Let’s say I have the following PromQL query:
example_metric{key="value"}[60s]
Querying basics | Prometheus says:
PromQL follows the same escaping rules as Go.
… but it seems like quite a hassle to prevent injection with no library help, assuming that value in my example query is user-specifiable.
I would rather not sanitise and regex-match (alphanumeric) values. (Strangely, the only PromQL query construction library I could find does no sanitising at all.)
Is there, at least with Python, a better way to prevent injection than manually regex-checking / escaping?