github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Console] Prototype Hardening (first pass) (#46334) (#46681)

Browse source 
* Remove potential foot-gun function

* Precaution - user input is read against these objects
This commit is contained in:
Jean-Louis Leysens 2019-09-26 12:54:58 +02:00 committed by GitHub
parent a29f8e07f8
commit d7ed4d4ded
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/legacy/core_plugins/console/public/quarantined/src/kb/api.js
View file

@ -32,8 +32,8 @@ import { globalsOnlyAutocompleteComponents, compileBodyDescription } from '../a
* @param bodyParametrizedComponentFactories same as urlParametrizedComponentFactories but used for body compilation
*/
function Api(urlParametrizedComponentFactories, bodyParametrizedComponentFactories) {
this.globalRules = {};
this.endpoints = {};
this.globalRules = Object.create(null);
this.endpoints = Object.create(null);
this.urlPatternMatcher = new UrlPatternMatcher(urlParametrizedComponentFactories);
this.globalBodyComponentFactories = bodyParametrizedComponentFactories;
this.name = '';

11
src/legacy/core_plugins/console/server/proxy_route.js
View file

@ -37,12 +37,13 @@ function resolveUri(base, path) {
return pathToUse;
}
function extendCommaList(obj, property, value) {
obj[property] = (obj[property] ? obj[property] + ',' : '') + value;
}
function getProxyHeaders(req) {
const headers = {};
const headers = Object.create(null);
// Scope this proto-unsafe functionality to where it is being used.
function extendCommaList(obj, property, value) {
obj[property] = (obj[property] ? obj[property] + ',' : '') + value;
}
if (req.info.remotePort && req.info.remoteAddress) {
// see https://git.io/vytQ7