Commit ab25963
committed
Fix Stackdriver Filter Injection vulnerability for In/NotIn operators
Avoid query injection vulnerabilities inside custom metrics stackdriver
adapter translation logic. Enforce proper escaping and double-quoting
for single-item operands inside 'selection.In' and 'selection.NotIn'
metric label selector filters using '%q' format specifier instead of raw '%s' string concatenation.
Test: Ran 'go test -v ./pkg/adapter/translator/...' in custom-metrics-stackdriver-adapter directory. All tests compiled and passed successfully.1 parent b6f2c40 commit ab25963
2 files changed
Lines changed: 40 additions & 2 deletions
File tree
- custom-metrics-stackdriver-adapter/pkg/adapter/translator
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
741 | 741 | | |
742 | 742 | | |
743 | 743 | | |
744 | | - | |
| 744 | + | |
745 | 745 | | |
746 | 746 | | |
747 | 747 | | |
| |||
751 | 751 | | |
752 | 752 | | |
753 | 753 | | |
754 | | - | |
| 754 | + | |
755 | 755 | | |
756 | 756 | | |
757 | 757 | | |
| |||
Lines changed: 38 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1585 | 1585 | | |
1586 | 1586 | | |
1587 | 1587 | | |
| 1588 | + | |
| 1589 | + | |
| 1590 | + | |
| 1591 | + | |
| 1592 | + | |
| 1593 | + | |
| 1594 | + | |
| 1595 | + | |
| 1596 | + | |
| 1597 | + | |
| 1598 | + | |
| 1599 | + | |
| 1600 | + | |
| 1601 | + | |
| 1602 | + | |
| 1603 | + | |
| 1604 | + | |
| 1605 | + | |
| 1606 | + | |
| 1607 | + | |
| 1608 | + | |
| 1609 | + | |
| 1610 | + | |
| 1611 | + | |
| 1612 | + | |
| 1613 | + | |
| 1614 | + | |
| 1615 | + | |
| 1616 | + | |
| 1617 | + | |
| 1618 | + | |
| 1619 | + | |
| 1620 | + | |
| 1621 | + | |
| 1622 | + | |
| 1623 | + | |
| 1624 | + | |
| 1625 | + | |
0 commit comments