Improve parameters validation for `PUT /active-response` API endpoint

mcarmona99 commented 2 years ago

Description

This PR adds a command validation for the PUT /active-response API endpoint and new test cases.

Manual tests

Docu example

curl -u foo:bar -k -X PUT -d '{"command":"restart-ossec0", "arguments": ["-", "null", "(from_the_server)", "(no_rule_id)"]}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 0,
   "data": "Command sent."
}

Docu example + custom

curl -u foo:bar -k -X PUT -d '{"command":"custom_command", "custom": true, "arguments": ["-", "null", "(from_the_server)", "(no_rule_id)"]}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 0,
   "data": "Command sent."
}

Wrong arguments

curl -u foo:bar -k -X PUT -d '{"command":"custom_command", "custom": true, "arguments": "not_an_array"}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 624,
   "message": "Param not valid. Valid values: array.  Field: arguments"
}

Wrong custom

curl -u foo:bar -k -X PUT -d '{"command":"custom_command", "custom": "hi", "arguments": ["-", "null", "(from_the_server)", "(no_rule_id)"]}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 618,
   "message": "Param not valid. Valid values: true or false.  Field: custom"
}

Wrong command: "command": "../../../test.sh"

curl -u foo:bar -k -X PUT -d '{"command":"../../../test.sh", "custom": true}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 602,
   "message": "Param not valid. Command is not valid.  Field: command"
}

Wrong command: "command": "..\\..\\..\\test.ps1"

curl -u foo:bar -k -X PUT -d '{"command":"..\\..\\..\\test.ps1", "custom": true}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 602,
   "message": "Param not valid. Command is not valid.  Field: command"
}

Wrong command: "command": "!../../../test.sh"

curl -u foo:bar -k -X PUT -d '{"command":"!../../../test.sh"}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 602,
   "message": "Param not valid. Command is not valid.  Field: command"
}

Wrong command: "command": "!..\\..\\..\\test.ps1"

curl -u foo:bar -k -X PUT -d '{"command":"!..\\..\\..\\test.ps1"}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 602,
   "message": "Param not valid. Command is not valid.  Field: command"
}

Other valid paths

curl -u foo:bar -k -X PUT -d '{"command":".\\test.ps1", "custom": true}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 0,
   "data": "Command sent."
}

curl -u foo:bar -k -X PUT -d '{"command":"./test.sh", "custom": true}' -H 'Content-Type:application/json' "https://127.0.0.1:55000/active-response/000?pretty"

{
   "error": 0,
   "data": "Command sent."
}

API tests

root@ee88e5f779e8:/wazuh-api# mocha test/test_active_response.js 

  Active Response
    PUT/active-response/:agent_id
(node:2103) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
      ✔ Request (265ms)
      ✔ Command not found (246ms)
      ✔ Custom command (257ms)
      ✔ Wrong custom parameter (77ms)
      ✔ Wrong arguments parameter (80ms)
      ✔ Agent does not exist (250ms)
      ✔ Agent ID not valid (74ms)
      ✔ Wrong command (unsafe path - Ubuntu) (74ms)
      ✔ Wrong command (unsafe path - Windows) (75ms)
      ✔ Wrong command (unsafe path with ! - Ubuntu) (75ms)
      ✔ Wrong command (unsafe path with ! - Windows) (75ms)
      ✔ Other valid commands (Ubuntu) (247ms)
      ✔ Other valid commands (Windows) (239ms)

  13 passing (2s)

mcarmona99 commented 2 years ago

API tests after the requested changes:

root@db6c3b064a20:/wazuh-api# mocha test/test_active_response.js 

  Active Response
    PUT/active-response/:agent_id
(node:1577) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
      ✔ Request (270ms)
      ✔ Command not found (253ms)
      ✔ Custom command (248ms)
      ✔ Wrong custom parameter (77ms)
      ✔ Wrong arguments parameter (74ms)
      ✔ Agent does not exist (240ms)
      ✔ Agent ID not valid (81ms)
      ✔ Wrong command (unsafe path - Ubuntu) (81ms)
      ✔ Wrong command (unsafe path - Ubuntu) (73ms)
      ✔ Wrong command (unsafe path with ! - Ubuntu) (74ms)
      ✔ Wrong command (unsafe path - Windows) (80ms)
      ✔ Wrong command (unsafe path - Windows) (74ms)
      ✔ Wrong command (unsafe path with ! - Windows) (78ms)
      ✔ Other valid commands (Ubuntu) (275ms)
      ✔ Other valid commands (Windows) (257ms)

  15 passing (2s)

davidjiglesias commented 2 years ago

LGTM

wazuh / wazuh-api