Skip to content

Commit

Permalink
Merge pull request #14265 from phillmv/patch-1
Browse files Browse the repository at this point in the history 
s/Replace/ReplaceAll/ in LogInjectionGood.go
  • Loading branch information
@smowton
smowton authored Sep 20, 2023
2 parents 8e864ab + a8afa05 commit 07dbad5
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions go/ql/src/Security/CWE-117/LogInjectionGood.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
// GOOD: The user-provided value is escaped before being written to the log.
func handlerGood(req *http.Request) {
username := req.URL.Query()["username"][0]
escapedUsername := strings.Replace(username, "\n", "", -1)
escapedUsername = strings.Replace(escapedUsername, "\r", "", -1)
escapedUsername := strings.ReplaceAll(username, "\n", "")
escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
log.Printf("user %s logged in.\n", escapedUsername)
}

0 comments on commit 07dbad5

Please sign in to comment.