Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unescaped Graphite target #20

Open
earthgecko opened this issue Aug 3, 2016 · 1 comment
Open

Unescaped Graphite target #20

earthgecko opened this issue Aug 3, 2016 · 1 comment
Labels
bug

Comments

@earthgecko
Copy link
Owner

Mirage is throwing an error when trying to fetch a timeseries with a ":" in the
target name. This probably applies to number of other patterns that may occur
in metric namespaces, such as ones that include open/close parenthesis, "(" and
")". Probably all metacharacters, even though ":" is not a metacharacter per
se. The also affects Crucible I would think.

2016-08-03 08:34:43 :: 25532 :: graphite url - http://graphite:8888/render/?from=09:31_20160802&until=09:40_20160803&target=carbon.relays.graphite-a.destinations.123_213_124_214:2024:None.relayMaxQueueLength&format=json
2016-08-03 08:34:43 :: 25532 :: surfacing timeseries data for carbon.relays.graphite-a.destinations.123_213_124_214:2024:None.relayMaxQueueLength from graphite from 09:31_20160802 to 09:40_20160803
2016-08-03 08:34:43 :: 25532 :: error :: data retrieval failed

This is in a similar vein to this - graphite-project/graphite-web#242

Fixing Skyline to a Graphite version is probably a step to far :)
@earthgecko earthgecko added the bug label Aug 3, 2016
earthgecko added a commit that referenced this issue Aug 3, 2016
@earthgecko
v1.0.4-crucible-beta to crucible
177e4b1 
- Corrected boundary anomaly_seen log info context

Modified:
skyline/boundary/boundary.py

- In the skyline_functions get_graphite_metric slip the fetching Graphite json
  into 2 try: blocks the actual Graphite request and the reading datapoints from
  json and added the graphite_json_fetched variable to test the condition
- Padded out skyline_functions docstrings with type definitions for each param
- Escape : ( and ) in metric name to Graphite URI for Unescaped Graphite target
  #20 in mirage and skyline_functions
- Rmoved old sys.path requirements for the old import settings method.

Modified:
skyline/skyline_functions.py
skyline/mirage/mirage.py

- Added some notes to the development doc regarding ongoing refactoring work

Modified:
docs/development/index.rst

- Added validation on all Panorama GET parameters to mitigate as much XSS and
  SQL injection as I can at the moment, arachni is happier now.
- Sanitize request.args

Modified:
skyline/webapp/backend.py
skyline/webapp/webapp.py
docs/webapp.rst

- Added missing settings. to CRUCIBLE_PROCESSES thanks @blake3r2, this stops it
  doing nothing.  This branch reallt should have been called panorama, but it
  started last year as crucible, so crucible was not fully tested in the new
  structure, apologies.

Modified:
skyline/crucible/crucible.py

- Misc docs changes

Modified:
docs/mirage.rst
docs/requirements.rst
docs/upgrading.rst
docs/installation.rst

- Adding additional exception handling to Analyzer - Issue #19 - task1544
  #19
- This is a start but not complete, other issues took precedence and these are
  the changes to date.

Modified:
skyline/analyzer/analyzer.py

- Bumped version to 1.0.4

Added:
docs/releases/1_0_4.rst
Modified:
docs/conf.py
skyline/skyline_version.py
docs/releases.rst
earthgecko added a commit that referenced this issue Aug 3, 2016
@earthgecko
v1.0.4-crucible-beta to master
6e51d81 
- Corrected boundary anomaly_seen log info context

Modified:
skyline/boundary/boundary.py

- In the skyline_functions get_graphite_metric slip the fetching Graphite json
  into 2 try: blocks the actual Graphite request and the reading datapoints from
  json and added the graphite_json_fetched variable to test the condition
- Padded out skyline_functions docstrings with type definitions for each param
- Escape : ( and ) in metric name to Graphite URI for Unescaped Graphite target
  #20 in mirage and skyline_functions
- Rmoved old sys.path requirements for the old import settings method.

Modified:
skyline/skyline_functions.py
skyline/mirage/mirage.py

- Added some notes to the development doc regarding ongoing refactoring work

Modified:
docs/development/index.rst

- Added validation on all Panorama GET parameters to mitigate as much XSS and
  SQL injection as I can at the moment, arachni is happier now.
- Sanitize request.args

Modified:
skyline/webapp/backend.py
skyline/webapp/webapp.py
docs/webapp.rst

- Added missing settings. to CRUCIBLE_PROCESSES thanks @blake3r2, this stops it
  doing nothing.  This branch reallt should have been called panorama, but it
  started last year as crucible, so crucible was not fully tested in the new
  structure, apologies.

Modified:
skyline/crucible/crucible.py

- Misc docs changes

Modified:
docs/mirage.rst
docs/requirements.rst
docs/upgrading.rst
docs/installation.rst

- Adding additional exception handling to Analyzer - Issue #19 - task1544
  #19
- This is a start but not complete, other issues took precedence and these are
  the changes to date.

Modified:
skyline/analyzer/analyzer.py

- Bumped version to 1.0.4

Added:
docs/releases/1_0_4.rst
Modified:
docs/conf.py
skyline/skyline_version.py
docs/releases.rst
@earthgecko
Copy link
Owner Author

":" "(" and ")" should now be handled in v1.0.4-crucible-beta.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@earthgecko