From 348a323a413ed7ba933d289968ed854d07fca10c Mon Sep 17 00:00:00 2001
From: Alexander Zavorotynskiy <zavorotynskiy@pm.me>
Date: Fri, 2 Sep 2022 22:28:57 +0200
Subject: [PATCH] feat(backend): added extra checks for urlMethod and
 resourceType in CH connector

---
 backend/pkg/url/method.go                 | 10 ++++++++++
 ee/backend/pkg/db/clickhouse/connector.go |  8 ++++++++
 2 files changed, 18 insertions(+)

diff --git a/backend/pkg/url/method.go b/backend/pkg/url/method.go
index 31e654fde..a3cfb0dfb 100644
--- a/backend/pkg/url/method.go
+++ b/backend/pkg/url/method.go
@@ -1,6 +1,7 @@
 package url
 
 var METHODS = []string{"GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH"}
+var TYPES = []string{"other", "script", "stylesheet", "fetch", "img", "media"}
 
 func EnsureMethod(method string) string {
 	for _, m := range METHODS {
@@ -10,3 +11,12 @@ func EnsureMethod(method string) string {
 	}
 	return ""
 }
+
+func EnsureType(tp string) string {
+	for _, t := range TYPES {
+		if t == tp {
+			return tp
+		}
+	}
+	return ""
+}
diff --git a/ee/backend/pkg/db/clickhouse/connector.go b/ee/backend/pkg/db/clickhouse/connector.go
index 8d66e5190..ae7a8177b 100644
--- a/ee/backend/pkg/db/clickhouse/connector.go
+++ b/ee/backend/pkg/db/clickhouse/connector.go
@@ -217,6 +217,10 @@ func (c *connectorImpl) InsertWebResourceEvent(session *types.Session, msg *mess
 	if method == "" {
 		method = nil
 	}
+	resourceType := url.EnsureType(msg.Type)
+	if resourceType == "" {
+		return fmt.Errorf("can't parse resource type, sess: %s, type: %s", session.SessionID, msg.Type)
+	}
 	if err := c.batches["resources"].Append(
 		session.SessionID,
 		uint16(session.ProjectID),
@@ -363,6 +367,10 @@ func (c *connectorImpl) InsertAutocomplete(session *types.Session, msgType, msgV
 }
 
 func (c *connectorImpl) InsertRequest(session *types.Session, msg *messages.FetchEvent, savePayload bool) error {
+	urlMethod := url.EnsureMethod(msg.Method)
+	if urlMethod == "" {
+		return fmt.Errorf("can't parse http method. sess: %d, method: %s", session.SessionID, msg.Method)
+	}
 	var request, response *string
 	if savePayload {
 		request = &msg.Request