MM-54364: Prevent garbage telemetry for invalid run ids (#1873)

* path * test: bad runId
mattermost · Nov 10, 2023 · c0c52b5 · c0c52b5
1 parent fece066
commit c0c52b5
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/tests-e2e/cypress/integration/channels/rhs_spec.js b/tests-e2e/cypress/integration/channels/rhs_spec.js
@@ -411,4 +411,31 @@ describe('channels > rhs', () => {
             cy.get('#rhsContainer').should('not.exist');
         });
     });
+
+    describe('telemetry', () => {
+        it('does not run with bad run id', () => {
+            // # Watch for bad request
+            cy.intercept('**/d0nt').as('telemetryRequest');
+
+            // # Run the playbook before loading the application
+            const now = Date.now();
+            const playbookRunName = 'Playbook Run (' + now + ')';
+            const playbookRunChannelName = 'playbook-run-' + now;
+            cy.apiRunPlaybook({
+                teamId: testTeam.id,
+                playbookId: testPlaybook.id,
+                playbookRunName,
+                ownerUserId: testUser.id,
+            });
+
+            // # Navigate to the application and a channel with a playbook run
+            cy.visit(`/${testTeam.name}/channels/${playbookRunChannelName}?telem_action=mock_action_name&telem_run_id=../../d0nt&forceRHSOpen`);
+
+            // * Ensure telemetry doesn't run
+            cy.wait(3000);
+            cy.get('@telemetryRequest.all').then((interceptions) => {
+                expect(interceptions).to.have.length(0);
+            });
+        });
+    });
 });
diff --git a/webapp/src/rhs_opener.ts b/webapp/src/rhs_opener.ts
@@ -56,8 +56,10 @@ export function makeRHSOpener(store: Store<GlobalState>): () => Promise<void> {
         if (searchParams.has('telem_action') && searchParams.has('telem_run_id')) {
             // Record and remove telemetry
             const action = searchParams.get('telem_action') || '';
-            const runId = searchParams.get('telem_run_id') || '';
-            telemetryEventForPlaybookRun(runId, action);
+            const runId = searchParams.get('telem_run_id')?.match(/^\w+$/)?.[0] || '';
+            if (action && runId) {
+                telemetryEventForPlaybookRun(runId, action);
+            }
             searchParams.delete('telem_action');
             searchParams.delete('telem_run_id');
             browserHistory.replace({pathname: url.pathname, search: searchParams.toString()});