Whitelist domains for dev_tools/console?load_from=

[synhershko]

Consider the following: localhost:5601/app/kibana#/dev_tools/console?load_from=malicious_script.json

Kibana probably needs a whitelist for domains to load from to protect against malicious usage (even though Console doesn't run the Sense scripts automatically). As an attacker I can easily trick the user to do stuff that he will regret later and I believe Kibana at least shouldn't make it that easy for them.

[elasticmachine]

Pinging @elastic/es-ui

[elasticmachine]

Pinging @elastic/kibana-security

[jloleysens]

@synhershko this is a good point, however I think this is similar to a user copying and pasting a random console script from some page on the Internet. Additionally, as you pointed out too, the scripts are not run automatically meaning users should have a clear opportunity to investigate the contents of a request before sending it to the cluster.

Given that it would add a maintenance and implementation burden to protect malicious URLs from being added in the "load_from" query parameter, and would not be a comprehensive guard against the class of problem being described -- users running Console scripts they don't understand -- I'm not convinced that this approach is a good investment of effort.

Unless there is a large number of this class of "attack" occurring I am going to close this issue for now. Happy to revisit this if there is a need to.