API: Do not expose user input in datasource error responses (#52992)

This commit is contained in:
Sofia Papagiannaki 2022-07-29 15:46:51 +03:00 committed by GitHub
parent ba76f9b580
commit 87004cc22d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -318,7 +318,8 @@ func (hs *HTTPServer) DeleteDataSourceByName(c *models.ReqContext) response.Resp
func validateURL(cmdType string, url string) response.Response {
if _, err := datasource.ValidateURL(cmdType, url); err != nil {
return response.Error(400, fmt.Sprintf("Validation error, invalid URL: %q", url), err)
datasourcesLogger.Error("Failed to validate URL", "url", url)
return response.Error(http.StatusBadRequest, "Validation error, invalid URL", err)
}
return nil