From 377ba25413f89a282200b0d58e22e319533fea86 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Mon, 22 Feb 2021 14:56:34 -0800
Subject: [PATCH 1/3] Adding allow_list to stats endpoint

---
 lemur/certificates/service.py | 13 +++++++++++--
 lemur/certificates/views.py   |  7 ++++++-
 lemur/destinations/views.py   |  2 +-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index b9bc16f0..8f21a751 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -678,7 +678,16 @@ def stats(**kwargs):
     :param kwargs:
     :return:
     """
-    if kwargs.get("metric") == "not_after":
+
+    # Verify requested metric
+    allow_list = ["bits", "issuer", "not_after", "signing_algorithm"]
+    req_metric = kwargs.get("metric")
+    if req_metric not in allow_list:
+        raise Exception(
+            f"Stats not available for requested metric: {req_metric}"
+        )
+
+    if req_metric == "not_after":
         start = arrow.utcnow()
         end = start.shift(weeks=+32)
         items = (
@@ -690,7 +699,7 @@ def stats(**kwargs):
         )
 
     else:
-        attr = getattr(Certificate, kwargs.get("metric"))
+        attr = getattr(Certificate, req_metric)
         query = database.db.session.query(attr, func.count(attr))
 
         items = query.group_by(attr).all()
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index 8d4e6954..3de08003 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -635,7 +635,12 @@ class CertificatesStats(AuthenticatedResource):
 
         args = self.reqparse.parse_args()
 
-        items = service.stats(**args)
+        try:
+            items = service.stats(**args)
+        except Exception as e:
+            sentry.captureException()
+            return dict(message=f"Failed to retrieve stats: {str(e)}"), 400
+
         return dict(items=items, total=len(items))
 
 
diff --git a/lemur/destinations/views.py b/lemur/destinations/views.py
index 6de6f74f..2c89da76 100644
--- a/lemur/destinations/views.py
+++ b/lemur/destinations/views.py
@@ -425,7 +425,7 @@ class CertificateDestinations(AuthenticatedResource):
 
 
 class DestinationsStats(AuthenticatedResource):
-    """ Defines the 'certificates' stats endpoint """
+    """ Defines the 'destinations' stats endpoint """
 
     def __init__(self):
         self.reqparse = reqparse.RequestParser()

From ad742e6eeedbe18e7287aafb345637799ec3ded4 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 17 Mar 2021 11:17:23 -0700
Subject: [PATCH 2/3] codeowners

---
 .github/CODEOWNERS | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .github/CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..513615ed
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# These owners will be the default owners for everything in the repo.
+*                            @hosseinsh, @csine-nflx, @charhate, @jtschladen

From dbea35ba19c003759c8ec48e69f07c1e096452b5 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 17 Mar 2021 11:27:45 -0700
Subject: [PATCH 3/3] Update CODEOWNERS

---
 .github/CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 513615ed..6bd9f176 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 # These owners will be the default owners for everything in the repo.
-*                            @hosseinsh, @csine-nflx, @charhate, @jtschladen
+*                            @hosseinsh @csine-nflx @charhate @jtschladen