We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 11218f7 commit a8afa05Copy full SHA for a8afa05
1 file changed
go/ql/src/Security/CWE-117/LogInjectionGood.go
@@ -9,7 +9,7 @@ import (
9
// GOOD: The user-provided value is escaped before being written to the log.
10
func handlerGood(req *http.Request) {
11
username := req.URL.Query()["username"][0]
12
- escapedUsername := strings.ReplaceAll(username, "\n", "", -1)
13
- escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "", -1)
+ escapedUsername := strings.ReplaceAll(username, "\n", "")
+ escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
14
log.Printf("user %s logged in.\n", escapedUsername)
15
}
0 commit comments