From 8e616a93c1c38b1dd9cdac83c752d2009e648d43 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Thu, 5 Nov 2020 13:25:27 -0600 Subject: [PATCH] agent: sanitize ui metrics proxy header values on agent/self endpoint (#9104) --- agent/config/runtime.go | 15 +++++++++++++++ agent/config/runtime_test.go | 14 +++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/agent/config/runtime.go b/agent/config/runtime.go index c65642638e..4183524edc 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1843,6 +1843,21 @@ func sanitize(name string, v reflect.Value) reflect.Value { case isArray(typ) || isSlice(typ): ma := make([]interface{}, 0, v.Len()) + + if name == "AddHeaders" { + // must be UIConfig.MetricsProxy.AddHeaders + for i := 0; i < v.Len(); i++ { + addr := v.Index(i).Addr() + hdr := addr.Interface().(*UIMetricsProxyAddHeader) + hm := map[string]interface{}{ + "Name": hdr.Name, + "Value": "hidden", + } + ma = append(ma, hm) + } + return reflect.ValueOf(ma) + } + if strings.HasPrefix(name, "SerfAllowedCIDRs") { for i := 0; i < v.Len(); i++ { addr := v.Index(i).Addr() diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 425613a6c2..49a3075300 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -7470,6 +7470,13 @@ func TestSanitize(t *testing.T) { *parseCIDR(t, "127.0.0.0/8"), }, TxnMaxReqLen: 5678000000000000, + UIConfig: UIConfig{ + MetricsProxy: UIMetricsProxy{ + AddHeaders: []UIMetricsProxyAddHeader{ + {Name: "foo", Value: "secret"}, + }, + }, + }, } rtJSON := `{ @@ -7812,7 +7819,12 @@ func TestSanitize(t *testing.T) { "MetricsProviderFiles": [], "MetricsProviderOptionsJSON": "", "MetricsProxy": { - "AddHeaders": [], + "AddHeaders": [ + { + "Name": "foo", + "Value": "hidden" + } + ], "BaseURL": "", "PathAllowlist": [] },