51 lines
2.0 KiB
Diff
51 lines
2.0 KiB
Diff
From 8c411e610d702daf9e7505c1500163c481f7ed69 Mon Sep 17 00:00:00 2001
|
|
From: zhoupengcheng <zhoupengcheng11@huawei.com>
|
|
Date: Wed, 1 Nov 2023 17:45:05 +0800
|
|
Subject: [PATCH] 0002-define-fix-privilege-escalation.patch
|
|
|
|
---
|
|
modules/server/profile/profile.go | 26 +++++++++++++++++++++++++-
|
|
1 file changed, 25 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/server/profile/profile.go b/modules/server/profile/profile.go
|
|
index 5cdaa9a..cbf48b9 100644
|
|
--- a/modules/server/profile/profile.go
|
|
+++ b/modules/server/profile/profile.go
|
|
@@ -1277,8 +1277,32 @@ func (s *ProfileServer) Define(ctx context.Context, message *PB.DefineMessage) (
|
|
applicationName := message.GetApplicationName()
|
|
scenarioName := message.GetScenarioName()
|
|
content := string(message.GetContent())
|
|
- profileName := serviceType + "-" + applicationName + "-" + scenarioName
|
|
|
|
+ detectRule := `[./].*`
|
|
+ detectPathchar := regexp.MustCompile(detectRule)
|
|
+
|
|
+ if detectPathchar.MatchString(serviceType) {
|
|
+ return &PB.Ack{}, fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
|
|
+ }
|
|
+ if !utils.IsInputStringValid(serviceType) {
|
|
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", serviceType)
|
|
+ }
|
|
+
|
|
+ if detectPathchar.MatchString(applicationName) {
|
|
+ return &PB.Ack{}, fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
|
|
+ }
|
|
+ if !utils.IsInputStringValid(applicationName) {
|
|
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", applicationName)
|
|
+ }
|
|
+
|
|
+ if detectPathchar.MatchString(scenarioName) {
|
|
+ return &PB.Ack{}, fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
|
|
+ }
|
|
+ if !utils.IsInputStringValid(scenarioName) {
|
|
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", scenarioName)
|
|
+ }
|
|
+
|
|
+ profileName := serviceType + "-" + applicationName + "-" + scenarioName
|
|
workloadTypeExist, err := sqlstore.ExistWorkloadType(profileName)
|
|
if err != nil {
|
|
return &PB.Ack{}, err
|
|
--
|
|
2.33.0
|
|
|