codeql icon indicating copy to clipboard operation
codeql copied to clipboard
verified publisher icon github

Go: Add Tainted Path sanitizers

Open Kwstubbs opened this issue 1 year ago • 1 comments

Add gorilla mux.Vars sanitizer

Kwstubbs avatar Oct 15 '24 02:10 Kwstubbs

@owen-mc It seems the default mux also sanitizes the path using this function. It seems there are also some changes implemented in version 1.22 from the comments here that I have yet to test (I'm on 1.21). I'll go ahead and remove the net/url.URL.Path sanitizer for now and possibly come back to it.

Kwstubbs avatar Oct 15 '24 21:10 Kwstubbs

I think if you're just committing my suggestions it doesn't dismiss my review.

owen-mc avatar Nov 13 '24 09:11 owen-mc

committing suggestions didn't work 😞

Kwstubbs avatar Nov 13 '24 22:11 Kwstubbs

committing suggestions didn't work 😞

Shows how much I know 😆 .

owen-mc avatar Nov 13 '24 23:11 owen-mc

@owen-mc Just wanted to remind to merge since its been a couple months.

Kwstubbs avatar Feb 14 '25 09:02 Kwstubbs

Oh no! Sorry about that, it slipped off my list. Thanks for prodding me. Also, I forget that other people can't press the merge button 😆 . The postprocess queries that you're using were moved around so I've fixed the references, which should make CI pass.

owen-mc avatar Feb 14 '25 10:02 owen-mc