Influxdata
/
chronograf
mirror of https://github.com/influxdata/chronograf.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Escape injected meta query values

pull/5068/head
Brandon Farmer 2019-02-07 15:46:27 -08:00
parent 17f5ec35ab
commit b38c2314a5
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@ -1,9 +1,13 @@
## v1.7.7 [2018-01-16]
## v1.7.8 [2019-02-08]
### Bug Fixes
1. [#5068](https://github.com/influxdata/chronograf/pull/5068): Escape injected meta query values
## v1.7.7 [2019-01-16]
### Bug Fixes
1. [#5045](https://github.com/influxdata/chronograf/pull/5045): Use JWT in enterprise for authentication in flux
## v1.7.6 [2018-01-14]
## v1.7.6 [2019-01-14]
### Bug Fixes
1. [#4895](https://github.com/influxdata/chronograf/pull/4895): Properly set scroll to row for table graph

21
ui/src/shared/apis/metaQuery.js
View File

@ -10,9 +10,14 @@ export const showDatabases = async source => {
export const showRetentionPolicies = async (source, databases) => {
let query
if (Array.isArray(databases)) {
query = databases.map(db => `SHOW RETENTION POLICIES ON "${db}"`).join(';')
query = databases
.map(db => `SHOW RETENTION POLICIES ON "${_.escape(db)}"`)
.join(';')
} else {
query = `SHOW RETENTION POLICIES ON "${databases}"`
const dbs = _.split(databases, ',')
.map(d => `${_.escape(d)}`)
.join(',')
query = `SHOW RETENTION POLICIES ON "${dbs}"`
}
return await proxy({source, query})
@ -49,7 +54,7 @@ export const showTagKeys = async ({
measurement,
}) => {
const rp = _.toString(retentionPolicy)
const query = `SHOW TAG KEYS FROM "${rp}"."${measurement}"`
const query = `SHOW TAG KEYS FROM "${rp}"."${_.escape(measurement)}"`
return await proxy({source, db: database, rp: retentionPolicy, query})
}
@ -62,10 +67,12 @@ export const showTagValues = async ({
}) => {
const keys = tagKeys
.sort()
.map(k => `"${k}"`)
.map(k => `"${_.escape(k)}"`)
.join(', ')
const rp = _.toString(retentionPolicy)
const query = `SHOW TAG VALUES FROM "${rp}"."${measurement}" WITH KEY IN (${keys})`
const query = `SHOW TAG VALUES FROM "${rp}"."${_.escape(
measurement
)}" WITH KEY IN (${keys})`
return await proxy({source, db: database, rp: retentionPolicy, query})
}
@ -84,7 +91,9 @@ export function createRetentionPolicy({
replicationFactor,
clusterID,
}) {
const statement = `CREATE RETENTION POLICY "${rpName}" ON "${database}" DURATION ${duration} REPLICATION ${replicationFactor}`
const statement = `CREATE RETENTION POLICY "${rpName}" ON "${_.escape(
database
)}" DURATION ${duration} REPLICATION ${replicationFactor}`
const url = buildInfluxUrl({host, statement})
return proxy(url, clusterID)