[pinpoint-apm#8543] Fix app proxy header

jaehong-kim · Dec 22, 2021 · 223f8c5 · 223f8c5
1 parent 211b316
commit 223f8c5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/...oxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java b/...oxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java
@@ -18,6 +18,7 @@
 
 import com.navercorp.pinpoint.bootstrap.config.ProfilerConfig;
 import com.navercorp.pinpoint.bootstrap.util.NumberUtils;
+import com.navercorp.pinpoint.common.util.IdValidateUtils;
 import com.navercorp.pinpoint.common.util.StringUtils;
 import com.navercorp.pinpoint.profiler.context.recorder.proxy.ProxyRequestHeader;
 import com.navercorp.pinpoint.profiler.context.recorder.proxy.ProxyRequestHeaderBuilder;
@@ -76,6 +77,17 @@ public ProxyRequestHeader parseHeader(String name, String value) {
             } else if (token.startsWith("app=")) {
                 final String app = token.substring(4).trim();
                 if (!app.isEmpty()) {
+                    try {
+                        if (!IdValidateUtils.validateId(app, 30)) {
+                            header.setValid(false);
+                            header.setCause("app can only contain [a-zA-Z0-9], '.', '-', '_'. maxLength: 30");
+                            return header.build();
+                        }
+                    } catch (Exception ignored) {
+                        header.setValid(false);
+                        header.setCause("invalid app");
+                        return header.build();
+                    }
                     header.setApp(app);
                 }
             }

diff --git a/...app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java b/...app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java
@@ -38,4 +38,13 @@ public void parseApp() throws Exception {
         assertEquals(-1, proxyHttpHeader.getIdlePercent());
         assertEquals(-1, proxyHttpHeader.getBusyPercent());
     }
+
+    @Test
+    public void parseAppInvalid() throws Exception {
+        AppRequestParser parser = new AppRequestParser();
+        final long currentTimeMillis = System.currentTimeMillis();
+        String value = "t=" + currentTimeMillis + "app=jndi:xxx";
+        ProxyRequestHeader proxyHttpHeader = parser.parse(value);
+        assertFalse(proxyHttpHeader.isValid());
+    }
 }