From f1178e0b819745a50cee19a168d0e25ce84d0b26 Mon Sep 17 00:00:00 2001
From: Michael Mandrus <41969079+mmandrus@users.noreply.github.com>
Date: Thu, 18 May 2023 10:25:20 -0400
Subject: [PATCH] Prevent crash while executing concurrent mixed queries (#874)

limit parallel query execution to 1 at a time
---
 pkg/services/query/query.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/services/query/query.go b/pkg/services/query/query.go
index eadddc50ab8..60d41d876b8 100644
--- a/pkg/services/query/query.go
+++ b/pkg/services/query/query.go
@@ -101,7 +101,10 @@ func (s *ServiceImpl) QueryData(ctx context.Context, user *user.SignedInUser, sk
 // executeConcurrentQueries executes queries to multiple datasources concurrently and returns the aggregate result.
 func (s *ServiceImpl) executeConcurrentQueries(ctx context.Context, user *user.SignedInUser, skipDSCache bool, reqDTO dtos.MetricRequest, queriesbyDs map[string][]parsedQuery) (*backend.QueryDataResponse, error) {
 	g, ctx := errgroup.WithContext(ctx)
-	g.SetLimit(8) // arbitrary limit to prevent too many concurrent requests
+	// TODO: Temporarily limiting concurrency here to 1 to avoid concurrent map writes in the plugin middleware that crash the app
+	// This is a workaround to mitigate the security issue. We will implement a more thread-safe way of handling concurrent queries as a next step.
+	g.SetLimit(1)
+	// g.SetLimit(8) // arbitrary limit to prevent too many concurrent requests
 	rchan := make(chan backend.Responses, len(queriesbyDs))
 
 	// Create panic recovery function for loop below