From 983db8a734462844fc679002f082776c4669b6d2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 5 Oct 2025 13:55:45 +0000 Subject: [PATCH] queue: Fail if the object contains invalid characters Signed-off-by: Michael Tremer --- src/daemon/queue.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/daemon/queue.c b/src/daemon/queue.c index 4777056..4144b40 100644 --- a/src/daemon/queue.c +++ b/src/daemon/queue.c @@ -244,6 +244,37 @@ static int collecty_queue_object_append_sample(collecty_queue* self, collecty_so return 0; } +static int collecty_queue_valid_object(collecty_queue* queue, const char* object) { + // Check for any invalid characters + for (const char* p = object; *p; p++) { + switch (*p) { + // Whitespace is not allowed + case ' ': + case '\t': + case '\n': + break; + + // Slashes are not allowed + case '/': + case '\\': + break; + + // Quotes are not allowed + case '"': + case '\'': + break; + + // The rest is allowed + default: + continue; + } + + return -EINVAL; + } + + return 0; +} + /* Submits a new reading into the queue */ @@ -256,6 +287,16 @@ int collecty_queue_submit(collecty_queue* self, if (!sample) return -EINVAL; + // Check if the object is valid + if (object) { + r = collecty_queue_valid_object(self, object); + if (r < 0) { + ERROR(self->ctx, "%s has submitted an invalid object: %s\n", + collecty_source_name(source), object); + goto ERROR; + } + } + // Check if we can append the sample o = collecty_queue_find_object(self, source, object); if (o) -- 2.47.3