Skip to content

Commit

Permalink
RHINENG-12951: fix CWE-918
Browse files Browse the repository at this point in the history
  • Loading branch information
@MichaelMraka @psegedy
MichaelMraka authored and psegedy committed Oct 7, 2024
1 parent 0ccb679 commit f815954
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion turnpike/controllers/admin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,10 +290,17 @@ func GetManagerPprof(c *gin.Context) {
pprofHandler(c, utils.CoreCfg.ManagerPrivateAddress)
}

var paramRegexp = regexp.MustCompile("^(heap|profile|block|mutex|trace)$")

func pprofHandler(c *gin.Context, address string) {
query := c.Request.URL.RawQuery
param := c.Param("param")
data, err := getPprof(address, param, query)
match := paramRegexp.FindStringSubmatch(param)
if len(match) < 1 {
c.Status(http.StatusBadRequest)
return
}
data, err := getPprof(address, match[0], query)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"err": err.Error()})
return
Expand Down

0 comments on commit f815954

Please sign in to comment.