Apply security patch 357-202503311017.patch (#104490)

* Sanitize paths before evaluating access to route * use util.CleanRelativePath --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2025-04-24 15:15:17 -04:00
parent a6735721bf
commit 1f707d16ed
2 changed files with 17 additions and 1 deletions
@@ -300,7 +300,15 @@ func (proxy *DataSourceProxy) validateRequest() error {
 		}

 		// route match
-		if !strings.HasPrefix(proxy.proxyPath, route.Path) {
+		r1, err := util.CleanRelativePath(proxy.proxyPath)
+		if err != nil {
+			return err
+		}
+		r2, err := util.CleanRelativePath(route.Path)
+		if err != nil {
+			return err
+		}
+		if !strings.HasPrefix(r1, r2) {
 			continue
 		}