Improve query_url and base_url input validation

kibana-reports/public/components/main/report_details/__tests__/__snapshots__/report_details.test.tsx.snap

@@ -148,7 +148,7 @@ exports[`<ReportDetails /> panel render 5 hours recurring component 1`] = `
             >
               <a
                 class="euiLink euiLink--primary"
-                href="http://localhost:5601/app/kibana#/dashboard/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))"
+                href="http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))"
                 rel="noopener noreferrer"
                 target="_blank"
               >
@@ -622,7 +622,7 @@ exports[`<ReportDetails /> panel render on-demand component 1`] = `
             >
               <a
                 class="euiLink euiLink--primary"
-                href="http://localhost:5601/app/kibana#/dashboard/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))"
+                href="http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))"
                 rel="noopener noreferrer"
                 target="_blank"
               >

kibana-reports/public/components/main/report_details/__tests__/report_details.test.tsx

@@ -58,7 +58,7 @@ describe('<ReportDetails /> panel', () => {
 
     httpClientMock.get = jest.fn().mockResolvedValue({
       report_definition,
-      query_url: `http://localhost:5601/app/kibana#/dashboard/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))`,
+      query_url: `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))`,
     });
 
     const { container } = render(
@@ -111,7 +111,7 @@ describe('<ReportDetails /> panel', () => {
 
     httpClientMock.get = jest.fn().mockResolvedValue({
       report_definition,
-      query_url: `http://localhost:5601/app/kibana#/dashboard/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))`,
+      query_url: `http://localhost:5601/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(time:(from:'2020-10-23T20:53:35.315Z',to:'2020-10-23T21:23:35.316Z'))`,
     });
 
     const { container } = render(

kibana-reports/public/components/report_definitions/report_settings/__tests__/report_settings_helpers.test.tsx

@@ -44,26 +44,26 @@ describe('report_settings_helpers tests', () => {
 
   test('getDashboardBaseUrlCreate', () => {
     const baseUrl = getDashboardBaseUrlCreate(true, '12345', true);
-    expect(baseUrl).toBe('/app/kibana#/dashboard/');
+    expect(baseUrl).toBe('/app/dashboards#/view/');
 
     const baseUrlNotFromEdit = getDashboardBaseUrlCreate(false, '12345', true);
-    expect(baseUrlNotFromEdit).toBe('/app/kibana#/dashboard/');
+    expect(baseUrlNotFromEdit).toBe('/app/dashboards#/view/');
   });
 
   test('getVisualizationBaseUrlCreate', () => {
     const baseUrl = getVisualizationBaseUrlCreate(true, true);
-    expect(baseUrl).toBe('/app/kibana#/visualize/edit/');
+    expect(baseUrl).toBe('/app/visualize#/edit/');
 
     const baseUrlNotFromEdit = getVisualizationBaseUrlCreate(false, true);
-    expect(baseUrlNotFromEdit).toBe('/app/kibana#/visualize/edit/');
+    expect(baseUrlNotFromEdit).toBe('/app/visualize#/edit/');
   });
 
   test('getSavedSearchBaseUrlCreate', () => {
     const baseUrl = getSavedSearchBaseUrlCreate(true, true);
-    expect(baseUrl).toBe('/app/kibana#/discover/');
+    expect(baseUrl).toBe('/app/discover#/view/');
 
     const baseUrlNotFromEdit = getSavedSearchBaseUrlCreate(false, true);
-    expect(baseUrlNotFromEdit).toBe('/app/kibana#/discover/');
+    expect(baseUrlNotFromEdit).toBe('/app/discover#/view/');
   });
 
   test('getDashboardOptions', () => {

kibana-reports/public/components/report_definitions/report_settings/report_settings_helpers.tsx

@@ -34,7 +34,7 @@ export const getDashboardBaseUrlCreate = (
   if (!fromInContext) {
     baseUrl = location.pathname + location.hash;
   } else {
-    baseUrl = '/app/kibana#/dashboard/';
+    baseUrl = '/app/dashboards#/view/';
   }
   if (edit) {
     return baseUrl.replace(
@@ -46,7 +46,7 @@ export const getDashboardBaseUrlCreate = (
   }
   return baseUrl.replace(
     'opendistro_kibana_reports#/create',
-    'kibana#/dashboard/'
+    'dashboards#/view/'
   );
 };
 
@@ -58,19 +58,19 @@ export const getVisualizationBaseUrlCreate = (
   if (!fromInContext) {
     baseUrl = location.pathname + location.hash;
   } else {
-    baseUrl = '/app/kibana#/visualize/edit/';
+    baseUrl = '/app/visualize#/edit/';
   }
   if (edit) {
     return baseUrl.replace(
       'opendistro_kibana_reports#/edit',
-      'kibana#/visualize/edit'
+      'visualize#/edit/'
     );
   } else if (fromInContext) {
     return baseUrl;
   }
   return baseUrl.replace(
     'opendistro_kibana_reports#/create',
-    'kibana#/visualize/edit/'
+    'visualize#/edit/'
   );
 };
 
@@ -82,19 +82,19 @@ export const getSavedSearchBaseUrlCreate = (
   if (!fromInContext) {
     baseUrl = location.pathname + location.hash;
   } else {
-    baseUrl = '/app/kibana#/discover/';
+    baseUrl = '/app/discover#/view/';
   }
   if (edit) {
     return baseUrl.replace(
       'opendistro_kibana_reports#/edit',
-      'kibana#/discover/'
+      'discover#/view/'
     );
   } else if (fromInContext) {
     return baseUrl;
   }
   return baseUrl.replace(
     'opendistro_kibana_reports#/create',
-    'kibana#/discover/'
+    'discover#/view/'
   );
 };
 

kibana-reports/server/model/index.ts

@@ -41,6 +41,7 @@ export const dataReportSchema = schema.object({
         return `invalid relative url: ${value}`;
       }
     },
+    minLength: 1,
   }),
   saved_search_id: schema.string(),
   //ISO duration format. 'PT10M' means 10 min
@@ -66,6 +67,7 @@ export const visualReportSchema = schema.object({
         return `invalid relative url: ${value}`;
       }
     },
+    minLength: 1,
   }),
   window_width: schema.number({ defaultValue: 1200, min: 0 }),
   window_height: schema.number({ defaultValue: 800, min: 0 }),
@@ -229,8 +231,9 @@ export const reportSchema = schema.object({
         return `invalid relative url: ${value}`;
       }
     },
+    minLength: 1,
   }),
-  time_from: schema.number({ min: 1 }),
+  time_from: schema.number(),
   time_to: schema.number(),
   report_definition: reportDefinitionSchema,
 

kibana-reports/server/routes/utils/__tests__/visualReportHelper.test.ts

@@ -30,7 +30,7 @@ const mockLogger: Logger = {
 };
 
 const input = {
-  query_url: '/app/dashboard#/view/7adfa750-4c81-11e8-b3d7-01146121b73d',
+  query_url: '/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d',
   time_from: 1343576635300,
   time_to: 1596037435301,
   report_definition: {
@@ -39,7 +39,7 @@ const input = {
       report_source: 'Dashboard',
       description: 'Hi this is your Dashboard on demand',
       core_params: {
-        base_url: '/app/dashboard#/view/7adfa750-4c81-11e8-b3d7-01146121b73d',
+        base_url: '/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d',
         window_width: 1300,
         window_height: 900,
         report_format: 'png',

kibana-reports/server/utils/validationHelper.ts

@@ -13,15 +13,16 @@
  * permissions and limitations under the License.
  */
 
-import { LOCAL_HOST } from '../routes/utils/constants';
+import path from 'path';
 
 export const isValidRelativeUrl = (relativeUrl: string) => {
-  try {
-    new URL(`${LOCAL_HOST}${relativeUrl}`);
-  } catch (_) {
-    return false;
-  }
-  return true;
+  const normalizedRelativeUrl = path.normalize(relativeUrl);
+  // check pattern
+  // ODFE pattern: /app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g
+  // AES pattern: /_plugin/kibana/app/dashboards#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g
+  const isValid = regexRelativeUrl.test(normalizedRelativeUrl);
+
+  return isValid;
 };
 
 /**
@@ -31,3 +32,4 @@ export const isValidRelativeUrl = (relativeUrl: string) => {
 export const regexDuration = /^(-?)P(?=\d|T\d)(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)([DW]))?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+(?:\.\d+)?)S)?)?$/;
 export const regexEmailAddress = /\S+@\S+\.\S+/;
 export const regexReportName = /^[\w\-\s\(\)\[\]\,\_\-+]+$/;
+export const regexRelativeUrl = /^\/(_plugin\/kibana\/app|app)\/(dashboards|visualize|discover)#\/(view|edit)\/([a-f0-9-]+)($|\?\S+$)/;

kibana-reports/target/public/.kbn-optimizer-cache

@@ -75,7 +75,7 @@
       "/Users/szhongna/Desktop/reporting/kibana/packages/kbn-optimizer/target/worker/entry_point_creator.js": 1601399183513.5488,
       "/Users/szhongna/Desktop/reporting/kibana/packages/kbn-optimizer/target/worker/postcss.config.js": 1601399183514.4482,
       "/Users/szhongna/Desktop/reporting/kibana/packages/kbn-ui-shared-deps/public_path_module_creator.js": 1593032574895.5579,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/common/index.ts": 1604993471162.1436,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/common/index.ts": 1605069506036.6765,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/kibana.json": 1603834850064.1238,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/node_modules/babel-polyfill/node_modules/regenerator-runtime/package.json": 1604604373848,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/node_modules/babel-polyfill/package.json": 1604604373783,
@@ -85,29 +85,29 @@
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/node_modules/showdown/package.json": 1604604385547,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/application.tsx": 1599856400048.2703,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/app.tsx": 1603834850065.2065,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/context_menu/context_menu_helpers.js": 1604989033928.0872,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/context_menu/context_menu_helpers.js": 1605069506049.1804,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/context_menu/context_menu_ui.js": 1603834850068.1875,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/context_menu/context_menu.js": 1604965989323.2427,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/main_utils.tsx": 1604965989331.5005,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/main.tsx": 1604604222008.2456,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_definition_details/report_definition_details.tsx": 1604965989335.891,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_definitions_table.tsx": 1604965989337.7913,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_details/report_details.tsx": 1604965989341.841,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/reports_table.tsx": 1604965989345.4421,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/create/create_report_definition.tsx": 1604604222013.2036,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/context_menu/context_menu.js": 1605047164702.8394,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/main_utils.tsx": 1605047164715.5464,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/main.tsx": 1605047164714.4817,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_definition_details/report_definition_details.tsx": 1605047164718.7935,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_definitions_table.tsx": 1605047164720.208,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/report_details/report_details.tsx": 1605047164722.5857,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/main/reports_table.tsx": 1605047164723.5986,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/create/create_report_definition.tsx": 1605047164724.331,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/delivery/delivery_constants.tsx": 1603834850082.07,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/delivery/delivery.tsx": 1603834850081.0684,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/delivery/email.tsx": 1604989033929.4597,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/delivery/email.tsx": 1605069506050.6047,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/delivery/index.ts": 1597767399835.9766,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/edit/edit_report_definition.tsx": 1604965989347.3735,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/edit/edit_report_definition.tsx": 1605047164734.349,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/index.ts": 1597767399841.27,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/report_settings_constants.tsx": 1603834850087.143,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/report_settings_helpers.tsx": 1604952259963.6646,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/report_settings.tsx": 1604604222016.832,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/report_settings_helpers.tsx": 1605069487664.1584,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/report_settings.tsx": 1605047164739.7095,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_settings/time_range.tsx": 1604357614110.4272,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/index.ts": 1597767399848.9548,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/report_trigger_constants.tsx": 1604965989353.084,
-      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/report_trigger.tsx": 1604965989350.5222,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/report_trigger_constants.tsx": 1605047164745.0847,
+      "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/report_trigger.tsx": 1605047164743.2354,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/report_trigger/timezone.tsx": 1603834850098.4565,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/components/report_definitions/utils/index.ts": 1603834850306.1677,
       "/Users/szhongna/Desktop/reporting/kibana/plugins/kibana-reports/public/index.scss": 1603834850099.9739,