Annotate

util/statsd.lua @ 12181:783056b4e448 0.11 0.11.12

util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
author Jonas Schäfer <jonas@wielicki.name>
date Mon, 10 Jan 2022 18:23:54 +0100 (2022-01-10)
parent 7988:dc758422d896
child 10924:0c072dd69603
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7522
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local socket = require "socket";
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
7988
dc758422d896 util.statistics,statsd,throttle,timer: Replace dependency on LuaSockect with util.time for precision time
Kim Alvefur <zash@zash.se>
parents: 7701
diff changeset
3 local time = require "util.time".now
7522
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local function new(config)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 if not config or not config.statsd_server then
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 return nil, "No statsd server specified in the config, please see https://prosody.im/doc/statistics";
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local sock = socket.udp();
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 sock:setpeername(config.statsd_server, config.statsd_port or 8125);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local prefix = (config.prefix or "prosody")..".";
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local function send_metric(s)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 return sock:send(prefix..s);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local function send_gauge(name, amount, relative)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 local s_amount = tostring(amount);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 if relative and amount > 0 then
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 s_amount = "+"..s_amount;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return send_metric(name..":"..s_amount.."|g");
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function send_counter(name, amount)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 return send_metric(name..":"..tostring(amount).."|c");
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 local function send_duration(name, duration)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 return send_metric(name..":"..tostring(duration).."|ms");
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 local function send_histogram_sample(name, sample)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 return send_metric(name..":"..tostring(sample).."|h");
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 local methods;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 methods = {
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 amount = function (name, initial)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 if initial then
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 send_gauge(name, initial);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 return function (new_v) send_gauge(name, new_v); end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end;
7701
672a863105f6 util.statsd: Ignore unused argument [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7522
diff changeset
47 counter = function (name, initial) --luacheck: ignore 212/initial
7522
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 return function (delta)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 send_gauge(name, delta, true);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 rate = function (name)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 return function ()
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 send_counter(name, 1);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 distribution = function (name, unit, type) --luacheck: ignore 212/unit 212/type
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 return function (value)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 send_histogram_sample(name, value);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 sizes = function (name)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 name = name.."_size";
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 return function (value)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 send_histogram_sample(name, value);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 times = function (name)
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 return function ()
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 local start_time = time();
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 return function ()
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 local end_time = time();
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 local duration = end_time - start_time;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 send_duration(name, duration*1000);
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 end;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 };
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 return methods;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 end
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 return {
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 new = new;
ebf2e77ac8a7 statsmanager, util.statsd: Add built-in statsd provider
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 }