From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 5 Oct 2025 13:55:45 +0000 (+0000)
Subject: queue: Fail if the object contains invalid characters
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=983db8a734462844fc679002f082776c4669b6d2;p=telemetry.git

queue: Fail if the object contains invalid characters

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/daemon/queue.c b/src/daemon/queue.c
index 4777056..4144b40 100644
--- a/src/daemon/queue.c
+++ b/src/daemon/queue.c
@@ -244,6 +244,37 @@ static int collecty_queue_object_append_sample(collecty_queue* self, collecty_so
 	return 0;
 }
 
+static int collecty_queue_valid_object(collecty_queue* queue, const char* object) {
+	// Check for any invalid characters
+	for (const char* p = object; *p; p++) {
+		switch (*p) {
+			// Whitespace is not allowed
+			case ' ':
+			case '\t':
+			case '\n':
+				break;
+
+			// Slashes are not allowed
+			case '/':
+			case '\\':
+				break;
+
+			// Quotes are not allowed
+			case '"':
+			case '\'':
+				break;
+
+			// The rest is allowed
+			default:
+				continue;
+		}
+
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 /*
 	Submits a new reading into the queue
 */
@@ -256,6 +287,16 @@ int collecty_queue_submit(collecty_queue* self,
 	if (!sample)
 		return -EINVAL;
 
+	// Check if the object is valid
+	if (object) {
+		r = collecty_queue_valid_object(self, object);
+		if (r < 0) {
+			ERROR(self->ctx, "%s has submitted an invalid object: %s\n",
+				collecty_source_name(source), object);
+			goto ERROR;
+		}
+	}
+
 	// Check if we can append the sample
 	o = collecty_queue_find_object(self, source, object);
 	if (o)