VictoriaMetrics/lib/protoparser/opentelemetry/firehose/http.go
Roman Khavronenko 8c8d84e30a
lib/protoparser/opentelemetry/firehose: escape requestID before returning it to user (#6451)
All user input should be sanitized before rendering. This should prevent
possible attacks. See
https://github.com/VictoriaMetrics/VictoriaMetrics/security/code-scanning/203

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2024-06-10 18:06:24 +02:00

29 lines
795 B
Go

package firehose
import (
"fmt"
"html"
"net/http"
"time"
)
// WriteSuccessResponse writes success response for AWS Firehose request.
//
// See https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html#responseformat
func WriteSuccessResponse(w http.ResponseWriter, r *http.Request) {
requestID := r.Header.Get("X-Amz-Firehose-Request-Id")
if requestID == "" {
// This isn't an AWS firehose request - just return an empty response in this case.
w.WriteHeader(http.StatusOK)
return
}
requestID = html.EscapeString(requestID)
body := fmt.Sprintf(`{"requestId":%q,"timestamp":%d}`, requestID, time.Now().UnixMilli())
h := w.Header()
h.Set("Content-Type", "application/json")
h.Set("Content-Length", fmt.Sprintf("%d", len(body)))
w.Write([]byte(body))
}