[Docs] Add missing reporting config (#123917) (#124270)

* added docs for `xpack.reporting.csv.escapeFormulaValues` config and `xpack.reporting.csv.useByteOrderMarkEncoding`, and some minor auto-formatting * some more auto-formatting changes * addded some documentation to CSV escape function Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 54895a2ef8)
2025-04-23 17:28:26 -04:00 · 2022-02-01 19:03:33 +01:00 · 2022-02-01 19:03:33 +01:00 · 1fd8c41aea
commit 1fd8c41aea
parent f796df161b
2 changed files with 26 additions and 9 deletions
--- a/docs/settings/reporting-settings.asciidoc
+++ b/docs/settings/reporting-settings.asciidoc
@ -97,10 +97,10 @@ NOTE: Running multiple instances of {kib} in a cluster for load balancing of
 reporting requires identical values for <<xpack-reporting-encryptionKey, `xpack.reporting.encryptionKey`>> and, if
 security is enabled, <<xpack-security-encryptionKey, `xpack.security.encryptionKey`>>.

-`xpack.reporting.queue.pollInterval`:: 
+`xpack.reporting.queue.pollInterval`::
 Specifies the {time-units}[time] that the reporting poller waits between polling the index for any pending Reporting jobs. Can be specified as number of milliseconds. Defaults to `3s`.

-[[xpack-reporting-q-timeout]] `xpack.reporting.queue.timeout` {ess-icon}:: 
+[[xpack-reporting-q-timeout]] `xpack.reporting.queue.timeout` {ess-icon}::
 {time-units}[How long] each worker has to produce a report. If your machine is slow or under heavy load, you might need to increase this timeout. If a Reporting job execution goes over this time limit, the job is marked as a failure and no download will be available. Can be specified as number of milliseconds. Defaults to `2m`.

 [float]
@ -109,7 +109,7 @@ Specifies the {time-units}[time] that the reporting poller waits between polling

 Reporting works by capturing screenshots from {kib}. The following settings control the capturing process.

-`xpack.reporting.capture.timeouts.openUrl` {ess-icon}:: 
+`xpack.reporting.capture.timeouts.openUrl` {ess-icon}::
 Specify the {time-units}[time] to allow the Reporting browser to wait for the "Loading..." screen to dismiss and find the initial data for the page. If the time is exceeded, a screenshot is captured showing the current page, and the download link shows a warning message. Can be specified as number of milliseconds. Defaults to `1m`.

 `xpack.reporting.capture.timeouts.waitForElements` {ess-icon}::
@ -123,7 +123,7 @@ running a report job, Reporting will log the error and try to continue
 capturing the page with a screenshot. As a result, a download will be
 available, but there will likely be errors in the visualizations in the report.

-`xpack.reporting.capture.maxAttempts` {ess-icon}:: 
+`xpack.reporting.capture.maxAttempts` {ess-icon}::
 If capturing a report fails for any reason, {kib} will re-attempt other reporting job, as many times as this setting. Defaults to `3`.

 `xpack.reporting.capture.loadDelay`::
@ -175,14 +175,14 @@ The rule objects are evaluated sequentially from the beginning to the end of the
 -------------------------------------------------------
 # Only allow requests to placeholder.com
 xpack.reporting.capture.networkPolicy:
-  rules: [ { allow: true, host: "placeholder.com" } ] 
+  rules: [ { allow: true, host: "placeholder.com" } ]
 -------------------------------------------------------

 [source,yaml]
 -------------------------------------------------------
-# Only allow requests to https://placeholder.com 
+# Only allow requests to https://placeholder.com
 xpack.reporting.capture.networkPolicy:
-  rules: [ { allow: true, host: "placeholder.com", protocol: "https:" } ] 
+  rules: [ { allow: true, host: "placeholder.com", protocol: "https:" } ]
 -------------------------------------------------------

 A final `allow` rule with no host or protocol allows all requests that are not explicitly denied:
@ -238,12 +238,18 @@ Number of documents retrieved from {es} for each scroll iteration during a CSV e
 Amount of {time-units}[time] allowed before {kib} cleans the scroll context during a CSV export. Defaults to `30s`.

 `xpack.reporting.csv.checkForFormulas`::
-Enables a check that warns you when there's a potential formula involved in the output (=, -, +, and @ chars). See OWASP: https://www.owasp.org/index.php/CSV_Injection. Defaults to `true`.
+Enables a check that warns you when there's a potential formula included in the output (=, -, +, and @ chars). See OWASP: https://www.owasp.org/index.php/CSV_Injection. Defaults to `true`.

-`xpack.reporting.csv` `.enablePanelActionDownload`::
+`xpack.reporting.csv.escapeFormulaValues`::
+Escape formula values in cells with a `'`. See OWASP: https://www.owasp.org/index.php/CSV_Injection. Defaults to `true`.
+
+`xpack.reporting.csv.enablePanelActionDownload`::
 Enables CSV export from a saved search on a dashboard. This action is available in the dashboard panel menu for the saved search.
 NOTE: This setting exists for backwards compatibility, but is unused and hardcoded to `true`. CSV export from a saved search on a dashboard is enabled when Reporting is enabled.

+`xpack.reporting.csv.useByteOrderMarkEncoding`::
+Adds a byte order mark (`\ufeff`) at the beginning of the CSV file. Defaults to `false`.
+
 [float]
 [[reporting-advanced-settings]]
 ==== Security settings
--- a/src/plugins/data/common/exports/escape_value.ts
+++ b/src/plugins/data/common/exports/escape_value.ts
@ -10,6 +10,17 @@ import { cellHasFormulas } from './formula_checks';

 type RawValue = string | object | null | undefined;

+/**
+ * Create a function that will escape CSV values like "=", "@" and "+" with a
+ * "'". This will also place CSV values in "" if contain non-alphanumeric chars.
+ *
+ * For example:
+ *
+ * Given: =1+1
+ * Returns: "'=1+1"
+ *
+ * See OWASP: https://www.owasp.org/index.php/CSV_Injection.
+ */
 export function createEscapeValue(
  quoteValues: boolean,
  escapeFormulas: boolean