From 35c8a70e3eaaa4f931ddbd6576948958aa8e7e0a Mon Sep 17 00:00:00 2001
From: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Date: Sat, 9 Dec 2023 05:08:31 +0100
Subject: [PATCH] fix(kibana-security-health-check): track only selected
 injected metadata fields

---
 kibana-security-health-check/src/index.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kibana-security-health-check/src/index.ts b/kibana-security-health-check/src/index.ts
index 5eaaf0b..3a583c9 100644
--- a/kibana-security-health-check/src/index.ts
+++ b/kibana-security-health-check/src/index.ts
@@ -25,6 +25,8 @@ const TRACKED_RESPONSE_HEADERS = [
   'x-frame-options',
 ];
 
+const TRACKED_INJECTED_METADATA = ['anonymousStatusPage', 'clusterInfo', 'csp', 'env', 'externalUrl'];
+
 export async function run(
   previousContent: State | undefined,
   remoteResources: WebPageResource[],
@@ -47,6 +49,7 @@ export async function run(
   const injectedMetadata = JSON.parse(
     dom.querySelector('kbn-injected-metadata')?.getAttribute('data') ?? '{}',
   ) as Record<string, unknown>;
+
   return {
     headers: Object.fromEntries(
       Object.entries(responseHeaders).filter(([key]) => TRACKED_RESPONSE_HEADERS.includes(key.toLowerCase())),
@@ -59,7 +62,9 @@ export async function run(
         3,
       ),
     },
-    injectedMetadata,
+    injectedMetadata: Object.fromEntries(
+      Object.entries(injectedMetadata).filter(([key]) => TRACKED_INJECTED_METADATA.includes(key)),
+    ),
   };
 }
 function formatBytes(bytes: number, decimals: number) {