IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-22 08:56:43 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330

Browse Source
This commit is contained in:
Will Browne 2020-11-24 10:42:54 +01:00 committed by GitHub
parent 0fc8426bf1
commit d796c61946
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/notifications/webhook.go
View File

@ -48,6 +48,10 @@ func (ns *NotificationService) sendWebRequestSync(ctx context.Context, webhook *
webhook.HttpMethod = http.MethodPost
}
if webhook.HttpMethod != http.MethodPost && webhook.HttpMethod != http.MethodPut {
return fmt.Errorf("webhook only supports HTTP methods PUT or POST")
}
request, err := http.NewRequest(webhook.HttpMethod, webhook.Url, bytes.NewReader([]byte(webhook.Body)))
if err != nil {
return err