IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix to check white list when the frontend tries to connect DB

Browse Source
This commit is contained in:
Nozomi Anzai 2016-08-17 14:33:59 +09:00
parent bdf68b2183
commit 157435a61c
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
pkg/api/dataproxy.go
View File

@ -91,21 +91,24 @@ func ProxyDataSourceRequest(c *middleware.Context) {
return return
} }
targetUrl, _ := url.Parse(ds.Url) switch ds.Type {
if len(setting.DataProxyWhiteList) > 0 { case m.DS_CLOUDWATCH:
if _, exists := setting.DataProxyWhiteList[targetUrl.Host]; !exists {
c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
return
}
}
if ds.Type == m.DS_CLOUDWATCH {
cloudwatch.HandleRequest(c, ds) cloudwatch.HandleRequest(c, ds)
} else if ds.Type == m.DS_SQLDB { case m.DS_SQLDB:
host, _ := ds.JsonData.Get("host").String()
if !checkWhiteList(c, host) {
return
}
sqldb.HandleRequest(c, ds) sqldb.HandleRequest(c, ds)
} else { default:
targetUrl, _ := url.Parse(ds.Url)
if !checkWhiteList(c, targetUrl.Host) {
return
}
proxyPath := c.Params("*") proxyPath := c.Params("*")
proxy := NewReverseProxy(ds, proxyPath, targetUrl) proxy := NewReverseProxy(ds, proxyPath, targetUrl)
proxy.Transport = dataProxyTransport proxy.Transport = dataProxyTransport
@ -113,3 +116,14 @@ func ProxyDataSourceRequest(c *middleware.Context) {
c.Resp.Header().Del("Set-Cookie") c.Resp.Header().Del("Set-Cookie")
} }
} }
func checkWhiteList(c *middleware.Context, host string) bool {
if host != "" && len(setting.DataProxyWhiteList) > 0 {
if _, exists := setting.DataProxyWhiteList[host]; !exists {
c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
return false
}
}
return true
}