We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
2 parents 8e864ab + a8afa05 commit 07dbad5Copy full SHA for 07dbad5
1 file changed
go/ql/src/Security/CWE-117/LogInjectionGood.go
@@ -9,7 +9,7 @@ import (
9
// GOOD: The user-provided value is escaped before being written to the log.
10
func handlerGood(req *http.Request) {
11
username := req.URL.Query()["username"][0]
12
- escapedUsername := strings.Replace(username, "\n", "", -1)
13
- escapedUsername = strings.Replace(escapedUsername, "\r", "", -1)
+ escapedUsername := strings.ReplaceAll(username, "\n", "")
+ escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
14
log.Printf("user %s logged in.\n", escapedUsername)
15
}
0 commit comments