Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Pike
grafana
CVE-2021-39226.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-39226.patch of Package grafana
From c5bda8b9dd5439456007acb14982b3220e0f7ea3 Mon Sep 17 00:00:00 2001 From: Darragh O'Reilly <doreilly@suse.com> Date: Mon, 5 Sep 2022 15:12:30 +0100 Subject: [PATCH] Fix static path matching issue in macaron https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269 --- pkg/api/dashboard_snapshot.go | 10 ++++++++++ vendor/gopkg.in/macaron.v1/router.go | 10 ++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go index eeda6ec3b1..798adabb68 100644 --- a/pkg/api/dashboard_snapshot.go +++ b/pkg/api/dashboard_snapshot.go @@ -138,6 +138,10 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna // GET /api/snapshots/:key func GetDashboardSnapshot(c *models.ReqContext) { key := c.Params(":key") + if len(key) == 0 { + c.JsonApiErr(404, "Snapshot not found", nil) + return + } query := &models.GetDashboardSnapshotQuery{Key: key} err := bus.Dispatch(query) @@ -200,6 +204,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error { // GET /api/snapshots-delete/:deleteKey func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response { key := c.Params(":deleteKey") + if len(key) == 0 { + return Error(404, "Snapshot not found", nil) + } query := &models.GetDashboardSnapshotQuery{DeleteKey: key} @@ -227,6 +234,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response { // DELETE /api/snapshots/:key func DeleteDashboardSnapshot(c *models.ReqContext) Response { key := c.Params(":key") + if len(key) == 0 { + return Error(404, "Snapshot not found", nil) + } query := &models.GetDashboardSnapshotQuery{Key: key} diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go index df593d669a..46cb0c160f 100644 --- a/vendor/gopkg.in/macaron.v1/router.go +++ b/vendor/gopkg.in/macaron.v1/router.go @@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) { func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) { if t, ok := r.routers[req.Method]; ok { // Fast match for static routes - leaf := r.getLeaf(req.Method, req.URL.Path) - if leaf != nil { - leaf.handle(rw, req, nil) - return + if !strings.ContainsAny(req.URL.Path, ":*") { + leaf := r.getLeaf(req.Method, req.URL.Path) + if leaf != nil { + leaf.handle(rw, req, nil) + return + } } h, p, ok := t.Match(req.URL.EscapedPath()) -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor