clusterinfo: fix ssrf on /topology/alertmanager/{address}/count (#1738)

pingcap / tidb-dashboard

A Web UI for monitoring, diagnosing and managing the TiDB cluster.

https://docs.pingcap.com/tidb/stable/dashboard-intro

Apache License 2.0

176 stars 134 forks source link

clusterinfo: fix ssrf on /topology/alertmanager/{address}/count (#1738) #1755

Closed ti-chi-bot closed 1 week ago

ti-chi-bot commented 1 week ago

This is an automated cherry-pick of #1738

Explicitly check the alertmanager address passed by the frontend and ensure it matches the address stored in etcd.

ti-chi-bot[bot] commented 1 week ago

@mornyx: adding LGTM is restricted to approvers and reviewers in OWNERS files.

In response to [this](https://github.com/pingcap/tidb-dashboard/pull/1755#pullrequestreview-2420016009): > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

ti-chi-bot[bot] commented 1 week ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: baurine, mornyx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/pingcap/tidb-dashboard/blob/release-7.1/OWNERS)~~ [baurine] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

ti-chi-bot[bot] commented 1 week ago

[LGTM Timeline notifier]

Timeline:

2024-11-07 05:57:57.362064791 +0000 UTC m=+1106990.201220337: :ballot_box_with_check: agreed by baurine.