fix: add a validation of the queries to be executed and if they do no…

…t exist in the configuration 400 is returned and log with warning

aci-exporter.go

@@ -28,6 +28,7 @@ import (
 
 	"net/http"
 
+	mapset "github.com/deckarep/golang-set/v2"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -77,6 +78,7 @@ func isFlagPassed(name string) bool {
 }
 
 var version = "undefined"
+var querySet = mapset.NewSet[string]()
 
 func main() {
 
@@ -248,6 +250,9 @@ func main() {
 		GroupClassQueries:    queries.GroupClassQueries,
 	}
 
+	// Create a set of all query names - used to validate the query parameter
+	createQueryNameSet(allQueries)
+
 	// Init all fabrics
 	allFabrics := make(map[string]*Fabric)
 
@@ -341,6 +346,19 @@ func main() {
 	log.Fatal(s.ListenAndServe())
 }
 
+func createQueryNameSet(allQueries AllQueries) {
+	for queryName, _ := range allQueries.ClassQueries {
+		querySet.Add(queryName)
+	}
+	for queryName, _ := range allQueries.CompoundClassQueries {
+		querySet.Add(queryName)
+	}
+	for queryName, _ := range allQueries.GroupClassQueries {
+		querySet.Add(queryName)
+	}
+	querySet.Add("faults")
+}
+
 func readConfigDirectory(configDirName *string, dirPath string, queries *AllQueries) {
 	configDir := filepath.Join(dirPath, *configDirName)
 	_, err := os.Stat(configDir)
@@ -530,6 +548,18 @@ func (h HandlerInit) getMonitorMetrics(w http.ResponseWriter, r *http.Request) {
 		// If the queries query parameter include a comma, split it and add to the queries array
 		querySplit := strings.Split(queryString, ",")
 		for _, query := range querySplit {
+			// Validate that the query is a valid query
+			if !querySet.Contains(query) {
+				w.Header().Set("Content-Type", "text/plain; version=0.0.4; charset=utf-8")
+				w.Header().Set("Content-Length", "0")
+				log.WithFields(log.Fields{
+					LogFieldFabric: fabric,
+					"query":        query,
+				}).Warning("not a valid query")
+				lrw := loggingResponseWriter{ResponseWriter: w}
+				lrw.WriteHeader(400)
+				return
+			}
 			queries = append(queries, strings.TrimSpace(query))
 		}
 	}

go.mod

@@ -16,6 +16,7 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.4.7 // indirect
 	github.com/golang/protobuf v1.5.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect

go.sum

@@ -43,6 +43,8 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM=
+github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=