patch obv: debuginfod metrics hygiene

Thu, 25 Feb 2021 11:10:01 -0800 

Hi -

Committed as obvious.


Author: Frank Ch. Eigler <f...@redhat.com>
Date:   Thu Feb 25 14:04:20 2021 -0500

    debuginfod: filter webapi for bad keywords early
    
    Prevent some unnecessary processing of user data and
    keep invalid request types out of metrics.
    
    Signed-off-by: Frank Ch. Eigler <f...@redhat.com>

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index a66ded383a9f..98089b2d97bc 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2021-02-25  Frank Ch. Eigler <f...@redhat.com>
+
+       * debuginfod.cxx (handler_cb): Filter webapi for bad
+       artifacttype keywords early for metric hygiene.
+
 2021-02-14  Frank Ch. Eigler <f...@redhat.com>
 
        * debuginfod.cxx (main -U): Use bsdtar unconditionally.  Also map
diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
index 6fdaf60e6632..2aecc0494062 100644
--- a/debuginfod/debuginfod.cxx
+++ b/debuginfod/debuginfod.cxx
@@ -1587,6 +1587,8 @@ handle_buildid (MHD_Connection* conn,
   else if (artifacttype == "source") atype_code = "S";
   else throw reportable_exception("invalid artifacttype");
 
+  inc_metric("http_requests_total", "type", artifacttype);
+  
   if (atype_code == "S" && suffix == "")
      throw reportable_exception("invalid source suffix");
 
@@ -1936,7 +1938,6 @@ handler_cb (void * /*cls*/,
               suffix = url_copy.substr(slash3); // include the slash in the 
suffix
             }
 
-          inc_metric("http_requests_total", "type", artifacttype);
           // get the resulting fd so we can report its size
           int fd;
           r = handle_buildid(connection, buildid, artifacttype, suffix, &fd);
diff --git a/tests/ChangeLog b/tests/ChangeLog
index 889f5066d537..9444712889a6 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,7 @@
+2021-02-25  Frank Ch. Eigler <f...@redhat.com>
+
+       * run-debuginfod-find.sh: Add bad webapi artifacttype test.
+
 2021-02-17  Frank Ch. Eigler <f...@redhat.com>
 
        * run-debuginfod-find.sh: Tweak wait_ready() to also print -vvv log of
diff --git a/tests/run-debuginfod-find.sh b/tests/run-debuginfod-find.sh
index 1ae63e0ee79a..bcca61301b2b 100755
--- a/tests/run-debuginfod-find.sh
+++ b/tests/run-debuginfod-find.sh
@@ -493,6 +493,9 @@ curl -s http://127.0.0.1:$PORT1/metrics | grep 
'scanned_bytes_total'
 curl -s http://127.0.0.1:$PORT2/badapi > /dev/null || true
 curl -s http://127.0.0.1:$PORT2/buildid/deadbeef/debuginfo > /dev/null || true
 
+# Confirm bad artifact types are rejected without leaving trace
+curl -s http://127.0.0.1:$PORT2/buildid/deadbeef/badtype > /dev/null || true
+(curl -s http://127.0.0.1:$PORT2/metrics | grep 'badtype') && false
 
 ########################################################################
 # Corrupt the sqlite database and get debuginfod to trip across its errors

Reply via email to