Skip to content
This repository has been archived by the owner on Mar 31, 2024. It is now read-only.

Commit

Permalink
[es] when specifying path with vars always use encodeURIComponent (el…
Browse files Browse the repository at this point in the history
…astic#29210)

Fixes elastic#29194

In node 10, urls are validated to not include any multi-byte characters, which wouldn't be possible if we were always encoding variables injected into URLs but we missed a couple places.
  • Loading branch information
Spencer committed Jan 24, 2019
1 parent bcddc14 commit b2c811b
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 10 deletions.
2 changes: 1 addition & 1 deletion src/legacy/core_plugins/elasticsearch/lib/create_proxy.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ export function createProxy(server) {
handler(req, h) {
const { query, payload: body } = req;
return callWithRequest(req, 'transport.request', {
path: `/${req.params.index}/_search`,
path: `/${encodeURIComponent(req.params.index)}/_search`,
method: 'POST',
query,
body
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

exports[`StatusMessage should render with exact matches 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand Down Expand Up @@ -48,6 +49,7 @@ exports[`StatusMessage should render with exact matches 1`] = `

exports[`StatusMessage should render with no partial matches 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand Down Expand Up @@ -83,6 +85,7 @@ exports[`StatusMessage should render with no partial matches 1`] = `

exports[`StatusMessage should render with partial matches 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand Down Expand Up @@ -118,6 +121,7 @@ exports[`StatusMessage should render with partial matches 1`] = `

exports[`StatusMessage should render without a query 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand Down Expand Up @@ -145,6 +149,7 @@ exports[`StatusMessage should render without a query 1`] = `

exports[`StatusMessage should show that no indices exist 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand All @@ -165,6 +170,7 @@ exports[`StatusMessage should show that no indices exist 1`] = `

exports[`StatusMessage should show that system indices exist 1`] = `
<EuiText
data-test-subj="createIndexPatternStatusMessage"
grow={true}
size="s"
>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ export const StatusMessage = ({
}

return (
<EuiText size="s">
<EuiText size="s" data-test-subj="createIndexPatternStatusMessage">
<EuiTextColor color={statusColor}>
{ statusIcon ? <EuiIcon type={statusIcon}/> : null }
{statusMessage}
Expand Down
25 changes: 24 additions & 1 deletion test/functional/apps/management/_index_pattern_create_delete.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ export default function ({ getService, getPageObjects }) {
const browser = getService('browser');
const log = getService('log');
const retry = getService('retry');
const PageObjects = getPageObjects(['settings', 'common']);
const testSubjects = getService('testSubjects');
const PageObjects = getPageObjects(['settings', 'common', 'header']);

describe('creating and deleting default index', function describeIndexTests() {
before(function () {
Expand All @@ -38,6 +39,28 @@ export default function ({ getService, getPageObjects }) {
});
});

describe('special character handling', () => {
it('should handle special charaters in template input', async () => {
await PageObjects.settings.clickOptionalAddNewButton();
await PageObjects.header.waitUntilLoadingHasFinished();
await PageObjects.settings.setIndexPatternField({
indexPatternName: '❤️',
expectWildcard: false
});
await PageObjects.header.waitUntilLoadingHasFinished();

await retry.try(async () => {
expect(await testSubjects.getVisibleText('createIndexPatternStatusMessage'))
.to.contain(`The index pattern you've entered doesn't match any indices`);
});
});

after(async () => {
await PageObjects.settings.navigateTo();
await PageObjects.settings.clickKibanaIndices();
});
});

describe('index pattern creation', function indexPatternCreation() {
let indexPatternId;

Expand Down
6 changes: 3 additions & 3 deletions test/functional/page_objects/settings_page.js
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ export function SettingsPageProvider({ getService, getPageObjects }) {
await this.clickOptionalAddNewButton();
await PageObjects.header.waitUntilLoadingHasFinished();
await retry.try(async () => {
await this.setIndexPatternField(indexPatternName);
await this.setIndexPatternField({ indexPatternName });
});
await PageObjects.common.sleep(2000);
await (await this.getCreateIndexPatternGoToStep2Button()).click();
Expand Down Expand Up @@ -317,14 +317,14 @@ export function SettingsPageProvider({ getService, getPageObjects }) {
return indexPatternId;
}

async setIndexPatternField(indexPatternName = 'logstash-') {
async setIndexPatternField({ indexPatternName = 'logstash-', expectWildcard = true } = {}) {
log.debug(`setIndexPatternField(${indexPatternName})`);
const field = await this.getIndexPatternField();
await field.clearValue();
await field.type(indexPatternName);
const currentName = await field.getAttribute('value');
log.debug(`setIndexPatternField set to ${currentName}`);
expect(currentName).to.eql(`${indexPatternName}*`);
expect(currentName).to.eql(`${indexPatternName}${expectWildcard ? '*' : ''}`);
}

async getCreateIndexPatternGoToStep2Button() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ async function getAffectedIndices(
}
const indexParams = {
method: 'GET',
path: `/${indexPatterns.join(',')}`,
path: `/${encodeURIComponent(indexPatterns.join(','))}`,
// we allow 404 in case there are no indices
ignore: [404]
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ async function updateIndexTemplate(callWithRequest, indexTemplatePatch) {

const params = {
method: 'PUT',
path: `/_template/${indexTemplatePatch.templateName}`,
path: `/_template/${encodeURIComponent(indexTemplatePatch.templateName)}`,
ignore: [ 404 ],
body: template,
};
Expand Down Expand Up @@ -67,4 +67,4 @@ export function registerAddPolicyRoute(server) {
pre: [ licensePreRouting ]
}
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import { licensePreRoutingFactory } from'../../../lib/license_pre_routing_factor
async function fetchTemplate(callWithRequest, templateName) {
const params = {
method: 'GET',
path: `/_template/${templateName}`,
path: `/_template/${encodeURIComponent(templateName)}`,
// we allow 404 incase the user shutdown security in-between the check and now
ignore: [ 404 ]
};
Expand Down

0 comments on commit b2c811b

Please sign in to comment.