post-search filtering for ElasticSearch Results for Security
Problem
Replicating all our permissions in ElasticSearch regularly results in security bugs:
In addition to these security bugs there could always be stale permission data in ElasticSearch that results in leaked data as well.
Solution
We should add an extra layer of security by always filtering the results based on user permissions using our normal permission code after we get the results back from ElasticSearch.
If results are returned that should not be then we filter them out from view. We should also log that and set up monitoring and alerting on this so we can detect bugs in production.
Acceptance Criteria
A working solution here should have prevented all of the security vulnerabilities. Verify them by running this against the insecure versions of the code and confirming that the results do not show and that the violation is logged: