From 7a7b0e0921d32679b1ef850585ca441624fc39ed Mon Sep 17 00:00:00 2001
From: Pawel Filipczak <pawel.filipczak@elastic.co>
Date: Wed, 7 Feb 2024 14:09:08 +0100
Subject: [PATCH] Sanitize cli arguments (#1133)

---
 agent/native/ext/MemoryTracker.cpp                       | 6 +++++-
 .../AutoInstrument/TransactionForExtensionRequest.php    | 9 +++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/agent/native/ext/MemoryTracker.cpp b/agent/native/ext/MemoryTracker.cpp
index edd08bd59..c52f4435d 100644
--- a/agent/native/ext/MemoryTracker.cpp
+++ b/agent/native/ext/MemoryTracker.cpp
@@ -241,6 +241,10 @@ void removeFromTrackedAllocatedBlocks(
         IntrusiveDoublyLinkedList* allocatedBlocks,
         size_t* possibleActuallyRequestedSize )
 {
+    if (!allocatedBlock) {
+        return;
+    }
+
     EmbeddedTrackingDataHeader* trackingDataHeader = allocatedBlockToTrackingData( allocatedBlock, originallyRequestedSize );
 
     verifyMagic( "prefix", trackingDataHeader->prefixMagic, prefixMagicExpectedValue );
@@ -275,7 +279,7 @@ void memoryTrackerBeforeFree(
     IntrusiveDoublyLinkedList* allocatedBlocks = isPersistent ? &memTracker->allocatedPersistentBlocks : &memTracker->allocatedRequestScopedBlocks;
 
     ELASTIC_APM_ASSERT( *allocated >= originallyRequestedSize
-            , "Attempting to free more %s memory than allocated. Allocated: %" PRIu64 ". Attempting to free: %" PRIu64 
+            , "Attempting to free more %s memory than allocated. Allocated: %" PRIu64 ". Attempting to free: %" PRIu64
             , allocType( isPersistent ), *allocated, (UInt64)originallyRequestedSize );
 
     *possibleActuallyRequestedSize = originallyRequestedSize;
diff --git a/agent/php/ElasticApm/Impl/AutoInstrument/TransactionForExtensionRequest.php b/agent/php/ElasticApm/Impl/AutoInstrument/TransactionForExtensionRequest.php
index 95bd3376b..85102126b 100644
--- a/agent/php/ElasticApm/Impl/AutoInstrument/TransactionForExtensionRequest.php
+++ b/agent/php/ElasticApm/Impl/AutoInstrument/TransactionForExtensionRequest.php
@@ -420,6 +420,11 @@ private static function isCliScript(): bool
         return PHP_SAPI === 'cli';
     }
 
+    private static function sanitizeCliName(string $name): string
+    {
+        return preg_replace('/[^a-zA-Z0-9.:_\-]/', '_', $name) ?: ' ';
+    }
+
     private function discoverCliName(): string
     {
         global $argc, $argv;
@@ -441,7 +446,7 @@ private function discoverCliName(): string
             return self::DEFAULT_NAME;
         }
 
-        $cliScriptName = basename($argv[0]);
+        $cliScriptName = self::sanitizeCliName(basename($argv[0]));
         if (
             ($argc < 2)
             || (count($argv) < 2)
@@ -455,7 +460,7 @@ private function discoverCliName(): string
             return $cliScriptName;
         }
 
-        $txName = $cliScriptName . ' ' . $argv[1];
+        $txName = $cliScriptName . ' ' . self::sanitizeCliName($argv[1]);
         ($loggerProxy = $this->logger->ifDebugLevelEnabled(__LINE__, __FUNCTION__))
         && $loggerProxy->log(
             'CLI script is Laravel ' . self::LARAVEL_ARTISAN_COMMAND_SCRIPT . ' command with arguments'