Skip to content

Commit

Permalink
Audit Logging: use the original url
Browse files Browse the repository at this point in the history
  • Loading branch information
thomheymann committed Oct 21, 2020
1 parent ad2fe78 commit f19fa70
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
42 changes: 42 additions & 0 deletions x-pack/plugins/security/server/audit/audit_events.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -201,4 +201,46 @@ describe('#httpRequestEvent', () => {
}
`);
});

test('uses original URL if rewritten', () => {
expect(
httpRequestEvent({
request: httpServerMock.createKibanaRequest({
path: '/path',
query: { query: 'param' },
kibanaRequestState: {
requestId: '123',
requestUuid: '123e4567-e89b-12d3-a456-426614174000',
rewrittenUrl: {
path: '/original/path',
pathname: '/original/path',
query: 'query=param',
search: '?query=param',
},
},
}),
})
).toMatchInlineSnapshot(`
Object {
"event": Object {
"action": "http_request",
"category": "web",
"outcome": "unknown",
},
"http": Object {
"request": Object {
"method": "get",
},
},
"message": "User is requesting [/original/path] endpoint",
"url": Object {
"domain": undefined,
"path": "/original/path",
"port": undefined,
"query": "query=param",
"scheme": undefined,
},
}
`);
});
});
2 changes: 1 addition & 1 deletion x-pack/plugins/security/server/audit/audit_events.ts
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ export interface HttpRequestParams {
}

export function httpRequestEvent({ request }: HttpRequestParams): AuditEvent {
const { pathname, search } = request.url;
const { pathname, search } = request.rewrittenUrl ?? request.url;

return {
message: `User is requesting [${pathname}] endpoint`,
Expand Down

0 comments on commit f19fa70

Please sign in to comment.