apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330

Browse Source
pull/29292/head^2
Will Browne 5 years ago committed by GitHub
parent 0fc8426bf1
commit d796c61946
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      pkg/services/notifications/webhook.go

4
pkg/services/notifications/webhook.go
Unescape View File

@ -48,6 +48,10 @@ func (ns *NotificationService) sendWebRequestSync(ctx context.Context, webhook *
webhook.HttpMethod = http.MethodPost
}
if webhook.HttpMethod != http.MethodPost && webhook.HttpMethod != http.MethodPut {
return fmt.Errorf("webhook only supports HTTP methods PUT or POST")
}
request, err := http.NewRequest(webhook.HttpMethod, webhook.Url, bytes.NewReader([]byte(webhook.Body)))
if err != nil {
return err

Write Preview
Loading…
Cancel
Save