Skip to content

Commit

Permalink
Correct ReplaceAll params
Browse files Browse the repository at this point in the history
ReplaceAll doesn't take a count argument
  • Loading branch information
smowton authored Sep 20, 2023
1 parent 11218f7 commit a8afa05
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions go/ql/src/Security/CWE-117/LogInjectionGood.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
// GOOD: The user-provided value is escaped before being written to the log.
func handlerGood(req *http.Request) {
username := req.URL.Query()["username"][0]
escapedUsername := strings.ReplaceAll(username, "\n", "", -1)
escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "", -1)
escapedUsername := strings.ReplaceAll(username, "\n", "")
escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
log.Printf("user %s logged in.\n", escapedUsername)
}

0 comments on commit a8afa05

Please sign in to comment.