Add validation on logs query parameters
The following discussion from !26883 (merged) should be addressed:
-
@DylanGriffith started a discussion: I can't tell if this is covered elswhere but at a glance it seems you're removing some validations on user input. I wonder if that is going to allow users to pass some unexpected values through here and do query injection in Elasticsearch? For example I wonder if they are able to pass in a
Hash
that would could possibly allow queries we aren't expecting? In general I think we'll want to ensure that any time we readparams
and pass it down to this function we should at least be validating the type of the thing.