errors_by_route should not include invalid routes in the label values.

MystenLabs / sui

Sui, a next-generation smart contract platform with high throughput, low latency, and an asset-oriented programming model powered by the Move programming language

https://sui.io

Apache License 2.0

5.84k stars 11.06k forks source link

errors_by_route should not include invalid routes in the label values. #6449

Closed exalate-issue-sync[bot] closed 7 months ago

exalate-issue-sync[bot] commented 1 year ago

I discovered today that someone is PenTesting us and though breaking cardinality of our errors_by_route metric in the sui-json-rpc lib when it adds the arbitrary value from the internet to the label value.

And there is more than a little pentesting apparently going on.

Approximately line 261 in the crates/sui-json-rpc/src/lib.rs is where the problem is.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.