Skip to content

Commit

Permalink
Sanitize cli arguments (#1133)
Browse files Browse the repository at this point in the history
  • Loading branch information
@intuibase
intuibase committed Feb 7, 2024
1 parent 9e35092 commit 7a7b0e0
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
6 changes: 5 additions & 1 deletion agent/native/ext/MemoryTracker.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,10 @@ void removeFromTrackedAllocatedBlocks(
IntrusiveDoublyLinkedList* allocatedBlocks,
size_t* possibleActuallyRequestedSize )
{
if (!allocatedBlock) {
return;
}

EmbeddedTrackingDataHeader* trackingDataHeader = allocatedBlockToTrackingData( allocatedBlock, originallyRequestedSize );

verifyMagic( "prefix", trackingDataHeader->prefixMagic, prefixMagicExpectedValue );
Expand Down Expand Up @@ -275,7 +279,7 @@ void memoryTrackerBeforeFree(
IntrusiveDoublyLinkedList* allocatedBlocks = isPersistent ? &memTracker->allocatedPersistentBlocks : &memTracker->allocatedRequestScopedBlocks;

ELASTIC_APM_ASSERT( *allocated >= originallyRequestedSize
, "Attempting to free more %s memory than allocated. Allocated: %" PRIu64 ". Attempting to free: %" PRIu64
, "Attempting to free more %s memory than allocated. Allocated: %" PRIu64 ". Attempting to free: %" PRIu64
, allocType( isPersistent ), *allocated, (UInt64)originallyRequestedSize );

*possibleActuallyRequestedSize = originallyRequestedSize;
Expand Down
9 changes: 7 additions & 2 deletions agent/php/ElasticApm/Impl/AutoInstrument/TransactionForExtensionRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,11 @@ private static function isCliScript(): bool
return PHP_SAPI === 'cli';
}

private static function sanitizeCliName(string $name): string
{
return preg_replace('/[^a-zA-Z0-9.:_\-]/', '_', $name) ?: ' ';
}

private function discoverCliName(): string
{
global $argc, $argv;
Expand All @@ -441,7 +446,7 @@ private function discoverCliName(): string
return self::DEFAULT_NAME;
}

$cliScriptName = basename($argv[0]);
$cliScriptName = self::sanitizeCliName(basename($argv[0]));
if (
($argc < 2)
|| (count($argv) < 2)
Expand All @@ -455,7 +460,7 @@ private function discoverCliName(): string
return $cliScriptName;
}

$txName = $cliScriptName . ' ' . $argv[1];
$txName = $cliScriptName . ' ' . self::sanitizeCliName($argv[1]);
($loggerProxy = $this->logger->ifDebugLevelEnabled(__LINE__, __FUNCTION__))
&& $loggerProxy->log(
'CLI script is Laravel ' . self::LARAVEL_ARTISAN_COMMAND_SCRIPT . ' command with arguments'
Expand Down

0 comments on commit 7a7b0e0

Please sign in to comment.