Merge branch 'master' into unskip-dataprovider

NOTICE.txt

@@ -1,5 +1,5 @@
 Kibana source code with Kibana X-Pack source code
-Copyright 2012-2020 Elasticsearch B.V.
+Copyright 2012-2021 Elasticsearch B.V.
 
 ---
 Pretty handling of logarithmic axes.

src/core/server/http/prototype_pollution/validate_object.test.ts → packages/kbn-std/src/ensure_no_unsafe_properties.test.ts

@@ -17,14 +17,14 @@
  * under the License.
  */
 
-import { validateObject } from './validate_object';
+import { ensureNoUnsafeProperties } from './ensure_no_unsafe_properties';
 
 test(`fails on circular references`, () => {
   const foo: Record<string, any> = {};
   foo.myself = foo;
 
   expect(() =>
-    validateObject({
+    ensureNoUnsafeProperties({
       payload: foo,
     })
   ).toThrowErrorMatchingInlineSnapshot(`"circular reference detected"`);
@@ -57,7 +57,7 @@ test(`fails on circular references`, () => {
       [property]: value,
     };
     test(`can submit ${JSON.stringify(obj)}`, () => {
-      expect(() => validateObject(obj)).not.toThrowError();
+      expect(() => ensureNoUnsafeProperties(obj)).not.toThrowError();
     });
   });
 });
@@ -74,6 +74,6 @@ test(`fails on circular references`, () => {
   JSON.parse(`{ "foo": { "bar": { "constructor": { "prototype" : null } } } }`),
 ].forEach((value) => {
   test(`can't submit ${JSON.stringify(value)}`, () => {
-    expect(() => validateObject(value)).toThrowErrorMatchingSnapshot();
+    expect(() => ensureNoUnsafeProperties(value)).toThrowErrorMatchingSnapshot();
   });
 });

src/core/server/http/prototype_pollution/validate_object.ts → packages/kbn-std/src/ensure_no_unsafe_properties.ts

@@ -31,7 +31,7 @@ const hasOwnProperty = (obj: any, property: string) =>
 const isObject = (obj: any) => typeof obj === 'object' && obj !== null;
 
 // we're using a stack instead of recursion so we aren't limited by the call stack
-export function validateObject(obj: any) {
+export function ensureNoUnsafeProperties(obj: any) {
   if (!isObject(obj)) {
     return;
   }

packages/kbn-std/src/index.ts

@@ -27,4 +27,5 @@ export { withTimeout } from './promise';
 export { isRelativeUrl, modifyUrl, getUrlOrigin, URLMeaningfulParts } from './url';
 export { unset } from './unset';
 export { getFlattenedObject } from './get_flattened_object';
+export { ensureNoUnsafeProperties } from './ensure_no_unsafe_properties';
 export * from './rxjs_7';

src/core/server/http/http_tools.ts

@@ -29,8 +29,8 @@ import Hoek from '@hapi/hoek';
 import type { ServerOptions as TLSOptions } from 'https';
 import type { ValidationError } from 'joi';
 import uuid from 'uuid';
+import { ensureNoUnsafeProperties } from '@kbn/std';
 import { HttpConfig } from './http_config';
-import { validateObject } from './prototype_pollution';
 
 const corsAllowedHeaders = ['Accept', 'Authorization', 'Content-Type', 'If-None-Match', 'kbn-xsrf'];
 /**
@@ -69,7 +69,7 @@ export function getServerOptions(config: HttpConfig, { configureTLS = true } = {
         // This is a default payload validation which applies to all LP routes which do not specify their own
         // `validate.payload` handler, in order to reduce the likelyhood of prototype pollution vulnerabilities.
         // (All NP routes are already required to specify their own validation in order to access the payload)
-        payload: (value) => Promise.resolve(validateObject(value)),
+        payload: (value) => Promise.resolve(ensureNoUnsafeProperties(value)),
       },
     },
     state: {

src/plugins/data/public/ui/filter_bar/filter_item.tsx

@@ -71,19 +71,27 @@ export function FilterItem(props: Props) {
 
   useEffect(() => {
     const index = props.filter.meta.index;
+    let isSubscribed = true;
     if (index) {
       getIndexPatterns()
         .get(index)
         .then((indexPattern) => {
-          setIndexPatternExists(!!indexPattern);
+          if (isSubscribed) {
+            setIndexPatternExists(!!indexPattern);
+          }
         })
         .catch(() => {
-          setIndexPatternExists(false);
+          if (isSubscribed) {
+            setIndexPatternExists(false);
+          }
         });
-    } else {
+    } else if (isSubscribed) {
       // Allow filters without an index pattern and don't validate them.
       setIndexPatternExists(true);
     }
+    return () => {
+      isSubscribed = false;
+    };
   }, [props.filter.meta.index]);
 
   function handleBadgeClick(e: MouseEvent<HTMLInputElement>) {

src/plugins/discover/public/application/angular/context_app.html

@@ -1,15 +1,3 @@
-<kbn-top-nav
-  app-name="'context'"
-  show-search-bar="true"
-  show-filter-bar="true"
-  show-query-bar="false"
-  show-save-query="false"
-  show-date-picker="false"
-  index-patterns="[contextApp.indexPattern]"
-  use-default-behaviors="true"
->
-</kbn-top-nav>
-
 <!-- Context App Legacy -->
 <context-app-legacy
   filter="contextApp.actions.addFilter"
@@ -29,4 +17,5 @@
   successor-available="contextApp.state.rows.successors.length"
   successor-status="contextApp.state.loadingStatus.successors.status"
   on-change-successor-count="contextApp.actions.fetchGivenSuccessorRows"
+  top-nav-menu="contextApp.topNavMenu"
 ></context-app-legacy>

src/plugins/discover/public/application/angular/context_app.js

@@ -56,13 +56,14 @@ getAngularModule().directive('contextApp', function ContextApp() {
 });
 
 function ContextAppController($scope, Private) {
-  const { filterManager, indexPatterns, uiSettings } = getServices();
+  const { filterManager, indexPatterns, uiSettings, navigation } = getServices();
   const queryParameterActions = getQueryParameterActions(filterManager, indexPatterns);
   const queryActions = Private(QueryActionsProvider);
   this.state = createInitialState(
     parseInt(uiSettings.get(CONTEXT_STEP_SETTING), 10),
     getFirstSortableField(this.indexPattern, uiSettings.get(CONTEXT_TIE_BREAKER_FIELDS_SETTING))
   );
+  this.topNavMenu = navigation.ui.TopNavMenu;
 
   this.actions = _.mapValues(
     {

src/core/server/http/prototype_pollution/index.ts → src/plugins/discover/public/application/components/context_app/__mocks__/top_nav_menu.tsx

@@ -17,4 +17,6 @@
  * under the License.
  */
 
-export { validateObject } from './validate_object';
+import React from 'react';
+
+export const TopNavMenuMock = () => <div>Hello World</div>;

src/plugins/discover/public/application/components/context_app/context_app_legacy.test.tsx

@@ -25,6 +25,7 @@ import { DocTableLegacy } from '../../angular/doc_table/create_doc_table_react';
 import { findTestSubject } from '@elastic/eui/lib/test';
 import { ActionBar } from '../../angular/context/components/action_bar/action_bar';
 import { ContextErrorMessage } from '../context_error_message';
+import { TopNavMenuMock } from './__mocks__/top_nav_menu';
 
 describe('ContextAppLegacy test', () => {
   const hit = {
@@ -64,6 +65,17 @@ describe('ContextAppLegacy test', () => {
     onChangeSuccessorCount: jest.fn(),
     predecessorStatus: 'loaded',
     successorStatus: 'loaded',
+    topNavMenu: TopNavMenuMock,
+  };
+  const topNavProps = {
+    appName: 'context',
+    showSearchBar: true,
+    showQueryBar: false,
+    showFilterBar: true,
+    showSaveQuery: false,
+    showDatePicker: false,
+    indexPatterns: [indexPattern],
+    useDefaultBehaviors: true,
   };
 
   it('renders correctly', () => {
@@ -72,6 +84,9 @@ describe('ContextAppLegacy test', () => {
     const loadingIndicator = findTestSubject(component, 'contextApp_loadingIndicator');
     expect(loadingIndicator.length).toBe(0);
     expect(component.find(ActionBar).length).toBe(2);
+    const topNavMenu = component.find(TopNavMenuMock);
+    expect(topNavMenu.length).toBe(1);
+    expect(topNavMenu.props()).toStrictEqual(topNavProps);
   });
 
   it('renders loading indicator', () => {
@@ -82,6 +97,7 @@ describe('ContextAppLegacy test', () => {
     const loadingIndicator = findTestSubject(component, 'contextApp_loadingIndicator');
     expect(loadingIndicator.length).toBe(1);
     expect(component.find(ActionBar).length).toBe(2);
+    expect(component.find(TopNavMenuMock).length).toBe(1);
   });
 
   it('renders error message', () => {
@@ -90,6 +106,7 @@ describe('ContextAppLegacy test', () => {
     props.reason = 'something went wrong';
     const component = mountWithIntl(<ContextAppLegacy {...props} />);
     expect(component.find(DocTableLegacy).length).toBe(0);
+    expect(component.find(TopNavMenuMock).length).toBe(0);
     const errorMessage = component.find(ContextErrorMessage);
     expect(errorMessage.length).toBe(1);
   });

src/plugins/discover/public/application/components/context_app/context_app_legacy.tsx

@@ -27,8 +27,10 @@ import {
 import { IIndexPattern, IndexPatternField } from '../../../../../data/common/index_patterns';
 import { LOADING_STATUS } from './constants';
 import { ActionBar, ActionBarProps } from '../../angular/context/components/action_bar/action_bar';
+import { TopNavMenuProps } from '../../../../../navigation/public';
 
 export interface ContextAppProps {
+  topNavMenu: React.ComponentType<TopNavMenuProps>;
   columns: string[];
   hits: Array<Record<string, unknown>>;
   indexPattern: IIndexPattern;
@@ -96,6 +98,20 @@ export function ContextAppLegacy(renderProps: ContextAppProps) {
     } as DocTableLegacyProps;
   };
 
+  const TopNavMenu = renderProps.topNavMenu;
+  const getNavBarProps = () => {
+    return {
+      appName: 'context',
+      showSearchBar: true,
+      showQueryBar: false,
+      showFilterBar: true,
+      showSaveQuery: false,
+      showDatePicker: false,
+      indexPatterns: [renderProps.indexPattern],
+      useDefaultBehaviors: true,
+    };
+  };
+
   const loadingFeedback = () => {
     if (status === LOADING_STATUS.UNINITIALIZED || status === LOADING_STATUS.LOADING) {
       return (
@@ -112,20 +128,23 @@ export function ContextAppLegacy(renderProps: ContextAppProps) {
       {isFailed ? (
         <ContextErrorMessage status={status} reason={renderProps.reason} />
       ) : (
-        <EuiPage>
-          <EuiPageContent paddingSize="s" className="dscCxtAppContent">
-            <ActionBar {...actionBarProps(PREDECESSOR_TYPE)} />
-            {loadingFeedback()}
-            <EuiHorizontalRule margin="xs" />
-            {isLoaded ? (
-              <div className="discover-table">
-                <DocTableLegacy {...docTableProps()} />
-              </div>
-            ) : null}
-            <EuiHorizontalRule margin="xs" />
-            <ActionBar {...actionBarProps(SUCCESSOR_TYPE)} />
-          </EuiPageContent>
-        </EuiPage>
+        <div>
+          <TopNavMenu {...getNavBarProps()} />
+          <EuiPage>
+            <EuiPageContent paddingSize="s" className="dscCxtAppContent">
+              <ActionBar {...actionBarProps(PREDECESSOR_TYPE)} />
+              {loadingFeedback()}
+              <EuiHorizontalRule margin="xs" />
+              {isLoaded ? (
+                <div className="discover-table">
+                  <DocTableLegacy {...docTableProps()} />
+                </div>
+              ) : null}
+              <EuiHorizontalRule margin="xs" />
+              <ActionBar {...actionBarProps(SUCCESSOR_TYPE)} />
+            </EuiPageContent>
+          </EuiPage>
+        </div>
       )}
     </I18nProvider>
   );

src/plugins/discover/public/application/components/context_app/context_app_legacy_directive.ts

@@ -37,5 +37,6 @@ export function createContextAppLegacy(reactDirective: any) {
     ['successorAvailable', { watchDepth: 'reference' }],
     ['successorStatus', { watchDepth: 'reference' }],
     ['onChangeSuccessorCount', { watchDepth: 'reference' }],
+    ['topNavMenu', { watchDepth: 'reference' }],
   ]);
 }

src/plugins/discover/public/get_inner_angular.ts

@@ -50,8 +50,6 @@ import {
   PromiseServiceCreator,
   registerListenEventListener,
   watchMultiDecorator,
-  createTopNavDirective,
-  createTopNavHelper,
 } from '../../kibana_legacy/public';
 import { DiscoverStartPlugins } from './plugin';
 import { getScopedHistory } from './kibana_services';
@@ -98,7 +96,6 @@ export function initializeInnerAngularModule(
     createLocalI18nModule();
     createLocalPrivateModule();
     createLocalPromiseModule();
-    createLocalTopNavModule(navigation);
     createLocalStorageModule();
     createPagerFactoryModule();
     createDocTableModule();
@@ -131,7 +128,6 @@ export function initializeInnerAngularModule(
       'discoverI18n',
       'discoverPrivate',
       'discoverPromise',
-      'discoverTopNav',
       'discoverLocalStorageProvider',
       'discoverDocTable',
       'discoverPagerFactory',
@@ -151,13 +147,6 @@ function createLocalPrivateModule() {
   angular.module('discoverPrivate', []).provider('Private', PrivateProvider);
 }
 
-function createLocalTopNavModule(navigation: NavigationStart) {
-  angular
-    .module('discoverTopNav', ['react'])
-    .directive('kbnTopNav', createTopNavDirective)
-    .directive('kbnTopNavHelper', createTopNavHelper(navigation.ui));
-}
-
 function createLocalI18nModule() {
   angular
     .module('discoverI18n', [])

src/plugins/navigation/public/index.ts

@@ -24,7 +24,7 @@ export function plugin(initializerContext: PluginInitializerContext) {
   return new NavigationPublicPlugin(initializerContext);
 }
 
-export { TopNavMenuData, TopNavMenu } from './top_nav_menu';
+export { TopNavMenuData, TopNavMenu, TopNavMenuProps } from './top_nav_menu';
 
 export { NavigationPublicPluginSetup, NavigationPublicPluginStart } from './types';
 

src/plugins/vis_type_timeseries/server/routes/vis.ts

@@ -19,6 +19,7 @@
 
 import { IRouter, KibanaRequest } from 'kibana/server';
 import { schema } from '@kbn/config-schema';
+import { ensureNoUnsafeProperties } from '@kbn/std';
 import { getVisData, GetVisDataOptions } from '../lib/get_vis_data';
 import { visPayloadSchema } from '../../common/vis_schema';
 import { ROUTES } from '../../common/constants';
@@ -40,6 +41,14 @@ export const visDataRoutes = (
       },
     },
     async (requestContext, request, response) => {
+      try {
+        ensureNoUnsafeProperties(request.body);
+      } catch (error) {
+        return response.badRequest({
+          body: error.message,
+        });
+      }
+
       try {
         visPayloadSchema.validate(request.body);
       } catch (error) {