 +88,19 @@ export async function getSAMLResponse({
|
|||
</saml:Assertion>
|
||||
`;
|
||||
|
||||
const signature = new SignedXml();
|
||||
const signature = new SignedXml({ privateKey: signingKey });
|
||||
signature.signatureAlgorithm = signatureAlgorithm;
|
||||
signature.signingKey = signingKey;
|
||||
signature.canonicalizationAlgorithm = canonicalizationAlgorithm;
|
||||
|
||||
// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
|
||||
signature.addReference(
|
||||
`//*[local-name(.)='Assertion']`,
|
||||
[
|
||||
signature.addReference({
|
||||
xpath: `//*[local-name(.)='Assertion']`,
|
||||
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
||||
transforms: [
|
||||
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
|
||||
'http://www.w3.org/2001/10/xml-exc-c14n#',
|
||||
],
|
||||
'http://www.w3.org/2001/04/xmlenc#sha256'
|
||||
);
|
||||
});
|
||||
|
||||
signature.computeSignature(samlAssertionTemplateXML, {
|
||||
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ const parseStringAsync = promisify(parseString);
|
|||
|
||||
const signingKey = fs.readFileSync(KBN_KEY_PATH);
|
||||
const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
|
||||
const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
|
||||
|
||||
export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
|
||||
const inflatedSAMLRequest = (await inflateRawAsync(
|
||||
|
|
@ -83,19 +84,19 @@ export async function getSAMLResponse({
|
|||
</saml:Assertion>
|
||||
`;
|
||||
|
||||
const signature = new SignedXml();
|
||||
const signature = new SignedXml({ privateKey: signingKey });
|
||||
signature.signatureAlgorithm = signatureAlgorithm;
|
||||
signature.signingKey = signingKey;
|
||||
signature.canonicalizationAlgorithm = canonicalizationAlgorithm;
|
||||
|
||||
// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
|
||||
signature.addReference(
|
||||
`//*[local-name(.)='Assertion']`,
|
||||
[
|
||||
signature.addReference({
|
||||
xpath: `//*[local-name(.)='Assertion']`,
|
||||
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
||||
transforms: [
|
||||
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
|
||||
'http://www.w3.org/2001/10/xml-exc-c14n#',
|
||||
],
|
||||
'http://www.w3.org/2001/04/xmlenc#sha256'
|
||||
);
|
||||
});
|
||||
|
||||
signature.computeSignature(samlAssertionTemplateXML, {
|
||||
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
|
||||
|
|
|
|||
74
yarn.lock
74
yarn.lock
|
|
@ -9628,10 +9628,10 @@
|
|||
"@types/node" "*"
|
||||
form-data "^3.0.0"
|
||||
|
||||
"@types/node-forge@^1.3.1":
|
||||
version "1.3.1"
|
||||
resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.1.tgz#49e44432c306970b4e900c3b214157c480af19fa"
|
||||
integrity sha512-hvQ7Wav8I0j9amPXJtGqI/Yx70zeF62UKlAYq8JPm0nHzjKKzZvo9iR3YI2MiOghZRlOI+tQ2f6D+G6vVf4V2Q==
|
||||
"@types/node-forge@^1.3.10":
|
||||
version "1.3.10"
|
||||
resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.10.tgz#62a19d4f75a8b03290578c2b04f294b1a5a71b07"
|
||||
integrity sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw==
|
||||
dependencies:
|
||||
"@types/node" "*"
|
||||
|
||||
|
|
@ -10149,10 +10149,10 @@
|
|||
dependencies:
|
||||
"@types/geojson" "*"
|
||||
|
||||
"@types/tough-cookie@*", "@types/tough-cookie@^4.0.2":
|
||||
version "4.0.2"
|
||||
resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
|
||||
integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==
|
||||
"@types/tough-cookie@*", "@types/tough-cookie@^4.0.5":
|
||||
version "4.0.5"
|
||||
resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304"
|
||||
integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==
|
||||
|
||||
"@types/type-detect@^4.0.1":
|
||||
version "4.0.1"
|
||||
|
|
@ -10264,14 +10264,6 @@
|
|||
dependencies:
|
||||
"@types/node" "*"
|
||||
|
||||
"@types/xml-crypto@^1.4.2":
|
||||
version "1.4.2"
|
||||
resolved "https://registry.yarnpkg.com/@types/xml-crypto/-/xml-crypto-1.4.2.tgz#5ea7ef970f525ae8fe1e2ce0b3d40da1e3b279ae"
|
||||
integrity sha512-1kT+3gVkeBDg7Ih8NefxGYfCApwZViMIs5IEs5AXF6Fpsrnf9CLAEIRh0DYb1mIcRcvysVbe27cHsJD6rJi36w==
|
||||
dependencies:
|
||||
"@types/node" "*"
|
||||
xpath "0.0.27"
|
||||
|
||||
"@types/xml2js@^0.4.11":
|
||||
version "0.4.11"
|
||||
resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79"
|
||||
|
|
@ -10721,10 +10713,15 @@
|
|||
object.fromentries "^2.0.0"
|
||||
prop-types "^15.7.0"
|
||||
|
||||
"@xmldom/xmldom@^0.8.5":
|
||||
version "0.8.6"
|
||||
resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.6.tgz#8a1524eb5bd5e965c1e3735476f0262469f71440"
|
||||
integrity sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg==
|
||||
"@xmldom/is-dom-node@^1.0.1":
|
||||
version "1.0.1"
|
||||
resolved "https://registry.yarnpkg.com/@xmldom/is-dom-node/-/is-dom-node-1.0.1.tgz#83b9f3e1260fb008061c6fa787b93a00f9be0629"
|
||||
integrity sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q==
|
||||
|
||||
"@xmldom/xmldom@^0.8.10":
|
||||
version "0.8.10"
|
||||
resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.10.tgz#a1337ca426aa61cef9fe15b5b28e340a72f6fa99"
|
||||
integrity sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==
|
||||
|
||||
"@xobotyi/scrollbar-width@1.9.5":
|
||||
version "1.9.5"
|
||||
|
|
@ -17174,18 +17171,19 @@ formidable@^2.1.2:
|
|||
once "^1.4.0"
|
||||
qs "^6.11.0"
|
||||
|
||||
formik@^2.2.9:
|
||||
version "2.2.9"
|
||||
resolved "https://registry.yarnpkg.com/formik/-/formik-2.2.9.tgz#8594ba9c5e2e5cf1f42c5704128e119fc46232d0"
|
||||
integrity sha512-LQLcISMmf1r5at4/gyJigGn0gOwFbeEAlji+N9InZF6LIMXnFNkO42sCI8Jt84YZggpD4cPWObAZaxpEFtSzNA==
|
||||
formik@^2.4.5:
|
||||
version "2.4.5"
|
||||
resolved "https://registry.yarnpkg.com/formik/-/formik-2.4.5.tgz#f899b5b7a6f103a8fabb679823e8fafc7e0ee1b4"
|
||||
integrity sha512-Gxlht0TD3vVdzMDHwkiNZqJ7Mvg77xQNfmBRrNtvzcHZs72TJppSTDKHpImCMJZwcWPBJ8jSQQ95GJzXFf1nAQ==
|
||||
dependencies:
|
||||
"@types/hoist-non-react-statics" "^3.3.1"
|
||||
deepmerge "^2.1.1"
|
||||
hoist-non-react-statics "^3.3.0"
|
||||
lodash "^4.17.21"
|
||||
lodash-es "^4.17.21"
|
||||
react-fast-compare "^2.0.1"
|
||||
tiny-warning "^1.0.2"
|
||||
tslib "^1.10.0"
|
||||
tslib "^2.0.0"
|
||||
|
||||
forwarded-parse@^2.1.0:
|
||||
version "2.1.0"
|
||||
|
|
@ -31214,13 +31212,14 @@ xdg-basedir@^4.0.0:
|
|||
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
|
||||
integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
|
||||
|
||||
xml-crypto@^3.0.1:
|
||||
version "3.0.1"
|
||||
resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-3.0.1.tgz#1d4852b040e80413d8058e2917eddd9f17a00b8b"
|
||||
integrity sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==
|
||||
xml-crypto@^5.0.0:
|
||||
version "5.0.0"
|
||||
resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-5.0.0.tgz#e54dff59bf0e18527b91af7690513041ebb90273"
|
||||
integrity sha512-TdJZp/gdKb5RYiZigLy/RUz9EpbEV+HoOR4ofby3VonDSn7FmNZlex7OuxLPD8sRlCLZ5YYFI+9s1OhFs7fwEw==
|
||||
dependencies:
|
||||
"@xmldom/xmldom" "^0.8.5"
|
||||
xpath "0.0.32"
|
||||
"@xmldom/is-dom-node" "^1.0.1"
|
||||
"@xmldom/xmldom" "^0.8.10"
|
||||
xpath "^0.0.33"
|
||||
|
||||
xml-name-validator@^4.0.0:
|
||||
version "4.0.0"
|
||||
|
|
@ -31262,15 +31261,10 @@ xmldoc@^1.1.2:
|
|||
dependencies:
|
||||
sax "^1.2.1"
|
||||
|
||||
xpath@0.0.27:
|
||||
version "0.0.27"
|
||||
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92"
|
||||
integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==
|
||||
|
||||
xpath@0.0.32:
|
||||
version "0.0.32"
|
||||
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.32.tgz#1b73d3351af736e17ec078d6da4b8175405c48af"
|
||||
integrity sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==
|
||||
xpath@^0.0.33:
|
||||
version "0.0.33"
|
||||
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.33.tgz#5136b6094227c5df92002e7c3a13516a5074eb07"
|
||||
integrity sha512-NNXnzrkDrAzalLhIUc01jO2mOzXGXh1JwPgkihcLLzw98c0WgYDmmjSh1Kl3wzaxSVWMuA+fe0WTWOBDWCBmNA==
|
||||
|
||||
xstate@^4.38.2:
|
||||
version "4.38.2"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue