feat(backend): added extra checks for urlMethod and resourceType in CH connector (#717)

2022-09-02 22:31:57 +02:00 · 2022-09-02 22:31:57 +02:00 · 9c4492b093
commit 9c4492b093
parent d3b0934271
2 changed files with 18 additions and 0 deletions
--- a/backend/pkg/url/method.go
+++ b/backend/pkg/url/method.go
@ -1,6 +1,7 @@
 package url

 var METHODS = []string{"GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH"}
+var TYPES = []string{"other", "script", "stylesheet", "fetch", "img", "media"}

 func EnsureMethod(method string) string {
 	for _, m := range METHODS {
@ -10,3 +11,12 @@ func EnsureMethod(method string) string {
 	}
 	return ""
 }
+
+func EnsureType(tp string) string {
+	for _, t := range TYPES {
+		if t == tp {
+			return tp
+		}
+	}
+	return ""
+}
--- a/ee/backend/pkg/db/clickhouse/connector.go
+++ b/ee/backend/pkg/db/clickhouse/connector.go
@ -217,6 +217,10 @@ func (c *connectorImpl) InsertWebResourceEvent(session *types.Session, msg *mess
 	if method == "" {
 		method = nil
 	}
+	resourceType := url.EnsureType(msg.Type)
+	if resourceType == "" {
+		return fmt.Errorf("can't parse resource type, sess: %s, type: %s", session.SessionID, msg.Type)
+	}
 	if err := c.batches["resources"].Append(
 		session.SessionID,
 		uint16(session.ProjectID),
@ -363,6 +367,10 @@ func (c *connectorImpl) InsertAutocomplete(session *types.Session, msgType, msgV
 }

 func (c *connectorImpl) InsertRequest(session *types.Session, msg *messages.FetchEvent, savePayload bool) error {
+	urlMethod := url.EnsureMethod(msg.Method)
+	if urlMethod == "" {
+		return fmt.Errorf("can't parse http method. sess: %d, method: %s", session.SessionID, msg.Method)
+	}
 	var request, response *string
 	if savePayload {
 		request = &msg.Request