Skip to content

[9.2] [Console] Fix code scanning alert (#241231) #241328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[9.2] [Console] Fix code scanning alert (#241231) #241328

wants to merge 1 commit into from
+14 −2

Conversation

@SoniaSanzV
Copy link
Contributor

Backport

This will backport the following commits from main to 9.2:

Questions ?

Please refer to the Backport tool documentation

@SoniaSanzV
[Console] Fix code scanning alert (elastic#241231)
3a3aa97 
Fixes https://github.com/elastic/kibana/security/code-scanning/620

## Summary
This was already addressed in
elastic#237599 but we had the alert
again. For trying to fix it, I re-build the url with the validated
protocol and hostname. Also, I updated the tests so it validates the
href, the previous implementation was returning true for all URLs.

### How to test:

Try loading the following URL (making the necessary replacement in the
URL) and verify that the data is correctly loaded into the editor and
value can be edited:

`http://localhost:5601/<REPLACE-THIS>/app/dev_tools#/console?load_from=data:text/plain,AoeQygKgBA9A+gRwK4FMBOBPGBDAzhgOwGMB+AEzQHsAHOApAGwbiMoaQFsDcAoAbx5QoAImToMwgFwiAZgCVKAWShoUHSgBcUAWgBUkgJYEyKAB4pcwgDSCRDSkWwMUUkSgLXbwmQYZa0rgJCQsIARpRsgbbBIhxIuBquANoAujYxIT5+6Mlp0cHCuAAWlIxkuekZwnEJdJq5+QC+ts2NQA`

`http://localhost:5601/<REPLACE-THIS>/app/dev_tools#/console?load_from=https://www.elastic.co/guide/en/elasticsearch/reference/current/snippets/86.console`

(cherry picked from commit 56e1585)

# Conflicts:
#	src/platform/plugins/shared/console/public/application/containers/editor/hooks/use_set_initial_value.test.ts
#	src/platform/plugins/shared/console/public/application/containers/editor/hooks/use_set_initial_value.ts
@SoniaSanzV SoniaSanzV added the backport This PR is a backport of another PR label Oct 30, 2025
@SoniaSanzV SoniaSanzV enabled auto-merge (squash) October 30, 2025 16:28
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 30, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #14 / useSetInitialValue should load data from load_from param if it is a valid Elastic URL
  • [job] [logs] Jest Tests #14 / useSetInitialValue should load data from load_from param if it is a valid Elastic URL

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
console 182.1KB 182.2KB +72.0B

History

@SoniaSanzV SoniaSanzV closed this Oct 31, 2025
auto-merge was automatically disabled October 31, 2025 06:17

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SoniaSanzV @elasticmachine