prometheus: fix invalid utf8 paths

labstack · Dec 23, 2024 · bed5ae4 · bed5ae4
1 parent 4926816
commit bed5ae4
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/echoprometheus/prometheus.go b/echoprometheus/prometheus.go
@@ -21,6 +21,7 @@ import (
 	"net/http"
 	"sort"
 	"strconv"
+	"strings"
 	"time"
 )
 
@@ -271,15 +272,30 @@ func (conf MiddlewareConfig) ToMiddleware() (echo.MiddlewareFunc, error) {
 			values[0] = strconv.Itoa(status)
 			values[1] = c.Request().Method
 			values[2] = c.Request().Host
-			values[3] = url
+			values[3] = strings.ToValidUTF8(url, "\uFFFD") // \uFFFD is � https://en.wikipedia.org/wiki/Specials_(Unicode_block)#Replacement_character
 			for _, cv := range customValuers {
 				values[cv.index] = cv.valueFunc(c, err)
 			}
-
-			requestDuration.WithLabelValues(values...).Observe(elapsed)
-			requestCount.WithLabelValues(values...).Inc()
-			requestSize.WithLabelValues(values...).Observe(float64(reqSz))
-			responseSize.WithLabelValues(values...).Observe(float64(c.Response().Size))
+			if obs, err := requestDuration.GetMetricWithLabelValues(values...); err == nil {
+				obs.Observe(elapsed)
+			} else {
+				return fmt.Errorf("failed to label request duration metric with values, err: %w", err)
+			}
+			if obs, err := requestCount.GetMetricWithLabelValues(values...); err == nil {
+				obs.Inc()
+			} else {
+				return fmt.Errorf("failed to label request count metric with values, err: %w", err)
+			}
+			if obs, err := requestSize.GetMetricWithLabelValues(values...); err == nil {
+				obs.Observe(float64(reqSz))
+			} else {
+				return fmt.Errorf("failed to label request size metric with values, err: %w", err)
+			}
+			if obs, err := responseSize.GetMetricWithLabelValues(values...); err == nil {
+				obs.Observe(float64(c.Response().Size))
+			} else {
+				return fmt.Errorf("failed to label response size metric with values, err: %w", err)
+			}
 
 			return err
 		}

diff --git a/echoprometheus/prometheus_test.go b/echoprometheus/prometheus_test.go
@@ -316,6 +316,21 @@ func TestSetPathFor404Logic(t *testing.T) {
 	unregisterDefaults(defaultSubsystem)
 }
 
+func TestInvalidUTF8PathIsFixed(t *testing.T) {
+	e := echo.New()
+
+	e.Use(NewMiddlewareWithConfig(MiddlewareConfig{Subsystem: defaultSubsystem}))
+	e.GET("/metrics", NewHandler())
+
+	assert.Equal(t, http.StatusNotFound, request(e, "/../../WEB-INF/web.xml\xc0\x80.jsp"))
+
+	s, code := requestBody(e, "/metrics")
+	assert.Equal(t, http.StatusOK, code)
+	assert.Contains(t, s, fmt.Sprintf(`%s_request_duration_seconds_count{code="404",host="example.com",method="GET",url="/../../WEB-INF/web.xml�.jsp"} 1`, defaultSubsystem))
+
+	unregisterDefaults(defaultSubsystem)
+}
+
 func requestBody(e *echo.Echo, path string) (string, int) {
 	req := httptest.NewRequest(http.MethodGet, path, nil)
 	rec := httptest.NewRecorder()