Of course! We have a platform where users can develop code. We use Elastic as a search engine, and they can perform queries, request object reindexing, among other actions. The issue is that we need to display certain logs to them since they need insights to understand potential issues in code execution. However, some logs end up exposing the Elastic address to the end user, which could compromise our security.
In this specific case, the user is using these fields in searches, which is generating the log and exposing our infrastructure. There are other similar cases as well, such as the following:
method [POST], host [http://address:9200/], URI [/5aa99e9e62edb97e8ca44888.638f55b514d6f675dce3d176/_search], status line [HTTP/1.1 500 Internal Server Error]
{"error":{"root_cause":[{"type":"null_pointer_exception","reason":"Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesCollectorQueue.top()" is null"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"idx.10.5aa99e9e62edb97e8ca44888.638f55b514d6f675dce3d176","node":"NH0bnj57RhiC5g2yTBQa8Q","reason":{"type":"null_pointer_exception","reason":"Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesCollectorQueue.top()" is null"}}],"caused_by":{"type":"null_pointer_exception","reason":"Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesCollectorQueue.top()" is null","caused_by":{"type":"null_pointer_exception","reason":"Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesCollectorQueue.top()" is null"}}},"status":500}.
It's a situation similar to the one in the link below, but with the difference that I would like to mask our address in some way. We are using Elastic 7 and 8 at the same time while migrating to version 8.
Thank you very much for your attention. (Legal ver um brasileiro aqui)