mirror of
https://github.com/grafana/grafana.git
synced 2025-07-31 04:12:19 +08:00
7f2aed42a0
* Plugins: Fix and encode invalid gRPC header values * Rename the method * Run sanitizeHTTPHeaderValueForGRPC only if string includes utf8 * Update test * Simplify * Update * do not double encode encoded characters * Update test * Update * Add test case based on review * Update test
353 lines
13 KiB
Go
353 lines
13 KiB
Go
package clientmiddleware
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend/handlertest"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestTracingHeaderMiddleware(t *testing.T) {
|
|
t.Run("When a request comes in with tracing headers set to empty strings", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
req.Header[`X-Dashboard-Uid`] = []string{}
|
|
req.Header[`X-Datasource-Uid`] = []string{}
|
|
req.Header[`X-Grafana-Org-Id`] = []string{}
|
|
req.Header[`X-Panel-Id`] = []string{}
|
|
req.Header[`X-Query-Group-Id`] = []string{}
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
t.Run("tracing headers are not set for query data", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.QueryDataReq.GetHTTPHeaders(), 0)
|
|
})
|
|
|
|
t.Run("tracing headers are not set for health check", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.CheckHealthReq.GetHTTPHeaders(), 0)
|
|
})
|
|
})
|
|
t.Run("When a request comes in with tracing headers empty", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
t.Run("tracing headers are not set for query data", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.QueryDataReq.GetHTTPHeaders(), 0)
|
|
})
|
|
|
|
t.Run("tracing headers are not set for health check", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.CheckHealthReq.GetHTTPHeaders(), 0)
|
|
})
|
|
})
|
|
t.Run("When a request comes in with tracing headers set", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
|
|
req.Header[`X-Dashboard-Uid`] = []string{"lN53lOcVk"}
|
|
req.Header[`X-Datasource-Uid`] = []string{"aIyC_OcVz"}
|
|
req.Header[`X-Grafana-Org-Id`] = []string{"1"}
|
|
req.Header[`X-Panel-Id`] = []string{"2"}
|
|
req.Header[`X-Query-Group-Id`] = []string{"d26e337d-cb53-481a-9212-0112537b3c1a"}
|
|
req.Header[`X-Grafana-From-Expr`] = []string{"true"}
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
t.Run("tracing headers are set for query data", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.QueryDataReq.GetHTTPHeaders(), 6)
|
|
require.Equal(t, `lN53lOcVk`, cdt.QueryDataReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, `aIyC_OcVz`, cdt.QueryDataReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
require.Equal(t, `1`, cdt.QueryDataReq.GetHTTPHeader(`X-Grafana-Org-Id`))
|
|
require.Equal(t, `2`, cdt.QueryDataReq.GetHTTPHeader(`X-Panel-Id`))
|
|
require.Equal(t, `d26e337d-cb53-481a-9212-0112537b3c1a`, cdt.QueryDataReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, `true`, cdt.QueryDataReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
})
|
|
|
|
t.Run("tracing headers are set for health check", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.CheckHealthReq.GetHTTPHeaders(), 6)
|
|
require.Equal(t, `lN53lOcVk`, cdt.CheckHealthReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, `aIyC_OcVz`, cdt.CheckHealthReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
require.Equal(t, `1`, cdt.CheckHealthReq.GetHTTPHeader(`X-Grafana-Org-Id`))
|
|
require.Equal(t, `2`, cdt.CheckHealthReq.GetHTTPHeader(`X-Panel-Id`))
|
|
require.Equal(t, `d26e337d-cb53-481a-9212-0112537b3c1a`, cdt.CheckHealthReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, `true`, cdt.CheckHealthReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
})
|
|
|
|
t.Run("tracing headers are set for subscribe stream", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.SubscribeStream(req.Context(), &backend.SubscribeStreamRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.SubscribeStreamReq.GetHTTPHeaders(), 6)
|
|
require.Equal(t, `lN53lOcVk`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, `aIyC_OcVz`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
require.Equal(t, `1`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Grafana-Org-Id`))
|
|
require.Equal(t, `2`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Panel-Id`))
|
|
require.Equal(t, `d26e337d-cb53-481a-9212-0112537b3c1a`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, `true`, cdt.SubscribeStreamReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
})
|
|
|
|
t.Run("tracing headers are set for publish stream", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.PublishStream(req.Context(), &backend.PublishStreamRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.PublishStreamReq.GetHTTPHeaders(), 6)
|
|
require.Equal(t, `lN53lOcVk`, cdt.PublishStreamReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, `aIyC_OcVz`, cdt.PublishStreamReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
require.Equal(t, `1`, cdt.PublishStreamReq.GetHTTPHeader(`X-Grafana-Org-Id`))
|
|
require.Equal(t, `2`, cdt.PublishStreamReq.GetHTTPHeader(`X-Panel-Id`))
|
|
require.Equal(t, `d26e337d-cb53-481a-9212-0112537b3c1a`, cdt.PublishStreamReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, `true`, cdt.PublishStreamReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
})
|
|
|
|
t.Run("tracing headers are set for run stream", func(t *testing.T) {
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
err = cdt.MiddlewareHandler.RunStream(req.Context(), &backend.RunStreamRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
}, &backend.StreamSender{})
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, cdt.RunStreamReq.GetHTTPHeaders(), 6)
|
|
require.Equal(t, `lN53lOcVk`, cdt.RunStreamReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, `aIyC_OcVz`, cdt.RunStreamReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
require.Equal(t, `1`, cdt.RunStreamReq.GetHTTPHeader(`X-Grafana-Org-Id`))
|
|
require.Equal(t, `2`, cdt.RunStreamReq.GetHTTPHeader(`X-Panel-Id`))
|
|
require.Equal(t, `d26e337d-cb53-481a-9212-0112537b3c1a`, cdt.RunStreamReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, `true`, cdt.RunStreamReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
})
|
|
|
|
t.Run("sanitizes grpc header values for invalid utf-8", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
|
|
// Create invalid UTF-8 strings
|
|
invalidUTF8Dashboard := string([]byte{'d', 'a', 's', 'h', 0xFF, 0xFE, 'u', 'i', 'd'})
|
|
invalidUTF8Panel := string([]byte{'p', 'a', 'n', 'e', 'l', 0x80, 'i', 'd'})
|
|
|
|
// Set headers with various characters that need to be sanitization
|
|
req.Header[`X-Dashboard-Title`] = []string{invalidUTF8Dashboard} // invalid UTF-8
|
|
req.Header[`X-Panel-Title`] = []string{invalidUTF8Panel} // invalid UTF-8
|
|
|
|
// Set headers that don't need sanitization
|
|
req.Header[`X-Dashboard-Uid`] = []string{"dashboard\x00uid"} // control character
|
|
req.Header[`X-Datasource-Uid`] = []string{"datasource\tuid"} // tab character
|
|
req.Header[`X-Query-Group-Id`] = []string{"valid-text-123"} // valid characters
|
|
req.Header[`X-Grafana-From-Expr`] = []string{"café résumé"} // extended characters
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
cdt := handlertest.NewHandlerMiddlewareTest(t,
|
|
WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
handlertest.WithMiddlewares(NewTracingHeaderMiddleware()),
|
|
)
|
|
|
|
_, err = cdt.MiddlewareHandler.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
// Invalid UTF-8 should be sanitized
|
|
require.Equal(t, "dash%C3%BF%C3%BEuid", cdt.QueryDataReq.GetHTTPHeader(`X-Dashboard-Title`))
|
|
require.Equal(t, "panel%C2%80id", cdt.QueryDataReq.GetHTTPHeader(`X-Panel-Title`))
|
|
|
|
// Valid characters should remain unchanged
|
|
require.Equal(t, "valid-text-123", cdt.QueryDataReq.GetHTTPHeader(`X-Query-Group-Id`))
|
|
require.Equal(t, "café résumé", cdt.QueryDataReq.GetHTTPHeader(`X-Grafana-From-Expr`))
|
|
require.Equal(t, "dashboard\x00uid", cdt.QueryDataReq.GetHTTPHeader(`X-Dashboard-Uid`))
|
|
require.Equal(t, "datasource\tuid", cdt.QueryDataReq.GetHTTPHeader(`X-Datasource-Uid`))
|
|
})
|
|
})
|
|
}
|
|
|
|
func TestSanitizeHTTPHeaderValueForGRPC(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
input string
|
|
expected string
|
|
}{
|
|
{
|
|
name: "Valid printable ASCII characters remain unchanged",
|
|
input: "Hello World! 123 @#$%^&*()",
|
|
expected: "Hello World! 123 @#$%^&*()",
|
|
},
|
|
{
|
|
name: "Extended characters remain unchanged",
|
|
// %C3%A9 is encoded é
|
|
input: "naiv%C3%A9",
|
|
expected: "naiv%C3%A9",
|
|
},
|
|
{
|
|
name: "naivé coming in as an iso8859-1 string",
|
|
input: string([]byte{110, 97, 105, 118, 233}),
|
|
expected: "naiv%C3%A9",
|
|
},
|
|
{
|
|
name: "Control characters are percent-encoded",
|
|
input: "hello\x00\x01\x1Fworld",
|
|
expected: "hello%00%01%1Fworld",
|
|
},
|
|
{
|
|
name: "Tab character is percent-encoded",
|
|
input: "hello\tworld",
|
|
expected: "hello%09world",
|
|
},
|
|
{
|
|
name: "Newline character is percent-encoded",
|
|
input: "hello\nworld",
|
|
expected: "hello%0Aworld",
|
|
},
|
|
{
|
|
name: "Carriage return is percent-encoded",
|
|
input: "hello\rworld",
|
|
expected: "hello%0Dworld",
|
|
},
|
|
{
|
|
name: "Mixed valid and invalid characters",
|
|
// %F0%9F%9A%80 is encoded 🚀
|
|
input: "Valid text\x00invalid\x1Fmore valid %F0%9F%9A%80",
|
|
expected: "Valid text%00invalid%1Fmore valid %F0%9F%9A%80",
|
|
},
|
|
{
|
|
name: "Empty string remains empty",
|
|
input: "",
|
|
expected: "",
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
result := sanitizeHTTPHeaderValueForGRPC(tc.input)
|
|
require.Equal(t, tc.expected, result)
|
|
})
|
|
}
|
|
}
|