-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define what a metric can be. #417
Comments
In addition, there probably should be an explanation of how a metric path is normalized:
|
for leading . it seems to work fine, for trailing, i noticed carbon/whisper creates an extra directory with a file named |
additionally, Any filesystem has a constraint on the length of the filename length. |
The final code for generating the file path for a metric is in database.py: def getFilesystemPath(self, metric):
metric_path = metric.replace('.', sep).lstrip(sep) + '.wsp'
return join(self.data_dir, metric_path) We can test it like this: >>> '.a.b'.replace('.', os.path.sep).lstrip(os.path.sep) + '.wsp'
'a/b.wsp'
>>> '.a.b.'.replace('.', os.path.sep).lstrip(os.path.sep) + '.wsp'
'a/b/.wsp' As shown in the above, metric like '.a.b' will be alright, however, metric like '.a.b.' will result in a path name like Maybe we can change it with: def getFilesystemPath(self, metric):
# change 'a/b/.wsp' to 'a/b.wsp'
metric_path = metric.replace('.', sep).lstrip(sep).rstrip(sep) + '.wsp'
return join(self.data_dir, metric_path) |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Right now, graphite and carbon both share the concept of a metric, but they don't have any kind of validation.
I haven't tested it, but given the way the
getFilesystemPath()
works, I would assume you could craft a metric that would cause problems on the carbon server. Especially on windows.I think it'd be beneficial if a metric was fully defined. Something like:
.
./[A-Za-z0-9_-]+/
This should prevent most/all exploits involving
getFilesystemPath()
in carbon.It would also fix potential problems in graphite-web() mechanisms as well.
The text was updated successfully, but these errors were encountered: