public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apply security patch: release-11.2.9/368-202504020742.patch

Browse Source 
commit 14c7fa5311814148bbf24967cd3094480f9d21ab
Author: Andres Martinez Gotor <andres.martinez@grafana.com>
Date:   Wed Apr 2 09:41:11 2025 +0200

    Sanitize paths before evaluating access to route
This commit is contained in:
github-actions[bot]
2025-04-18 21:48:18 +00:00
parent b3c27a1519
commit 044c8eda95
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/pluginproxy/ds_proxy.go
+9 -1
View File
@@ -301,7 +301,15 @@ func (proxy *DataSourceProxy) validateRequest() error {
}
// route match
if !strings.HasPrefix(proxy.proxyPath, route.Path) {
r1, err := util.CleanRelativePath(proxy.proxyPath)
if err != nil {
return err
}
r2, err := util.CleanRelativePath(route.Path)
if err != nil {
return err
}
if !strings.HasPrefix(r1, r2) {
continue
}