Merge pull request #2404 from nspcc-dev/fix-log-entries-with-user-input

Fix log entries with user input
This commit is contained in:
Roman Khimov 2022-03-22 17:35:12 +03:00 committed by GitHub
commit e557da70a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 10 deletions

View file

@ -16,8 +16,7 @@ func incCounter(name string) {
} }
} }
func init() { func regCounter(call string) {
for call := range rpcHandlers {
ctr := prometheus.NewCounter( ctr := prometheus.NewCounter(
prometheus.CounterOpts{ prometheus.CounterOpts{
Help: fmt.Sprintf("Number of calls to %s rpc endpoint", call), Help: fmt.Sprintf("Number of calls to %s rpc endpoint", call),
@ -28,4 +27,12 @@ func init() {
prometheus.MustRegister(ctr) prometheus.MustRegister(ctr)
rpcCounter[call] = ctr rpcCounter[call] = ctr
} }
func init() {
for call := range rpcHandlers {
regCounter(call)
}
for call := range rpcWsHandlers {
regCounter(call)
}
} }

View file

@ -14,6 +14,7 @@ import (
"net" "net"
"net/http" "net/http"
"strconv" "strconv"
"strings"
"sync" "sync"
"time" "time"
@ -325,10 +326,12 @@ func (s *Server) handleHTTPRequest(w http.ResponseWriter, httpRequest *http.Requ
func (s *Server) handleRequest(req *request.Request, sub *subscriber) response.AbstractResult { func (s *Server) handleRequest(req *request.Request, sub *subscriber) response.AbstractResult {
if req.In != nil { if req.In != nil {
req.In.Method = escapeForLog(req.In.Method) // No valid method name will be changed by it.
return s.handleIn(req.In, sub) return s.handleIn(req.In, sub)
} }
resp := make(response.AbstractBatch, len(req.Batch)) resp := make(response.AbstractBatch, len(req.Batch))
for i, in := range req.Batch { for i, in := range req.Batch {
in.Method = escapeForLog(in.Method) // No valid method name will be changed by it.
resp[i] = s.handleIn(&in, sub) resp[i] = s.handleIn(&in, sub)
} }
return resp return resp
@ -349,7 +352,7 @@ func (s *Server) handleIn(req *request.In, sub *subscriber) response.Abstract {
incCounter(req.Method) incCounter(req.Method)
resErr = response.NewMethodNotFoundError(fmt.Sprintf("Method '%s' not supported", req.Method), nil) resErr = response.NewMethodNotFoundError(fmt.Sprintf("Method %q not supported", req.Method), nil)
handler, ok := rpcHandlers[req.Method] handler, ok := rpcHandlers[req.Method]
if ok { if ok {
res, resErr = handler(s, reqParams) res, resErr = handler(s, reqParams)
@ -2190,3 +2193,12 @@ func validateAddress(addr interface{}) bool {
} }
return false return false
} }
func escapeForLog(in string) string {
return strings.Map(func(c rune) rune {
if !strconv.IsGraphic(c) {
return -1
}
return c
}, in)
}

View file

@ -2569,6 +2569,11 @@ func checkNep17TransfersAux(t *testing.T, e *executor, acc interface{}, sent, rc
require.Equal(t, arr, res.Received) require.Equal(t, arr, res.Received)
} }
func TestEscapeForLog(t *testing.T) {
in := "\n\tbad"
require.Equal(t, "bad", escapeForLog(in))
}
func BenchmarkHandleIn(b *testing.B) { func BenchmarkHandleIn(b *testing.B) {
chain, orc, cfg, logger := getUnitTestChain(b, false, false) chain, orc, cfg, logger := getUnitTestChain(b, false, false)