fix(x-pack/reporting): use FIPS-compliant ID generator uuidv4 in Reporting plugin (#174809)

## Summary Closes #174798 ### Checklist Delete any items that are not applicable to this PR. ### Risk Matrix Delete this section if it is not applicable to this PR. ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2024-01-25 00:38:47 +07:00 · 2024-01-25 00:38:47 +07:00 · cd907739f3
commit cd907739f3
parent a63bb6add0
7 changed files with 9 additions and 40 deletions
--- a/package.json
+++ b/package.json
@ -1003,7 +1003,6 @@
    "mapbox-gl-draw-rectangle-mode": "1.0.4",
    "maplibre-gl": "3.1.0",
    "markdown-it": "^12.3.2",
-    "md5": "^2.1.0",
    "mdast-util-to-hast": "10.2.0",
    "memoize-one": "^6.0.0",
    "mime": "^2.4.4",
@ -1040,7 +1039,6 @@
    "pretty-ms": "6.0.0",
    "prop-types": "^15.8.1",
    "proxy-from-env": "1.0.0",
-    "puid": "1.0.7",
    "puppeteer": "21.5.2",
    "query-string": "^6.13.2",
    "rbush": "^3.0.1",
--- a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx
+++ b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx
@ -5,24 +5,24 @@
 * 2.0.
 */

-import md5 from 'md5';
+import { sha256 } from 'js-sha256';
 import { createCalloutId } from './helpers';

 describe('createCalloutId', () => {
  it('creates id correctly with one id', () => {
-    const digest = md5('one');
+    const digest = sha256('one');
    const id = createCalloutId(['one']);
    expect(id).toBe(digest);
  });

  it('creates id correctly with multiples ids', () => {
-    const digest = md5('one|two|three');
+    const digest = sha256('one|two|three');
    const id = createCalloutId(['one', 'two', 'three']);
    expect(id).toBe(digest);
  });

  it('creates id correctly with multiples ids and delimiter', () => {
-    const digest = md5('one,two,three');
+    const digest = sha256('one,two,three');
    const id = createCalloutId(['one', 'two', 'three'], ',');
    expect(id).toBe(digest);
  });
--- a/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx
+++ b/x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx
@ -5,7 +5,7 @@
 * 2.0.
 */

-import md5 from 'md5';
+import { sha256 } from 'js-sha256';

 export const createCalloutId = (ids: string[], delimiter: string = '|'): string =>
-  md5(ids.join(delimiter));
+  sha256(ids.join(delimiter));
--- a/x-pack/plugins/reporting/server/lib/puid.d.ts
+++ b/x-pack/plugins/reporting/server/lib/puid.d.ts
@ -1,15 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-declare module 'puid' {
-  class Puid {
-    generate(): string;
-  }
-
-  // eslint-disable-next-line import/no-default-export
-  export default Puid;
-}
--- a/x-pack/plugins/reporting/server/lib/store/report.ts
+++ b/x-pack/plugins/reporting/server/lib/store/report.ts
@ -7,7 +7,7 @@

 import { omit } from 'lodash';
 import moment from 'moment';
-import Puid from 'puid';
+import { v4 as uuidv4 } from 'uuid';

 import { JOB_STATUS } from '@kbn/reporting-common';
 import {
@ -19,7 +19,6 @@ import {

 import type { ReportTaskParams } from '../tasks';

-const puid = new Puid();
 export const MIGRATION_VERSION = '7.14.0';

 /*
@ -63,7 +62,7 @@ export class Report implements Partial<ReportSource & ReportDocumentHead> {
   * Index string is required
   */
  constructor(opts: Partial<ReportSource> & Partial<ReportDocumentHead>, fields?: ReportFields) {
-    this._id = opts._id != null ? opts._id : puid.generate();
+    this._id = opts._id != null ? opts._id : uuidv4();
    this._index = opts._index;
    this._primary_term = opts._primary_term;
    this._seq_no = opts._seq_no;
--- a/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts
+++ b/x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts
@ -5,15 +5,7 @@
 * 2.0.
 */

-jest.mock(
-  'puid',
-  () =>
-    class MockPuid {
-      generate() {
-        return 'mock-report-id';
-      }
-    }
-);
+jest.mock('uuid', () => ({ v4: () => 'mock-report-id' }));

 import rison from '@kbn/rison';

--- a/yarn.lock
+++ b/yarn.lock
@ -25343,11 +25343,6 @@ public-encrypt@^4.0.0:
    parse-asn1 "^5.0.0"
    randombytes "^2.0.1"

-puid@1.0.7:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/puid/-/puid-1.0.7.tgz#fa638a737d7b20419059d93965aed36ca20e1c84"
-  integrity sha1-+mOKc317IEGQWdk5Za7TbKIOHIQ=
-
 pump@^2.0.0:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909"