From 5328986fef9d6c596f91f2f310c65f67302829da Mon Sep 17 00:00:00 2001
From: Michael Mraka <michael.mraka@redhat.com>
Date: Thu, 3 Oct 2024 16:45:15 +0200
Subject: [PATCH] RHINENG-12951: fix CWE-918

---
 turnpike/controllers/admin.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/turnpike/controllers/admin.go b/turnpike/controllers/admin.go
index 2ab6cee62..c33ab6bcb 100644
--- a/turnpike/controllers/admin.go
+++ b/turnpike/controllers/admin.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"regexp"
 	"strconv"
 	"time"
@@ -293,7 +294,7 @@ func GetManagerPprof(c *gin.Context) {
 func pprofHandler(c *gin.Context, address string) {
 	query := c.Request.URL.RawQuery
 	param := c.Param("param")
-	data, err := getPprof(address, param, query)
+	data, err := getPprof(address, url.QueryEscape(param), query)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"err": err.Error()})
 		return