Reporting/bug more blacklisted headers (#62389)

* Adding more blacklisted headers + a starts-with pattern export * Fixing starts-with pattern export
elastic · Apr 3, 2020 · 9ed69ce · 9ed69ce
1 parent b9ac2ac
commit 9ed69ce
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/x-pack/legacy/plugins/reporting/common/constants.ts b/x-pack/legacy/plugins/reporting/common/constants.ts
@@ -27,6 +27,9 @@ export const WHITELISTED_JOB_CONTENT_TYPES = [
   'image/png',
 ];
 
+// See:
+// https://github.com/chromium/chromium/blob/3611052c055897e5ebbc5b73ea295092e0c20141/services/network/public/cpp/header_util_unittest.cc#L50
+// For a list of headers that chromium doesn't like
 export const KBN_SCREENSHOT_HEADER_BLACKLIST = [
   'accept-encoding',
   'connection',
@@ -38,8 +41,14 @@ export const KBN_SCREENSHOT_HEADER_BLACKLIST = [
   // only for a single transport-level connection, and shouldn't
   // be stored by caches or forwarded by proxies.
   'transfer-encoding',
+  'trailer',
+  'te',
+  'upgrade',
+  'keep-alive',
 ];
 
+export const KBN_SCREENSHOT_HEADER_BLACKLIST_STARTS_WITH_PATTERN = ['proxy-'];
+
 export const UI_SETTINGS_CUSTOM_PDF_LOGO = 'xpackReporting:customPdfLogo';
 
 /**

diff --git a/...legacy/plugins/reporting/export_types/common/execute_job/omit_blacklisted_headers.test.ts b/...legacy/plugins/reporting/export_types/common/execute_job/omit_blacklisted_headers.test.ts
@@ -19,6 +19,9 @@ test(`omits blacklisted headers`, async () => {
     'content-type': '',
     host: '',
     'transfer-encoding': '',
+    'proxy-connection': 'bananas',
+    'proxy-authorization': 'some-base64-encoded-thing',
+    trailer: 's are for trucks',
   };
 
   const filteredHeaders = await omitBlacklistedHeaders({

diff --git a/x-pack/legacy/plugins/reporting/export_types/common/execute_job/omit_blacklisted_headers.ts b/x-pack/legacy/plugins/reporting/export_types/common/execute_job/omit_blacklisted_headers.ts
@@ -4,7 +4,10 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import { omit } from 'lodash';
-import { KBN_SCREENSHOT_HEADER_BLACKLIST } from '../../../common/constants';
+import {
+  KBN_SCREENSHOT_HEADER_BLACKLIST,
+  KBN_SCREENSHOT_HEADER_BLACKLIST_STARTS_WITH_PATTERN,
+} from '../../../common/constants';
 
 export const omitBlacklistedHeaders = <JobDocPayloadType>({
   job,
@@ -15,7 +18,12 @@ export const omitBlacklistedHeaders = <JobDocPayloadType>({
 }) => {
   const filteredHeaders: Record<string, string> = omit(
     decryptedHeaders,
-    KBN_SCREENSHOT_HEADER_BLACKLIST
+    (_value, header: string) =>
+      header &&
+      (KBN_SCREENSHOT_HEADER_BLACKLIST.includes(header) ||
+        KBN_SCREENSHOT_HEADER_BLACKLIST_STARTS_WITH_PATTERN.some(pattern =>
+          header?.startsWith(pattern)
+        ))
   );
   return filteredHeaders;
 };