From f66e044dd3e33b482b3f6358e842fe2e9b45fadd Mon Sep 17 00:00:00 2001
From: jaehong-kim <jaehong.kim@navercorp.com>
Date: Fri, 17 Dec 2021 11:00:08 +0900
Subject: [PATCH] [#8547] Fix app proxy header

---
 .../agent/plugin/proxy/app/AppRequestParser.java     | 12 ++++++++++++
 .../agent/plugin/proxy/app/AppRequestParserTest.java |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/agent-plugins/proxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java b/agent-plugins/proxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java
index 6d71ca2efd951..fe7f4b8f84691 100644
--- a/agent-plugins/proxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java
+++ b/agent-plugins/proxy-app/src/main/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParser.java
@@ -18,6 +18,7 @@
 
 import com.navercorp.pinpoint.bootstrap.config.ProfilerConfig;
 import com.navercorp.pinpoint.bootstrap.util.NumberUtils;
+import com.navercorp.pinpoint.common.util.IdValidateUtils;
 import com.navercorp.pinpoint.common.util.StringUtils;
 import com.navercorp.pinpoint.profiler.context.recorder.proxy.ProxyRequestHeader;
 import com.navercorp.pinpoint.profiler.context.recorder.proxy.ProxyRequestHeaderBuilder;
@@ -76,6 +77,17 @@ public ProxyRequestHeader parseHeader(String name, String value) {
             } else if (token.startsWith("app=")) {
                 final String app = token.substring(4).trim();
                 if (!app.isEmpty()) {
+                    try {
+                        if (!IdValidateUtils.validateId(app, 30)) {
+                            header.setValid(false);
+                            header.setCause("app can only contain [a-zA-Z0-9], '.', '-', '_'. maxLength: 30");
+                            return header.build();
+                        }
+                    } catch (Exception ignored) {
+                        header.setValid(false);
+                        header.setCause("invalid app");
+                        return header.build();
+                    }
                     header.setApp(app);
                 }
             }
diff --git a/agent-plugins/proxy-app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java b/agent-plugins/proxy-app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java
index 6feea9cc3a375..3ecaeeeef4ba6 100644
--- a/agent-plugins/proxy-app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java
+++ b/agent-plugins/proxy-app/src/test/java/com/navercorp/pinpoint/agent/plugin/proxy/app/AppRequestParserTest.java
@@ -38,4 +38,13 @@ public void parseApp() throws Exception {
         assertEquals(-1, proxyHttpHeader.getIdlePercent());
         assertEquals(-1, proxyHttpHeader.getBusyPercent());
     }
+
+    @Test
+    public void parseAppInvalid() throws Exception {
+        AppRequestParser parser = new AppRequestParser();
+        final long currentTimeMillis = System.currentTimeMillis();
+        String value = "t=" + currentTimeMillis + "app=jndi:xxx";
+        ProxyRequestHeader proxyHttpHeader = parser.parse(value);
+        assertFalse(proxyHttpHeader.isValid());
+    }
 }
\ No newline at end of file