Merge pull request #3486 from Netflix/stats_whitelist_01

Add allow_list to stats endpoint
This commit is contained in:
Hossein Shafagh 2021-03-17 11:51:01 -07:00 committed by GitHub
commit 1636847040
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 4 deletions

View File

@ -679,7 +679,16 @@ def stats(**kwargs):
:param kwargs: :param kwargs:
:return: :return:
""" """
if kwargs.get("metric") == "not_after":
# Verify requested metric
allow_list = ["bits", "issuer", "not_after", "signing_algorithm"]
req_metric = kwargs.get("metric")
if req_metric not in allow_list:
raise Exception(
f"Stats not available for requested metric: {req_metric}"
)
if req_metric == "not_after":
start = arrow.utcnow() start = arrow.utcnow()
end = start.shift(weeks=+32) end = start.shift(weeks=+32)
items = ( items = (
@ -691,7 +700,7 @@ def stats(**kwargs):
) )
else: else:
attr = getattr(Certificate, kwargs.get("metric")) attr = getattr(Certificate, req_metric)
query = database.db.session.query(attr, func.count(attr)) query = database.db.session.query(attr, func.count(attr))
items = query.group_by(attr).all() items = query.group_by(attr).all()

View File

@ -635,7 +635,12 @@ class CertificatesStats(AuthenticatedResource):
args = self.reqparse.parse_args() args = self.reqparse.parse_args()
items = service.stats(**args) try:
items = service.stats(**args)
except Exception as e:
sentry.captureException()
return dict(message=f"Failed to retrieve stats: {str(e)}"), 400
return dict(items=items, total=len(items)) return dict(items=items, total=len(items))

View File

@ -425,7 +425,7 @@ class CertificateDestinations(AuthenticatedResource):
class DestinationsStats(AuthenticatedResource): class DestinationsStats(AuthenticatedResource):
""" Defines the 'certificates' stats endpoint """ """ Defines the 'destinations' stats endpoint """
def __init__(self): def __init__(self):
self.reqparse = reqparse.RequestParser() self.reqparse = reqparse.RequestParser()