Remove invalid characters from default server.name config value (#1…

…41350)
elastic · Sep 23, 2022 · 6786b1e · 6786b1e
1 parent df4adeb
commit 6786b1e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 6 deletions.
diff --git a/packages/core/http/core-http-server-internal/src/http_config.test.ts b/packages/core/http/core-http-server-internal/src/http_config.test.ts
@@ -14,15 +14,21 @@ import { ExternalUrlConfig } from './external_url';
 const validHostnames = ['www.example.com', '8.8.8.8', '::1', 'localhost', '0.0.0.0'];
 const invalidHostnames = ['asdf$%^', '0'];
 
+let mockHostname = 'kibana-hostname';
+
 jest.mock('os', () => {
   const original = jest.requireActual('os');
 
   return {
     ...original,
-    hostname: () => 'kibana-hostname',
+    hostname: () => mockHostname,
   };
 });
 
+beforeEach(() => {
+  mockHostname = 'kibana-hostname';
+});
+
 test('has defaults for config', () => {
   const httpSchema = config.schema;
   const obj = {};
@@ -245,10 +251,19 @@ test('accepts only valid uuids for server.uuid', () => {
   );
 });
 
-test('uses os.hostname() as default for server.name', () => {
-  const httpSchema = config.schema;
-  const validated = httpSchema.validate({});
-  expect(validated.name).toEqual('kibana-hostname');
+describe('server.name', () => {
+  test('uses os.hostname() as default for server.name', () => {
+    const httpSchema = config.schema;
+    const validated = httpSchema.validate({});
+    expect(validated.name).toEqual('kibana-hostname');
+  });
+
+  test('removes non-ascii characters from os.hostname() when used as default', () => {
+    mockHostname = 'Apple’s amazing idea♥';
+    const httpSchema = config.schema;
+    const validated = httpSchema.validate({});
+    expect(validated.name).toEqual('Apples amazing idea');
+  });
 });
 
 test('throws if xsrf.allowlist element does not start with a slash', () => {

diff --git a/packages/core/http/core-http-server-internal/src/http_config.ts b/packages/core/http/core-http-server-internal/src/http_config.ts
@@ -32,9 +32,14 @@ const match = (regex: RegExp, errorMsg: string) => (str: string) =>
 // The lower-case set of response headers which are forbidden within `customResponseHeaders`.
 const RESPONSE_HEADER_DENY_LIST = ['location', 'refresh'];
 
+const validHostName = () => {
+  // see https://github.com/elastic/kibana/issues/139730
+  return hostname().replace(/[^\x00-\x7F]/g, '');
+};
+
 const configSchema = schema.object(
   {
-    name: schema.string({ defaultValue: () => hostname() }),
+    name: schema.string({ defaultValue: () => validHostName() }),
     autoListen: schema.boolean({ defaultValue: true }),
     publicBaseUrl: schema.maybe(schema.uri({ scheme: ['http', 'https'] })),
     basePath: schema.maybe(