nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

Fix the ping handler to reject status codes > 255

pull/563/head
Pēteris Caune 3 years ago
parent
5905560583
commit
6e3a1c790d
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
3 changed files with 8 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      CHANGELOG.md
  2. +4
    -0
      hc/api/tests/test_ping.py
  3. +3
    -0
      hc/api/views.py

+ 1
- 0
CHANGELOG.md View File

@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
- Fix a crash during login when user's profile does not exist (#77)
- Drop API support for GET, DELETE requests with a request body
- Add missing @csrf_exempt annotations in API views
- Fix the ping handler to reject status codes > 255
## v1.22.0 - 2020-08-06


+ 4
- 0
hc/api/tests/test_ping.py View File

@ -249,3 +249,7 @@ class PingTestCase(BaseTestCase):
ping = Ping.objects.get()
self.assertEqual(ping.kind, "fail")
self.assertEqual(ping.exitstatus, 123)
def test_it_rejects_exit_status_over_255(self):
r = self.client.get(self.url + "/256")
self.assertEqual(r.status_code, 400)

+ 3
- 0
hc/api/views.py View File

@ -35,6 +35,9 @@ def ping(request, code, check=None, action="success", exitstatus=None):
if check is None:
check = get_object_or_404(Check, code=code)
if exitstatus is not None and exitstatus > 255:
return HttpResponseBadRequest("invalid url format")
headers = request.META
remote_addr = headers.get("HTTP_X_FORWARDED_FOR", headers["REMOTE_ADDR"])
remote_addr = remote_addr.split(",")[0]


Write Preview
Loading…
Cancel
Save