Elastic search queries are exposed from client side

[lurym]

1. Use browser to create customer group
2. Copy request as curl and change elasticRequest field to anything else (invalid query is one of the options!)

Result:

1. Query is executed 'as is' in Elastic Search by customer-groups-consumer. If query is invalid then consumer fails:

   2017/06/16 14:04:20 An error occured getting customers: elastic: Error 400 (Bad Request): all shards failed [type=search_phase_execution_exception]
   panic: An error occured getting customers: elastic: Error 400 (Bad Request): all shards failed [type=search_phase_execution_exception]

2. customer-groups-consumer will never recover from that
3. According to ES spec this is a major security threat: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-security.html#_do_not_expose_elasticsearch_directly_to_the_internet
4. In other words malicious query can problably bring whole elasticsearch down

[annappropriate]

Any suggestions what you think is the right thing to do?

[lurym]

@jmataya comment on that: "We may be able to get away with waiting for Eugenes search service to land, since that will remove all raw ES usage, and because this feature is pretty much only running in demo - it's not available to the general public."

[lurym]

It requires admin privileges to exploit that so it might not be as important. Of course it's a big deal in multi tenant environment, but as Jeff said this is probably not yet in production.

[jmataya]

The general plan here is to replace the queries from ES with the service that @Axblade & Co are working on. So, pushing this to him and marking as in progress.

@Axblade, please change the status if you think this is incorrect.