Fix to check white list when the frontend tries to connect DB

2025-02-25 18:55:37 -06:00 · 2016-08-17 14:33:59 +09:00 · 2016-08-17 14:33:59 +09:00 · 157435a61c
commit 157435a61c
parent bdf68b2183
1 changed files with 25 additions and 11 deletions
--- a/pkg/api/dataproxy.go
+++ b/pkg/api/dataproxy.go
@ -91,21 +91,24 @@ func ProxyDataSourceRequest(c *middleware.Context) {
 		return
 	}

-	targetUrl, _ := url.Parse(ds.Url)
-	if len(setting.DataProxyWhiteList) > 0 {
-		if _, exists := setting.DataProxyWhiteList[targetUrl.Host]; !exists {
-			c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
-			return
-		}
-	}
-
-	if ds.Type == m.DS_CLOUDWATCH {
+	switch ds.Type {
+	case m.DS_CLOUDWATCH:
 		cloudwatch.HandleRequest(c, ds)

-	} else if ds.Type == m.DS_SQLDB {
+	case m.DS_SQLDB:
+		host, _ := ds.JsonData.Get("host").String()
+		if !checkWhiteList(c, host) {
+			return
+		}
+
 		sqldb.HandleRequest(c, ds)

-	} else {
+	default:
+		targetUrl, _ := url.Parse(ds.Url)
+		if !checkWhiteList(c, targetUrl.Host) {
+			return
+		}
+
 		proxyPath := c.Params("*")
 		proxy := NewReverseProxy(ds, proxyPath, targetUrl)
 		proxy.Transport = dataProxyTransport
@ -113,3 +116,14 @@ func ProxyDataSourceRequest(c *middleware.Context) {
 		c.Resp.Header().Del("Set-Cookie")
 	}
 }
+
+func checkWhiteList(c *middleware.Context, host string) bool {
+	if host != "" && len(setting.DataProxyWhiteList) > 0 {
+		if _, exists := setting.DataProxyWhiteList[host]; !exists {
+			c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
+			return false
+		}
+	}
+
+	return true
+}