Skip to content
Snippets Groups Projects
Commit a77044ca authored by ale's avatar ale
Browse files

Relax metrics arg validation

parent e25c48bc
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 5 deletions
node/metrics.go
+ 2
5
View file @ a77044ca
......@@ -7,7 +7,6 @@ import (
"flag"
"log"
"net/http"
"regexp"
"strings"
"time"
......@@ -80,9 +79,6 @@ func (p *metricsProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
})
}
// Regexp used to validate query arguments.
var argRx = regexp.MustCompile(`^[-_.a-zA-Z0-9]*$`)
func (p *metricsProxy) queryFromRequest(r *http.Request) (string, v1.Range, error) {
name := r.FormValue("query")
d, err := time.ParseDuration(r.FormValue("t"))
......@@ -90,8 +86,9 @@ func (p *metricsProxy) queryFromRequest(r *http.Request) (string, v1.Range, erro
d = time.Hour
}
// We only care that the argument does not contain quotes.
arg := r.FormValue("arg")
if !argRx.MatchString(arg) {
if strings.Contains(arg, "\"") {
return "", v1.Range{}, errors.New("bad argument")
}
q, ok := knownQueries[name]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment